{"report_id":"302e50e0-0616-4fe1-82d4-91304e63a661","version":6,"status":"done","tags":[],"date":"2025-12-20T20:05:31Z","url":{"schema":"http","addr":"www.f2medx.ir/","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.232.201","port":0,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"final":{"url":{"schema":"https","addr":"www.f2medx.ir/","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"title":"فیلم 2 مدیا Film2Media | دانلود فیلم و سریال بدون سانسور با زیرنویس فارسی چسبیده","dom":{"size":398844,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9120)","md5":"7079ad370323e0cd01504803d68b4053","sha1":"383b4d22613b6b21a9daf5f3b4821df14a0e7d57","sha256":"eb4d5e4686bc6bc48ce84b1cca74dbd77570c9aaf20ce0023914eba64b7690d8","sha512":"4696cb44815b0e988425e5e8231161c6ab0cc0595b1abdef8136e95573a292fecd43abcbc02bc9fd4310f3a0c14558a250bae129cf53bd3a19a68b865b5fc68a","ssdeep":"1536:T63YNQ5w16NalCOalC0XmYdZwMjoe9FmaObCb6egsKJa5QaepX/KzmWmBgjV:TBNQ5w853mbU8pX/KzmWmmjV","tlshash":"8284b67141ae1d7f4317c6c491a0bb5dd2838432c7c66d87f9ff2b4a8b96ca279112ac","dom_hash":"domhashde47db0f7111e01869f5d8afae174a34","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.f2medx.ir/","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.232.201","port":0,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-24T20:05:31Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"tq2tmylv9quqkoe"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"panel-cdn.yektanet.com","ip":{"addr":"185.166.104.80","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"domain_registered":"2017-03-11","domain_rank":745014,"first_seen":"2024-11-13T15:33:24Z","last_seen":"2025-12-20T19:15:42.672603Z","alert_count":0,"request_count":1,"received_data":6394,"sent_data":659,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"cdn.yektanet.com","ip":{"addr":"185.166.104.80","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"domain_registered":"2017-03-11","domain_rank":520716,"first_seen":"2017-04-17T04:51:03Z","last_seen":"2025-12-14T22:00:15.208343Z","alert_count":0,"request_count":5,"received_data":282543,"sent_data":2497,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"event.yektanet.com","ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"domain_registered":"2017-03-11","domain_rank":695138,"first_seen":"2024-08-22T07:48:47Z","last_seen":"2025-12-15T19:16:39.046894Z","alert_count":0,"request_count":1,"received_data":992,"sent_data":2145,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"jamssp.yektanet.com","ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"domain_registered":"2017-03-11","domain_rank":0,"first_seen":"2025-12-13T08:40:17.150416Z","last_seen":"2025-12-20T19:15:42.61175Z","alert_count":0,"request_count":2,"received_data":6894,"sent_data":1035,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"audience.yektanet.com","ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"domain_registered":"2017-03-11","domain_rank":489602,"first_seen":"2019-05-31T01:44:29Z","last_seen":"2025-12-20T18:51:50.78527Z","alert_count":0,"request_count":1,"received_data":579,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.f2medx.ir","ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"domain_registered":"unknown","domain_rank":1271815,"first_seen":"2025-12-20T20:05:34.892675Z","last_seen":"2025-12-20T20:05:34.892675Z","alert_count":114,"request_count":114,"received_data":3125509,"sent_data":77115,"comment":"","tags":null,"fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Yoast SEO:24.1","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]}]},{"fqdn":"native-scripts.yektanet.com","ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"domain_registered":"2017-03-11","domain_rank":776658,"first_seen":"2022-02-02T12:12:24Z","last_seen":"2025-12-17T19:53:13.162517Z","alert_count":0,"request_count":3,"received_data":63018,"sent_data":1734,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/themes/film2media/assets/js/vendor/bootstrap.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"644a0ca7a2f53743c2e1764adeefd75c","sha1":"25f1c78d7d3be01d8eddb4fe4e55ec752b501143","sha256":"1f3aaac0d2035c275a8cec92e1e1a9751d62a41af09e9ce904aa5e1b7bf065d7","sha512":"f221c1bdfe582031e1a9a44a8c2650d150813e6beb84a5ffcfcfd95faf7cc665fdd4a23fe6a2247d28b2218f61a8883975d5141b2be8151e24541b9cdae0d9f9","ssdeep":"768:yfr+Zqa0VQrurdaN3KHgvikKT9WiWiy6Cd0:d0wqaN3KHAGCy","tlshash":"16e2b5663355b9738bde816b90764247f3195cd8950a012cb4bc6cee2a3dd8632f2fb4","size":31550,"data":"","first_seen":"2025-09-25T01:07:31.155112Z","last_seen":"2026-05-12T11:54:29.552923Z","times_seen":46,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"1be70649b8f2e66f8b99c510c4b6c24d","sha1":"fd20324b49f8b471fd733548db5f4211be39c3a3","sha256":"b3ae8787e3f2dd7be0eb62c76b7c26da342f02683418046a2ed1de57caddc8f3","sha512":"9c3c5e3ad1e09d8a4ce5356bdbc52aa97ea21488fa249cf7e15186a5c70b12bd187982dffdabb5330d96e402038c74707310b019433c7e942d3d1386832e9a4a","ssdeep":"","tlshash":"ffd0a7181d654174010d25ad10f7d738e2c121011c72844174eecc9cff21ecd8445524","size":235,"data":"","first_seen":"2025-09-25T01:07:31.184026Z","last_seen":"2026-01-06T17:00:58.65052Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"591a2eaf51522daf93bfa76ff11ba5bc","sha1":"9778a09a033de27514009f7f709a0944d6a69e31","sha256":"6e752725cf3517e45f42d36841e3e97a2ac680c8dd615d8ae9869efbdc3519f3","sha512":"dc497fdcce32bf647e6e0a1430236e61b4ef6b89d232c142798b26682d91ec487b10c765b931c40c04f9f8e2796cfcb3f060cdc7a4df9878c62d7d62deb4b331","ssdeep":"","tlshash":"3901491e21913ebb80b315bb17ca92607f221042f0885f32365dc700af60b26cb77ae9","size":707,"data":"","first_seen":"2025-09-25T01:07:31.18671Z","last_seen":"2026-02-08T02:14:31.562822Z","times_seen":33,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"native-scripts.yektanet.com/public/chunk/105-6.0.0.js","fqdn":"native-scripts.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"66c52ca03fbaa89df650ae42f17775c2","sha1":"438764812f614cb0a7604105c97e6f2b4356e354","sha256":"cf60180bb2ca1116a3db0f706e3e7692aeb11912042021ea44e60f5157c174d8","sha512":"65c1b77f0ce0964e5dfb0946e7d059ae9e1afafffc2c0e3c02ce9657d75879b1ebc5e7cab600d377e745389ee64d584b3f22d127a71a2b04caf14508a42f58db","ssdeep":"192:WMethYYXWOjZwYaQ4cCuMzOetA11lfIhjhA7hdg6ayR8lrrN0k:WbwjQ4luMzOX1lgh90Hg6nqr5v","tlshash":"c352a669f3f7a17545a62079a02f22167276715426c9c044b03fe8e41f2ce1f6a63f7e","size":13205,"data":"","first_seen":"2025-12-08T04:48:41.90053Z","last_seen":"2025-12-21T21:12:09.443294Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/themes/film2media/assets/js/vendor/splide.min.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fa0a215bbf25b8c146de6b69fa9718b","sha1":"6fd8c8f2c74371fd17411fcb3d313b5d0a94e122","sha256":"c1bbcaed033dbe0135456661f03aabb9facccf50c57450b975761c145624f8e5","sha512":"9a64a0f046c0170b5156f83beb0613c2ce0535e677cf00a4e69115b3ebd4a36f98fb024700474f28d04c81995d207efdb2558e5fe46dec0042e6737c7e360f12","ssdeep":"768:7veaVfq2uGhc6eIRE2yNQ4iyHuqpp0L0pvj8vCwF3CH:75VfqpGvPqZWyNf0L0pvjWCwF3M","tlshash":"42d2d68c7281b42e279364f3a1af044ba27b29455c0e5510e4eaf8f47c786bd936bddc","size":29668,"data":"","first_seen":"2024-08-20T16:13:02.440999Z","last_seen":"2026-04-25T15:33:36.023268Z","times_seen":50,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-includes/js/jquery/ui/core.min.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fbc22c79d40119dde9a5d16897002b9","sha1":"e9837519aca724457792e2d5ee98a97a0367cdf9","sha256":"7e84c9f8d71bc6eb2dac2fce59a6caea62da51ffa8cf56b41806f59386ab1322","sha512":"3118a198a3710c839c15d6c4b5dc9f9adcd637913af2e26f438b01c80b27281f4937e25aad2817855d8b3eb36207c61ae16d62b17e698799c5316e86f52ac6fc","ssdeep":"384:G/rsrDr8LVyraS3dtrqorqr8hrpCip8fuxNhBGX0CiS9rH/OrLrErJ29FkFvd:iS33Z5vK47kv","tlshash":"81a2d94eb246380586f7a2a5402f521fb132e25cb10588ddf468d8da3c7eea95173f79","size":21464,"data":"","first_seen":"2024-07-16T20:15:04Z","last_seen":"2026-05-24T15:29:38.608867Z","times_seen":39485,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-includes/js/jquery/ui/slider.min.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec2777f6b09c345d2ab0def96b5cab9d","sha1":"10713118d9f7aa90bdce30ea21508b2e99b8b33f","sha256":"d9b268266af74b5c0834e2a519303ca97c5427c5fb7abb3b89ad29e07664be14","sha512":"77b8845daa7449a72a6365e75ae56781c82b503619f7d90ce4ba0f5a8c025b59f3881f0bd3b51570b2c3a6567a6be1e783615954d84b9fff95812e230cc8ffcb","ssdeep":"192:Cr0AcBogU9EEk7Wxcf55I/6wG5klFhBsR0PWXYpt:Cr0AEPU9EccbUt","tlshash":"7f22844a320a2b015b9bd271653da8cbd77752c8690449ccb074dfce445cf59a2ebf78","size":10759,"data":"","first_seen":"2024-07-18T17:31:23Z","last_seen":"2026-05-24T16:13:22.216442Z","times_seen":29752,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.yektanet.com/superscript/E46QWyD3/native-film2media.pw-2294/yn_pub.js?v=2025011020020","fqdn":"cdn.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.80","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"26f36e4632cb1203632a86e4182e1ac9","sha1":"f01ebe1c24de9330ef7f12a0b2599dea433ea59e","sha256":"0a353e53798ac6a7666cd9d6e1e804dd9f14003c259da4b4d5677cf87d0071eb","sha512":"24c7aedf868c067d66e5df342074c1312213594e03dcad9f3340bede0e7cacc14acd971a932d28ac01b840a6de803f1304001ccb0788008beebff050471eb9d6","ssdeep":"384:A7aK8RGbF7jWHfpMCB0lE4vzpk2QLvZj6ATb4y4tt4:AONw5oBMCClE4x2Tb4y4tt4","tlshash":"d172e828b190b4b8436544a08d3f690ef33d25529449d4f8e399c8d5bd74e9eb312fbe","size":16322,"data":"","first_seen":"2025-12-19T05:45:15.548709Z","last_seen":"2025-12-20T20:05:47.247539Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"native-scripts.yektanet.com/public/chunk/124-6.0.0.js","fqdn":"native-scripts.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"025d358763fd7d0fdc36ebeed72a0440","sha1":"113d30d361e9f76c3c92e565db0aa4bf3bef1044","sha256":"3b4a1498ca77d129fbc1e4ca871ba731f7c35736ba54db016e9c45e52f5c7e18","sha512":"8fa7505d911208693f3f7bbecec2e8429af43a5933867afff56a988f5b55e0c62369727388ee0033819c89c0479adf62f7cade8590be217361b7160ba5e493e8","ssdeep":"96:8cL/q1o7LVJhhcWiK+yHT40ewYsxAbaSH17t7R+G4SJ3P6u+u:8ce1mHT49wYsGbamhBRLSu","tlshash":"0ed1c6887296b1a4036226f0413b450ae33f773c588d6c75b394f0d2ad7926e075abb8","size":6507,"data":"","first_seen":"2025-12-20T19:15:46.513823Z","last_seen":"2025-12-21T21:12:09.421851Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"native-scripts.yektanet.com/public/chunk/sticky.6.0.5.js","fqdn":"native-scripts.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"c9a5240ee77d092c8b99cfa770c0a84e","sha1":"acddc6391893e1f144d44eaad12e32bd9dd1f4eb","sha256":"2f341cc27a9a80257f96f8111ba6c010803a40c4e855c8a97bacc2aa8696a0a0","sha512":"e0ebaabacdc23c97e38fafc0280e318f357e07caaa5e8be2c5bf2ba61eee10a525fe32790a848bc3ba2085923a77df34df890810a2902561b377f2aafb1c4ea1","ssdeep":"768:l7OZoNCsf/dfG1GAdI8hUzttU+DZ/wAXDPj+:IKlf/dKGAdIUUzt2+dIqDPj+","tlshash":"bd039762e59001244773f5dc63e30aad75bef04247c788b8b7ad35ac03ceb4a9563e96","size":40927,"data":"","first_seen":"2025-12-20T19:15:46.452774Z","last_seen":"2025-12-20T20:05:47.31954Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.yektanet.com/rg_woebegone/scripts_v3/Y9f0GOWp/publisher.js?v=2025011020020","fqdn":"cdn.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.80","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"fae6ba9a2ecb2eea3508458a5a462300","sha1":"01e0f3c7ab8023be19abe3a54129d23a993c12b9","sha256":"8f30c69a1f8200c8302cc6d69acd3954249177e4f571f943ee06f791c459acb4","sha512":"d10ff4005780bae43859197942ca34163392a1517c5f15647913b54ea4c83d5c3c841850023a74d9a0dfa9f9d3b9ecbde58fb2b16e72c6926ea8e67dc21bfb1e","ssdeep":"1536:8nCNYL5yqid5IaZMVqfyzU5zHzq+Q5DUQ7vE/:0tL5gIshyzU5z4zE/","tlshash":"ef33f6d974d2f0b207eb65ba913f520af23a25592c4dd4509115cce07c78e9b8363fae","size":53516,"data":"","first_seen":"2025-09-25T01:07:31.115518Z","last_seen":"2026-02-26T00:18:52.929996Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/themes/film2media/assets/js/vendor/jquery.min.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"4feeeb323fa3e7b980d5916946b7bd5e","sha1":"e0d47dd7def31b3cd3dab43464c663382e8698dd","sha256":"e8c3cccfb58b82f8492042016898334e0623d643b563a2097492e7def5cfcfac","sha512":"416efd3bb56ea96bde5d0666b94a2e68b87d88de1c831fc891820e34a82604329d46b9c1fa0a06fb31195ef74872e5a0148f826019592b1d3abb45fe1640acfc","ssdeep":"1536:PRUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GK7:XHNwcv9VBQpLl88SMBQ47GK7","tlshash":"4783f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87443,"data":"","first_seen":"2023-10-22T08:54:07Z","last_seen":"2026-05-24T07:12:03.436063Z","times_seen":817,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-includes/js/jquery/ui/mouse.min.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"dd6a0d8d7b3e0afbbc0bbb417dcc387b","sha1":"0b38c782da1c8ecc6bc7e854f8841fb9d2c86e35","sha256":"f36adc07db49e73c3fd3aeb4234d270725f07719706dd28dfc09657f2cffe9d6","sha512":"e0963a8c2de54ca9a29d2f3fb0adf54946172e11589f0da3dafbf603b9f38c7a4a8a977465b0a9c32da9d4127d916e60c390dea1e17d55b3edee0b760401135c","ssdeep":"","tlshash":"d161ba8e33145e8342931336d23bab4b7d3180d9640ad51dbb39acd83a2c93961b69fc","size":3428,"data":"","first_seen":"2024-07-16T20:36:22Z","last_seen":"2026-05-24T16:21:25.0094Z","times_seen":49132,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/themes/film2media/assets/js/script.min.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"947a5eda42249bc76f2e58b488068718","sha1":"90ef680d8de2fea227afe5c998336b00982d3374","sha256":"3f7ff26a48b46ac74797c553c1907b9fc4586e0d5b4d8901846471568e0ef2b3","sha512":"5d3a67a52c6916b1545681cc6cc00b1d89f939e9faf33e03803115f924451e7332610850300dd06360d03bc00975a62397e1a335b135db6abfd0e1ef017d9938","ssdeep":"192:LPRLzFZsBkVa9///ISAIM2hv98paTLpjpgXQNn8U7E/H:LZ1+Bk0///ISAIdFlXNn8U7Ev","tlshash":"c2229124b151b4b2037b51a7243beb0b26f3a93ed543469490bc4bb41fb9dc52363f6a","size":10518,"data":"","first_seen":"2025-11-29T14:12:51.646235Z","last_seen":"2026-01-01T18:00:06.484784Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.yektanet.com/js/6.0.0/film2media.pw/native-film2media.pw-2294.js?v=f4b0fa468f396d107f602e3bc3122a77","fqdn":"cdn.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.80","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"b146713f6e975ea6dc3059f92dda1d60","sha1":"976195903de137ab4c7d9eaebbdb85547ebcc46e","sha256":"a7193e20f34ee7e51213f961205dea058baa9190704deac36a1e7bd2cce5b665","sha512":"301dfa44e3f44a5b49186e9085111e14119e12c22e937bca60958129762b71eb286d37a1ab14be9f4424c2a7681142f347ef87458936d18cab9eecd9f0e2e29f","ssdeep":"1536:Sm6yEu2TH9ilTNHnR0JHcFbRnIxTZ+A63E45Jp3Rc5SM2+8VXH7WLivRb8FGV69U:F6JuaATNHLFtybwh5x7WnzrkJqXBqZ","tlshash":"5ae3829cb2d2b46243a37078506f240af37b1895648d8490f739d8e5bdb994e6133fbd","size":154111,"data":"","first_seen":"2025-12-20T19:15:46.445945Z","last_seen":"2025-12-20T20:05:47.244681Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.yektanet.com/rg_woebegone/scripts_v4/E46QWyD3/complete.js?v=f4b0fa468f396d107f602e3bc3122a77","fqdn":"cdn.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.80","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"d0c42703413a150e90fc215a3098aeaa","sha1":"2bd12ffa5c042737c81d0f29c568334a663beb65","sha256":"8ebca074b47c8e50f152c5ca8761d97eda75d460302f44563c6485e8749dd797","sha512":"b90b72c75b7ec354e53b04c68797fcfdd3a99303a6f516c23a9a5f354774de006a4ce80ba57999804b0f9f2984cfd1ce6894f4c95ef2b82ec2e926dd753ce985","ssdeep":"1536:1nCNYL5yqid5ICZMVqfyzU5zHzq+Q5DUQ7vEzxhU/M:ZtL5gI0hyzU5z4zER","tlshash":"d133069d74d6f0b207eb65ba913f620af23a25592c4dd4509115cce07c78e8f8263fae","size":55096,"data":"","first_seen":"2025-09-25T01:07:31.143852Z","last_seen":"2026-02-26T00:18:52.924297Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"4a4afcd297bf85e669c49137e9f9343e","sha1":"0c1d8a236b3d41336a648763c0d9d19554eb5e7b","sha256":"cf68e13f3f4443cf4aeaeb171b8636ffbbfb15b52c4361b38a7e855b11a96406","sha512":"e4471c84769f7151a545d962c38b2e52ecf1814e9ed431b09e67b4d9cf425fa531e6c42b108a226b8ad5c7accae3975794f3d41f116b0fa403c7ca85e7f46049","ssdeep":"","tlshash":"bd31e11622b0b07e58b721bbd34b03d5b62010cb7591cd193dbd87550f54669adf2ec7","size":1814,"data":"","first_seen":"2025-11-29T14:12:51.704512Z","last_seen":"2026-02-08T02:14:31.564888Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/wOzsVbaK2475wjXXhs8AHmFl2Zi-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/wOzsVbaK2475wjXXhs8AHmFl2Zi-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8756\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Fri, 19 Dec 2025 18:07:39 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=336\r\nx-cache: BYPASS\r\nx-request-id: 3cd33f24dc51806792e9e733be630d59\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":8756,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b2f291193140669e6007b18567d7dcfe","sha1":"60c740db6727e811fabbdcb6b019168c31804c0b","sha256":"326fba8ad0aefa3bdd16479dd1f4e2ffad6ff4e28c4daa999ea59f0539d45e7e","sha512":"77968799bf69a26355eecda9824b30cccc6264cae7573facd4e4d8b8df6f22f37d6061d3008f2e3d554b9dcca3268da0b4a0195ec28c845c4fd04840aa9b5f1e","ssdeep":"192:oH7kNmkj/qqYjG1jlhVAPkpVAFRPRrVI1mcpgs4ZH+:obk0ACbG1jlAc3k/I4ZH+","tlshash":"e102af8918bb619022873ffe8f943aa1b54867d0c356c01ac59f4327eb43ee405af576","first_seen":"2025-12-20T20:05:47.215567Z","last_seen":"2025-12-21T14:18:59.171188Z","times_seen":2,"resource_available":false,"data":null}},"time_used":432,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":431,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/08/5VAjqbQQARLftGiDxKkOxFQJkB4-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.679Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/5VAjqbQQARLftGiDxKkOxFQJkB4-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 7726\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Thu, 28 Aug 2025 11:01:59 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: f9f7653cb5f49a074eede8cf95a2f3fc\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":7726,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"c56162fbfe3485e3f81bf0ac7ba7500d","sha1":"830408df03229d1f1721ddec4dad9143f8e58ad3","sha256":"6ed73d24745b0e52de05c9c1b3bd3cb2fcc735769081d65f9bf41eb17bd85573","sha512":"18241b5c0a8b76762884e5712491363b964ec3733fe9eea9beeb77e811000ad2e8eddbdb797cd63eb211831c5b5756b6dd9b892f45323b13aed4210b12487a0c","ssdeep":"192:/gmb0yp9oDr0AVHmXmTMniz1LXjDnJdIk:YmI8g0AIO1Lfj","tlshash":"e3f1afec8ff18215a5197d79a2171b985327c98cb980e217bcb3c75d88a48f2cca4b59","first_seen":"2025-09-25T01:07:31.042633Z","last_seen":"2025-12-28T12:07:45.22255Z","times_seen":6,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":442,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/2lDekB8UUV7caDa1dtLXKWnPKjz-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:15.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/2lDekB8UUV7caDa1dtLXKWnPKjz-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:15 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13660\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:15 GMT\r\nlast-modified: Mon, 03 Nov 2025 18:59:16 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=346\r\nx-cache: BYPASS\r\nx-request-id: adf3bf937eaf87774cfdb7b2d669c479\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":13660,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"6fafe5975bf5e89955f1d4b9b275e46c","sha1":"d430c394b0f58a5b662be79e539ed5ca65160b48","sha256":"373e9bd1eedefc413c9c2352f016f0eb4e6fc0e188f10e0fef359669ddad2a6c","sha512":"c7acbd2d795d0904390974dd48f65a882df09df074a95b34b99221ee649cef6b5dbb3f4cc48106abc596e9397704b9421b782ae3a7ee583d32907d442fe779cd","ssdeep":"384:Yy6B3SWhH4UqASQLDVTtqjcDL7kLqz4HLmShWtVYUZH:YpiG4HAS1ji34mShWtnH","tlshash":"5452d017ce3057d4ae00deb9fe061145a50bced0ef11093c79fc94b0e4874fa98962ca","first_seen":"2025-12-08T04:48:41.932949Z","last_seen":"2025-12-28T12:07:45.171869Z","times_seen":3,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":441,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/themes/film2media/assets/js/vendor/splide.min.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.690Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/themes/film2media/assets/js/vendor/splide.min.js HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 12524\r\nlast-modified: Fri, 08 Nov 2024 11:02:01 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=338\r\nx-cache: BYPASS\r\nx-request-id: d8baa1622835d91a7c3e517d19e2fae2\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":29668,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (29666), with no line terminators","md5":"9fa0a215bbf25b8c146de6b69fa9718b","sha1":"6fd8c8f2c74371fd17411fcb3d313b5d0a94e122","sha256":"c1bbcaed033dbe0135456661f03aabb9facccf50c57450b975761c145624f8e5","sha512":"9a64a0f046c0170b5156f83beb0613c2ce0535e677cf00a4e69115b3ebd4a36f98fb024700474f28d04c81995d207efdb2558e5fe46dec0042e6737c7e360f12","ssdeep":"768:7veaVfq2uGhc6eIRE2yNQ4iyHuqpp0L0pvj8vCwF3CH:75VfqpGvPqZWyNf0L0pvjWCwF3M","tlshash":"42d2d68c7281b42e279364f3a1af044ba27b29455c0e5510e4eaf8f47c786bd936bddc","first_seen":"2024-08-20T16:13:02.440999Z","last_seen":"2026-04-25T15:33:36.023268Z","times_seen":50,"resource_available":true,"data":null}},"time_used":445,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":432,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/07/anime-gachiakuta-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.557Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/07/anime-gachiakuta-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17671\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Sun, 06 Jul 2025 19:32:52 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=348\r\nx-cache: BYPASS\r\nx-request-id: ef2e91b148ae73d32e9d265f242d45b7\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":17671,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"d5e3a47f84ff2eff2519ff5f5cf88cfa","sha1":"d1c9d5ac3ee31d0f7577a8135595718f229d3744","sha256":"3d37a62187914a899f1cfde5631d4c049a7aec91ca83ff26763026e42af67864","sha512":"718cefe353212681b1feb7e153fe50cfd90c217518369fb26a08da8d352a8e84664804d13fb74186098a5825d7b515930c26f07f38186c345038b3f3e453076c","ssdeep":"384:YJo+QWJsjjXWl7fK6KVWYmlQyIuhN1gWgjPuII2R18:Y2+Q5jXWdK6VYWrbgxjPu038","tlshash":"ed82e06a04854908950acdef44be3153c96c998872a69b416db2e993ff32cedc3fc40f","first_seen":"2025-10-07T23:41:16.117813Z","last_seen":"2025-12-28T12:07:45.208092Z","times_seen":7,"resource_available":false,"data":null}},"time_used":613,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":440,"receive":173,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"native-scripts.yektanet.com/public/chunk/105-6.0.0.js","fqdn":"native-scripts.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"GET /public/chunk/105-6.0.0.js HTTP/1.1\r\nHost: native-scripts.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_global_token=01KCYNVF9GYG2S7FJFFK2D62ZA; gearbox_ad_token=01KCYNVF9GYG2S7FJFFK2D62ZA; _yngt=01KCYNVF9GYG2S7FJFFK2D62ZA\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nlast-modified: Sun, 14 Dec 2025 10:48:11 GMT\r\nx-rgw-object-type: Normal\r\netag: W/\"66c52ca03fbaa89df650ae42f17775c2\"\r\nstrict-transport-security: max-age=0\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS\r\naccess-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\naccess-control-max-age: 1728000\r\ncache-control: public, max-age=2592000\r\nx-cache-status: MISS\r\nx-zrk-us: 200\r\nx-zrk-cs: HIT\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2002\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13205,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (13205), with no line terminators","md5":"66c52ca03fbaa89df650ae42f17775c2","sha1":"438764812f614cb0a7604105c97e6f2b4356e354","sha256":"cf60180bb2ca1116a3db0f706e3e7692aeb11912042021ea44e60f5157c174d8","sha512":"65c1b77f0ce0964e5dfb0946e7d059ae9e1afafffc2c0e3c02ce9657d75879b1ebc5e7cab600d377e745389ee64d584b3f22d127a71a2b04caf14508a42f58db","ssdeep":"192:WMethYYXWOjZwYaQ4cCuMzOetA11lfIhjhA7hdg6ayR8lrrN0k:WbwjQ4luMzOX1lgh90Hg6nqr5v","tlshash":"c352a669f3f7a17545a62079a02f22167276715426c9c044b03fe8e41f2ce1f6a63f7e","first_seen":"2025-12-08T04:48:41.90053Z","last_seen":"2025-12-21T21:12:09.443294Z","times_seen":9,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/2fOKVDoc2O3eZmBZesWPuE5kgPN.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/2fOKVDoc2O3eZmBZesWPuE5kgPN.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 136204\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Mon, 27 Oct 2025 07:40:59 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=328\r\nx-cache: BYPASS\r\nx-request-id: 2451da0a1dfd57a098df5459bad78d8b\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":136204,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 1536x864, components 3","md5":"e1a139e02df61937d1043d7820fe7acb","sha1":"761004cc8f37b894b29a7762d2d7ecc6b1a6abad","sha256":"a4a5804139b91e53c0cf21739e9c13162ab0951e00dc5811af11fd87647d5a96","sha512":"4fb702913f4755939a6ca0edf24d459cf9bea0bc56f4608bf9ba196486e8c76971ebfdee9e2078f0416b5f5027c12205050d27f887f006d17f993d1e58ad223f","ssdeep":"3072:HqgUu5QPqM0jFZwM6nIn+o+9tbhblCYb82rDd2neojrD:HqgUu5HFmM6nFH9lCYb8c4neoT","tlshash":"d0d312c9ef627bcd90d2b8f3fe08d25dd64fb0ea906bd5026b539414a146594eec84c3","first_seen":"2025-12-20T20:05:47.219493Z","last_seen":"2025-12-20T20:05:47.219493Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1567,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":441,"receive":1126,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/n4rguIB7Cf4h3l1IyqMo3THW5xn-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/n4rguIB7Cf4h3l1IyqMo3THW5xn-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10646\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Fri, 19 Dec 2025 18:09:48 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: 8753286321e35731496172cd60b0bc10\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":10646,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5318357a49d58655863e3e13d999bd65","sha1":"29c28cfd6c1b7ea41008d36787cc9c846dc510e2","sha256":"f9e77b533fa2981c631b979aa0b0a1d3ecb7e7bb889d0fb58ba172aad07a6904","sha512":"756d5bcdb5da011b065c4a65513f383a15b19cb49f5be6507186a8431fa5408aa5f56eebea727d007fa96233f8a396b98ef2eadb06097ed2c3bd9a74a218a53a","ssdeep":"192:10QmmY2guMksomwpbk5sZgDnEpw/qJKPjcb9O6iCdf85W8WWkSXmyg1h53RFoipt:10NmuuM85HpnKPjcBACxsnWyml5Q88yp","tlshash":"9822d0960cb174c2d5c86de772855961c80d21b701289b66a2bfbf706df88e5f0c0e7a","first_seen":"2025-12-20T20:05:47.220394Z","last_seen":"2025-12-21T14:18:59.212839Z","times_seen":2,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":443,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/07/cf7hE1ifY4UNbS25tGnaTyyDrI2-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/07/cf7hE1ifY4UNbS25tGnaTyyDrI2-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/webp\r\ncontent-length: 12526\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Tue, 29 Jul 2025 07:08:47 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=342\r\nx-cache: BYPASS\r\nx-request-id: 6f57be0c85c9eac6abe11841a9af4abf\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12526,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8d61a3da590ee733702291b5155bfa51","sha1":"2874af90253db46e050feb2191cda11555bf111f","sha256":"e18aa19aea7db530ee56b808b5543b68cf3e1fb2215b25d25af1638d1652fe1e","sha512":"acc61979e3fa200aba60a64084518ccfb7ca7eb64ae796ea7cd9c3638bcbae75b3736323bf42564757563588dd4dce74686449d5e3679e2b18b72e3e2ac970b9","ssdeep":"192:ouexPJzifHfpHev/DNdDAr7iPXU3kDVim6WpbeiEIDi/Z440UObMhhMH:oRzWHhHev/HSiUkhp6MDW4yObOhq","tlshash":"4b42bfec8861a4056387b58e2c40ad4ce9890ffff4b28fa56015e071ba447b19698df1","first_seen":"2025-09-25T01:07:31.076018Z","last_seen":"2025-12-20T20:05:47.221302Z","times_seen":5,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":434,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/9yfwLB2BBBG5YSuJXtSRTaT8poS-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:14.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/9yfwLB2BBBG5YSuJXtSRTaT8poS-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9886\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:15 GMT\r\nlast-modified: Wed, 10 Dec 2025 08:08:10 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=372\r\nx-cache: BYPASS\r\nx-request-id: 391fb3a85ebd3a2f762d8e1df9c32cca\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":9886,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"fb58f100e49293b74166bed11ed6e1da","sha1":"f7f9b99314fd29855dc6da664f35f942057591ee","sha256":"9112492f5b0358877b485da90a41cd91883af87a2947339ebcb8f0eb2d3694c4","sha512":"b3e8cba634e2b53c9632e55af9380866d7da685cb8b19d9943723c81805255bafd88549cfbaad0a3d1f5fabb8f1155f776d7049f53bfc694dc6c0b59cd1c70bc","ssdeep":"192:f8IdlCiRoKlJk2Fkihee0BDMS0Bdo/dqsLj/7cO0EDvU8ZW2ibH+fxsDCqwQ3wyL:X+iuKee0pM7B6dqmcoDvUp2icsDz3Q7Y","tlshash":"dd12c0f7918815b515fb3ce6e83877b71b89a61221db8e5b71a88843f40117ab06ec37","first_seen":"2025-12-20T20:05:47.222411Z","last_seen":"2025-12-20T20:05:47.222411Z","times_seen":1,"resource_available":false,"data":null}},"time_used":472,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":472,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-20T20:05:06.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:07 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 35230\r\nlink: \u003chttps://www.f2medx.ir/\u003e; rel=shortlink\r\netag: \"187789-1766260561;br\"\r\nx-litespeed-cache: hit\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=342\r\nx-cache: BYPASS\r\nx-request-id: f543dff2db63c174b621ff8a46fa6279\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Yoast SEO:24.1","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]}],"data":{"size":374985,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3400)","md5":"0f4652fa89b60b43012916f8a7be27b6","sha1":"98c6ef22882539bb401fb969af946c86d80be7ce","sha256":"7a582639ada0d77df34b3e29ac92ac9c54d2192289b268688b8ae44b7124fd57","sha512":"813d7fffbf906af53fd734095bbd7649ebdadeb128b44981a0fbfcc802ae6f2a29bfeb32debe5bf2a5df1f170a45150a5f6c59f03852c905a31c4bc259a6f546","ssdeep":"1536:KbA1YN6NalCOalC0KnXBLg34/vvUAeMld++jMLEzmWmBZI:KFE5KXWWvjMLEzmWmjI","tlshash":"8f8484b1919e1d7f0727c2c4d170bb6cd283c432d786aac7f5fe6b498b85d2269112ac","first_seen":"2025-12-20T20:05:47.223314Z","last_seen":"2025-12-20T20:05:47.223314Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1341,"timings":{"blocked":283,"dns":0,"connect":93,"send":0,"wait":437,"receive":338,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-includes/js/jquery/ui/core.min.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-includes/js/jquery/ui/core.min.js HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 6811\r\nlast-modified: Fri, 08 Nov 2024 15:50:40 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=336\r\nx-cache: BYPASS\r\nx-request-id: d821664647e1fe044790a7548b0eec98\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":21464,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (8189)","md5":"8fbc22c79d40119dde9a5d16897002b9","sha1":"e9837519aca724457792e2d5ee98a97a0367cdf9","sha256":"7e84c9f8d71bc6eb2dac2fce59a6caea62da51ffa8cf56b41806f59386ab1322","sha512":"3118a198a3710c839c15d6c4b5dc9f9adcd637913af2e26f438b01c80b27281f4937e25aad2817855d8b3eb36207c61ae16d62b17e698799c5316e86f52ac6fc","ssdeep":"384:G/rsrDr8LVyraS3dtrqorqr8hrpCip8fuxNhBGX0CiS9rH/OrLrErJ29FkFvd:iS33Z5vK47kv","tlshash":"81a2d94eb246380586f7a2a5402f521fb132e25cb10588ddf468d8da3c7eea95173f79","first_seen":"2024-07-16T20:15:04Z","last_seen":"2026-05-24T15:29:38.608867Z","times_seen":39485,"resource_available":true,"data":null}},"time_used":458,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":449,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/7kc0Mr2bRCpzIexZqq0ALnamvvY-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.677Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/7kc0Mr2bRCpzIexZqq0ALnamvvY-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12119\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Fri, 03 Oct 2025 18:32:32 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=338\r\nx-cache: BYPASS\r\nx-request-id: 783afa04a3dbf2af52c7a44b197718ea\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":12119,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"c7541da4b5fad4daaabe8c85f7d3d94b","sha1":"309f9308cabd1c1e5bde5a7a7b2048f359b60f24","sha256":"8de8a0ecc2d2f0ecf716c40a12fa1daec55b1d164f3c2de9981c7e18cb2add38","sha512":"de449fc1d591ab5634d664855dea570927cbb85f7caf0be8b3886cb0a6a315d52c8fc661f94c08e4cd3cfdf8b16fcc004e5c2338fab0531d18b76cf2fa3c5cd7","ssdeep":"192:/gXt8kGUnR/o41xqAp1H0KnI+VL4ePAL5bc6MqNmqFj8kc2fXKjaf:YukGURhL5VlIL5w6/mqFIUf6jQ","tlshash":"1c42bfb9f10650b946a9fc03788694cac9232c01b4066e1f8976c3fe87619df69488be","first_seen":"2025-10-07T23:41:16.08816Z","last_seen":"2026-02-16T22:50:45.843135Z","times_seen":12,"resource_available":false,"data":null}},"time_used":436,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":433,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/5scWsRsH5MUJEgXB52w0fM6I2gM-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/5scWsRsH5MUJEgXB52w0fM6I2gM-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9046\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:12 GMT\r\nlast-modified: Thu, 18 Dec 2025 14:39:25 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=342\r\nx-cache: BYPASS\r\nx-request-id: 489575cbc35e56e82d4880c472648e00\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":9046,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"fa9ee6356423aacfceae5712bc90fe92","sha1":"2f9e5590fe50fdc6ae424a3a0cd5224cc0a5ee4a","sha256":"fe5b614c3a39d7ecb96787a74803ca3b3ff4d92c7108bdd54d78f266c3bbb90e","sha512":"47d50d782078a46b071d4b16a2f07abfc6b6ef27f268a30bb8823194460719cc9f874553b21d963d6fecff1538c708aaf564ae3a147f071b1878804122027561","ssdeep":"192:/BQhRR/HFQEl8qttY1OsnH98AKR13WEOd4b92J:/BQhRRtQETtY1Osd8AI19BpU","tlshash":"f312cf25039347f1c4a96c92f77365c62a0fa4afe538876633d8232c4237de1e0836a6","first_seen":"2025-12-20T20:05:47.225222Z","last_seen":"2025-12-20T20:05:47.225222Z","times_seen":1,"resource_available":false,"data":null}},"time_used":435,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":435,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/gHcS8ajBzhKR9J0IuxQZxvAdyXS-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.696Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/gHcS8ajBzhKR9J0IuxQZxvAdyXS-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15044\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:12 GMT\r\nlast-modified: Thu, 09 Oct 2025 18:41:29 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=338\r\nx-cache: BYPASS\r\nx-request-id: 85b28a93358588d4eaf04ba32fc5e0f0\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":15044,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"e3bdb41a9c47534b4a1abf4a8bfe630a","sha1":"b4a0922c5e07ada980f8d5bbd3608a29582faf03","sha256":"359a5803ed4e38db15a286cf6975b88535cdc73b1b3d45bbf59d85ac6ea2f6ab","sha512":"e56774d6547cedf7a8abab664da915fec3ca740c00590ea27bbf78172b64ad862658444fbfda75a0e811d76f8e33f57561bdd9f3d592ea28bb0d74095d65a417","ssdeep":"192:/gC/xzg7hJm3Htk0kR55sM3YmOdK3e9hB474eVI6Kd0NTUBmVbdc0gRhnHJeCNae:YsM6HtJkl8hBaITkTemphgbnp9Dx","tlshash":"4c62cf94dba49a388b8f4ebf8507c09fc6d0473426044d62b279d428bf790fba04b387","first_seen":"2025-10-16T22:16:24.039797Z","last_seen":"2026-02-16T22:50:45.863052Z","times_seen":9,"resource_available":false,"data":null}},"time_used":436,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":432,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/oQk3aXYEa4TMd9rAYgzDpAYTU8P-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:13.244Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/oQk3aXYEa4TMd9rAYgzDpAYTU8P-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16397\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:13 GMT\r\nlast-modified: Tue, 07 Oct 2025 20:10:21 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=360\r\nx-cache: BYPASS\r\nx-request-id: 7ca69e482af2550844d2b87e3791c5e7\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":16397,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"bcce168c31272e91a7edf3cee0a2eae7","sha1":"c2c6bcb0ae5bab2326d839919029f20e1531acc4","sha256":"e2121ccc58b7747f1f852163efbaf1ae685b3816467fd7ad6bdd284f1e1d310d","sha512":"7c98258e218388f24d0ff13d1a797f36673fb2eee9d09e3620d109f33d9f07bffc7801c9931047d928adf9390289f44051d92a095bd7465bfae012fafd4fd6cf","ssdeep":"384:YNc0CzziV4wJ3qfx0H83Y7dZQiTJroIjegu3GKaN:YaHzSfJ3qV3Y7dZRroIjegu36","tlshash":"8072d1ce5aa24576fc079ec85eab56d083a8cf9074896232f3f4dcd73408cd827a85e1","first_seen":"2025-10-07T23:41:16.243354Z","last_seen":"2025-12-28T12:07:45.223149Z","times_seen":5,"resource_available":false,"data":null}},"time_used":614,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":455,"receive":159,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/themes/film2media/assets/js/script.min.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/themes/film2media/assets/js/script.min.js HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 2991\r\nlast-modified: Fri, 21 Nov 2025 15:32:33 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=339\r\nx-cache: BYPASS\r\nx-request-id: 4d4e7e2c46bc716001855732ef42d312\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":10518,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10443), with no line terminators","md5":"947a5eda42249bc76f2e58b488068718","sha1":"90ef680d8de2fea227afe5c998336b00982d3374","sha256":"3f7ff26a48b46ac74797c553c1907b9fc4586e0d5b4d8901846471568e0ef2b3","sha512":"5d3a67a52c6916b1545681cc6cc00b1d89f939e9faf33e03803115f924451e7332610850300dd06360d03bc00975a62397e1a335b135db6abfd0e1ef017d9938","ssdeep":"192:LPRLzFZsBkVa9///ISAIM2hv98paTLpjpgXQNn8U7E/H:LZ1+Bk0///ISAIdFlXNn8U7Ev","tlshash":"c2229124b151b4b2037b51a7243beb0b26f3a93ed543469490bc4bb41fb9dc52363f6a","first_seen":"2025-11-29T14:12:51.646235Z","last_seen":"2026-01-01T18:00:06.484784Z","times_seen":14,"resource_available":true,"data":null}},"time_used":462,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":458,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/azacGGRNAp3tRO197rEznDTdg7s-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/azacGGRNAp3tRO197rEznDTdg7s-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12901\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Fri, 28 Nov 2025 16:51:32 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=332\r\nx-cache: BYPASS\r\nx-request-id: 54e487976aa52bcdcdd954a0dfdde550\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":12901,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"1e26bb275c51aecb3067d58cc0ab9326","sha1":"3252ed259fe452bd0473f17d9e83764f46304d99","sha256":"05439da7516bc1c7e8b338d3f4a05e47bfbd44dab22c0f91e9ce5e5839780a35","sha512":"c3fefa0e8d5e5838580ad2b1269e70c1ba061054e4c62dd67a7331de509bb1e36e0e0d4fa5c4872bb149c403a44f680663f47a25f1e8f1a9c8476e6a17b55495","ssdeep":"384:YRsq7d35P2s4q/O6Z4KpEOhuDqBaG1FUA:YRl5N2TYOOo+hr1FUA","tlshash":"2442c0dce1a251e08f164dabcd131e4690a7f370be8246742f3ad364cdc58c6e9d5b58","first_seen":"2025-11-29T14:12:51.680754Z","last_seen":"2025-12-28T12:07:45.178222Z","times_seen":6,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":426,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/08/irduRSwc7EN9H8lqC0ey7UNz4Pz-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/irduRSwc7EN9H8lqC0ey7UNz4Pz-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15029\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:12 GMT\r\nlast-modified: Thu, 07 Aug 2025 11:40:17 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: 270a6d96de2103b0c0f396fff21e0dcf\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":15029,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"6bd6ed23a7bcd56206fa54273a453363","sha1":"c56f605fed0a3a63cb1d51c530b60da744dfffc1","sha256":"0ac5a906f686efcc9bf9ae0b0ff6e4c889ec077a74a836a27b39a949789747ae","sha512":"2366e71cee02670aca42fab7dd04d0b726b3ff65c4a677d5f85a86f264d009ad6f5ce656672f5a8caae1c84e4ab54de24813a9741712efc7ff48cfe65dcb3105","ssdeep":"384:YhAl5YiYYDPVHG5fxswsw6tPJABDQ7BRW37HZ4gL:YO5CYDPVHSxEPJmDQ7BQ37Z4gL","tlshash":"1862d105300ea1e1e3abe8a6094d911e7dc1a7cb5544ed0aa139c37d7a08fdbb4fc253","first_seen":"2025-10-07T23:41:16.026313Z","last_seen":"2026-02-25T14:30:39.600436Z","times_seen":9,"resource_available":false,"data":null}},"time_used":447,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":444,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/jcINuyAjMmiv9xZM2LpDoQhu8Ew-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:15.704Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/jcINuyAjMmiv9xZM2LpDoQhu8Ew-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:16 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12912\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:16 GMT\r\nlast-modified: Sun, 05 Oct 2025 14:21:43 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=340\r\nx-cache: BYPASS\r\nx-request-id: 21e0874e09ced792426a72ebbeaa2f2b\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":12912,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"8a10787b594b8f93a701c7a240899961","sha1":"fdd58b9b2909c231095a4823b20f60d9e23224cd","sha256":"ca75545b5964c3f6db600b68f2238e1727cc5595e731baba90fbada487f8ccb3","sha512":"4ac7c2f89ca9e5c1122d8fc796a4762d4031fee92f0cccb5bc6b0a48e9d3be6f6dd520f38a81ddb142eb31fcd2527ce450c26bcfd04f4772dd38d2240d3dd27b","ssdeep":"192:/gKTPwNV8cGfpayvntsXo70bb1Mm2OJ3bzCE633Vu7lrIc13Pb6xj/n0ChKqt:YKwbZyvKY0bxJnCEu2lrIc1/Mb0CAy","tlshash":"d142c00f2b7023d0bc6f8ebd6dd101b96d7a5a9bf416f926627ac40490b19cc2f51495","first_seen":"2025-10-07T23:41:16.042316Z","last_seen":"2026-02-13T08:09:13.541476Z","times_seen":8,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":434,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-includes/js/jquery/ui/slider.min.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-includes/js/jquery/ui/slider.min.js HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 3010\r\nlast-modified: Fri, 08 Nov 2024 15:50:40 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=345\r\nx-cache: BYPASS\r\nx-request-id: a13515795369697fbac7fd6332d2e060\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":10759,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (10578)","md5":"ec2777f6b09c345d2ab0def96b5cab9d","sha1":"10713118d9f7aa90bdce30ea21508b2e99b8b33f","sha256":"d9b268266af74b5c0834e2a519303ca97c5427c5fb7abb3b89ad29e07664be14","sha512":"77b8845daa7449a72a6365e75ae56781c82b503619f7d90ce4ba0f5a8c025b59f3881f0bd3b51570b2c3a6567a6be1e783615954d84b9fff95812e230cc8ffcb","ssdeep":"192:Cr0AcBogU9EEk7Wxcf55I/6wG5klFhBsR0PWXYpt:Cr0AEPU9EccbUt","tlshash":"7f22844a320a2b015b9bd271653da8cbd77752c8690449ccb074dfce445cf59a2ebf78","first_seen":"2024-07-18T17:31:23Z","last_seen":"2026-05-24T16:13:22.216442Z","times_seen":29752,"resource_available":true,"data":null}},"time_used":466,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":466,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"panel-cdn.yektanet.com/media/CACHE/images/assets/image/image--bdcbf782-59c0-433e-943e-4e8a59257b01/90/150x100.jpeg","fqdn":"panel-cdn.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.80","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"GET /media/CACHE/images/assets/image/image--bdcbf782-59c0-433e-943e-4e8a59257b01/90/150x100.jpeg HTTP/1.1\r\nHost: panel-cdn.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_global_token=01KCYNVF9GYG2S7FJFFK2D62ZA; gearbox_ad_token=01KCYNVF9GYG2S7FJFFK2D62ZA; _yngt=01KCYNVF9GYG2S7FJFFK2D62ZA\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5707\r\nlast-modified: Tue, 04 Nov 2025 15:14:49 GMT\r\nx-rgw-object-type: Normal\r\netag: \"4d759eec8a9462c00b5fb71f4c885277\"\r\nx-amz-request-id: tx00000f016d19593dbde1e-0069449cdb-6e698df3-default\r\nx-zrk-us: 200\r\ncache-control: public, max-age=3600\r\nstrict-transport-security: max-age=0\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-expose-headers: *\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-zrk-cs: HIT\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2002\r\naccept-ranges: bytes, bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":5707,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x100, components 3","md5":"4d759eec8a9462c00b5fb71f4c885277","sha1":"3ce8a897e26859711a25258cc3b4a4073ed2c5a8","sha256":"53235e8e64d540598d030d9a46a327090bd91350b884191f9601fe530cd9489f","sha512":"57ce3a58deefa3afccbf4512a62e9e0d0e1ebd78579e489340b8950dc3084afcad13d1ebb4de965eb4b948389cba652cb759340097c29fb731faf85655da72ab","ssdeep":"96:4ZWyVc3XuHPmdoNsppC357MLLqAGCHnyE007haEdAHHnLzntVu7QPCz3c8bF:4g2cHimdUWMDWSF07cLHnftVuDz3FbF","tlshash":"99c17e1da9e452fdf0064d464a11fd33fec579c1206269bd46ca0220ab4a8ce4fb7d1a","first_seen":"2025-12-20T20:05:47.230477Z","last_seen":"2025-12-20T20:05:47.230477Z","times_seen":1,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":24,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/bJCgCO3NkBpRr7KPTVYrtva9daj-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/bJCgCO3NkBpRr7KPTVYrtva9daj-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 14074\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:12 GMT\r\nlast-modified: Tue, 16 Dec 2025 21:59:14 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=336\r\nx-cache: BYPASS\r\nx-request-id: ed87d1a366090530b1bdaed1627f05bb\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":14074,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"38abf8e950b3d13d47511f32ca6559c8","sha1":"5eaa0c3d994a97cab41408244211b4af93fdb259","sha256":"3bf3996e683335afb6119adb650d7b0292a442208e4eacf265636d3961676971","sha512":"ad6bd341e9acd21ca503e697a49f483cc36cdea7b82be15350c6738b68af4e8eafd3c3bd91279468d24b519f897430601038480418ae048e49e05c3af0289943","ssdeep":"384:XqloT4nYCro5wnZQTkkWK5XWDcomTd8XtVAI8zf/CQ70KPEmeQo4Z5:AosY1enZC1nloUDLC+fR5","tlshash":"af52bf1909a18c5c62a5c3a571871740b2dd6ffcbbfa728d31691e88f40e82ced3a55f","first_seen":"2025-12-20T20:05:47.231233Z","last_seen":"2025-12-20T20:05:47.231233Z","times_seen":1,"resource_available":false,"data":null}},"time_used":431,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":428,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/08/the-winning-try-1-1-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:13.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/the-winning-try-1-1-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16624\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:13 GMT\r\nlast-modified: Fri, 08 Aug 2025 18:55:52 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=347\r\nx-cache: BYPASS\r\nx-request-id: 5df38d3e91682de883a28d182d1b5e08\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":16624,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"bb2ef3f157682f3278c9e61fbb9e7c3f","sha1":"b1665c085a02cdde3400b6e3b585072b2e3d5eaa","sha256":"e89764d8f50a7ec67ecb2fa2a2c15d1373c28d3ccc75dfbfc36da9922c5d2b66","sha512":"b88ff376d666e3fadca1cb062340f29f9916a2568661abdc67e454762d3914543e8f44463a789754910258cbce73277a17f939ab71c19170e71793790f52cfce","ssdeep":"384:YVfuRQI8RFlKbW53RqGcTa2FQ9hWD204XGMXXxgHFQkKX:YMWRfMb7T22FQ9ha2ZXGMHxgHFDKX","tlshash":"af72c0ad87b813f0dc9bcf798e945583e7148d08dbc352568bb8c0b843612e4da3ad5a","first_seen":"2025-12-20T20:05:47.232158Z","last_seen":"2025-12-20T20:05:47.232158Z","times_seen":1,"resource_available":false,"data":null}},"time_used":617,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":445,"receive":172,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/nVl892J7boHDS5blMi97wQK7BUt-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/nVl892J7boHDS5blMi97wQK7BUt-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12975\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Fri, 07 Nov 2025 21:10:42 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: 61ae57ac1012fd9ec33d34a652052443\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12975,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"ecb134a6f7cb27cd7b766668f487eeb9","sha1":"3e5c4be35e661fd958563f93fcc500710965cd1c","sha256":"5828bdd324cbd2c4db29e4f2c5511d6b963b47df704968d7989c4494bde2f507","sha512":"5d9dd8b925852213f3f5a50082c7a73248df0cef4534af344c9b5c80dcd4b56edec9957fe42fb2655ecc7c615cda12b0d5f5214c4273c03416f7f610fb37ba0e","ssdeep":"192:/gruZRZ2AGOMJGjIEv7PQJh2vI47ltoaq3IRa8Bkm0cVKiu34jegVj8CZ+NyDchJ:YrY2QM1Er7vI4zowjBkYM3cegVAlZ3Cc","tlshash":"a742cf0d88ddb2258c5b9a983d2915db4e810c53a0f994497b72fafb4d014fbd2af48a","first_seen":"2025-11-29T14:12:51.696338Z","last_seen":"2026-02-16T22:50:45.778834Z","times_seen":7,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":444,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/49bPrxvgwUqEtvOfvTe3x92hEFV-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/49bPrxvgwUqEtvOfvTe3x92hEFV-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9028\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Fri, 19 Dec 2025 05:17:13 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=326\r\nx-cache: BYPASS\r\nx-request-id: d9ec6d0a1c31bb12e6d7475966419ce6\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":9028,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d8c32f8d11545e44d9512aeba2fdac7b","sha1":"6fba23d6369c70531f43b2db4af280c2cc938b84","sha256":"24602f662564f1fe15e8d1b78ce57e6d1f0f10f3fe219aa94887703dce6c0df9","sha512":"bc2ec1833bbaef1a5b475fa758c908f0cd5a56e714609d61fac2a81b842483dd48965a83c835ff7ada2f0802c6a3dc9faa4a48147792a8fba6ef049bf75c445f","ssdeep":"192:+GCrdysiZRUDSMHGIbe+3GBJWQy2I/QFcbeBd0B9nwTnTZI909WfvX:+GCcXHUDSiJX3ekQzd0Q9I9gWXX","tlshash":"b612b02414695159feb128c1978fadbdbce8650f4c72cd861b608be9f1b8345c4fb364","first_seen":"2025-12-20T20:05:47.233721Z","last_seen":"2025-12-20T20:05:47.233721Z","times_seen":1,"resource_available":false,"data":null}},"time_used":425,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":423,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/aecBFir2aF59MOflpYimaFu7hnI-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/aecBFir2aF59MOflpYimaFu7hnI-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7498\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Wed, 17 Dec 2025 18:18:47 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=355\r\nx-cache: BYPASS\r\nx-request-id: 9d5127fad01533dee320bbdc7bf075f3\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":7498,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f3db49e2e1746afed82801df84e29342","sha1":"7f1c5bdd89ac7e23027b68a2c1c0c21e4ffed6af","sha256":"8358023ce6c8b659883d0e2156f8ad27c1a97818965d79fab8f00fa80dd8a233","sha512":"c687880fbfdf5c9ba612ad60c870c695b9470042e215835f7d790a338627bd873c6ab654b37a09b997ec1acd51ad4e5bfb3be4c5e502f8bc299924745b1e1cfe","ssdeep":"192:f0IC1eJGZT5qNSBGmjx3iuwZ/PjfULozRJwny:f0ICgJWqFYJ2ZnILqCy","tlshash":"cbf19f9af1167e33b6f216597b85331b0c1bd5007279f78834b2b9c4be7221dd4221e0","first_seen":"2025-12-20T20:05:47.234638Z","last_seen":"2025-12-20T20:05:47.234638Z","times_seen":1,"resource_available":false,"data":null}},"time_used":450,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":448,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/id6YDOrtIe5K4xIyYpViRuGXCdH-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/id6YDOrtIe5K4xIyYpViRuGXCdH-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 14440\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Fri, 19 Dec 2025 14:55:16 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=332\r\nx-cache: BYPASS\r\nx-request-id: 6a673dd559e86ef1fa24ac441a695eb0\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":14440,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"938b68958eed0fc50afe5bf3bcbebf0d","sha1":"16f610fa72f87c20dffae035ca02acb4e975f760","sha256":"c5a1cd800972f4659526c3106055cfbb13ca1a39aee367b0c97f56092c5f0360","sha512":"22a59efe0709ccd3d49da80a4f64c8c6985c9615ffedf0c6ac5d8e6c272dbcede71ab2d00b2fa58e47a26e4bca04e04b61b6a061fbfcf1f04884e5282de3d54b","ssdeep":"192:Y0A6gWrXPGNXYOLNVReMdIYNsAMooZq8SkOIxGVhy82+vG47GqGnWlx82pP:YWdCd7Lajq8SkOIxGVFunqG2","tlshash":"7252d0482e7b4d28e511b714b9b30343d67b0fa85758884e23bb47b9a7e8c735d80dd2","first_seen":"2025-12-20T20:05:47.23543Z","last_seen":"2025-12-21T14:18:59.254329Z","times_seen":2,"resource_available":false,"data":null}},"time_used":427,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":424,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/mbGHijUc0C3fcM12l6ro6FgxIvg-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.562Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/mbGHijUc0C3fcM12l6ro6FgxIvg-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5442\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Tue, 09 Dec 2025 06:03:40 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=340\r\nx-cache: BYPASS\r\nx-request-id: 34fd19b0faf9e12d9e197698a1751dd1\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5442,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"79d79bd2a8f28669e8a5bce7e07e7dda","sha1":"55269cfac8106501fab47949f7a5a78c8e9829af","sha256":"40e3955701b1a56862201b00fb39f56ac12716b0d5a7fbba32ad6229a5d351cb","sha512":"9aeba730d126aa7ded78415a73a80f34fe3d799e9c6e52800ab95523a7929bfd9525a570cc9b05e6a86bc7b77d1cde56f944bfc51743cfbd3fa9c0bcde6c9ba3","ssdeep":"96:vdpUDuYmEBu58XygRagnvgi7MF9RkVnGsWvP15O7+rQu2+9xbu8+5t12t:SuY1ryg7nvgi+RkVGsWF5T2+9bCtst","tlshash":"16b1aefe062faa21f85a0cd2c43f0738593947442424dd1f8a1d98e0e982aa97322fcc","first_seen":"2025-12-20T20:05:47.2379Z","last_seen":"2025-12-20T20:05:47.2379Z","times_seen":1,"resource_available":false,"data":null}},"time_used":431,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":430,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/uMZBbAgS4TLMmejXRaWdMmENw6J-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/uMZBbAgS4TLMmejXRaWdMmENw6J-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11629\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Thu, 18 Dec 2025 19:18:11 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=328\r\nx-cache: BYPASS\r\nx-request-id: 93b8369dde736a2511c6688c063a2b0d\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":11629,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"ac79ca30877ee8d37dfe91142923a3e5","sha1":"23d4ab11c521c3879717641ba553727f62fb1e27","sha256":"8a504cb8afa27633df58e2518b195e1e2e12d9cfe3ac0faac7ba5f38c5078122","sha512":"72d034d7c4a33b96297ad810cdb004ac49ac6de84b20cfedd74c46a98b0a5560693bef179bdf0c7767a96f29bc1d16c97046603c9dc5be7ae23108805be3dbd1","ssdeep":"192:/gdDnxDF2zDQMyBsA0nCZWmqIOqt7O0cBQj0C/b8zAEdaSnQ/MIIgcu9qhMWOsyV:YdDxdsznCZWmTM478zXTnQ/Iu9DrV","tlshash":"af32b03d0a01b48159dd4e785ec63546685dbea041e8c93600bac729b2b36def4ab70c","first_seen":"2025-12-19T05:45:15.517447Z","last_seen":"2025-12-20T20:05:47.241296Z","times_seen":2,"resource_available":false,"data":null}},"time_used":425,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":422,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/4hT2pA7J7uvdlNZzYIHQzapXCY6-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/4hT2pA7J7uvdlNZzYIHQzapXCY6-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18643\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Thu, 30 Oct 2025 09:56:49 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=351\r\nx-cache: BYPASS\r\nx-request-id: 60a0ecc1f9a4f17ea6d45b11a3568f92\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":18643,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"964070a6aac8eb370d26edcc3c69ace4","sha1":"4a6aa6122c68bfa3d3b6616cc036860161015ddd","sha256":"b21653831a287e6ea77dc42fb687ce3fe6ca650525b65d4838a51a8b27667573","sha512":"61f4de7efea2446076f203b9e1c95aa07ae0c4d4e22ec17854d5a2de2cd2e5ad10dff5ee6e348e88398969998f7e139fd3c76d6e1bc19a02c93be1408b0dfb60","ssdeep":"384:YCl2f9U2sHu1yMHTJOkGSY/1quv8VOWA/C3Zwc:YRFsHu1LzJOkGSY/1COPeP","tlshash":"9e82e0505f2c96a5b6768aa8c80ce6b3f33c8e44995ceb4292b7f1cf8b465cddc042d4","first_seen":"2025-11-29T14:12:51.659086Z","last_seen":"2025-12-28T12:07:45.16295Z","times_seen":4,"resource_available":false,"data":null}},"time_used":615,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":445,"receive":170,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/vJdXh0Ezcftep9ft9zvL8eI0EoI-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/vJdXh0Ezcftep9ft9zvL8eI0EoI-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:13 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5882\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:13 GMT\r\nlast-modified: Sat, 13 Dec 2025 04:50:00 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=336\r\nx-cache: BYPASS\r\nx-request-id: eaf41e1c21609178741c8b277cc389ba\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5882,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"964c0408c3a76b106cc17bb4bd6095b3","sha1":"ea7c999bf66c0d49670a8ad3200389ebff8d0c5a","sha256":"426d5e9763103e4a1d1cd29be4d1847d487ca44b58fe70bfdc6c1b9e5a1a7f43","sha512":"9f7dcd0369c78c46a408b42526cd25708cb3b6dc250fee68259af25ed711122a098a5c3ef6d7523ddf1bfa05385f47247a1ea13fe1fbf73f80e347427db3ca66","ssdeep":"96:HfHyB/GoNDHrWLjgH5ZKNCbGtPzfl6Z/EEs4tLl6ss90DTfQ52TUJtS1gHip6KAN:/HmOoNzr6jgvCPZ6Z/EqVlkqzY2TOSKT","tlshash":"d1c18ffef5e8ec9cead0505e9cfe47d006aaa9eeb946114e0062dc015299a670840fa2","first_seen":"2025-12-20T20:05:47.243002Z","last_seen":"2025-12-20T20:05:47.243002Z","times_seen":1,"resource_available":false,"data":null}},"time_used":431,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":430,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/yhWKTCYa0LK9kS6zcKGYc5Dx9xQ-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:13.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/yhWKTCYa0LK9kS6zcKGYc5Dx9xQ-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11359\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:13 GMT\r\nlast-modified: Tue, 28 Oct 2025 20:00:02 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=342\r\nx-cache: BYPASS\r\nx-request-id: 507d433c4e8aa1b98dd3407f24bd6990\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":11359,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"11735b0e144067977f6decebf828ea0b","sha1":"c524371748bdcc90329a76542be9de7232f9dbd0","sha256":"d5d2e423b8223c9357bf8be7519981282935675d9f699bcf2443ef02977be40a","sha512":"864d6292477ffe0025cd8b457c2da3d6e2a414b8242e06f1ccd1181d65b6ba9baa0feff44507e9941ccb2f4a70df633d4bf37a3db138805be91ffe7f6041339e","ssdeep":"192:/gUOJqZuwhMXp5G7RJFeqxK/2CrPlWFqCei+Ifc92UzYNFhvJzU2jR92blWDwYUv:YUOgZlhMXp58R3eEqb+7i2fhB32p7v","tlshash":"fb32b0c2904685a451074da8130abea36ade8e3e77687b313c35c759fb65fdb80059d8","first_seen":"2025-12-08T04:48:41.986223Z","last_seen":"2025-12-20T20:05:47.243832Z","times_seen":2,"resource_available":false,"data":null}},"time_used":438,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":435,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.yektanet.com/js/6.0.0/film2media.pw/native-film2media.pw-2294.js?v=f4b0fa468f396d107f602e3bc3122a77","fqdn":"cdn.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.80","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"GET /js/6.0.0/film2media.pw/native-film2media.pw-2294.js?v=f4b0fa468f396d107f602e3bc3122a77 HTTP/1.1\r\nHost: cdn.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:07 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 16 Dec 2025 12:03:59 GMT\r\nx-rgw-object-type: Normal\r\netag: W/\"b146713f6e975ea6dc3059f92dda1d60\"\r\nx-amz-request-id: tx0000080d60681c33475a0-0069414d20-6e32139f-default\r\nx-zrk-us: 200\r\ncache-control: public, max-age=3600\r\nstrict-transport-security: max-age=0\r\ntiming-allow-origin: *\r\nx-zrk-cs: HIT\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2002\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":154111,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65434)","md5":"b146713f6e975ea6dc3059f92dda1d60","sha1":"976195903de137ab4c7d9eaebbdb85547ebcc46e","sha256":"a7193e20f34ee7e51213f961205dea058baa9190704deac36a1e7bd2cce5b665","sha512":"301dfa44e3f44a5b49186e9085111e14119e12c22e937bca60958129762b71eb286d37a1ab14be9f4424c2a7681142f347ef87458936d18cab9eecd9f0e2e29f","ssdeep":"1536:Sm6yEu2TH9ilTNHnR0JHcFbRnIxTZ+A63E45Jp3Rc5SM2+8VXH7WLivRb8FGV69U:F6JuaATNHLFtybwh5x7WnzrkJqXBqZ","tlshash":"5ae3829cb2d2b46243a37078506f240af37b1895648d8490f739d8e5bdb994e6133fbd","first_seen":"2025-12-20T19:15:46.445945Z","last_seen":"2025-12-20T20:05:47.244681Z","times_seen":2,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/09/01-6-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:13.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/01-6-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:14 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 8576\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:14 GMT\r\nlast-modified: Mon, 22 Sep 2025 16:41:22 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=330\r\nx-cache: BYPASS\r\nx-request-id: c2abc734379ba86f5ebbc70d8be67d7f\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":8576,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"54385b7502aed73a6dce9c65a2351f0a","sha1":"0d878bf0caa1a25454fc00dd42a4978f842e0cbe","sha256":"03774db320f4ec37d8be53edae92d818e3722315a44e3babf931dad9d914c6e2","sha512":"a1f7abf152425e161773d9c189ab56c85056718ad3af349dc4a74c3f27b07a23a62ac300b677306ef175abf5e3d44a11abcea320b3556cc50eed4e11cc498be3","ssdeep":"192:/g+6SZ8WOGlPvlHpfBKaH63Z0L4AbwzEW2pJs0:Y+6x6RDKaaJ0zkD27p","tlshash":"c602a0cdde05577c2533af39da5f06603d490a822150ae5be1b4e3609e99ce1d2afbc1","first_seen":"2025-09-25T01:07:31.169629Z","last_seen":"2026-02-16T22:50:45.774032Z","times_seen":3,"resource_available":false,"data":null}},"time_used":426,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":424,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/xdzLBZjCVSEsic7m7nJc4jNJZVW-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:14.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/xdzLBZjCVSEsic7m7nJc4jNJZVW-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:14 GMT\r\ncontent-type: image/webp\r\ncontent-length: 16894\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:01:07 GMT\r\nlast-modified: Mon, 08 Dec 2025 12:43:51 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=348\r\nx-cache: BYPASS\r\nx-request-id: b3f7b3404f67c595c62e31eb1aa76a22\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":16894,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"dd6c294eaaf2cd99343c2efe28f63ace","sha1":"680604e1c68f7c8921b71e7310df6f61c87eea24","sha256":"2641dacc56f02b7877d3482e0f321c077157407bbb6ecde6f81376eac6479a61","sha512":"71e815450aa3d8d67051949daf9d74074bd0896f2f650a4da2d4f09693fde6d7f57a0c052dd5013c39df33467fda1738959830217580f3c2e56be1bed37c933b","ssdeep":"384:w+q2obLQ9jtZvuZjQhvWmeae/Zj6NOGXKItOYSZNNP+1:a2oPQv48saIx8n0ZNNP+1","tlshash":"fa72d0658302b5d85a5c01037e97371484fc15e92a03bbd97d336b0ad55ecbab0d2fae","first_seen":"2025-12-20T20:05:47.246165Z","last_seen":"2025-12-20T20:05:47.246165Z","times_seen":1,"resource_available":false,"data":null}},"time_used":618,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":449,"receive":169,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.yektanet.com/superscript/E46QWyD3/native-film2media.pw-2294/yn_pub.js?v=2025011020020","fqdn":"cdn.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.80","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"GET /superscript/E46QWyD3/native-film2media.pw-2294/yn_pub.js?v=2025011020020 HTTP/1.1\r\nHost: cdn.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:07 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 16 Dec 2025 12:10:37 GMT\r\nx-rgw-object-type: Normal\r\netag: W/\"26f36e4632cb1203632a86e4182e1ac9\"\r\nx-amz-request-id: tx000001f667cdf85871a9c-00694665d4-6e69e929-default\r\nx-zrk-us: 200\r\ncache-control: public, max-age=3600\r\nstrict-transport-security: max-age=0\r\ntiming-allow-origin: *\r\nx-zrk-cs: HIT\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2002\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16322,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (16310), with no line terminators","md5":"26f36e4632cb1203632a86e4182e1ac9","sha1":"f01ebe1c24de9330ef7f12a0b2599dea433ea59e","sha256":"0a353e53798ac6a7666cd9d6e1e804dd9f14003c259da4b4d5677cf87d0071eb","sha512":"24c7aedf868c067d66e5df342074c1312213594e03dcad9f3340bede0e7cacc14acd971a932d28ac01b840a6de803f1304001ccb0788008beebff050471eb9d6","ssdeep":"384:A7aK8RGbF7jWHfpMCB0lE4vzpk2QLvZj6ATb4y4tt4:AONw5oBMCClE4x2Tb4y4tt4","tlshash":"d172e828b190b4b8436544a08d3f690ef33d25529449d4f8e399c8d5bd74e9eb312fbe","first_seen":"2025-12-19T05:45:15.548709Z","last_seen":"2025-12-20T20:05:47.247539Z","times_seen":3,"resource_available":true,"data":null}},"time_used":210,"timings":{"blocked":91,"dns":24,"connect":22,"send":0,"wait":26,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.yektanet.com/rg_woebegone/scripts_v4/E46QWyD3/complete.js?v=f4b0fa468f396d107f602e3bc3122a77","fqdn":"cdn.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.80","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.559Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"GET /rg_woebegone/scripts_v4/E46QWyD3/complete.js?v=f4b0fa468f396d107f602e3bc3122a77 HTTP/1.1\r\nHost: cdn.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:07 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 06 Aug 2025 12:37:37 GMT\r\nx-rgw-object-type: Normal\r\netag: W/\"d0c42703413a150e90fc215a3098aeaa\"\r\nx-amz-request-id: tx000009fcddebd0a7fcabd-0069414d20-6e0577da-default\r\nx-zrk-us: 200\r\ncache-control: public, max-age=3600\r\nstrict-transport-security: max-age=0\r\ntiming-allow-origin: *\r\nx-zrk-cs: HIT\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2002\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":55096,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32308)","md5":"d0c42703413a150e90fc215a3098aeaa","sha1":"2bd12ffa5c042737c81d0f29c568334a663beb65","sha256":"8ebca074b47c8e50f152c5ca8761d97eda75d460302f44563c6485e8749dd797","sha512":"b90b72c75b7ec354e53b04c68797fcfdd3a99303a6f516c23a9a5f354774de006a4ce80ba57999804b0f9f2984cfd1ce6894f4c95ef2b82ec2e926dd753ce985","ssdeep":"1536:1nCNYL5yqid5ICZMVqfyzU5zHzq+Q5DUQ7vEzxhU/M:ZtL5gI0hyzU5z4zER","tlshash":"d133069d74d6f0b207eb65ba913f620af23a25592c4dd4509115cce07c78e8f8263fae","first_seen":"2025-09-25T01:07:31.143852Z","last_seen":"2026-02-26T00:18:52.924297Z","times_seen":49,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/xHB43aUOtIezsD0lUzA0Sqk7ALr-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/xHB43aUOtIezsD0lUzA0Sqk7ALr-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12437\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Fri, 21 Nov 2025 21:00:01 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=343\r\nx-cache: BYPASS\r\nx-request-id: 8d1e4c301d4dacea50e1d353bbe658f0\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":12437,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"ccc035d6eb1bbb38c5498e95a47e2e6c","sha1":"c88c60d8f3fff8127a836629adf3e82e771d7b8e","sha256":"9d3f35e44fa376e3d648e140bdb6b5d63d797242227f70746da5e2b0161199f4","sha512":"babac848de75ba7ff903064881c83d933409ccafee993b95379adfb94577690f5ca45d26fce7680d1884b8ad9363d61ff430d527a82b542b12376ed5e537eef7","ssdeep":"384:YgmxbMEh1SG2gGB3l1ni2FYpsKDAVVIC6k/P6:YgmRh1SG2gC3vnp4awUy","tlshash":"ce429e161f6feaa014465d668adf224ed48bcbbb141649536bf3c0b18f78de48ce8502","first_seen":"2025-11-29T14:12:51.668188Z","last_seen":"2025-12-28T12:07:45.194039Z","times_seen":6,"resource_available":false,"data":null}},"time_used":442,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":438,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/xm5ER19nTk7iuWFaiNRUYe3Zlz-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/xm5ER19nTk7iuWFaiNRUYe3Zlz-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:13 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11196\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:13 GMT\r\nlast-modified: Fri, 28 Nov 2025 14:18:37 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=340\r\nx-cache: BYPASS\r\nx-request-id: 52b0ec0d7c6e45bfeba3ba4add0f53cd\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":11196,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d1338875eb50f41da0f9c3315967e09c","sha1":"04507df9f17a1929a6251991d2790046c38df937","sha256":"c57f34a8bef72e52fddb26d8069a4861e11bbbb27e9bdb4da81ad6ccf4cfd335","sha512":"06c1510dcfe19a35e911519c3e8da0d2de4556cc69c0fd78105c147139394e14ae20ca261f6027c3cf74b88b2486ea9d979390f0d018e718c1e18cc5be77091d","ssdeep":"192:tgIlvxljmIcmMWzR1yEseQeDKbw36yXzX00YaD9ktZ/iQvmwvbZEvqRYM2R9Fao4:6IhxtmaMuT9QPEFXz0y9kDi0doWytPbG","tlshash":"3932afc6f89b655af3415c1a2a6db36780dd83700c349ac9c43c383a908587cba776ea","first_seen":"2025-12-20T20:05:47.250303Z","last_seen":"2025-12-20T20:05:47.250303Z","times_seen":1,"resource_available":false,"data":null}},"time_used":442,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":442,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/d1I2nyJLpmRQdKKkmwaOMVLuMgT-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:15.086Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/d1I2nyJLpmRQdKKkmwaOMVLuMgT-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:15 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18283\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:15 GMT\r\nlast-modified: Sun, 05 Oct 2025 14:40:13 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: 519029397eac8f7df64530532196576f\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":18283,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"3c508d0d2e712f4382ce882b7b568ef9","sha1":"afc9bfa2fd5c420f8c224a828d5f900499edf309","sha256":"768f65d70daf540bcdfefec8f7af020f72e172bd4d36e986ddd07149b98045a4","sha512":"d2d6cd3617dfd4451ded34d3d0ff03b9f63bf89e94ccaed5fc99cf8e0b90470d9d132134b6e25fdcc4deebf0b6d915267b07c28054a98288f4bcea161ec25e80","ssdeep":"384:YFxvJlVz42h82i+9hQDVaX2Q5Q146V9G1J286t49bpjWC2dNCNWG:YPN82xaDVaD5Q669IEt0gC2dwZ","tlshash":"3882e1203d8133d24e69ed3ccd585c6ee02c26023a9cfe2e58fec26464944c6b84e74f","first_seen":"2025-10-07T23:41:16.028224Z","last_seen":"2026-02-16T22:50:45.861409Z","times_seen":9,"resource_available":false,"data":null}},"time_used":615,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":448,"receive":167,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/phuYuzqWW9ru8EA3HVjE9W2Rr3M-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:16.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/phuYuzqWW9ru8EA3HVjE9W2Rr3M-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:16 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 24568\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:16 GMT\r\nlast-modified: Sat, 04 Oct 2025 18:32:43 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=332\r\nx-cache: BYPASS\r\nx-request-id: 63a430759df6edeb999243457fcb6225\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":24568,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"dbe2199a6c992ca981ce6bfc06d4f0cd","sha1":"10dc05ced9951afc3fe5278c053484f41ff79453","sha256":"35191039893a35d0de6f681dba0dcbc8f477443a4364b60d9837a50dc4574072","sha512":"783064745c56e2063154e70b5f1bcdf4ef935c7a5a46fe9f32a2446941fe70a25295486d1640e141193b5fd7f6a4c6c98a3bc65a32ae96e0d0a0e2122cfca1d4","ssdeep":"384:YQgeVBnUrlre5/gBph0uAxE54RNu7icxKt0uGmaw/f7K3egKwNAaslUUhzoK2CN:YQgeV6lrTBp+uAxo64icxK2m3/f7UZK3","tlshash":"87b2d15f5e20a54800690ddb8d82ca277e6006d378f1d3e5ab38c7f356ea6dc5cce922","first_seen":"2025-10-07T23:41:16.090174Z","last_seen":"2025-12-20T20:05:47.252328Z","times_seen":4,"resource_available":false,"data":null}},"time_used":595,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":427,"receive":168,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/1MFceyZdUZmt6W83mVoJYG6NGgr-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/1MFceyZdUZmt6W83mVoJYG6NGgr-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14429\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Sat, 11 Oct 2025 15:29:19 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=360\r\nx-cache: BYPASS\r\nx-request-id: c6ec3b357b5f781141ab00c271faa362\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":14429,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"e31334a31a55954e4904c74f62e300e1","sha1":"15e4a213bae6265cca6b9112afcc9a338424f266","sha256":"54f2781b6896b0963b38afae9a926a964de9c7940f7e17de523fc8261e4165ab","sha512":"c45fdfb55caa2248ff890168e427c5162519a3a5addd1c829ae4c5c659235d2717d381f560b7d9c2db62723e6cc6b190fb47ea130d4e4a0054f534e074f37d17","ssdeep":"384:YnbIzLNgofNONccEU9rSiZwMA8SVmgsIpP6w/ho:YnEz2o1ONDnDZwYS9P6Qho","tlshash":"ac52b095279d95724ad61e785f02c1f29fe1feacf710c800a070e02e47864efd9580b7","first_seen":"2025-10-18T19:23:05.182193Z","last_seen":"2026-02-22T20:06:45.751644Z","times_seen":12,"resource_available":false,"data":null}},"time_used":456,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":455,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/s0WEN2m5nka5ABcNEJCkG3iISzG-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.474Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/s0WEN2m5nka5ABcNEJCkG3iISzG-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9802\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Thu, 18 Dec 2025 17:13:41 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=338\r\nx-cache: BYPASS\r\nx-request-id: c846cfae85b5a62c6446b7180802f5e7\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":9802,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"24f31ce8d7e4b2b6c5259e2b135b973c","sha1":"5fc29af2533782b76a3c4f297a2b5074183047d2","sha256":"b9d509fda2366ebae754432a496ea404de5ce8f8e21bec52a913a6d919b174a8","sha512":"b7f5e8b956e3346574f966f32d6525c19e00e005d48ca4f0eae080df6a84ad733438e6f5e203aed9c909d01da3f38a9ef4d99ad4d0e374d9163a67555728373d","ssdeep":"192:/gg7XOpN4gEjn1jkaq7zX+0gDjFQUPZ84q7g/4NTC5J33VGznOn2IR2FJIVlCIs:Y+eN9h760gDjFQUh84INTGE22IrDCIs","tlshash":"db12afde9e0786048b05cca9df347ceeda4e74b112907d07db3ed5b7da392c68a90189","first_seen":"2025-12-19T05:45:15.543529Z","last_seen":"2026-01-02T11:48:41.974301Z","times_seen":6,"resource_available":false,"data":null}},"time_used":433,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":432,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/mq13ikKnV5OO70fDbfpiWLB2Z9N-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/mq13ikKnV5OO70fDbfpiWLB2Z9N-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 13714\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:12 GMT\r\nlast-modified: Fri, 19 Dec 2025 10:22:09 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=339\r\nx-cache: BYPASS\r\nx-request-id: ce8f9d8cd991391fe26081faf8d678c2\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":13714,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f37eabff7394423713c2ddf13ca60624","sha1":"0b101b55371d43229a25c9645d2de36a9663e095","sha256":"aadc4a4acfe6d59516ad07f689f33e890e4dbe3f63b868f87135c1aff0057d38","sha512":"39572c75a3cdb3935b8049233b0658cca9b54891ab41ed8faed9955e8fb71b090a1734d462ffcc1be23a3418b5977cbefa9a802262d0ccc0846b02d230f889ca","ssdeep":"192:ddzofWdXB+LfzOcXhsm7PNAzZ/YU1IL3vo7HwqQGUwd4T+ZPQTOeQIcy:rofWj85X6m+zVjeL3vAQlwd4TqPQxQTy","tlshash":"6252e053c66a956404294450cf6e9cfd84818dd145db267f4e2194839b2cdcfa78b3f3","first_seen":"2025-12-20T20:05:47.254649Z","last_seen":"2025-12-28T12:07:45.167875Z","times_seen":3,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":434,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/dOMsyboGMCVgG3PAidO5EQ9sFKl-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/dOMsyboGMCVgG3PAidO5EQ9sFKl-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 12752\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:12 GMT\r\nlast-modified: Sat, 06 Dec 2025 15:16:19 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=344\r\nx-cache: BYPASS\r\nx-request-id: 635084503a9aee953b4a87738a1a46be\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":12752,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"fc34ca2fd15a01354ed860797c12a5b5","sha1":"5a12f988d6b7d4c8ae2908ee94e71ad22bbad90f","sha256":"fdff5368e9d5f6994b5d825a2c490fcaa449f49401a4281e29e08ca105b4d824","sha512":"2bb129cbd189281188803f42d496babf02e12828829f3070209996ae366b5bc9a5e1f5bbfcae5b18850b8bd7e14baea9deecaae59dac191e0aa312486302cedd","ssdeep":"384:0HaJ0KXFxl1XfZ1VrqNVLnedXojnNG0zPJ:0i0KvZi+dYjNbzPJ","tlshash":"ba42c0cc3823bd12723634928b72b37063aab99bd11d4aa5714916f27df8536a3917e0","first_seen":"2025-12-08T04:48:42.047308Z","last_seen":"2025-12-20T20:05:47.255585Z","times_seen":2,"resource_available":false,"data":null}},"time_used":438,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":438,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/themes/film2media/assets/media/YekanBakh-VF.woff2","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.100Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/themes/film2media/assets/media/YekanBakh-VF.woff2 HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/wp-content/litespeed/css/a20193e5c5d1ddd88eb2f78b2cf205e0.css?ver=205e0\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 50980\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Fri, 08 Nov 2024 11:02:01 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=352\r\nx-cache: BYPASS\r\nx-request-id: c5b841bb56c442e378a6dc203f97647c\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":50980,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 50980, version 1.0","md5":"5498ef921e189cfb581bcf793b6ea7ba","sha1":"55564c6d7534cd99da4b6fec2646431545161fdb","sha256":"530ebb371c99693671f1300222e7d87743220b49b0fa6cc3611580ecc831c89a","sha512":"da3a2bf63a217c0068f4aa31af96cf57cb9935adc4113e96cb8980e7d7ef0679fc835b19dfa14cf5616e7be08c9a4f077711d6a714ad0062ce3784275e16386e","ssdeep":"1536:fOvqW48z8sjl0x+vMImECi0hTPElJaUo6i0gS:fOXDpIj4CiqTQ46LgS","tlshash":"4d33f1c86d5d69a46bcfac3c57c67744e122b7e292902147b6dcb81aa932447bdbc2c0","first_seen":"2024-12-21T13:39:46.418011Z","last_seen":"2026-05-12T11:54:29.554135Z","times_seen":45,"resource_available":false,"data":null}},"time_used":966,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":449,"receive":517,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/fiRDzpcJe7qz3yIR43hdXIE3NHv.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/fiRDzpcJe7qz3yIR43hdXIE3NHv.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 257460\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Fri, 12 Dec 2025 19:37:35 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=328\r\nx-cache: BYPASS\r\nx-request-id: 394ef7bd4d4059a70b93fb88e3bc2762\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":257460,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3","md5":"f404fc2f661357db13493fb7f2e847dc","sha1":"aa7bd02b77ce014f43ac5661d1bea4bcdbddde72","sha256":"2c6cbc089fad10bcd115f6bf743bcd34a6e2a1d94450d0eb3c74bee396ce6918","sha512":"564dcbb61f0e8f02c04b31883413cd2421407d847574e8086c631c40f99fd994a1bf9b03a368ba3cc73629511cfd42b9b9c1ae966725566a73d8c59f211aac7b","ssdeep":"6144:YxaO9astVFNVxW2ALCo6lTtieIrqSXz6yoWzKC+1B0TSg2z2:wasfFNVxfA2o0T0eIrqOoWzRN2z2","tlshash":"574423f39904e1404062a20db9e6516b176bb4b3f95268f143e27b79cf06c8b76fd931","first_seen":"2025-12-20T20:05:47.257394Z","last_seen":"2025-12-28T12:07:45.242056Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2256,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":432,"receive":1824,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/qCOGGi8JBVEZMc3DVby8rUivyXz-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/qCOGGi8JBVEZMc3DVby8rUivyXz-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10282\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Fri, 12 Dec 2025 10:51:30 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=352\r\nx-cache: BYPASS\r\nx-request-id: b52950db877b4e4466971f6c8b6177ba\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":10282,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"30067cc4b0c11b151904de1c074c009a","sha1":"ff0ccb24c57967dc0378c65810aadcafea6e0621","sha256":"b7c45e5c2c83a25a52510cb19c364258f64d68bbc0ef6b4c49d4d600a75e86ab","sha512":"5c19084c1a2fe02ca787ddde64e2416331529d81905acc57f0baad5f2c1f22f0766c8de9af9b313f550e71779ba8be02af4da8db623115c928ce894b60d3ad6b","ssdeep":"192:QbNdVrL5UbgBLokhTxiB3+REoE3r9fXammKAhl5g+G5jFcoEt:Q5XX5UsLoPBuRXE3JCrKAr5g+GRFc3","tlshash":"d722d081e05e298d2929ffccfcf8d006910356e6bdb1ca9e46b40f395b4c15b28c0a7d","first_seen":"2025-12-20T20:05:47.258223Z","last_seen":"2025-12-28T12:07:45.163498Z","times_seen":3,"resource_available":false,"data":null}},"time_used":523,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":513,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/1eKYUmLxODIen6exa44ZkeXQ72g-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/1eKYUmLxODIen6exa44ZkeXQ72g-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11468\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Tue, 16 Dec 2025 14:30:46 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=338\r\nx-cache: BYPASS\r\nx-request-id: 3709db22defb0b336c8bc33e40c1fc7b\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":11468,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7e05efdffeb5dfa2907b67ec5180e50e","sha1":"ee5765b1ae7743d9392abf8da354a4cedabe4ceb","sha256":"09f23c0ce81ca05811f18b104ac12f2d79bc9bb1ae135b5536383e2718d42b86","sha512":"2f6aa4811d68c97e67423301ed27b1d00829109454c85592b4ab96d0601567585418ec8459102eb828a3c27615d645f199c45418c256cf2a602ab61d794b3bd8","ssdeep":"192:3VJcURYWUPQxOa0AMGVxHwlho8qUqlcAk09g0C0utrauN8C6kuhAT9o9YNDl+7:33YtYxOailhhhuZk09g7Bt2uN8CxuuTm","tlshash":"8532c0cc3fce1aa0d1e97faf3042971ac6063b041aa475bc070b9fadefa124c8114465","first_seen":"2025-12-20T20:05:47.259033Z","last_seen":"2025-12-21T14:18:59.200729Z","times_seen":2,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":432,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/2lOoO4k9UGFTACPGbA79UlcP9KI-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/2lOoO4k9UGFTACPGbA79UlcP9KI-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10300\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:12 GMT\r\nlast-modified: Wed, 17 Dec 2025 05:39:14 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: ba6e8130b3094a33b0aac89d80210b36\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10300,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a824a893fd50ad79c33ec15ac1879f23","sha1":"bc20f1eff717e03a58aed174d37e45d95459374f","sha256":"38a330c512e1cd707455784c0249ea4c5ab507ed9f27fc889a451c99df827c40","sha512":"72524f9f13c05b4ae75f2bca3a22f3b49ef46064ab001479ed4e954abac7cd547bd3eb3ad8275df90f1908ae956c83019f2560d0e02ee218dcdc083b1eb6a3e0","ssdeep":"192:fBusZ/fZ1T62ITfiZzroNB1S8fG7tE0OjvMHbBJgGdWYlwgjp:ZXZ/rQTKaNBUxYWlJjgYlJp","tlshash":"6222aebd230af4c81c71b91b40bd2b5563d016e6b0602ff05a3de69ba48728e5897368","first_seen":"2025-12-20T20:05:47.259894Z","last_seen":"2025-12-20T20:05:47.259894Z","times_seen":1,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":444,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/40WdPCms2XOqYJ1kWQ1T13ducK1-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:14.437Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/40WdPCms2XOqYJ1kWQ1T13ducK1-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:14 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15853\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:14 GMT\r\nlast-modified: Thu, 09 Oct 2025 18:36:22 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=342\r\nx-cache: BYPASS\r\nx-request-id: bd0fa8f58e6c1614d7b8ee51c6991b02\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":15853,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"8bc5b682523ed1f77119bc117525a989","sha1":"ba98ff74e36416c0022cf6821fadcd046b0b87e7","sha256":"96489e7715577edf5aa75e2de1a4491048eb650829896a877030bc881f5c4ef3","sha512":"099270d3a2babc50df55561dc23089dd9c7a095f608e0860f6406a6b07561505d2e97ce053dfadae2fcd0b54d8900e978b86bd58be75b5da8d932e275a5dbdb7","ssdeep":"384:Y2yoW16Si819PpcMcG7AJkbQxsWwj3MW0gbt0+E:Y24hi81/ptWwj3MJgC5","tlshash":"4f62bfbf0987b2943e6d4eca500a1549cbcbdea01bb63b358bf9cab255131c5a25504c","first_seen":"2025-10-16T22:16:24.089781Z","last_seen":"2025-12-28T12:07:45.195606Z","times_seen":5,"resource_available":false,"data":null}},"time_used":604,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":435,"receive":169,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/08/2EuvYZoNCZFSNJd2BEyC0gxoaRB-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/2EuvYZoNCZFSNJd2BEyC0gxoaRB-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19618\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Tue, 16 Dec 2025 09:54:18 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=346\r\nx-cache: BYPASS\r\nx-request-id: 6681df5a4a28869913ed3ad978fefb21\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":19618,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"26e61aa8bf0a0b1b57a95c5227827a1d","sha1":"dcd90de341a844df36f6d1bebb5b3ac459d6674f","sha256":"10bd1483c52658982be3021a84e72230423e1097d90a89a39acce7cca76abcca","sha512":"5fed82f6817169abd2b07c81f94f24618fc0e942564c34eb8b7187fb340492c0ba216b382627f7beb3cab8fa90b5f39c238eccc77bc1f4dbc21242f74d46fc2e","ssdeep":"384:YDUtwpatNQIzhjfTwyr5SPCrWvYO3CS0D1btjhGW/2yEBFbs2:YMwpabQqlfTP1SP/YcCRc02dBFbL","tlshash":"b392d02db161e3f67a3fce645cde227258dd2d686694270fe736e4239e51dcc9120309","first_seen":"2025-12-20T20:05:47.261368Z","last_seen":"2025-12-20T20:05:47.261368Z","times_seen":1,"resource_available":false,"data":null}},"time_used":613,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":443,"receive":170,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/zgVgcthDQ8pYgBkKzi1AaXmmeFO-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/zgVgcthDQ8pYgBkKzi1AaXmmeFO-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 8897\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:12 GMT\r\nlast-modified: Mon, 13 Oct 2025 18:48:21 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: ac95c3eabd44320186073f5ba133262b\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":8897,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"1c62495b472f63970c1e049a418043c7","sha1":"68ac32d6af542699dbb51895a8eeb8daf5990c0f","sha256":"1d918939ca89b7eb3dbcabce94ba9ad177af36ac34d2886062dbe9735543c07a","sha512":"6c3d4dc2731a6fb74be516a5f6c13ccf35f9acfc0eef1b5f07057817d3b8d13665359d184c136b82147a4ac2bcef285c1673046836e9374e584deefd112fc817","ssdeep":"192:/gE+w0rHjXVQha+NkaD/KLP9H35TnrS64Xg5QckvakGJK:YDW2aSz9X5Tnu64XBdR","tlshash":"7c02be3f92f705da5a4dec0bb60512efd2ae2f819d012f853036c34d32b41d859e9a6d","first_seen":"2025-10-18T19:23:05.365528Z","last_seen":"2026-02-17T14:22:54.887059Z","times_seen":12,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":443,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.yektanet.com/assets/images/chevron.svg","fqdn":"cdn.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.80","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.261Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"GET /assets/images/chevron.svg HTTP/1.1\r\nHost: cdn.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_global_token=01KCYNVF9GYG2S7FJFFK2D62ZA; gearbox_ad_token=01KCYNVF9GYG2S7FJFFK2D62ZA; _yngt=01KCYNVF9GYG2S7FJFFK2D62ZA\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 02 Sep 2025 13:54:27 GMT\r\netag: W/\"68b6f713-3f7\"\r\nstrict-transport-security: max-age=0\r\nx-zrk-us: 200\r\ncache-control: public, max-age=3600\r\ntiming-allow-origin: *\r\nx-zrk-cs: HIT\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2002\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1015,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"556c20621feeea8d1eec767cc90446cd","sha1":"13374a70b7a9820c0e62f32aa72f0dc739428a58","sha256":"5919246329783346a48d72c2ce3f86c16a60dccc43a6c74be7a3535c96b9daff","sha512":"a508f18cd1266a0488a9a60bb03149ca40f768aa1f8a6367ffb2eae516784e2e0c662b7fc2cf59a7e4c52eeae3a543339b0dbcb48c16acc607aa5b4516f2d14b","ssdeep":"","tlshash":"b111e1eb82e853d1c307df11ec2e9b255fae5cb92fc7464951909ad0d04a3abac49cd8","first_seen":"2025-07-06T07:40:04.899482Z","last_seen":"2026-02-26T00:18:52.935474Z","times_seen":81,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/09/hz4CrYoEIztu2BJG6cbQ5rC3bPG-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/hz4CrYoEIztu2BJG6cbQ5rC3bPG-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11614\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:13 GMT\r\nlast-modified: Sat, 20 Sep 2025 18:38:26 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: cd0ae4701c179770f06ef2fbe9ec3edb\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":11614,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"c946c6312421897773c11c8c5af18539","sha1":"e599cc4f5f8f3fb8c73a4adca9cdb2abb1739fb5","sha256":"23da765ee83c8fa1b129a54b218c8b37d46c9ef7bf77277a6fe2c56f115d1da7","sha512":"12539f778d993041b6f30a2ac2e4aa52dbb585164a22bd0fcc6e88a1dad12c19abeb16cdc79c190c0fec594cda3ad1d426af8de7184295684418405e73f2041a","ssdeep":"192:/ge+j8XxpfwJfl9xllt3f47RtYydjdU1RItXSVng4+u9TazOO+jxqtl9wsPJ2zMl:Ye3nfwlf3fK5tdU1RIcFoSTAIe9wZIw4","tlshash":"1032d0e012a146074da1dc3df53956ae7ee14bc8fac16b147e34c70f0e681fa09953ea","first_seen":"2025-09-25T01:07:31.149008Z","last_seen":"2025-12-28T12:07:45.137596Z","times_seen":7,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":444,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/k9xPcIsxXbc1Xuf45K0FU8yM2m5-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:14.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/k9xPcIsxXbc1Xuf45K0FU8yM2m5-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:14 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10302\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:14 GMT\r\nlast-modified: Sun, 07 Dec 2025 11:14:02 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=348\r\nx-cache: BYPASS\r\nx-request-id: e9c164244074a6ac7a5d88abe0677437\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":10302,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1c137c5002695fa09bc82283b9fde7e2","sha1":"20da041d9ec6ee925ec5f925b762279781985a68","sha256":"d104371882adef082959bcb46da4711777f5994ad146c5fcf0613dcec8710261","sha512":"374f01c5406646439f75a5a01b97b46ca92cb54fe027a03dd55ca51d7735d38d12a6158b3e4a83d18fec4e2b4b9be13d19b95181f00c401cf64a4745304179ce","ssdeep":"192:DFzm5WmcD7CoEZIAEe7PPsKaGbllaPevuDw5XVVnal6CjvR:RmM9eo0lDPPv3buPJDw5Xzal62R","tlshash":"2c22afe85a3385acbd1ab0abed2e35968323e12569f209b3e340dc74b57d84d0d573d8","first_seen":"2025-12-08T04:48:41.890214Z","last_seen":"2026-01-05T04:52:51.302281Z","times_seen":6,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":441,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/themes/film2media/assets/js/vendor/bootstrap.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/themes/film2media/assets/js/vendor/bootstrap.js HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 9320\r\nlast-modified: Fri, 08 Nov 2024 11:02:01 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=348\r\nx-cache: BYPASS\r\nx-request-id: a68bee16283744ee7deb008f69bc1858\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":31550,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (31550), with no line terminators","md5":"644a0ca7a2f53743c2e1764adeefd75c","sha1":"25f1c78d7d3be01d8eddb4fe4e55ec752b501143","sha256":"1f3aaac0d2035c275a8cec92e1e1a9751d62a41af09e9ce904aa5e1b7bf065d7","sha512":"f221c1bdfe582031e1a9a44a8c2650d150813e6beb84a5ffcfcfd95faf7cc665fdd4a23fe6a2247d28b2218f61a8883975d5141b2be8151e24541b9cdae0d9f9","ssdeep":"768:yfr+Zqa0VQrurdaN3KHgvikKT9WiWiy6Cd0:d0wqaN3KHAGCy","tlshash":"16e2b5663355b9738bde816b90764247f3195cd8950a012cb4bc6cee2a3dd8632f2fb4","first_seen":"2025-09-25T01:07:31.155112Z","last_seen":"2026-05-12T11:54:29.552923Z","times_seen":46,"resource_available":true,"data":null}},"time_used":485,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":472,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/qY3ltlWUB7u3ENocrMOkbGCGYnt-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/qY3ltlWUB7u3ENocrMOkbGCGYnt-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8042\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Thu, 13 Nov 2025 14:58:14 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: 408b8a77795a44c5a56f1cd79fe699e0\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":8042,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e2858dce17c0d4e5504d06b088c4e9b6","sha1":"6e7c20c966a34ee310f8927cbb929c8073213ebf","sha256":"e1d554afec3878a4b82602c975532f6214634c2d378d7cbcf13a7c8d5b971f5c","sha512":"72bcaf6da2331aa7140ecb8bd6cd5f36dce724a8d9322b3fc640bb4afadad51ee90ebc7c11d81c4d6bf06fcc2095719e8e092462257a5adeda956305aca69f0d","ssdeep":"192:f8K27Plk2oqavLwoKSwFQwDpJCWxTH6LIJCW3dr0Zu:fSPlk2ovLwo+FQwDpwqTaLtWtrou","tlshash":"d0f1be1ec6709266ea53ddaa331e77125887e472c6845be0da681c4a33e47f03193ddb","first_seen":"2025-11-29T14:12:51.669412Z","last_seen":"2025-12-28T12:07:45.195047Z","times_seen":7,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":444,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/oJpjWajfSGHIbenzqyeKoQuYfem-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/oJpjWajfSGHIbenzqyeKoQuYfem-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8380\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Fri, 19 Dec 2025 15:52:57 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=342\r\nx-cache: BYPASS\r\nx-request-id: e0ef8178524c147c2c7cb28ca7b39517\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":8380,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ffe05f55a3ceb28202eedf42aa5ead81","sha1":"a264c612d7b8e17c1bc83be65950e3bcf505c289","sha256":"d51ef654867112c775575113a5b5704ef37c31d4cb5be24139933c4131aca32a","sha512":"bed8ca9b19c0c3c7a3da99d40c7fba1a16f85a23ebfb685fe72853c61a70b5ed81e861d799224103ae3d050c5b5f3d0ed349d96de5bad035d167f3830404f69c","ssdeep":"192:z37bnGIrIoK5T/4ipO6W64s+TkGrSwFHqOakugs:iIrIoKhrliOGrSwkOaku5","tlshash":"e702beec99e247f9a11ab4080c2cb983297c614572baed768e24d7f41c06982c92dc1b","first_seen":"2025-12-20T20:05:47.269161Z","last_seen":"2025-12-21T14:18:59.201686Z","times_seen":2,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":435,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/sCYBBcI1PQFUsPWYVtW1dR1dhY7-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:14.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/sCYBBcI1PQFUsPWYVtW1dR1dhY7-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:14 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15455\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:14 GMT\r\nlast-modified: Mon, 06 Oct 2025 19:00:56 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=344\r\nx-cache: BYPASS\r\nx-request-id: bc8d59236ad7be0ee968c43d00b5ce25\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":15455,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"1b7587e20bdc8cccf8afbb8eb1497cfd","sha1":"1f9b61d23138a5ac24c9a44a450f156c225d10a9","sha256":"e00155a1ffa07dbfeb842295c124a4630c5a386ba01ae0167a3d328bf42856e6","sha512":"946b2b0fbb53a4815794ca90562d181c201dabbe3f9feae5f4d0a7960217c7c30b15bb8491670ee7f69e48bcf8770c9ff1114264c476089995864dd364142380","ssdeep":"384:YPFgBuPkwrORla9eRY3Kn0YWy/zDbsUp944+QT5:YPFg4NrO+gK00bWIUk4+m5","tlshash":"8962cf590fc8cfd2ae49fee55f49ad9023c6f02075e1aa9c9f31c11e8d732d38aa1548","first_seen":"2025-10-07T23:41:16.171593Z","last_seen":"2026-01-06T17:00:58.531203Z","times_seen":7,"resource_available":false,"data":null}},"time_used":606,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":436,"receive":170,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/yKAozSP2uBpiUKtedjO0rU11Tl5-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/yKAozSP2uBpiUKtedjO0rU11Tl5-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7410\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Tue, 25 Nov 2025 06:23:21 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=343\r\nx-cache: BYPASS\r\nx-request-id: 30aba692d7373b42fc5e69bc9058733e\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":7410,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"97c4abe14fd4369a58301d474cb2407b","sha1":"00e83c2b6e82c531ba59e313eabf6393e366ffb7","sha256":"03196ecf6af27e5df358e21686732aa748929bb485aae0d581a122ca224d3227","sha512":"ab7cb745c14ea5109b69be74d6a56c02c5a02fdb37f30b48b797a3a23cd4f4a37f1b7c3e30caf201193d089a3adf1c8bc1e81ecf67b16dd637f99026fd449206","ssdeep":"192:/ZOO/m/WKGTo+ca5KNtJhR7/GRM5GxPMt0XhHLXx3MQHg:/B/UWLo+ca5+t7R7/iMkxPMO43","tlshash":"40e19e52564379552654ee4cd0b99c4f7cc93ac8c6af708930972c6e93d6922bccf025","first_seen":"2025-12-08T04:48:41.872165Z","last_seen":"2026-02-16T22:50:45.877232Z","times_seen":4,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":444,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/olmiqSMfi4KwtxrLcFNjsjMlwzl-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/olmiqSMfi4KwtxrLcFNjsjMlwzl-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10841\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Sat, 11 Oct 2025 16:48:34 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=349\r\nx-cache: BYPASS\r\nx-request-id: 4cee8584a2f2e9204ac5ebb211925aa2\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":10841,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"b2c19b3442114ab3ade69e72355afa19","sha1":"3448ca5be8f66d5b4b84f15c92f90f308b21074f","sha256":"a4ea308d98e77372e2a7535f9bd42400408b214fe636ef328b7ba6a1be063bab","sha512":"e0963068a144be4373c194eb40aad8b658514269dce1a7640c79bc9a034c4bdf669e9b4cddba60a4556a364b38e5ef301303bd035279e314facb484ed6936ad9","ssdeep":"192:/g98BNOpCHaZmR7AA8BPfnnrbJt6GruYvTyuU3GKMJ19Bd9Od:Y9aWCQmRH6fnvpuYvTyuLDrBdMd","tlshash":"5822b09f219c8b0185b98d6d0cb5d1c8ee054943f77bee802fa5e24888517c2fd2db1c","first_seen":"2025-10-18T19:23:05.251924Z","last_seen":"2026-02-17T14:22:54.868606Z","times_seen":7,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":443,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/4yYZoYgeNshoS2aODwUvCXIa8yn-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/4yYZoYgeNshoS2aODwUvCXIa8yn-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/webp\r\ncontent-length: 14046\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Tue, 16 Dec 2025 18:15:12 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=338\r\nx-cache: BYPASS\r\nx-request-id: 903bbdbb026016b0a2f66067fe19da26\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":14046,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"4f84d41a8125815d850b38a6d3671c34","sha1":"d33def666556fe192ccf751d682655936837d14b","sha256":"ee79d78d76bfeed652c7c385c1f5bdcc99bd8484ceae464c81ef93896a9586e2","sha512":"ae9a7b61d352fae1cfc7746bc9dbf69472ff77d2b21cd02030fcc2f71aa2735020bdca7d311cd8c6d7eda664234f18c803f2e6791aaf28aa11b72fa20aa9fbaf","ssdeep":"384:gqet5D2reeDDuTXltaeRiUwTb3K+De698fiI1+97+W3D5AY:KnDZWDYltaeRtwTLK+DkfiG+97+WNAY","tlshash":"9e52d068fff36c893e7af52058bc22ec9acdf447d0189a52f08862f6f49c516912e059","first_seen":"2025-12-19T05:45:15.560183Z","last_seen":"2026-02-26T09:37:52.797941Z","times_seen":5,"resource_available":false,"data":null}},"time_used":433,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":430,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"event.yektanet.com/api/viewed-impression/v1/collect?impression=CiRjYWYwMzEwMy1kMTkxLTRhYTMtODhkZi1kMmU2N2MyZTc3YjYQzvr26rMzGh-CJ7sizSGsVbhzqVC1BchfwHWKJ492xSy0dsk943UqIMhfKiQ3NDUzNDFjZS1lMGNlLTRlYmQtYjIxYy1iOTBiMjFmYjkwNzMwCjjp0DZA_rkiSJG8A1DzFlgBYLItagUoATIBAXD2EXjQMIABAYoBAJIBHgoaMDFLQ1lOVkY5R1lHMlM3RkpGRksyRDYyWkEYAZoBIQgBEAMYASoOMTk1LjY0LjExOC4xNTI4gApAgAhYB2CGAcABZMoBH0Nob3J0a2VoUnViaWthU3BsaXRCdWRnZXQuMTUwNDDKAQ5DdnJNb2RlbC4xMjIzMsoBEEhMU0V4cGxvcmUuMTAyODHKAQxOX1NfVl8xLjQ5OTTKASBQb3NpdGlvbkdyb3VwSW1wcmVzc2lvbnNBQi4xMDkyNMoBE1NTUEFsZWZiYUhlYWx0aC42OTPKARpTU1BBbGVmYmFSYW5kb21IZWFsdGguNTAwMsoBD1NvZnRNaW5CaWQuNTcwMcoBGVNzcENvbXBvc2l0ZUF1Y3Rpb24uMTQ3NzbKARhXZWJJbkRpdmFyQ3BjUHJpY2UuMTUxMTnKARlXZWJJbkRpdmFyRWNwbUZsb29yLjE1MTU2ygEnYWRpdmVyeV9uYXRpdmVfcmV0YXJnZXRpbmdfZW5hYmxlZC43ODgxygEaY3RyX3ByZWRpY3Rpb25fc3R1ZHkuMTUwNzXKAQ5kaXNwbGF5LWFkcy40MsoBFWRpdmFySW5XZWJEZXNpZ24uNDMwMcoBGWZvb3Rlcl9zdGlja3lfZGVzaWduLjQ0MTHgActE6gFAZjgwYTY4NTE3ZDg2MDk0Y2ZlZTAwMDlmNWI0NWM0NDQxZTJiYWMwM2E3MWQwYzY1Mjg4ZjFiNjZjZWYyZTEwMfABBPoBJDc5MzdlNDIxLWEwOWItNGQ5MC05YmMyLTBlNzMxNDk4MmMzY4ACCYoCAJACCJoCCwj4gpzKBhCj0OZDugIRtrcC-JMEt7cC3Gq4twK5twLIAgXQAgPaAhZwYW5lbC1jZG4ueWVrdGFuZXQuY29t4gICFhTwAgGAA5BOkAORvAOYA_YRoAPQMKgDAbADAbgDAcADAcoDQCF56A1DP19SPyl56A1DP19SPzEAAAAAAADwPzkAAAAAAADwP0IYemFrYXJpeWFfYWJfbW9kZWxfY3RyX3YzSAHSA1ohSuE4fr9GfD8pSuE4fr9GfD8xAAAAAAAA8D85AAAAAAAA8D9CMnpha2FyaXlhX3VuaXZlcnNhbF9tb2RlbF9jdnJfdjUuMy4wLXJsYjoxNzY2MTAyNDAwSAHaAwJIAegDAfADAvgDgOowgAQKiATQlp7N3PCFuJQBkAQEwATu6LymsMeiiKsByASmypaX19Ti8ljQBNLf0p_IwsXL4wE%3D\u0026impression_sign=vvoZqYvsD_7o6Nta2i9hhIrtNTMXOTZeKX4Bv0mprc8%3D\u0026view_type=active_view","fqdn":"event.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:14.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"POST /api/viewed-impression/v1/collect?impression=CiRjYWYwMzEwMy1kMTkxLTRhYTMtODhkZi1kMmU2N2MyZTc3YjYQzvr26rMzGh-CJ7sizSGsVbhzqVC1BchfwHWKJ492xSy0dsk943UqIMhfKiQ3NDUzNDFjZS1lMGNlLTRlYmQtYjIxYy1iOTBiMjFmYjkwNzMwCjjp0DZA_rkiSJG8A1DzFlgBYLItagUoATIBAXD2EXjQMIABAYoBAJIBHgoaMDFLQ1lOVkY5R1lHMlM3RkpGRksyRDYyWkEYAZoBIQgBEAMYASoOMTk1LjY0LjExOC4xNTI4gApAgAhYB2CGAcABZMoBH0Nob3J0a2VoUnViaWthU3BsaXRCdWRnZXQuMTUwNDDKAQ5DdnJNb2RlbC4xMjIzMsoBEEhMU0V4cGxvcmUuMTAyODHKAQxOX1NfVl8xLjQ5OTTKASBQb3NpdGlvbkdyb3VwSW1wcmVzc2lvbnNBQi4xMDkyNMoBE1NTUEFsZWZiYUhlYWx0aC42OTPKARpTU1BBbGVmYmFSYW5kb21IZWFsdGguNTAwMsoBD1NvZnRNaW5CaWQuNTcwMcoBGVNzcENvbXBvc2l0ZUF1Y3Rpb24uMTQ3NzbKARhXZWJJbkRpdmFyQ3BjUHJpY2UuMTUxMTnKARlXZWJJbkRpdmFyRWNwbUZsb29yLjE1MTU2ygEnYWRpdmVyeV9uYXRpdmVfcmV0YXJnZXRpbmdfZW5hYmxlZC43ODgxygEaY3RyX3ByZWRpY3Rpb25fc3R1ZHkuMTUwNzXKAQ5kaXNwbGF5LWFkcy40MsoBFWRpdmFySW5XZWJEZXNpZ24uNDMwMcoBGWZvb3Rlcl9zdGlja3lfZGVzaWduLjQ0MTHgActE6gFAZjgwYTY4NTE3ZDg2MDk0Y2ZlZTAwMDlmNWI0NWM0NDQxZTJiYWMwM2E3MWQwYzY1Mjg4ZjFiNjZjZWYyZTEwMfABBPoBJDc5MzdlNDIxLWEwOWItNGQ5MC05YmMyLTBlNzMxNDk4MmMzY4ACCYoCAJACCJoCCwj4gpzKBhCj0OZDugIRtrcC-JMEt7cC3Gq4twK5twLIAgXQAgPaAhZwYW5lbC1jZG4ueWVrdGFuZXQuY29t4gICFhTwAgGAA5BOkAORvAOYA_YRoAPQMKgDAbADAbgDAcADAcoDQCF56A1DP19SPyl56A1DP19SPzEAAAAAAADwPzkAAAAAAADwP0IYemFrYXJpeWFfYWJfbW9kZWxfY3RyX3YzSAHSA1ohSuE4fr9GfD8pSuE4fr9GfD8xAAAAAAAA8D85AAAAAAAA8D9CMnpha2FyaXlhX3VuaXZlcnNhbF9tb2RlbF9jdnJfdjUuMy4wLXJsYjoxNzY2MTAyNDAwSAHaAwJIAegDAfADAvgDgOowgAQKiATQlp7N3PCFuJQBkAQEwATu6LymsMeiiKsByASmypaX19Ti8ljQBNLf0p_IwsXL4wE%3D\u0026impression_sign=vvoZqYvsD_7o6Nta2i9hhIrtNTMXOTZeKX4Bv0mprc8%3D\u0026view_type=active_view HTTP/1.1\r\nHost: event.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.f2medx.ir\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_global_token=01KCYNVF9GYG2S7FJFFK2D62ZA; gearbox_ad_token=01KCYNVF9GYG2S7FJFFK2D62ZA; _yngt=01KCYNVF9GYG2S7FJFFK2D62ZA\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:15 GMT\r\ncontent-length: 0\r\nset-cookie: analytics_global_token=01KCYNVF9GYG2S7FJFFK2D62ZA; Path=/; Domain=yektanet.com; Max-Age=315360000; HttpOnly; Secure; SameSite=None\ngearbox_ad_token=01KCYNVF9GYG2S7FJFFK2D62ZA; Path=/; Domain=yektanet.com; Max-Age=315360000; HttpOnly; Secure; SameSite=None\n_yngt=01KCYNVF9GYG2S7FJFFK2D62ZA; Path=/; Domain=yektanet.com; Max-Age=315360000; HttpOnly; Secure; SameSite=None\r\nstrict-transport-security: max-age=0\r\ncache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\nx-zrk-us: 200\r\naccess-control-allow-origin: https://www.f2medx.ir\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-expose-headers: *\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-zrk-cs: BYPASS\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2002\r\naccept-ranges: bytes, bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-24T17:07:59.023654Z","times_seen":15665480,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2024/10/wdvgKJIdr9nuuJw3FRdSOwqc4z3-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:16.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2024/10/wdvgKJIdr9nuuJw3FRdSOwqc4z3-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11987\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:17 GMT\r\nlast-modified: Thu, 11 Dec 2025 14:23:34 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=342\r\nx-cache: BYPASS\r\nx-request-id: cd1c9bda2f121ef9aae2e709a4baeebb\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":11987,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"e2bac581a936b1ebdade8022bb097d7d","sha1":"47bcd824de6e61282ee7f753a78d5425c772e449","sha256":"cbe6dd0f9653dfa756560532c6cde98295ac891850176222b3bb72dff6967231","sha512":"e7747d4893b29dde6e3c4000a1d4604826252240689f29d5c1db41b44757aee4d6fba16064c253d5a6e2d160683da109fa91d4db30b01f6a2129fe872fa9e908","ssdeep":"192:/gTFuPFhyvgjL8giUwupDgJj7VTr0qNnwoUGduQ4k7+KCe6sDT/aJ:YTFuPFwvgcg+upkx5ZwoU0uQ4kqKf6B","tlshash":"6132bfb9f707a204e84d4c267b78c9451daf5ec61f6c82391eb4d881c6b05fee68e825","first_seen":"2025-12-20T20:05:47.274822Z","last_seen":"2025-12-28T12:07:45.199399Z","times_seen":2,"resource_available":false,"data":null}},"time_used":436,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":433,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/pt8bLDrrsK7kZEFMDqKlJtxrMAP-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/pt8bLDrrsK7kZEFMDqKlJtxrMAP-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10014\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Sun, 14 Dec 2025 07:45:00 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=348\r\nx-cache: BYPASS\r\nx-request-id: 334f1bcdd3d92467ed86211e18e288bd\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10014,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0bafdf9646c9be6c286eee27c5965476","sha1":"6f52794e2555719dd606b8c78842202d5f4175ff","sha256":"b31dd6bd2f4dacf51f065b21561365c55e792f013026f724c3879699d89f3815","sha512":"629240c65e2ff74072213a71a59a5fba7b082b022d80324955d808a0e53406f41d2ff042cd46614180b966bc0ad47354d17fe879bffc9a8b01a523841c9e0515","ssdeep":"192:rgSl5aB2flb7qX5JLnua0MOireC+P3TcE4CUcIh4lK7Y:rg+aB0lb7qXnnNdQTcbH4I8","tlshash":"3e22bf0686ece8f231ed04a9356efd3eb7c6f21940544a246add13785ee43e244cb562","first_seen":"2025-12-20T20:05:47.275641Z","last_seen":"2025-12-31T20:35:40.309663Z","times_seen":3,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":441,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/pz9NCWxxOk3o0W3v1Zkhawrwb4i-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/pz9NCWxxOk3o0W3v1Zkhawrwb4i-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9944\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Thu, 04 Dec 2025 06:38:28 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=352\r\nx-cache: BYPASS\r\nx-request-id: fcb7bec4556787fe89aa469f5ef084bc\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":9944,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"791f38cd8899d6fe711c0cea5dab9951","sha1":"a89c9fc482661410b18fba5a6387a543c43a6ea8","sha256":"dc1cf52ba72084753f5fa75fa830d6e05fec92e0cd04f8f8388b524fbe2892cd","sha512":"8b39b4e7b95b42d04b0841a8bb24c5357c249680b0641637808f58f3ab27bae78fc7e1db16b9cebf77762815e8f0216778fb4b8d11eb6056c0b2d668505f3970","ssdeep":"192:oaRkpmN98dfDkZ6b0xfsD9rkN7dbyyJork4iYYtamjHY9:ouKkZ6bCSuNheyJHJtaqq","tlshash":"4222ad0a948636c8dbdf2971ca4bcbf79290dc2c74fab350954b30e957b12d8a6e2070","first_seen":"2025-12-08T04:48:41.91239Z","last_seen":"2026-02-16T22:50:45.869676Z","times_seen":3,"resource_available":false,"data":null}},"time_used":447,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":447,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"native-scripts.yektanet.com/public/chunk/124-6.0.0.js","fqdn":"native-scripts.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"GET /public/chunk/124-6.0.0.js HTTP/1.1\r\nHost: native-scripts.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_global_token=01KCYNVF9GYG2S7FJFFK2D62ZA; gearbox_ad_token=01KCYNVF9GYG2S7FJFFK2D62ZA; _yngt=01KCYNVF9GYG2S7FJFFK2D62ZA\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nlast-modified: Sun, 14 Dec 2025 10:48:11 GMT\r\nx-rgw-object-type: Normal\r\netag: W/\"025d358763fd7d0fdc36ebeed72a0440\"\r\nstrict-transport-security: max-age=0\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS\r\naccess-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\naccess-control-max-age: 1728000\r\ncache-control: public, max-age=2592000\r\nx-cache-status: MISS\r\nx-zrk-us: 200\r\nx-zrk-cs: HIT\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2002\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6507,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (6440)","md5":"025d358763fd7d0fdc36ebeed72a0440","sha1":"113d30d361e9f76c3c92e565db0aa4bf3bef1044","sha256":"3b4a1498ca77d129fbc1e4ca871ba731f7c35736ba54db016e9c45e52f5c7e18","sha512":"8fa7505d911208693f3f7bbecec2e8429af43a5933867afff56a988f5b55e0c62369727388ee0033819c89c0479adf62f7cade8590be217361b7160ba5e493e8","ssdeep":"96:8cL/q1o7LVJhhcWiK+yHT40ewYsxAbaSH17t7R+G4SJ3P6u+u:8ce1mHT49wYsGbamhBRLSu","tlshash":"0ed1c6887296b1a4036226f0413b450ae33f773c588d6c75b394f0d2ad7926e075abb8","first_seen":"2025-12-20T19:15:46.513823Z","last_seen":"2025-12-21T21:12:09.421851Z","times_seen":3,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/06/dlVtTBw4mq72Pgs1SsS0Gktlry6-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:15.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/06/dlVtTBw4mq72Pgs1SsS0Gktlry6-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7368\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:15 GMT\r\nlast-modified: Thu, 12 Jun 2025 16:48:11 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=329\r\nx-cache: BYPASS\r\nx-request-id: 1cd20c52d209909344a75240d70c33bb\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7368,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9ce2a72e7bef7f35284e3d6e91319650","sha1":"b1868408e759a4d2d5796a33f568810bf792cacf","sha256":"023bc441c43d9fba309e7e2b1b3f24cb0d7259d92ef899f77973e97d440a42ff","sha512":"20c44c08a25ac25d2053032440c07e4fbf653cccee31199cf75346cf7fb0427b1a0e77f2d2d6fa41452039b96ee408083422cc3f1b272b72844092b68d884c06","ssdeep":"192:BozFfYPbNGlBvAXlEpSUkY0otCBvIQ7aCI/lVZq:SFfYPbNG/ilfUmotdQoY","tlshash":"71e1af53146b492ad732127f26e62774fe125f18a92821e38113bf5c33f85a525385b1","first_seen":"2025-12-20T20:05:47.277905Z","last_seen":"2025-12-20T20:05:47.277905Z","times_seen":1,"resource_available":false,"data":null}},"time_used":438,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":437,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/9LzXmDMINrBqrNE5gdBCCKy6RFF.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/9LzXmDMINrBqrNE5gdBCCKy6RFF.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 252051\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Mon, 15 Dec 2025 13:22:35 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=342\r\nx-cache: BYPASS\r\nx-request-id: 7cbde244422274faa510d455477c04ff\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":252051,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 1470x952, components 3","md5":"76b4e7e9cddbb06c269744d6ba63b4bf","sha1":"a34268f30e9c91270665d2163f1f22cfb1b0e2d5","sha256":"a89b13f2f5c51c9822c37127116f5f62ac50495315d324f48384072513c55870","sha512":"b416882a743a42b7f6fc362ebbc75338896c8f58e0a1e19f6d268fd10f11bef3c6c72b31d327ef05cb4966d12a69c21ecfa83a651ec2c411b5cae11acbc4c2b2","ssdeep":"6144:crk+4JWUrobghOcxtS7MJxZO+fB4gbjkHoc:cADJWUrobgvxt5cB","tlshash":"e334232d80547b36d0606db0da6bfed62e906299d08d6d73261afbc228a3575c05f4ce","first_seen":"2025-12-20T20:05:47.278697Z","last_seen":"2025-12-20T20:05:47.278697Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2321,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":463,"receive":1858,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/uPMJU0u3kOk9ITrsJnHpBFvEK0H-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/uPMJU0u3kOk9ITrsJnHpBFvEK0H-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18183\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Sat, 04 Oct 2025 17:14:42 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=332\r\nx-cache: BYPASS\r\nx-request-id: a265e19ed24d24af5ba6ba606512b2eb\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":18183,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"913f54436bf4a28a8b20c2b8b7ff4cda","sha1":"0b2dd75da47ae0fdfe8fdb9363bd117f651b2f81","sha256":"48f7594393a1a1dabd82bc8bda9197f4877e39052d4ec3c2e97db25ac1fa682c","sha512":"f598330393efdf30f09159b1118380bc2e4f688191e0d18d610fd7aa70aec269310f71e83b741753f70c44b7ec28b34efdb3abb9763d07cba5ac1fc6c2d89020","ssdeep":"384:YyRr4b4fyKBja9Zneg+f/IwyLxN0CSg9SFmlmUwTJUsCcoQf5:Yy6b4KKBUZne3gwyLP0Dg9SFmlmL/5","tlshash":"4782d075370ef3e3e897ae3c9f2322ced1d30e9521ae2e155731c9f9945a9e81491e01","first_seen":"2025-10-07T23:41:16.201223Z","last_seen":"2025-12-28T12:07:45.172492Z","times_seen":7,"resource_available":false,"data":null}},"time_used":587,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":430,"receive":157,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/x1pblSVT4xtiZMN0sjn0ql5NMuA-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/x1pblSVT4xtiZMN0sjn0ql5NMuA-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11401\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Sun, 14 Dec 2025 13:44:07 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=330\r\nx-cache: BYPASS\r\nx-request-id: 71a7eda7c3b6685d046c61b2c2ee3380\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":11401,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"240f6a7e6aa8f0def9ce84f310f5c8df","sha1":"b18353272dd302a6968e43f004a8cecc7149866c","sha256":"3631442beca5b3a50db17edce5d2974d7e77bf02ff0df4124c4d126dc1ada4a6","sha512":"82a40e980d70734d0db57c47f96b573e0533584c4e1d5b97cb450fbb88f606625219b6b2d6ceffbb0ff8d01e7d0982f86f30977ff9bb7632b299dbe923f418e8","ssdeep":"192:/gZwgEaVqWnq9uHs+/eC3/yvnvi71msc3pYkrn5ELQIMKuulzNGy/ILZ4oCdu6:YZ2WljMnK7YsCDrn5UMK1xE/4oq","tlshash":"db32cf13153092c2a42a9ff77af611fea157128e6a3998275033c3adcd995c8d4d388e","first_seen":"2025-12-19T05:45:15.586754Z","last_seen":"2025-12-25T05:47:25.825314Z","times_seen":4,"resource_available":false,"data":null}},"time_used":424,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":422,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/d18zLe51Gqq57vrwFgPxd7g6jZj-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/d18zLe51Gqq57vrwFgPxd7g6jZj-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15456\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Tue, 18 Nov 2025 13:37:43 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=336\r\nx-cache: BYPASS\r\nx-request-id: c94a454146d4ff1be98f97f2a25eef88\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":15456,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"6c7f6b5874a9723cdf843881a6f2edeb","sha1":"0a49aa120218b2b40afff99e8160006a5b864e68","sha256":"ec1567693bd291995cb96995564002089d08b8673842b2f7d846e8d770dbf96e","sha512":"96f348b815ab355353af8f6b111795dec54eab51f61d9c18944a5fbe4bfe95f8f3262f368baa03cb46eaf7525cf238488fc954f30e9b9198247846c31d8a4121","ssdeep":"384:YHCsQDPQtcazUF1R3ypwJAFVxW47rhV5FU3Op8GcuR+4M1W9CjOns:YHTsW6AwUVx9pSep8Gs12Pns","tlshash":"2162d04abba6689ae4ac1d145ca18242355f8f847b4a5b09fdf0ed1cf6d1cc48a0de0e","first_seen":"2025-12-08T04:48:41.87346Z","last_seen":"2026-02-16T22:50:45.814084Z","times_seen":3,"resource_available":false,"data":null}},"time_used":600,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":436,"receive":164,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/niC58UPfKMislQ6l9hoD41CvTdX-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/niC58UPfKMislQ6l9hoD41CvTdX-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9234\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Tue, 16 Dec 2025 15:12:08 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=342\r\nx-cache: BYPASS\r\nx-request-id: 1346174937b18ad793723ad0397c4433\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":9234,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"390cb0a944748493bbbadae60b42cd49","sha1":"b40324ff5786cfb1f80908a6094e45b01038b261","sha256":"6974480b65e65ca58e2563cc18eea87a2dbe4b55cf158e5b9bf1b5937491232c","sha512":"2a299c5fb91878fb9d1466c3b707b1699ebd7e7743ecec0513ae144620947c3882d1e211336977ba8845e0d8120fa039b406c95fa2ef7b651238c559200bde81","ssdeep":"192:afhQymmhizDcWIloFndjtWFxqPlBLbC36X0eySO7AwLz:QhSnzDoyndjEFIPlBLWrNS5wH","tlshash":"ee12cf74dfcc22f49b45a7c6bd892ab8872f0894a7176fe44a2f20f71c104898779583","first_seen":"2025-12-20T20:05:47.281564Z","last_seen":"2025-12-28T12:07:45.182536Z","times_seen":2,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":435,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/themes/film2media/assets/js/vendor/jquery.min.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/themes/film2media/assets/js/vendor/jquery.min.js HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:07 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 29690\r\nlast-modified: Fri, 08 Nov 2024 11:02:01 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=348\r\nx-cache: BYPASS\r\nx-request-id: 9f9fb54627612760daa58c8f71b2e4dd\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":87443,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4feeeb323fa3e7b980d5916946b7bd5e","sha1":"e0d47dd7def31b3cd3dab43464c663382e8698dd","sha256":"e8c3cccfb58b82f8492042016898334e0623d643b563a2097492e7def5cfcfac","sha512":"416efd3bb56ea96bde5d0666b94a2e68b87d88de1c831fc891820e34a82604329d46b9c1fa0a06fb31195ef74872e5a0148f826019592b1d3abb45fe1640acfc","ssdeep":"1536:PRUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GK7:XHNwcv9VBQpLl88SMBQ47GK7","tlshash":"4783f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-10-22T08:54:07Z","last_seen":"2026-05-24T07:12:03.436063Z","times_seen":817,"resource_available":true,"data":null}},"time_used":634,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":507,"receive":127,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/3Qwhs7xxf9LILllWLnxbSaCBNDf-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:13.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/3Qwhs7xxf9LILllWLnxbSaCBNDf-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11857\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:13 GMT\r\nlast-modified: Sun, 12 Oct 2025 19:36:19 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=337\r\nx-cache: BYPASS\r\nx-request-id: 32e0f7facc2ae61a13d63af746f0bb0b\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":11857,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"cfa6b168b209cc84a260ae9f80e32a62","sha1":"47942841b1115f4478598a708eef66baae79ac02","sha256":"200941be7b2c2899eb2fe8fed55e560b155ac8772518c7846796e2046576e53a","sha512":"6bc8f7f7fe651ec55b414f7a5537e93e09e815ae307f2c30e42adfb1c3b63a6ec21e76ded247b918a75810c8560fe7f93f35c3ba030785c7d4a6e2949a53ddb9","ssdeep":"192:/gW+lIaB6WbG5zM4ZNmWZeJQAnI27I2erZ5U9VAlY/3BDiZ/XwUlzSy7CdkyaBCI:YxlIarG5A0KlnIMIh5e/sZ/XFcyOzaBR","tlshash":"4a32cf2a4f3b51c81c5f7c501a7fafa0b12f74c134b89dc26eb0f1eafa460d28185885","first_seen":"2025-10-18T19:23:05.004835Z","last_seen":"2026-02-16T22:50:45.918855Z","times_seen":7,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":434,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-includes/js/jquery/ui/mouse.min.js","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-includes/js/jquery/ui/mouse.min.js HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 1012\r\nlast-modified: Fri, 08 Nov 2024 15:50:40 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=349\r\nx-cache: BYPASS\r\nx-request-id: 16dc5e8faef46f117d670a6b7d87cd5f\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":3428,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (3248)","md5":"dd6a0d8d7b3e0afbbc0bbb417dcc387b","sha1":"0b38c782da1c8ecc6bc7e854f8841fb9d2c86e35","sha256":"f36adc07db49e73c3fd3aeb4234d270725f07719706dd28dfc09657f2cffe9d6","sha512":"e0963a8c2de54ca9a29d2f3fb0adf54946172e11589f0da3dafbf603b9f38c7a4a8a977465b0a9c32da9d4127d916e60c390dea1e17d55b3edee0b760401135c","ssdeep":"","tlshash":"d161ba8e33145e8342931336d23bab4b7d3180d9640ad51dbb39acd83a2c93961b69fc","first_seen":"2024-07-16T20:36:22Z","last_seen":"2026-05-24T16:21:25.0094Z","times_seen":49132,"resource_available":true,"data":null}},"time_used":484,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":484,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/04/goerge-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/04/goerge-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13850\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Tue, 22 Apr 2025 05:33:55 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=339\r\nx-cache: BYPASS\r\nx-request-id: c4fd13f9aada3b197dd36e5a95bc5255\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":13850,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"69c13756c0cde2664bd04b64ac77b64b","sha1":"3fa6edc64f9cd0e1d7fed4a0b55c497fafd5af31","sha256":"af0d452206707ee22c90baceee9b5fa124ec8ee0f76f394bf8a05185440b7d74","sha512":"62a46e51b34babd5ef6a16996bac5ad892dafe0ee663669078c300917dfcaf723f36af4630b8e1b4cf30d76fbb1ee51fc6b407de4f2c1a71bfbb086b2ae10007","ssdeep":"384:Y/9OeUKz6Q1QHTCyugY4dHdGmk3BnsDmIkJ8G1z:Y1OeUKZQLug1HdAn22z1z","tlshash":"7752bfe36991c3da29b0ae722cf62edf49fc5a45b600a051be34c95bdf304d868e502c","first_seen":"2025-12-20T20:05:47.284138Z","last_seen":"2025-12-20T20:05:47.284138Z","times_seen":1,"resource_available":false,"data":null}},"time_used":435,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":435,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/l3P7COdRTZT3KZThyZlxlYYbZwQ-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/l3P7COdRTZT3KZThyZlxlYYbZwQ-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12185\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Thu, 02 Oct 2025 17:30:22 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=352\r\nx-cache: BYPASS\r\nx-request-id: de1065438535357046126165014706dc\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":12185,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"802d2ec909aea546d61fe70e4a1dd4c0","sha1":"8e8806e37d26e839f08a143fb809ca22a71ba21c","sha256":"d6af6bd488b3d538bd04095d9fb2c9f79788c900fc7c950705f5e0798b2ab0e1","sha512":"53cf3c4048961e4fb313db6186dcaf19da3b1d530b7bdd75249cda1b25dc5dee01901325ca5310cec22e0fc902d8df7ab49caf377a2da92fb6b46668a71da4ba","ssdeep":"192:/gr4LtagHPs9Kw8gkZQF6DstWD5XpC400kOPssbz9JCXM0GM6xs+InBj+zsvP:YrOtasPTgk6STl5utO0sbRJCXGMpdP","tlshash":"7042b02afb8741c157fb4c1b6cc1000b684aff58a11957ee5b70cb929f6c2e87d64497","first_seen":"2025-10-07T23:41:16.044306Z","last_seen":"2026-02-16T22:50:45.946977Z","times_seen":11,"resource_available":false,"data":null}},"time_used":449,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":446,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/6PdAODwR9amGEq5ER42FsuzV7op-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.501Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/6PdAODwR9amGEq5ER42FsuzV7op-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11768\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Sun, 14 Dec 2025 10:24:06 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=348\r\nx-cache: BYPASS\r\nx-request-id: 4089081f0fbd41bfd8db55b77d47d9d6\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":11768,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"575d6b9203494d86cdd703df47b59c82","sha1":"b13bfdd9be4677b9c7e34f6df51c86f8b10348fd","sha256":"709320eaa4da527a6c5b280a333074bb037e2eb950d9035da0040411b6c0c24f","sha512":"1f6bb2fd4311739096a831da2cc5811f65c15562bbf46b0bc39ac78edc9d8f97fabecba85c5bb4528ff2c4c21bf8a24075d0daa93657e050a2c968c4702cba87","ssdeep":"192:4xLun3cC6CacFe5Wh7VneBqjajxwVp6MP9deSl/fl2x15c4fdqCcf3CgSsSQO+7A:SQ3cSFe5WdVaj2j9P9d39U15d/cf3C7X","tlshash":"2732c0a4bcc42df2754d5fb13a5296e31b423e0d259717649eee30557cc06e896f4c38","first_seen":"2025-12-20T20:05:47.286002Z","last_seen":"2026-02-25T15:18:01.390663Z","times_seen":2,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":442,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/favicon.ico","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:15.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:16 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 6780\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:15 GMT\r\nlast-modified: Thu, 05 Jun 2025 19:51:10 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: ffd4b5dede7509318f43c2ab8473a372\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":15406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"cba1922c4c8d16b73d3ac48c06ce3d61","sha1":"4a9e50536c52751208dff05158fcfddf2b4bbe7c","sha256":"709df530bbb6ae2c7ff19b572fcce619a014a23d4cfaa43dbfaefb6ea92fed32","sha512":"fccc6ab3e594ecb3fd92d8ffd8044a686bff1e068e22b1bd4286ba16262199efe7cc93827536cfbb1af67c3dfb250c0078d5d4c2449ed5c2d82d14d0df8df86e","ssdeep":"384:tr5cZx9/kBLQIwHkDbIIHlJIqFYDXSDDH:trW/YLbbIAuSDD","tlshash":"0262c9ce833090a6e3604b32ade99e344a3cafe96c6d735d207471d17973f4a9d02d69","first_seen":"2025-09-25T01:07:31.153Z","last_seen":"2026-05-12T11:54:29.561088Z","times_seen":49,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":444,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/7Dpzucn4Gtivrxv1egtJnB4Um9q-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/7Dpzucn4Gtivrxv1egtJnB4Um9q-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11228\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Sat, 06 Dec 2025 11:12:15 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=358\r\nx-cache: BYPASS\r\nx-request-id: 865b5504818d2e58543a22e5970028f1\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":11228,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"eaabffb3c7df0efbfa9d8819a151b1f6","sha1":"25f2873e3895857e762aea56eca021ea2048dd89","sha256":"d7fb3bc29b076bbb322a599989e618e1dac6833f7766ed795f19d3ba5c03f496","sha512":"b740a6496021fc0d328a24170a57e3dbd4eab895dde78194cb9349511cafd50039f772a4b17aa875c9b2d344d47e3f2fb2fb6e612b995307dc639e57fec7df27","ssdeep":"192:/gzEcjxC/v7RDlFM1TsQlpw1Z0QakGVwbSV1fnRBZlLQxmLm+0W/h1:YAcURfM1TsQlSPnGRfnf8j+0mn","tlshash":"5c32aea1b71984e6f76bde2a3083041fcb8ab6179d3d8187ec75d66377c18c8c48e914","first_seen":"2025-12-08T04:48:42.024397Z","last_seen":"2025-12-21T21:12:09.407411Z","times_seen":5,"resource_available":false,"data":null}},"time_used":475,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":464,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/ylpluerF3X4QQYBXEwztfYNMkOh-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.473Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/ylpluerF3X4QQYBXEwztfYNMkOh-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/webp\r\ncontent-length: 14478\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Fri, 12 Dec 2025 13:12:44 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: 6ae219e66b1e3dd20ccead8a08671e49\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":14478,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d1895e7f061114b0686e3867a8d4e877","sha1":"b30e6c5e6d43e5aae295471b9842164825683f88","sha256":"3cfcff2bc18c818501127cefcbe857cd253bd1f76eabd0fb03dbca8e351fc3e3","sha512":"619b6efacde3736b26e4f142cdf70a6fcbd2ec177ce5e2d7a185ce9239211c391f6d7e55b0453589bc6af31cac1d1cac7da386320f7b4ae4b89a697af488633a","ssdeep":"384:ElgglmT+LEgStBqoMzO/WlEZd2tQo0EJXMphgqsn+xsi:ENlmT+ARMzE3ItQo0EIZxp","tlshash":"d252c0ddd48c3e4d0d8b8dfd68c7a3f8465248c6918b198efd98fe054ce45ac1911ee6","first_seen":"2025-12-19T05:45:15.573616Z","last_seen":"2026-02-16T22:50:45.831288Z","times_seen":7,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":443,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2020/03/yn5ihODtZ7ofn8pDYfxCmxh8AXI-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2020/03/yn5ihODtZ7ofn8pDYfxCmxh8AXI-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13784\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:12 GMT\r\nlast-modified: Mon, 11 Nov 2024 17:16:49 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=344\r\nx-cache: BYPASS\r\nx-request-id: e4c6a6d6f4099b14a13a4ff68e5a37f8\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":13784,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"a7ce9457560cc33d3f290a73c87c40de","sha1":"a539a6c761315491228b34e4e2489f4eddeb451b","sha256":"d540bcbfc4afa0d738f2d5299b1e8a0c7bd62f10756a04ca2f01d7ad05f586bb","sha512":"e7cc0ab5416ede3d22998ee6bbbccba1377c9f24a5c7e2547e6c0f8b487c1d706fb2b50e779a5930b39077df6827750deae3e0c95760fcd4f83e40b02c0cef24","ssdeep":"384:YWhZIglpxZ9VYx27oPQYApOi00XeGYV8cppG:YWbIg3N7ozK4g","tlshash":"c352c0d3aeae6be695e95e1d24b88312586c00c977141b442dfacd732c9a8c06c0fd9e","first_seen":"2025-12-20T20:05:47.289193Z","last_seen":"2025-12-20T20:05:47.289193Z","times_seen":1,"resource_available":false,"data":null}},"time_used":441,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":438,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/civqyO5ZGRe40azKOpuYQyqyHnO-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/civqyO5ZGRe40azKOpuYQyqyHnO-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13994\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:13 GMT\r\nlast-modified: Wed, 08 Oct 2025 14:42:01 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=356\r\nx-cache: BYPASS\r\nx-request-id: 90df02287f54bd5ed34d9e60df8cd27b\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":13994,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"11e5e77502690728407f6b4ae5c166ee","sha1":"edac74165f28231d01b60c14836aad4eaad26a83","sha256":"fbf170f0725f4b467c9b0c1100232bc6df29d7742fef69e25d9ecf6249d57f07","sha512":"9f87c48328ee2307ee902c7bee3518fc62502468d79c8f6effbf71581dc19509cfab6a62cd584c4585e8de644853612901a6e5848f1eeda5828f6aa637ac3021","ssdeep":"384:YZXLVzooL/2aS1gOXPaAK9PBXgwHJnWCAOVsyXN+Xbk+zC:YFtooL/2aSyGiAiXgwHJfHArNC","tlshash":"c552c07cd8a89b7e8c5b8ecd80d2660468864745f904dea5eabde4be7e143c16e8b400","first_seen":"2025-10-18T19:23:05.496715Z","last_seen":"2025-12-28T12:07:45.186452Z","times_seen":4,"resource_available":false,"data":null}},"time_used":453,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":453,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/sTW271wUWjbvRXPqD9xexnLAvnl-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/sTW271wUWjbvRXPqD9xexnLAvnl-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10940\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Sat, 20 Dec 2025 14:46:48 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=352\r\nx-cache: BYPASS\r\nx-request-id: 96f39ad76e65d544d86aff8963fe5e35\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":10940,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ec84274fdb3b599378d68d3c70cd874e","sha1":"952596b876f45a6ada43959fb7108b417e8e20fa","sha256":"3348b6f5fec9bd2673b40a12e83edc8475676742b9497592c1e4ed6a517e3b40","sha512":"7bbb03c548a21fbba78b5f8099dc1591bfda1916ceb5c91c25b9d2f169a2087458ecd31b8e967f13243f7d4d66c2ee55e1916191c81f136ffee3d55b1604b499","ssdeep":"192:XYMh8IdXgwdD3fgrC2/c1rQmV+k6umei2te2E8RzriW7lvD4HX/6uE7SEmb:XX2IdFsk1rQC6uttRzBve/e7jmb","tlshash":"9c32bfc730dd2f8475cc241ea2441aa2dc86f183b12fbb2b742190086de5eb5d69b71a","first_seen":"2025-12-20T20:05:47.291159Z","last_seen":"2025-12-28T12:07:45.136517Z","times_seen":3,"resource_available":false,"data":null}},"time_used":447,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":445,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/07/vnasRNhwT5M3OvTAMzYn4i5fQcT-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/07/vnasRNhwT5M3OvTAMzYn4i5fQcT-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 22361\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Sat, 12 Jul 2025 15:39:02 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=328\r\nx-cache: BYPASS\r\nx-request-id: 99f75f9e03b0bf3a7e7e8f8c9dd691fa\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":22361,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"60c791a3693809966f375c13c801dea6","sha1":"4ec567b318ef7b3f17a83a2271df6351884c4fcb","sha256":"ad1726db36a8e15554f43e3203416c9e61913201ffee2485934d1e3f7e1052fe","sha512":"34efad746128e790ceb8c77d956af569b012090b5e268df601821faf191bc9a94aeb04cac64b9cf88d339dbb76fcd176434b1051b92aa006a43e2a6e63557d49","ssdeep":"384:Y87C5ouxa87V5A0HVA0qZKceNf8YjMppu47/YbPGsiG681T:Y8OPc8R5CKceNFjMpg47ICN81T","tlshash":"16a2d0b3e443e3683f16ba291a36370eec9e374267a2dbc0b970910607a49d7685951a","first_seen":"2025-10-07T23:41:16.181239Z","last_seen":"2025-12-28T12:07:45.240498Z","times_seen":7,"resource_available":false,"data":null}},"time_used":586,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":421,"receive":165,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jamssp.yektanet.com/api/v1/ads/web","fqdn":"jamssp.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"POST /api/v1/ads/web HTTP/1.1\r\nHost: jamssp.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 865\r\nOrigin: https://www.f2medx.ir\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://www.f2medx.ir\r\nset-cookie: analytics_global_token=01KCYNVF9GYG2S7FJFFK2D62ZA; Path=/; Domain=yektanet.com; Max-Age=315360000; HttpOnly; Secure; SameSite=None\ngearbox_ad_token=01KCYNVF9GYG2S7FJFFK2D62ZA; Path=/; Domain=yektanet.com; Max-Age=315360000; HttpOnly; Secure; SameSite=None\n_yngt=01KCYNVF9GYG2S7FJFFK2D62ZA; Path=/; Domain=yektanet.com; Max-Age=315360000; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding, Origin\r\nstrict-transport-security: max-age=0\r\ncache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\nx-zrk-us: 200\r\nx-zrk-cs: BYPASS\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2002\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5618,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"24d6933fcfb6cedcac1592db31d4268a","sha1":"acc30cdd39859a2c4328e2d9765c77eb7cf45012","sha256":"41e7aa243f6fa5d6bddcbaab28d468f17e9ed7bda3e98afdb25fd37bcbaf5782","sha512":"ef836acb467b6dfae786695e6c5a109fbab6d889cce8fe714a3603a2defe2c3e033f57ac45452b5f195c07ba6a7bc67455f6f29129518fd54a1c73b1545c8fe8","ssdeep":"96:8Pxj8Ktxf5aTk5LfzBSJSZZP/CCJC7xj8Ktxf5aTk5LfzBSJSZZhnWUnW1WJWfaQ:8pjnfik1zKjnfik1z1Q","tlshash":"9bc12b328f1d30e612951646747e39ad2f90d4072930efdeb95fc88682461ea7fd3259","first_seen":"2025-12-20T20:05:47.292554Z","last_seen":"2025-12-20T20:05:47.292554Z","times_seen":1,"resource_available":false,"data":null}},"time_used":298,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/04/7ynNG9lYS9HIR8cYMgawO19VPkg-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:13.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/04/7ynNG9lYS9HIR8cYMgawO19VPkg-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:14 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15456\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:14 GMT\r\nlast-modified: Sun, 06 Apr 2025 19:21:38 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=348\r\nx-cache: BYPASS\r\nx-request-id: 6a7fa3f3eba72deb8e03ac3ce15b21de\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":15456,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"b7a37e7520469b1ad70687c83cf6cc10","sha1":"836d89ad4ab56022abb8e5a52232a891c0de6905","sha256":"4e3c8081d3f86ab53490efe48989cbaa856d69c8c89d002e1a4496c62230d456","sha512":"d46d53364ee27a187c3c7b457effba64e644623059c4f5f54a7a7043aeef2a17efcdd8dede1370df786774d7b00d3a5175f79612f7ae70c25df7b30773998014","ssdeep":"384:YGe6ECgOHlkteu4tXK0oDeR4o8RpSDhZ1KgPxuQL:YhZQ60o64ooSNR","tlshash":"1862c0b7fb7b81c9d17f4f258e1a0bc447891b1df2662a0537b3cea25610dcf1a85268","first_seen":"2025-10-18T19:23:05.484097Z","last_seen":"2025-12-20T20:05:47.293336Z","times_seen":2,"resource_available":false,"data":null}},"time_used":612,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":441,"receive":171,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jamssp.yektanet.com/api/v1/ads/web","fqdn":"jamssp.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.4","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"OPTIONS /api/v1/ads/web HTTP/1.1\r\nHost: jamssp.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://www.f2medx.ir/\r\nOrigin: https://www.f2medx.ir\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\nstrict-transport-security: max-age=0\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://www.f2medx.ir\r\naccess-control-allow-headers: content-type\r\naccess-control-allow-credentials: true\r\nx-zrk-us: 204\r\nx-zrk-cs: BYPASS\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2003\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-24T17:07:59.023654Z","times_seen":15665480,"resource_available":true,"data":null}},"time_used":7226,"timings":{"blocked":3485,"dns":21,"connect":17,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/wZEKHPaeMCihLZWqjOaEtXFA87x-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:13.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/wZEKHPaeMCihLZWqjOaEtXFA87x-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:14 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5628\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:14 GMT\r\nlast-modified: Thu, 06 Nov 2025 21:08:02 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=353\r\nx-cache: BYPASS\r\nx-request-id: 9560bd8c3c8eec79b0cd44370cd046ef\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":5628,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"171257e436e441b84e13d9902be4661f","sha1":"c5591d84fe7d64ff585ff39455947d7a5e4fe079","sha256":"bb03f698435f0f37e97a0dbedf06740204d3ae6f30f88437722769fad48cecb4","sha512":"3b4208a3c5f1b10a1d913c2d82716f502092485efc98a3f58bfd5467f795a4aa543c225bd3bad43584988f869e2abf0eb4839722cc3b10bd9705dde9443ce94b","ssdeep":"96:CuSoVuVPTBH2dQO1d5PaBQb54AOig7po/fBfp30A17fUosUOq2d:tEVPTBHsUB8dOiq6Bfp318Dd","tlshash":"ebc19efc7e2e37996c08b2ef3443b782ed4851256e20056242296163f9de209178b2ff","first_seen":"2025-11-07T05:36:05.9006Z","last_seen":"2025-12-20T20:05:47.294193Z","times_seen":3,"resource_available":false,"data":null}},"time_used":456,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":455,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/c0bkO416OU7YGdOFktk45H8REgL-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:18.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/c0bkO416OU7YGdOFktk45H8REgL-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14880\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:18 GMT\r\nlast-modified: Thu, 18 Dec 2025 16:38:16 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=343\r\nx-cache: BYPASS\r\nx-request-id: f80180fc780f9513b489371eca02e671\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":14880,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"41aa0cbe9e0fb2bdcd10337e494ce94f","sha1":"06835f2c905236b7630f4430208de7a78fba4039","sha256":"2182bf619c273a7e18c633c276dfb32d6f03e852ed03e1a0815ad1fd073b00ad","sha512":"dc9924a0c1a996ed4f1a175ff93cf1c9b5930cd44254e9d35583764c197bb4d1d7ba195b42f81f598fa2e8a00c86d9462ce8d1fafa1e5065c85c57f44cb2b329","ssdeep":"384:Y+4EANZc8JlQrKaUoSgk8I1x36yofXDVDb+KkAdKe8:Y7vN+8HQrKaU6k8KxKyofXhDb+hAZ8","tlshash":"d262bf45e20726458785de35baac1a9e84823e32fef46b0ea4b6ff5ac1985cd3370d10","first_seen":"2025-12-19T05:45:15.528998Z","last_seen":"2025-12-28T12:07:45.151563Z","times_seen":5,"resource_available":false,"data":null}},"time_used":439,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":439,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/bRSM2hsOsmTe3f6ZRrsvbiG8Jch.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:18.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/bRSM2hsOsmTe3f6ZRrsvbiG8Jch.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:19 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 174161\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:19 GMT\r\nlast-modified: Fri, 05 Dec 2025 08:51:49 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=344\r\nx-cache: BYPASS\r\nx-request-id: 6c1ededc029431d2148d9f31312f5e50\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":174161,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 1400x787, components 3","md5":"bcff949935fe11408fd218a2b529bdbe","sha1":"22c4af2c63a0847d78af0bf08d7d2fabf2d0668b","sha256":"fbcefdaffbad81ef2aa543435595b7a81674c3c694b2b4e9c92a3a027c73c3a6","sha512":"3254b04fffe25f626375ec3362628effe02cd99453b7719f5bc0131601cc2878f89674efb3907e818106239aeff07b3de7c639a32787df8e20a00a85ac9d6b8a","ssdeep":"3072:5l3DVl5w3AYyIqDxFflA4H91VjlVWMzlo8H4NlvGFsFDVKpUFVWO+/:553C3PyIqdDjRN/QDVKJ","tlshash":"ab0412e07f21a188147c9bffe2c624144b2601db33999357e9dbcb874931b9707b7829","first_seen":"2025-12-08T04:48:41.91076Z","last_seen":"2025-12-28T12:07:45.128995Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1801,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":438,"receive":1363,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/litespeed/css/e6d6328240a03d796c57688968d82b86.css?ver=82b86","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.425Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/litespeed/css/e6d6328240a03d796c57688968d82b86.css?ver=82b86 HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:07 GMT\r\ncontent-type: text/css\r\ncontent-length: 11564\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:07 GMT\r\nlast-modified: Sat, 20 Dec 2025 20:05:05 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=340\r\nx-cache: BYPASS\r\nx-request-id: eb6ee5c569bece62cbdad67c6dc78c62\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":99918,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"8426c4a3a84959ea572e0370d3c69835","sha1":"418ee1096abbed0a9c5e0560783f72949c28512d","sha256":"9e6f16ba64fa05f2c614ef48e81c2e2b4a5390b6a0b136e39e139d81293c4017","sha512":"d250dd6a55c531cf9a689ec64c71d2647bc0c59f2aa96efd8a60b0d2f9ad0f75127ddc8c3e3c4add0e83e84971aca3c963c98a72474bc96dc59c63f548e8adc0","ssdeep":"768:5Ho9vh2bWP2Q51QCqBcc7xbA1PUC+sMUV92Y6Ttmv3ckzjkhOhb:h22Q4CqDFA1PUC+sMUV92xkzjkhOhb","tlshash":"7aa30ddbf9d2104c9a578a1d82d53bbc7e3f8825a741aee7a8077f31c745ad305a280d","first_seen":"2025-09-25T01:07:31.161048Z","last_seen":"2026-05-12T11:54:29.549136Z","times_seen":31,"resource_available":false,"data":null}},"time_used":453,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":433,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/4jM1ervIDeeeXxheejtAaOqjOud-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/4jM1ervIDeeeXxheejtAaOqjOud-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/webp\r\ncontent-length: 13202\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Fri, 10 Oct 2025 10:43:22 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=358\r\nx-cache: BYPASS\r\nx-request-id: a33e13054994cd34ff50badc645214dd\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":13202,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"4386a1e811894ebc5fe5c63d713bcc29","sha1":"cb73b69189289b78d6bdd172a903faf256a66e51","sha256":"16fa643431fb43232d3c4732bcedf98a701971d3e69dfcc4595fcd7d281dd47a","sha512":"473187fca6de9cea95ae368f30c8e024ec7a03d2273e003de8c1ef94bf0ad786095eda58e18896942ea0630e69558cc97d731d7979edd2a9c1813d7f1bb9d34a","ssdeep":"192:ujyMMfYat2xJzl+1vyn//GDnPifBmkZVSUFcx2jOJ0aZKAurql9fNAD:ujjAMX7/qnaHbSUFcEjPPAXy","tlshash":"b452d0394a00dd7bc75839470746b93f681dbb82c9ec98417c3672be4c78a24a6ed199","first_seen":"2025-10-18T19:23:05.39928Z","last_seen":"2026-02-16T22:50:45.933614Z","times_seen":5,"resource_available":false,"data":null}},"time_used":453,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":450,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/02-8-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/02-8-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15378\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Thu, 20 Nov 2025 06:10:53 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=330\r\nx-cache: BYPASS\r\nx-request-id: 2e39b5fc4bad1cd1a141352a5e90017b\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":15378,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"eafdd47851f8d02bccd5fddbffab06da","sha1":"432d8e6cb7a95a1bac3b79c8a84504a7ff20a1be","sha256":"182c4fa22e19d3be6c26cd71acfcae213c371ec1fdb0a1607d6dc8afeecfbad0","sha512":"ce5d9721fe1e25a889a0e4b1c404040dbabd524f77cfce30bfeefd3fc62c632a3c004315379e4ff32e4e79094c2451e95ee6f49e76aed41d2864549e6e35ddd1","ssdeep":"384:YNxfSiZhealUwuI0YT65EqETPyrzkvAol3EnK6zo:YNxKMUwuI0Yh5Ta320KOo","tlshash":"2462d17a59bb50e1c0b8ee1cd9128c8390ee6db70d7986674ebdc639e382dc989045c4","first_seen":"2025-12-08T04:48:41.937234Z","last_seen":"2025-12-20T20:05:47.29747Z","times_seen":2,"resource_available":false,"data":null}},"time_used":585,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":422,"receive":163,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.yektanet.com/rg_woebegone/scripts_v3/Y9f0GOWp/publisher.js?v=2025011020020","fqdn":"cdn.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.80","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"GET /rg_woebegone/scripts_v3/Y9f0GOWp/publisher.js?v=2025011020020 HTTP/1.1\r\nHost: cdn.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:07 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 06 Aug 2025 12:37:37 GMT\r\nx-rgw-object-type: Normal\r\netag: W/\"fae6ba9a2ecb2eea3508458a5a462300\"\r\nx-amz-request-id: tx00000275b1a76fee13710-006946c9a7-6e322128-default\r\nx-zrk-us: 200\r\ncache-control: public, max-age=3600\r\nstrict-transport-security: max-age=0\r\ntiming-allow-origin: *\r\nx-zrk-cs: HIT\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2002\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":53516,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32308)","md5":"fae6ba9a2ecb2eea3508458a5a462300","sha1":"01e0f3c7ab8023be19abe3a54129d23a993c12b9","sha256":"8f30c69a1f8200c8302cc6d69acd3954249177e4f571f943ee06f791c459acb4","sha512":"d10ff4005780bae43859197942ca34163392a1517c5f15647913b54ea4c83d5c3c841850023a74d9a0dfa9f9d3b9ecbde58fb2b16e72c6926ea8e67dc21bfb1e","ssdeep":"1536:8nCNYL5yqid5IaZMVqfyzU5zHzq+Q5DUQ7vE/:0tL5gIshyzU5z4zE/","tlshash":"ef33f6d974d2f0b207eb65ba913f520af23a25592c4dd4509115cce07c78e9b8363fae","first_seen":"2025-09-25T01:07:31.115518Z","last_seen":"2026-02-26T00:18:52.929996Z","times_seen":49,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/6rp6pV7vrBA8JDUuiNOQyHge6D5-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.704Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/6rp6pV7vrBA8JDUuiNOQyHge6D5-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/webp\r\ncontent-length: 4698\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Fri, 19 Dec 2025 20:25:24 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: 2c6c1e59ddaf44894ab144155108d6ac\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4698,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3ab447d13957a7f362252c76fc7badaf","sha1":"54dd0e565407d1424bc624d159a6bb2051b0b864","sha256":"af1549c848373a24f2a1055bb01eabec72eadcf97beee558cad3e5efa006e66e","sha512":"c97353a3b73c24f2a1427b5210a7818437115f7732019981c628f4ba7fd1715a184f3788efe2a3583bf340d4776f39bc6791a17a6864a02e09180831e479d3c1","ssdeep":"96:koE0mRQWbXoR9qqw3OBJjvYqLPf+LWokbIROIzCvSht1I/LQ:koE1hbXoR9JgIH4WpYFuvShs/LQ","tlshash":"f5a18ec3fc6119046e13cd2a1e4b736e8f3d3a3512aa0c5229dd80b4e6cb64821dea41","first_seen":"2025-12-20T19:15:46.461857Z","last_seen":"2025-12-28T12:07:45.143394Z","times_seen":4,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":443,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/A0czAfQh6wcO0Fe62pOAIyJ2sdq-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/A0czAfQh6wcO0Fe62pOAIyJ2sdq-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13375\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Fri, 31 Oct 2025 18:18:36 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=336\r\nx-cache: BYPASS\r\nx-request-id: 59683cc68441a55153f9157a0f729b50\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":13375,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"ee42e837f63fb155c32e2c8b115ffdb0","sha1":"5fc2831d2cac4929f6502c91ef7e316f7a46e5e8","sha256":"06f0b71a3d802b3b2e3bd5e0fd9eee7c2289f43f3ad4d3d8b2f9cf7e61d3ba6f","sha512":"c3fcaa83d8ac7bed6a3978e8ca5bb22366a3956f7fe6dce6a5f1a93950766a2327de4b3473505c39c85dfa058f0a42ff2bcf3608179dd51e5a350dcbce1bced2","ssdeep":"384:YwsspJRz8Uc0tVmMwzs3hYjVwjByLpw/oHfkCBvos/6/fgR7:Ywss3RTc0tVmrZMSpw/oHBLS/ot","tlshash":"6652d0ec078e438fe0f4ef790a25b486e7dae8805928af56e431c1acb87c0ddc042567","first_seen":"2025-11-29T14:12:51.682571Z","last_seen":"2026-02-25T14:30:39.641772Z","times_seen":8,"resource_available":false,"data":null}},"time_used":435,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":432,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/wWeX98utJGCTvLKPUYnlg8Euw2o-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/wWeX98utJGCTvLKPUYnlg8Euw2o-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13593\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Fri, 03 Oct 2025 16:24:24 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=342\r\nx-cache: BYPASS\r\nx-request-id: 494234eea2c5a99b3fa7a1233bfbf7ef\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":13593,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"c2ccf49bff07e92fb3207d5487d5822d","sha1":"7cd4ef35c4a2b733240cf38a56f37eb7dde9a9e6","sha256":"23e68102df582b922c1b053da390168e985794cf3d6f3e0bddfcd36f1d7e6f90","sha512":"e9608357ba42fc9e08fd39d09df3af8e9fc05221c8da74d0fb9d10cabc42c47297c876889704fab2bec4d9179ed4494d6e831e334b234346fb4eb09cef77205f","ssdeep":"384:YyqjTqPmCCGbcybvJn2vFJBYmiVnp5GiKlgGP4:YyqjTVubgvFJqlpQFRQ","tlshash":"6952b0268ac4a54234e7ce4d62a343cf28799461bc3c73c9ff76d175da0b8e9f182914","first_seen":"2025-10-07T23:41:16.036985Z","last_seen":"2025-12-28T12:07:45.149973Z","times_seen":6,"resource_available":false,"data":null}},"time_used":438,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":435,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2020/05/lHd3W8E5aKoki9pDP7tN7yEh3c0-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2020/05/lHd3W8E5aKoki9pDP7tN7yEh3c0-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19781\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Mon, 11 Nov 2024 17:03:37 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=338\r\nx-cache: BYPASS\r\nx-request-id: f09247c478fb46d4e6f7b985b8cbf0e1\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":19781,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"f307eb40883278b4a5dbf70dd5aa9b70","sha1":"31660813c1c9b31a3c0f1eb8c931248100c3dae1","sha256":"92e514a920d22dce4b551bb3b95650f764aa906ecaa062d26d86f04a523efb37","sha512":"973d7eb317e0db817a7a88c6cb7ea73caa0605a1da345e618b5bd90c486e27606b08ff197005bec203e01cd4bff7ddc207fbc584dc4cee8b7d0eda32e308b5bf","ssdeep":"384:Ykq7F0q9xrgWtw52KXLa1dGsXyKGwtewZpgK98xSUsdYTxngKiLha:Ykq7+AxrVE20kXJZZKK9ISAnic","tlshash":"b092d0675d1da38bf61fd91841832649058b6b81f3aec491a7f0cc81d39e6d3f2856f2","first_seen":"2025-12-20T20:05:47.301201Z","last_seen":"2025-12-21T14:18:59.185225Z","times_seen":2,"resource_available":false,"data":null}},"time_used":597,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":430,"receive":167,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/nrM2xFUfKJJEmZzd5d7kohT2G0C-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:13.588Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/nrM2xFUfKJJEmZzd5d7kohT2G0C-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:13 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8518\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:13 GMT\r\nlast-modified: Fri, 07 Nov 2025 11:12:46 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=338\r\nx-cache: BYPASS\r\nx-request-id: f20da6d00dc6e24d9ecaac66b5527595\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":8518,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ff832e7d64a9f66b16d4e69bf962f716","sha1":"67901c675862454644b82e8ee0861dbf7d24fd13","sha256":"f496540a0581bece3cabdb31b6618b631ee40a9debbc645a88bc5e3357a2da53","sha512":"fdebcd6c48e5e5d54dd8f2c26e5c30ae7cd25583ceb647b29eb97f49b4d0c8f1c79dd54210080c3142b8c99cd3746a573656cba6b1b1df26d6563192017b5cfc","ssdeep":"192:OmwojEEuu7/E0V1ekO6Xsl7GJv79EW9AloSdd0DD8NR:FwoEEuQE0VXOeKal7WW93SdJNR","tlshash":"3f02be601b7213077fd3976e952d2bd61ae48469ced89d81ae2682f225090032a81d7a","first_seen":"2025-11-29T14:12:51.661328Z","last_seen":"2025-12-28T12:07:45.18031Z","times_seen":6,"resource_available":false,"data":null}},"time_used":433,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":431,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/hXJthDakc4aDdd6sUH85xXUKtED-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:14.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/hXJthDakc4aDdd6sUH85xXUKtED-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:14 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13575\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:14 GMT\r\nlast-modified: Mon, 06 Oct 2025 20:08:42 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=338\r\nx-cache: BYPASS\r\nx-request-id: f4cf5bf22f18f02ab63741b6534b5fa2\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":13575,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"8a9e5d57376c8b5c00909abf9bb82f2e","sha1":"790e66e9cda299dc2df0ea083841d40aa0c7c01c","sha256":"401ee8a0c35bfe43ec7db248de7557251504da9d00754a99a4e5d6bffa7c07c6","sha512":"2e2d7499f6e166016e4c2eb0ade18ffcb78cda0e595bfc36b8f582ea9dc1f12b7f2c30d9edff2e9b42086626944bc055714edb0a48c05034054b5971cbd3b2b6","ssdeep":"192:/gCg/YDmssZP3KYVujigH+qXyMB2irYm2IkKeligW2z+m4Crh0OVeVBSEyPwxXTZ:YCggysstTMnrYGk3ligW8N42he1hTJ9Z","tlshash":"b252c005dee4428a34653f1c9409564cff9a98287b8979ac25f5c50b0727de938c7a8f","first_seen":"2025-10-07T23:41:16.205131Z","last_seen":"2025-12-28T12:07:45.200587Z","times_seen":6,"resource_available":false,"data":null}},"time_used":433,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":430,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"audience.yektanet.com/api/v1/scripts/preview/validate/?app_id=E46QWyD3","fqdn":"audience.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"GET /api/v1/scripts/preview/validate/?app_id=E46QWyD3 HTTP/1.1\r\nHost: audience.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.f2medx.ir\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:07 GMT\r\ncontent-type: application/json\r\ncontent-length: 5\r\nallow: GET, OPTIONS\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Authorization\r\naccess-control-allow-origin: https://www.f2medx.ir\r\nstrict-transport-security: max-age=0\r\ncache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\nx-zrk-us: 200\r\nx-zrk-cs: BYPASS\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2002\r\naccept-ranges: bytes, bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"68934a3e9455fa72420237eb05902327","sha1":"7cb6efb98ba5972a9b5090dc2e517fe14d12cb04","sha256":"fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa","sha512":"719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d","ssdeep":"","tlshash":"aa3000000000000c000000000000000000000000000000000000000030000000000000","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-05-24T17:20:28.338072Z","times_seen":74185,"resource_available":true,"data":null}},"time_used":449,"timings":{"blocked":91,"dns":45,"connect":21,"send":0,"wait":267,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/04/oD3Eey4e4Z259XLm3eD3WGcoJAh-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/04/oD3Eey4e4Z259XLm3eD3WGcoJAh-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: image/webp\r\ncontent-length: 14610\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Wed, 30 Apr 2025 08:10:06 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: 73cf0efa81582777cbda65427537f662\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":14610,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"32931962d072ef124f5d85e3ec81b0ea","sha1":"cadf576732f5257e885709b0a346c2d00eb496a8","sha256":"382c25ed0f5fda93e376e46a0a661a08a154b4a10a4102c6d509fc8a0ad2c2e3","sha512":"bc80e1d070aed4ade82f43d090af4ed8386133395866849eb08d853417ab9762d3bb9b3d032ea6633cd09ad409007d1d85048ccb5627cd8f1d09d42be247be22","ssdeep":"384:5Wesn1qtf1gCR1VuxSUHtZYq63T4KtQ1lJ0ma6yM6b6Ih:Qhw1pFpqiTtW1lJ0m9E","tlshash":"7d62e1c94123a9dc223a20dcc7e5f67a503ad26237a1fcc99de01e14a5b95c151647bc","first_seen":"2025-09-25T01:07:31.159127Z","last_seen":"2026-02-16T22:50:45.775711Z","times_seen":7,"resource_available":false,"data":null}},"time_used":510,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":496,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/sa26OBVEYzYRButAGkMlwr3rTkB-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/sa26OBVEYzYRButAGkMlwr3rTkB-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10829\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Mon, 27 Oct 2025 07:41:04 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: 79c2319720c9d239b9807f6d183a320b\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":10829,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"82d5a96f72ffa67a3bc08f4a23d8417c","sha1":"b66c8d1f9f960205945d82b57cd1d066bf994f1b","sha256":"172e4bb69eee0379f34cdb218d3d4980cf56be29803fd56dc06b7653d0581b5b","sha512":"379dc2bfb934382b4e208c29e95ee4b1a0f33da196f3b7bad556a660273f2f735dd9d5294439efbbd13a1e6b437a3c0d105859bb7597f44b0b88d58deb8a9887","ssdeep":"192:/gydgUzGdD4dDpbcgJgm7BoTBPVdJBkAq66tZ2VUPKl3:YJUqh43PgdbkGcZ2W03","tlshash":"c422bf2415cc57e8b9770c2919a55e02ade13b1d8ea8af740eb1e3d5d5088ecc731caa","first_seen":"2025-12-20T20:05:47.307458Z","last_seen":"2025-12-21T14:18:59.20265Z","times_seen":2,"resource_available":false,"data":null}},"time_used":497,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":486,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/jjyuk0edLiW8vOSnlfwWCCLpbh5-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/jjyuk0edLiW8vOSnlfwWCCLpbh5-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10000\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Fri, 31 Oct 2025 19:08:18 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=330\r\nx-cache: BYPASS\r\nx-request-id: 6aed7f103fca24b4c963e2e5cf02148f\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":10000,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"90c143357875a2fa25bd54865ab45f02","sha1":"6e2dc51d36331f6545af62d7504eef47e15da4b7","sha256":"e981892437762258675f142dddd42cad7acf9026dfe56b1e1b6513240f8009a2","sha512":"614b386978d2b7916acc128d0331a3a3792ff8c76163799f81e6c480d15352dcb60eef7dbdbdc8fad40e9fb862b90789543d03b972ebab6aa58833baf4320554","ssdeep":"192:/gS3+Ic+wFNlFVGjF//3EWMqg5v8bxgpzw5llWuc7BjLXYTxZXYguvjuusYTFxk9:YS3+FpNlFQBnERFv8lGz8AWxZXvuvauW","tlshash":"5122bf1a2b852ae0616f4d28199b1348c15d16297d39223eb3b4d2f8ebcdfcd94d2389","first_seen":"2025-12-08T04:48:42.051456Z","last_seen":"2026-02-16T22:50:45.751137Z","times_seen":4,"resource_available":false,"data":null}},"time_used":426,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":424,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/5DcrN62sGAiRJxt8rXSRlSRLwIE-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/5DcrN62sGAiRJxt8rXSRlSRLwIE-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5918\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Tue, 21 Oct 2025 04:37:30 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=344\r\nx-cache: BYPASS\r\nx-request-id: e479c2af27be629e4a62190d552a49b7\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":5918,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8cd789e120de2375c34442b21b39b509","sha1":"81e632352f358578f9d589799bbd6b59df10ad91","sha256":"828cb9b41c3bd08d42b5d07fa4d381e79ab4f2611ab1c2470c80ea5889674544","sha512":"ea907fb91ab9dbb4ce94b93ea94d8cd05b1ef14d152ebe7947d523ec04aaec99bf2d2ea5b9283a328c066505275eab9f2e38b223cac35e57f2592028ccd72efd","ssdeep":"96:SwHEtSVUYxAmkn5qPKv54IwTaddNPis/ojHnyFA/aCfhNsbdE2cV45N1WFqJls:SwHQSKSoM6Nv6pjHnyF2BpNf2a45nWFZ","tlshash":"ccc19e11af42c28bf0794405569e37b9834f27334634edb29f9a1b4a684f81907ba13f","first_seen":"2025-10-22T16:31:58.373525Z","last_seen":"2025-12-21T14:18:59.214142Z","times_seen":3,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":436,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/qSWiY6KAvkapXJWeyNrmDGYWQwr-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/qSWiY6KAvkapXJWeyNrmDGYWQwr-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18204\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Sat, 11 Oct 2025 16:39:00 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=348\r\nx-cache: BYPASS\r\nx-request-id: 5d3262176f5c1e0a8c66e2ec02e049fc\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":18204,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"8cc31ec8036e2658db079060ceed7188","sha1":"8695690b02cbbd09d18e23b93c1904407adb445c","sha256":"4b2baaac912726fd75169c9cebe7c9cc47b044579a18fe69e39017343fdfe238","sha512":"344482d0a231e429acae7fd5bebb6c96ef5cbd579a0291724a78ff89f15e9082785af0ea6344efdc0e0d0003bea506cbb39785d9479a71849348a37bba95b61b","ssdeep":"384:YL50GjeMQIhvBk9WqKwyOIpyDBRwVKb+9AZnnmyspTmy1+bi:YLGGjdKWqK7ylRKKCWQsy1f","tlshash":"0782e1771a7d026047888d6b3c0d209ba2124c69a70df639f571c2ea01ed4ecf78ba6c","first_seen":"2025-10-18T19:23:05.176752Z","last_seen":"2026-02-16T22:50:45.809081Z","times_seen":5,"resource_available":false,"data":null}},"time_used":623,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":441,"receive":182,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/litespeed/css/a20193e5c5d1ddd88eb2f78b2cf205e0.css?ver=205e0","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:07.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/litespeed/css/a20193e5c5d1ddd88eb2f78b2cf205e0.css?ver=205e0 HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:07 GMT\r\ncontent-type: text/css\r\ncontent-length: 8779\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:07 GMT\r\nlast-modified: Sat, 20 Dec 2025 20:05:05 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=340\r\nx-cache: BYPASS\r\nx-request-id: e1fc40aef3206bf3f2ad07cf4763f2dd\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":52928,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (52918), with no line terminators","md5":"ae89595282896d96a06bd42332f69407","sha1":"8a239c43147df6ffc6dbd8c2a48c797eae4df631","sha256":"a2b918933886e6c0245d30df80301db0b5be05cf77bbe4022602d7b08dc6be28","sha512":"8038afe40a61d00b5768397b488b7fe6beca9f174d74dfeb751b276edc842481bda94291134fc74718f6f4b1901d94a340aa1aec3dee2b2041ecd302e3bc59b0","ssdeep":"384:osHYzH56C5GHH5bi0MKvTSH/ME4sq9o42tBQ2jVVjvzG4MdbZhKDpB6+RNiLP3n0:oek6vTzE4sqqTtBFbGbdb0HcLwWEF2Jm","tlshash":"1233c97a90a03378642fde356becc6dd1164d433d9120bf9f59bb1148bc7b9206b62ca","first_seen":"2025-09-25T01:07:31.04145Z","last_seen":"2026-02-06T07:50:18.552804Z","times_seen":30,"resource_available":false,"data":null}},"time_used":477,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":465,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/vNByuzy60v31nmUVPMA8oAtneUK-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/vNByuzy60v31nmUVPMA8oAtneUK-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15604\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Fri, 05 Dec 2025 08:51:48 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=342\r\nx-cache: BYPASS\r\nx-request-id: 16e93dee5e4e145391673b81812d747c\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":15604,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"f813fb135ab26f31eca1edf2c845d93f","sha1":"4f335d3da68539d0063b8cd8307ac1d4e02163b1","sha256":"34da185d3eccaf7d117f4090cfda81630c03f6c1bbb9d06e9bf3c19a7bd5b854","sha512":"bf36f441a91309a563989c7bfe11360304e64c2ea1740bca0fa75685652193499f4a8c9616326578ecb86a9a03daa63b887f2405c9a4024d34d6e7c2d4b1cd73","ssdeep":"384:YgBt9TSuv9OHngs/53wv4nYbqD4QUhpQYWLV:Ygj9fv9cngsUuDnZ3","tlshash":"c262c084ea029b1a7c35df7c1cd06b2893de28326d6e73d539b0d2e58c919c4f464dd8","first_seen":"2025-12-08T04:48:41.874825Z","last_seen":"2025-12-28T12:07:45.196827Z","times_seen":4,"resource_available":false,"data":null}},"time_used":616,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":470,"receive":146,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/n5C3PSYfjpUqBhyVWEWJQmM3Sr9-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/n5C3PSYfjpUqBhyVWEWJQmM3Sr9-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11366\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Fri, 19 Dec 2025 19:45:22 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=352\r\nx-cache: BYPASS\r\nx-request-id: 31cd86fd8fab2bf1b3fae8289b875ede\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":11366,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bfa9d0c74224f463a3ec72b87c5cb820","sha1":"c7687ae015688594c286b959f92804401fe0fb90","sha256":"6f79bba6b5b0d8ef1fa9cf98948f70da770796a1378ecab6a77061384cbfd5ff","sha512":"f0dfc4efacea8e5b70507055da3ec114ec386a9c05169711b8d76d4a07ac332e95103f360720b09c86523ffe85781151ec9e04d077cb14f751fb349429b3f5b2","ssdeep":"192:jQV53O7iVEB0v1oh7KlpP8Q2/8+HDaLFIz7xSOzwUYbZ/l:MV53O7Sv1osvPg8NLUxSOzwUYbBl","tlshash":"eb32d0c7e93c356ad321bee139459c9c0267307fc67e549e9603bb618900910ba48ff3","first_seen":"2025-12-20T20:05:47.312836Z","last_seen":"2025-12-21T14:18:59.199025Z","times_seen":2,"resource_available":false,"data":null}},"time_used":447,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":444,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/spyxfamily-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/spyxfamily-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13233\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Sun, 05 Oct 2025 14:14:29 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: 600cf70fa485e412aa8f650505967710\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":13233,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"cc82d5b300f41474949a76b52f2e53b2","sha1":"39a401205d6570aa92a92b48464c46ad7edeb084","sha256":"a2062c3a7b5e8ec01e8698728a21997e171a295c5bc247d3ddf935e16eafc042","sha512":"0dcdf78021c417791171253e46a5b87f427ebdf11bc3c7b9ce5eb5496658c45b90382dbb4de16079367756580a127d4b232680e5d3f3af63654d89e65348f45d","ssdeep":"192:/gt3h7VxKAPXtQfThQd0CjKkaGbxKXDjWIQhCN4y91dy0MkVSZzrR6Kh6uX475Ew:YtTKYbjPKTDQYfVydkENrNrgGw","tlshash":"0052bfaf2e85c3c0e1151db86f7a08537e693002b716175d5eb0daf39ca06e9e98c63c","first_seen":"2025-10-07T23:41:16.136588Z","last_seen":"2025-12-28T12:07:45.230707Z","times_seen":6,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":442,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/vFmQa8yyuirssDatMME4FQtoG65-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:11.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/vFmQa8yyuirssDatMME4FQtoG65-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:11 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14439\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:11 GMT\r\nlast-modified: Thu, 02 Oct 2025 21:03:14 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=336\r\nx-cache: BYPASS\r\nx-request-id: f6dbd91780878c4dad17ce55893d7947\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":14439,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"528023e562d5d985e8e6274e6db49778","sha1":"6d6fcaaf9f47872938ab275cdf4136010dc12348","sha256":"f1dcf2b7d81958c2e13981fb6738f9404ec40fbd32a6d654cead96d36b06879f","sha512":"f8a7fc0d528e13f20b28569fd08619d20dff4d2ec8f2e6dcdcf2f0458a22523f0c9c5bf7a15efac6b3e8712fa46720350891c66c62f68cd451f08d439672146b","ssdeep":"384:YKrG5e1+bU0W7ZQ6tjf1bYQKNVUer+pEW7pnsE0RN5I:YqGwl7Zbjf1bbKNVUS+FUNm","tlshash":"eb52cfbb1f1105e469d78ece570e87ebeb0461783486b85ca637c4dbe160ce1c227493","first_seen":"2025-10-07T23:41:16.016607Z","last_seen":"2025-12-28T12:07:45.13093Z","times_seen":7,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":434,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/uHIOTJXN9nNTc51WyunL43Fvge3-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:13.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/uHIOTJXN9nNTc51WyunL43Fvge3-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:13 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 13351\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:13 GMT\r\nlast-modified: Sun, 12 Oct 2025 19:36:17 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=329\r\nx-cache: BYPASS\r\nx-request-id: 092ac5426d8474811f2a3865481539de\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":13351,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"64c93ab3107407b77144d5b763514512","sha1":"0a4533a88e5f189beaef9edceb1ea7882c7f1116","sha256":"b294c5fd87260ecc83fcc21042336f7b433cc55bb21b6dfd548814c41eecd0ff","sha512":"67ca97c325fd8c2329b08530191b07354bb67393cae7e54caa7161a5dcfbfef8546f6d7213415528c5a8aed04ba22902e6216d0bd8760d445d4719df9a5198b0","ssdeep":"384:YcrBrBmeEBYJbJsO9VXJnw6crR1qgOxR4Jx/N1:YcrlB7Jn9Vur64JN1","tlshash":"cd52c04adf630bb0bd598e2be6a1058b514449a15f0edc0cba36d1f2eba6dc6264b44c","first_seen":"2025-10-18T19:23:05.288003Z","last_seen":"2026-02-22T20:06:45.73854Z","times_seen":13,"resource_available":false,"data":null}},"time_used":426,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":423,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/ulm1ex4JFYJByyaPyqTr47MFyEQ.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:23.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/ulm1ex4JFYJByyaPyqTr47MFyEQ.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:24 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 236048\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:24 GMT\r\nlast-modified: Fri, 07 Nov 2025 11:13:08 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: ace5afb686618468bd445e0bc0e10707\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":236048,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], progressive, precision 8, 2304x1296, components 3","md5":"7a97b33fa9b7b20770f2f373319753dc","sha1":"ff30f78fede431d4933cfb06b3b61e6e9a497fd4","sha256":"d504618c8da813e57ca73b1624eae877259a3c62968d62dd8e6cd5907c2fe23a","sha512":"6e229e2c1cb5cee5848b2ecfc73093eae1eff01a8e5cb601f69c87a470e3ca233ff6735bf6af559b516a287d54a2be5d890eab08697f72fa1f96e71708e28718","ssdeep":"6144:jkEh8888888H9h5uYuzuJn+s3/yGhdLHhFzcvEYfg:jkEh8888888HMah+qqGhlhlcU","tlshash":"de342394a469614b3918e74be560cdacc19d7250c641fedb060be780f039fa63f358af","first_seen":"2025-12-08T04:48:41.965099Z","last_seen":"2025-12-28T12:07:45.2393Z","times_seen":4,"resource_available":false,"data":null}},"time_used":2361,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":443,"receive":1918,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2024/05/7WcJLCS31BiVYgvnh19lOjZoiiZ-1-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.118Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2024/05/7WcJLCS31BiVYgvnh19lOjZoiiZ-1-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15935\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Mon, 11 Nov 2024 15:37:48 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=354\r\nx-cache: BYPASS\r\nx-request-id: 23da6b04d03a724ace0983b2faf6b859\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":15935,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"01cada9c4f512e45d585bb8c2b865c97","sha1":"4af6641e43eb0d7b293763333c9f81d14591e5f5","sha256":"04802b411d27a6f1a989c7c867c7262a72c92043e02e17168bb374847cb722d5","sha512":"53e8a1895561e086369c9b95f45bab7cc06944db43f0a28086c6f3370ae6d7ce5db90870805063a6d6968e1141e4439c698b0db47ec678fd9fac33c80e4bca52","ssdeep":"384:YUXkatArkAEmiFlRdDG3MNmDS+0445u7zP9vYLZKGuKocXUfk:YUSkAEtRSMN6S+2CrYhH","tlshash":"4062c0b17b7ac011be982c3d0590ac7069b986d3a7516727247cdeaff419fd0f48914c","first_seen":"2025-12-08T04:48:41.827916Z","last_seen":"2026-01-01T18:00:06.503608Z","times_seen":5,"resource_available":false,"data":null}},"time_used":618,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":452,"receive":166,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/tHZtSDgNwU9ZkiRjzGSgrjXF1x1-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/tHZtSDgNwU9ZkiRjzGSgrjXF1x1-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/webp\r\ncontent-length: 18080\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Fri, 19 Dec 2025 15:02:50 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=340\r\nx-cache: BYPASS\r\nx-request-id: e40a466988eca0c41502e68d504ff328\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":18080,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2a13d99cfe6636c15e17e87c35ec91a5","sha1":"7e7d3de16a2c8d02e96391bc6329957f2c37b73e","sha256":"59efa9b51e9c3f0f5cb28fadb242c56ae908cf707f6e6a2db522d7c3de5d674b","sha512":"cca8283d7f78d7c3e702773cc681df582b01368a67b310eb6464bec3509b8fc42c2a23830cbb28eae0ccb86d58b5e3055559b0536820363037b726879bf37ee3","ssdeep":"384:TZ6DhtTKewy/QFUugHrefjgPk4IvM55pwYwF28+e:N2btJ4FaA4k4IvM55pXk/+e","tlshash":"d882d0f031f86ea7ce9209553fa9f8d40078bc85cd74a5fb09fafb0560a53922653b49","first_seen":"2025-12-20T20:05:47.317706Z","last_seen":"2026-01-05T04:52:51.295503Z","times_seen":3,"resource_available":false,"data":null}},"time_used":602,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":437,"receive":165,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/u5kCaEFoDX30k68RwP4F6bsYQbb-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:09.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/u5kCaEFoDX30k68RwP4F6bsYQbb-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17251\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:09 GMT\r\nlast-modified: Sat, 04 Oct 2025 17:07:39 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=350\r\nx-cache: BYPASS\r\nx-request-id: 27c1afa9bed49a1ae76f20225121408d\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":17251,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"2ea8a9c9e65e590bf4b48079a9df8d8b","sha1":"98a38e6e882ace9ac208afb7329a700aff1e0bfb","sha256":"38e7aaa17a5a2d1c4ac7bcccafe87f13cb0c63da88c3f518ab0c57752491ddfa","sha512":"00bb37cdd9958a12e8702bfb5ac4adb7382e685d1d8c46170ac9194ebaa4faf4b7d38839f26bee0cba2a7af55e65142f8dff5c68ea4dcce0844f8ffd14a2eea3","ssdeep":"384:YOYVxbJIsrZG9sg30pyK9rCmdET8z5c0oXd31hu8SXXu+NPgi:YO6G9sg30pyKImqe5Rot3xSHbT","tlshash":"6872c0298e85b9a3b78b8c5f005a912ef06f78c17d84a525fc31d9b3d3419f81e541ed","first_seen":"2025-10-07T23:41:16.070902Z","last_seen":"2025-12-28T12:07:45.226975Z","times_seen":6,"resource_available":false,"data":null}},"time_used":618,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":443,"receive":175,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"native-scripts.yektanet.com/public/chunk/sticky.6.0.5.js","fqdn":"native-scripts.yektanet.com","domain":"yektanet.com","tld":"com"},"ip":{"addr":"185.166.104.3","port":443,"asn":202319,"as":"Avaye Hamrahe Houshmande Hezardastan PJSC","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yektanet.com","organization":"Noavaran Yekta Net"},"issuer":{"commonName":"Certum Organization Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 25 Feb 2025 09:15:09 GMT","end":"Wed, 25 Feb 2026 09:15:08 GMT"},"fingerprint":{"sha1":"88:90:3C:9A:0B:29:4D:F6:EF:6B:D0:4D:70:82:59:8D:39:79:51:DD","sha256":"23:F2:B2:4B:87:5E:5A:FC:CA:8A:37:D4:03:7F:1B:68:80:4E:90:6C:24:21:AB:7D:FA:1F:94:B0:54:8D:80:92"}}},"request":{"raw":"GET /public/chunk/sticky.6.0.5.js HTTP/1.1\r\nHost: native-scripts.yektanet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_global_token=01KCYNVF9GYG2S7FJFFK2D62ZA; gearbox_ad_token=01KCYNVF9GYG2S7FJFFK2D62ZA; _yngt=01KCYNVF9GYG2S7FJFFK2D62ZA\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nlast-modified: Sun, 14 Dec 2025 08:23:07 GMT\r\nx-rgw-object-type: Normal\r\netag: W/\"c9a5240ee77d092c8b99cfa770c0a84e\"\r\nstrict-transport-security: max-age=0\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS\r\naccess-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization\r\naccess-control-max-age: 1728000\r\ncache-control: public, max-age=2592000\r\nx-cache-status: MISS\r\nx-zrk-us: 200\r\nx-zrk-cs: HIT\r\nserver: Sotoon CDN\r\nx-zrk-sn: 2002\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40927,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (40863), with no line terminators","md5":"c9a5240ee77d092c8b99cfa770c0a84e","sha1":"acddc6391893e1f144d44eaad12e32bd9dd1f4eb","sha256":"2f341cc27a9a80257f96f8111ba6c010803a40c4e855c8a97bacc2aa8696a0a0","sha512":"e0ebaabacdc23c97e38fafc0280e318f357e07caaa5e8be2c5bf2ba61eee10a525fe32790a848bc3ba2085923a77df34df890810a2902561b377f2aafb1c4ea1","ssdeep":"768:l7OZoNCsf/dfG1GAdI8hUzttU+DZ/wAXDPj+:IKlf/dKGAdIUUzt2+dIqDPj+","tlshash":"bd039762e59001244773f5dc63e30aad75bef04247c788b8b7ad35ac03ceb4a9563e96","first_seen":"2025-12-20T19:15:46.452774Z","last_seen":"2025-12-20T20:05:47.31954Z","times_seen":2,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/xhIeXsIybA0rgQ6xLfy2yqFFWZf-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/xhIeXsIybA0rgQ6xLfy2yqFFWZf-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11534\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:03:29 GMT\r\nlast-modified: Sat, 13 Dec 2025 04:50:08 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=330\r\nx-cache: BYPASS\r\nx-request-id: e5750f501dfcb507c5294410ac30402d\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":11534,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2b69f0cff2ee2cd2fb254f8ccd7af459","sha1":"a83bd1bd7f3b620d44a557fb8f143f7a741f381d","sha256":"f1de1b86d98bb7a346ce3d4ed0f0ed646e9fad4e98a213b0c2d413d7d4d6bee0","sha512":"0d5289197cc71766e4199aa7a04d6d836e05f46daa9f4c6a6ff28ef919db8b8b9d8378b0538c125734b0a6d0d568b1263567c26338b6660fa288ae76aaa9fe63","ssdeep":"192:1OEsKFZshj9Us3ASa5lBC99J7H5auOYQ7TuTfW6QmmwCSnRoZStj0gc3Kg:0HAKBUsQ9apidXw/RB0gcag","tlshash":"f232c0e543fe1056dd164754929a60d4ef350cf8b355bf287f2301f4ba7aca868c05ea","first_seen":"2025-12-20T20:05:47.32008Z","last_seen":"2025-12-20T20:05:47.32008Z","times_seen":1,"resource_available":false,"data":null}},"time_used":424,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":422,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/kONfwpf0AZzvL1zqjZV9C89g1PY-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:08.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/kONfwpf0AZzvL1zqjZV9C89g1PY-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:08 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8740\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:08 GMT\r\nlast-modified: Mon, 08 Dec 2025 05:47:15 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=353\r\nx-cache: BYPASS\r\nx-request-id: 0e3f99dd3d98344a970c384da1af3241\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":8740,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"25f96156ae47ce429d5f54f8ba7d53db","sha1":"b4a8957f92dd368c031e08006304f7c597568e5c","sha256":"460784377545eedf2780fd91be3037a38edf5be2429bbf07acca040ce33df92c","sha512":"3cc86f7fcf6e4b9c79c4975f46459e9c53af742a2ab8dbb37bf106bafe578948a0b8a27de3c2d6e962e4334d87cfbd3c451e6535fbf195ad0ea459afe989be6b","ssdeep":"192:sUoXxeucUs/+psuogC49PBb04bL4Qa28N6x9J/Bl3sLKXWFv93NP:sUoXxeucU4+pvCMb04bLo2JJ/cRFv93h","tlshash":"1802bf6fb8c1d1e6a5edb18d5660f295492e9d3fc568503e04c6781217ba2308e211eb","first_seen":"2025-12-20T20:05:47.32083Z","last_seen":"2026-02-16T22:50:45.724142Z","times_seen":3,"resource_available":false,"data":null}},"time_used":450,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":448,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/06/mlWxYEsdtdY4zbW3L8B17ftAn4w-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:10.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/06/mlWxYEsdtdY4zbW3L8B17ftAn4w-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:10 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10682\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:10 GMT\r\nlast-modified: Thu, 05 Jun 2025 04:25:35 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=354\r\nx-cache: BYPASS\r\nx-request-id: a1980e542c17b4ec750a7f6eccd727cc\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]}],"data":{"size":10682,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"dc7c4075c38e036a84368e959d341939","sha1":"739bc73847c567d91d4b9a68a194d9ce4a531104","sha256":"5435179ab05156785cbc9c0fa382af892aad261ec22e215c35e135f678771edc","sha512":"bb85dbea79164cf3224a4ef06db3c9c0dd8ccd9c18a474497265641fe09de5ffb69fbf1e816cb991fca1ac160e6474329ab67d51e36f4ca13a478a9862dccb0b","ssdeep":"192:UVUR/KEPzOTfD9hCXPkbKPplJNq9Wakw29VA+cvGuJW1CxD9Prz0z:UCRi6zKSMbKPS9Uhnovro0n0z","tlshash":"b222af75afa29087c64aa22dd3302198c04fbddf54a4713635e8781e8ee59ed1818f16","first_seen":"2025-12-20T20:05:47.321902Z","last_seen":"2025-12-20T20:05:47.321902Z","times_seen":1,"resource_available":false,"data":null}},"time_used":451,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":449,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/10/hqx5GLLcv1SuW3AAmv2ZFa7l7bF-180x280.webp","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/hqx5GLLcv1SuW3AAmv2ZFa7l7bF-180x280.webp HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/webp\r\ncontent-length: 18182\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:12 GMT\r\nlast-modified: Wed, 15 Oct 2025 09:19:11 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=346\r\nx-cache: BYPASS\r\nx-request-id: 30d3970a711fc83426558c2fc6ae8ce7\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":18182,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 180x280, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3a575382e4c8a5fd48909d3ce4fa9d14","sha1":"4424ebc56c65b05c434f29eb360075e764a2ecda","sha256":"a72ada27482ca2306d8f00ac8b50f61249352f3945dcb485ace3d8504d67d21d","sha512":"7ce7b22d2dc2c37c2d73d778e7ca4275eea6ee37a580b0183445fcca79fb262e3bf4a02de3fe366991027aa4701944356bfd324b0d2a63c04113d068fcb0dd59","ssdeep":"384:TIYgoZpcxK93Lb1BwYgEZJ9yNkPf0bN8/YWAAy+VZuxM04kYfv2AVJ4ZnHy+FI:TIYbD3LxBwGskk+/vH+20eOAViS+G","tlshash":"7682d0c4b807b93b5d74ff8e2456a4b9caed1e9ed2b891cb81082f141235546f29af07","first_seen":"2025-10-16T22:16:23.933734Z","last_seen":"2025-12-28T12:07:45.177607Z","times_seen":5,"resource_available":false,"data":null}},"time_used":612,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":439,"receive":173,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/11/kxuujI1oEqO6BcP4jPqHjZJKIm7-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:12.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/kxuujI1oEqO6BcP4jPqHjZJKIm7-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:12 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5760\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:12 GMT\r\nlast-modified: Mon, 03 Nov 2025 19:29:50 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=346\r\nx-cache: BYPASS\r\nx-request-id: 81b859f09f1f0950da684ee8d2b38894\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5760,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"21c65bc603708680f69fd0c22bddab5d","sha1":"64bcbac652f4b83f4513e34b941789e5c0bdf92d","sha256":"ad3560768f560bb5471e4e1aa03658d493263c6eab1898ea60ad8a63be49e256","sha512":"77081e808900d98cb9266eecf555d6cfe48583dca4547569e28e804a2fb3f02249b8718ba55b3f862567c8022da8879f9229924c0d4ea010bb2b5fcba828afd8","ssdeep":"96:/gExlpDuhq70rMhhySZ0AJ9xpB1DugEypGHc4Oq9u/aAMlI+1A/YJPTpepmXpixy:/gGPCYb5rCgEypGHcJ0gMlX1Aowkrv","tlshash":"49c17f090f9bd6c46e12ac7fb1064254f7b96dd3f60cbd112ab3c4865b646e09d06c7d","first_seen":"2025-12-08T04:48:41.990805Z","last_seen":"2025-12-28T12:07:45.16237Z","times_seen":3,"resource_available":false,"data":null}},"time_used":439,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":438,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.f2medx.ir/wp-content/uploads/2025/12/8wovOkYH4CBH45jH1zzkyOMDMSb-180x280.jpg","fqdn":"www.f2medx.ir","domain":"f2medx.ir","tld":"ir"},"ip":{"addr":"185.143.235.201","port":443,"asn":205585,"as":"Noyan Abr Arvan Co. ( Private Joint Stock)","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.f2medx.ir/","date":"2025-12-20T20:05:14.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f2medx.ir","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:58 GMT","end":"Mon, 12 Jan 2026 00:18:57 GMT"},"fingerprint":{"sha1":"A9:BB:71:2E:CE:01:F7:3B:B0:E6:0E:CA:EC:33:B6:71:2B:6B:98:31","sha256":"B0:32:F2:61:44:B0:87:D7:C9:85:95:C2:51:47:2B:9F:37:DF:56:7D:DA:99:54:ED:D6:BF:7D:A9:5E:3E:85:0D"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/8wovOkYH4CBH45jH1zzkyOMDMSb-180x280.jpg HTTP/1.1\r\nHost: www.f2medx.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.f2medx.ir/\r\nCookie: analytics_session_token=8c5897dd-a83f-20bf-98ef-4855aeb91a98; analytics_token=001227a6-4580-3e3e-8332-ba46481ce5ec; yektanet_session_last_activity=12/20/2025; _yngt_iframe=1; content-view-yn-footer-sticky-6224=1; allowed-showable-time=Sat%20Dec%2020%202025%2020:05:24%20GMT+0000%20(GMT)\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 20:05:15 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15262\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 27 Dec 2025 20:05:15 GMT\r\nlast-modified: Mon, 08 Dec 2025 04:26:23 GMT\r\nx-content-type-options: nosniff\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1; mode=block\r\nserver: ArvanCloud\r\nserver-timing: total;dur=348\r\nx-cache: BYPASS\r\nx-request-id: 33f6013db49657af1e56032dc176503d\r\nx-sid: 5700\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"ArvanCloud","description":"ArvanCloud is a cloud services provider, offering a wide range of incorporated cloud services including CDN, DDoS mitigation, Cloud Managed DNS, Cloud Security, VoD/AoD Streaming, Live Streaming, Cloud Compute, Cloud Object Storage, and PaaS.","website":"https://www.arvancloud.ir","common_platform_enumeration":"","icon":"ArvanCloud.png","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":15262,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 180x280, components 3","md5":"7c5a765982164cccfc97c6fc16390367","sha1":"1cb954eed2ccbd850569b12e0350cef693b96e19","sha256":"e4555169b60c4b8723d9045613f18b8c85dcbdc060d07a5120dd86b9057d9089","sha512":"d18601557c364e0e114a570564e97c2cf782e137c383460151f61ca6d5aa023a813cae075d3b10d27074cca8f33be2d6002d3da5c8f6d3306df4f1c65699be61","ssdeep":"384:YQgJthWR/OB6Aol1rl9ULmeYXZaydaDqWJaE/w:YXfBHa1ULmelPqoh4","tlshash":"1862cf766ecd46e1159d4c9eadc83f2cb2a42990bd1bf592bcb0e8b5b080ecd54c2c60","first_seen":"2025-12-08T04:48:41.941887Z","last_seen":"2025-12-28T12:07:45.207316Z","times_seen":5,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":441,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"www.f2medx.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}