r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2358
Expires: Sat, 28 Jan 2023 11:28:20 GMT
Date: Sat, 28 Jan 2023 10:49:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5440
Expires: Sat, 28 Jan 2023 12:19:42 GMT
Date: Sat, 28 Jan 2023 10:49:02 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 10:43:05 GMT
content-type: application/json
age: 357
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18369
Expires: Sat, 28 Jan 2023 15:55:11 GMT
Date: Sat, 28 Jan 2023 10:49:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 5nk/6kNny3Blq0g7wque7CkvJk3CyMt3nIMu6W9P0Gr3hbd7Ccf4RnJLcHrNK2exVcTpxzJ5ydgtjeSMtN3+Vw==
x-amz-request-id: REJ4XSCN1VPF0E0Y
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 09:49:49 GMT
age: 3553
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
pasaranliga.com/wp-includes/requests/exception/transport/invoice.exe
162.144.6.146302 Found 232 B URL HTTP/1.1 pasaranliga.com/wp-includes/requests/exception/transport/invoice.exe
IP 162.144.6.146:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1042dd7b9a73e520b792f50bddcad222
40d679182993e85d8a286b1a149ea4b27165f114
8656d94ef2b692297a1ecc7cdb182c443008d225afcb41c62bc035be6c9caf85
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
NIDS Severity Alert suricata high ET MALWARE Possible Malicious Invoice EXE
suricata high ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
GET /wp-includes/requests/exception/transport/invoice.exe HTTP/1.1
Host: pasaranliga.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sat, 28 Jan 2023 10:49:02 GMT
Server: Apache
Location: http://pasaranliga.com/cgi-sys/suspendedpage.cgi
Content-Length: 232
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 10:49:02 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 09:49:03 GMT
age: 3599
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
pasaranliga.com/cgi-sys/suspendedpage.cgi
162.144.6.146200 OK 316 B URL HTTP/1.1 pasaranliga.com/cgi-sys/suspendedpage.cgi
IP 162.144.6.146:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c96d062f610bf41835838bb5c2e6ff8d
46bfa6eda475f3bc4ecbedefa29b347c0434ae6e
2d354ba05648b5fc4146d922364c915c15a997fa817b59b9200bebb9c2788d31
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: pasaranliga.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 10:49:02 GMT
Server: Apache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 316
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3223
Expires: Sat, 28 Jan 2023 11:42:46 GMT
Date: Sat, 28 Jan 2023 10:49:03 GMT
Connection: keep-alive
pasaranliga.com/favicon.ico
162.144.6.146302 Found 232 B URL HTTP/1.1 pasaranliga.com/favicon.ico
IP 162.144.6.146:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1042dd7b9a73e520b792f50bddcad222
40d679182993e85d8a286b1a149ea4b27165f114
8656d94ef2b692297a1ecc7cdb182c443008d225afcb41c62bc035be6c9caf85
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: pasaranliga.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://pasaranliga.com/cgi-sys/suspendedpage.cgi
HTTP/1.1 302 Found
Date: Sat, 28 Jan 2023 10:49:03 GMT
Server: Apache
Location: http://pasaranliga.com/cgi-sys/suspendedpage.cgi
Content-Length: 232
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
push.services.mozilla.com/
54.184.102.146101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.184.102.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YK7kKalniuCqemoubi+UZA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: sW/Ys2ZjFNgGaS61zUCO5WemOu4=
iyfhshsp.com/?dn=referer_detect&pid=5POL4F2O4
208.91.196.46200 OK 1.7 kB URL HTTP/1.1 iyfhshsp.com/?dn=referer_detect&pid=5POL4F2O4
IP 208.91.196.46:0
ASN #40034 CONFLUENCE-NETWORK-INC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (489), with CRLF line terminators
Hash 9228feb3f529a5063261e522a7821af7
7aea60d0b082c23a6ad6da7f5141fe54ebcc2c76
28591fd4ef11497d8124a11d763c183f043761749fe8e5d31655f64076840fd8
GET /?dn=referer_detect&pid=5POL4F2O4 HTTP/1.1
Host: iyfhshsp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://pasaranliga.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 10:49:03 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_RKXc7TxPHfYBne7waQCCj6TtTylnt5/H6p24b3MGsAjsiw30tN5v8r0FC9L2itAmhz1DPsmWDbxAwLA2QZHSLw==
Cteonnt-Length: 3498
Keep-Alive: timeout=5, max=125
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Encoding: gzip
Content-Length: 1684
i2.cdn-image.com/__media__/js/min.js?v2.3
23.36.76.121200 OK 3.1 kB URL HTTP/1.1 i2.cdn-image.com/__media__/js/min.js?v2.3
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (8349), with CRLF line terminators
Hash 683b827c961eb1a55ae52a5c42524a13
a1c0b96af389b99124cb42f1730d2dcb0f3dc3f4
58e12a35c892e412e904c69e12d13915c07afb320633925f41a493ebfc2ee053
GET /__media__/js/min.js?v2.3 HTTP/1.1
Host: i2.cdn-image.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iyfhshsp.com/
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/javascript
Last-Modified: Wed, 22 Sep 2021 05:16:08 GMT
ETag: "614abc18-20f3"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: public, max-age=57101
Expires: Sun, 29 Jan 2023 02:40:45 GMT
Date: Sat, 28 Jan 2023 10:49:04 GMT
Content-Length: 3050
Connection: keep-alive
iyfhshsp.com/?domain=pasaranliga.com&dn=pasaranliga.com&fp=0iBgJf2bgkx68KLjhvY%2BJ2dOHYizATIQzXd%2FC1tlsL69fdWUrXCjXchteF1FBU534X%2BTe6iE3C3NcbSUOX5D9xc6u1%2BFMagRyYGVUkOW7m7xd6UgrykCByuK7Etin2zuZ5ZR744lO9gvQDPrqMlj9iEXzx%2B55OdQWtwadNkOvEM%3D&prvtof=0K6uNbCM82ZvLn9ofGVaveGUOKDyPzJ2O4bZQoTBnNKxl%2B7flfQKd9Kt9MAZ7oXy&poru=MElKhBbwq%2B7EvhsR2WTTmynfpXxG6Y1czrhJLrtFy%2B7TKu5XCIwXCpzjkHt3zOyu%2FnBJE9cr3TAfLYs3xtzgx28aqq%2BcYLdchyi8bSb6fPA%3D&
208.91.196.46200 OK 7.0 kB URL HTTP/1.1 iyfhshsp.com/?domain=pasaranliga.com&dn=pasaranliga.com&fp=0iBgJf2bgkx68KLjhvY%2BJ2dOHYizATIQzXd%2FC1tlsL69fdWUrXCjXchteF1FBU534X%2BTe6iE3C3NcbSUOX5D9xc6u1%2BFMagRyYGVUkOW7m7xd6UgrykCByuK7Etin2zuZ5ZR744lO9gvQDPrqMlj9iEXzx%2B55OdQWtwadNkOvEM%3D&prvtof=0K6uNbCM82ZvLn9ofGVaveGUOKDyPzJ2O4bZQoTBnNKxl%2B7flfQKd9Kt9MAZ7oXy&poru=MElKhBbwq%2B7EvhsR2WTTmynfpXxG6Y1czrhJLrtFy%2B7TKu5XCIwXCpzjkHt3zOyu%2FnBJE9cr3TAfLYs3xtzgx28aqq%2BcYLdchyi8bSb6fPA%3D&
IP 208.91.196.46:0
ASN #40034 CONFLUENCE-NETWORK-INC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2100), with CRLF, LF line terminators
Hash d54914e0b391632e7255999a4fc491e6
cb25617aaca505c7d92d801188ca48177e6c25c9
035a3fbada704397cfbbf00e9185e7892989e6fe677d37b126fdc542b351f76f
GET /?domain=pasaranliga.com&dn=pasaranliga.com&fp=0iBgJf2bgkx68KLjhvY%2BJ2dOHYizATIQzXd%2FC1tlsL69fdWUrXCjXchteF1FBU534X%2BTe6iE3C3NcbSUOX5D9xc6u1%2BFMagRyYGVUkOW7m7xd6UgrykCByuK7Etin2zuZ5ZR744lO9gvQDPrqMlj9iEXzx%2B55OdQWtwadNkOvEM%3D&prvtof=0K6uNbCM82ZvLn9ofGVaveGUOKDyPzJ2O4bZQoTBnNKxl%2B7flfQKd9Kt9MAZ7oXy&poru=MElKhBbwq%2B7EvhsR2WTTmynfpXxG6Y1czrhJLrtFy%2B7TKu5XCIwXCpzjkHt3zOyu%2FnBJE9cr3TAfLYs3xtzgx28aqq%2BcYLdchyi8bSb6fPA%3D& HTTP/1.1
Host: iyfhshsp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://iyfhshsp.com/?dn=referer_detect&pid=5POL4F2O4
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 10:49:03 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Oqfn8Oq5luMGFTby1yiUK1v0ACLqBIKPgic4txd3YKInq0/LPEldTPjJ2rO38lum6HVoFoSZuOsDS4nEhuLlQQ==
Keep-Alive: timeout=5, max=127
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Encoding: gzip
Transfer-Encoding: chunked
iyfhshsp.com/px.js?ch=1
208.91.196.46200 OK 346 B IP 208.91.196.46:0
ASN #40034 CONFLUENCE-NETWORK-INC
File type ASCII text, with very long lines (346), with no line terminators
Hash f84f931c0dd37448e03f0dabf4e4ca9f
9c2c50edcf576453ccc07bf65668bd23c76e8663
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584
GET /px.js?ch=1 HTTP/1.1
Host: iyfhshsp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://iyfhshsp.com/?domain=pasaranliga.com&dn=pasaranliga.com&fp=0iBgJf2bgkx68KLjhvY%2BJ2dOHYizATIQzXd%2FC1tlsL69fdWUrXCjXchteF1FBU534X%2BTe6iE3C3NcbSUOX5D9xc6u1%2BFMagRyYGVUkOW7m7xd6UgrykCByuK7Etin2zuZ5ZR744lO9gvQDPrqMlj9iEXzx%2B55OdQWtwadNkOvEM%3D&prvtof=0K6uNbCM82ZvLn9ofGVaveGUOKDyPzJ2O4bZQoTBnNKxl%2B7flfQKd9Kt9MAZ7oXy&poru=MElKhBbwq%2B7EvhsR2WTTmynfpXxG6Y1czrhJLrtFy%2B7TKu5XCIwXCpzjkHt3zOyu%2FnBJE9cr3TAfLYs3xtzgx28aqq%2BcYLdchyi8bSb6fPA%3D&
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 10:49:04 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
Last-Modified: Wed, 20 Jan 2021 10:45:10 GMT
ETag: "15a-5b952a63b81f1"
Accept-Ranges: bytes
Content-Length: 346
Keep-Alive: timeout=5, max=120
Connection: Keep-Alive
Content-Type: application/javascript
iyfhshsp.com/px.js?ch=2
208.91.196.46200 OK 346 B IP 208.91.196.46:0
ASN #40034 CONFLUENCE-NETWORK-INC
File type ASCII text, with very long lines (346), with no line terminators
Hash f84f931c0dd37448e03f0dabf4e4ca9f
9c2c50edcf576453ccc07bf65668bd23c76e8663
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584
GET /px.js?ch=2 HTTP/1.1
Host: iyfhshsp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://iyfhshsp.com/?domain=pasaranliga.com&dn=pasaranliga.com&fp=0iBgJf2bgkx68KLjhvY%2BJ2dOHYizATIQzXd%2FC1tlsL69fdWUrXCjXchteF1FBU534X%2BTe6iE3C3NcbSUOX5D9xc6u1%2BFMagRyYGVUkOW7m7xd6UgrykCByuK7Etin2zuZ5ZR744lO9gvQDPrqMlj9iEXzx%2B55OdQWtwadNkOvEM%3D&prvtof=0K6uNbCM82ZvLn9ofGVaveGUOKDyPzJ2O4bZQoTBnNKxl%2B7flfQKd9Kt9MAZ7oXy&poru=MElKhBbwq%2B7EvhsR2WTTmynfpXxG6Y1czrhJLrtFy%2B7TKu5XCIwXCpzjkHt3zOyu%2FnBJE9cr3TAfLYs3xtzgx28aqq%2BcYLdchyi8bSb6fPA%3D&
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 10:49:04 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
Last-Modified: Wed, 20 Jan 2021 10:45:10 GMT
ETag: "15a-5b952a63b81f1"
Accept-Ranges: bytes
Content-Length: 346
Keep-Alive: timeout=5, max=120
Connection: Keep-Alive
Content-Type: application/javascript
i2.cdn-image.com/__media__/pics/29590/bg1.png
23.36.76.121200 OK 18 kB URL HTTP/1.1 i2.cdn-image.com/__media__/pics/29590/bg1.png
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type PNG image data, 1730 x 988, 4-bit colormap, non-interlaced\012- data
Hash 825ccd29ac102fcadaf92b2343d5917b
24472e766cfac5b82a73b219796556a0a3702bd6
0878fb2875c0ad852de8fb3e8f443afdf3064890f1443b3feccc274382f913cd
GET /__media__/pics/29590/bg1.png HTTP/1.1
Host: i2.cdn-image.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iyfhshsp.com/
HTTP/1.1 200 OK
Server: nginx
Content-Type: image/png
Content-Length: 17986
Last-Modified: Fri, 25 Nov 2022 12:16:35 GMT
ETag: "6380b223-4642"
Accept-Ranges: bytes
Cache-Control: public, max-age=61994
Expires: Sun, 29 Jan 2023 04:02:18 GMT
Date: Sat, 28 Jan 2023 10:49:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14903
Expires: Sat, 28 Jan 2023 14:57:27 GMT
Date: Sat, 28 Jan 2023 10:49:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14903
Expires: Sat, 28 Jan 2023 14:57:27 GMT
Date: Sat, 28 Jan 2023 10:49:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14903
Expires: Sat, 28 Jan 2023 14:57:27 GMT
Date: Sat, 28 Jan 2023 10:49:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14903
Expires: Sat, 28 Jan 2023 14:57:27 GMT
Date: Sat, 28 Jan 2023 10:49:04 GMT
Connection: keep-alive
i2.cdn-image.com/__media__/pics/28905/arrrow.png
23.36.76.121200 OK 283 B URL HTTP/1.1 i2.cdn-image.com/__media__/pics/28905/arrrow.png
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type PNG image data, 17 x 27, 8-bit colormap, non-interlaced\012- data
Hash 80d42c82a6c37da90210fd60a2f36128
554ba7c84d2a27ecf3b1f29d03e62101936b54d8
a1626e2d9160a0890a0a8d6e3af9e7095d68a24f9fb5ac8a166000c9a2581e10
GET /__media__/pics/28905/arrrow.png HTTP/1.1
Host: i2.cdn-image.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iyfhshsp.com/
HTTP/1.1 200 OK
Server: nginx
Content-Type: image/png
Content-Length: 283
Last-Modified: Tue, 04 Jan 2022 14:44:27 GMT
ETag: "61d45d4b-11b"
Accept-Ranges: bytes
Cache-Control: public, max-age=13727
Expires: Sat, 28 Jan 2023 14:37:51 GMT
Date: Sat, 28 Jan 2023 10:49:04 GMT
Connection: keep-alive
i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
23.36.76.121200 OK 17 kB URL HTTP/1.1 i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format, TrueType, length 17312, version 2.1\012- data
Hash bebe201d813feaad85a3e66607d0da3a
28b049502afa8e9db5340c1a92400591b39870e8
58bb75322beb862803b0d156e1a1d01fb1e7fde82ee93c929b08bf5aea9fc55b
GET /__media__/fonts/montserrat-bold/montserrat-bold.woff HTTP/1.1
Host: i2.cdn-image.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://iyfhshsp.com
Connection: keep-alive
Referer: http://iyfhshsp.com/
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/font-woff
Content-Length: 17312
Last-Modified: Wed, 20 Jan 2021 10:45:11 GMT
ETag: "600809b7-43a0"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Date: Sat, 28 Jan 2023 10:49:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:03:41 GMT
age: 42323
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14903
Expires: Sat, 28 Jan 2023 14:57:27 GMT
Date: Sat, 28 Jan 2023 10:49:04 GMT
Connection: keep-alive
i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
23.36.76.121200 OK 17 kB URL HTTP/1.1 i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format, TrueType, length 17264, version 2.1\012- data
Hash a43b107861b42ce1335e41e43d4e4d00
99bdb1cec4a68ebe29249c46fefefb6880d009e5
a6542dc92d71eb412bac89d8fb06c70f15be74a64b1b4ef1633288b78f4f2ff2
GET /__media__/fonts/montserrat-regular/montserrat-regular.woff HTTP/1.1
Host: i2.cdn-image.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://iyfhshsp.com
Connection: keep-alive
Referer: http://iyfhshsp.com/
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/font-woff
Content-Length: 17264
Last-Modified: Wed, 20 Jan 2021 10:45:11 GMT
ETag: "600809b7-4370"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Date: Sat, 28 Jan 2023 10:49:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4ab1206-2f2c-4daf-abf7-d4cc431b79b2.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4ab1206-2f2c-4daf-abf7-d4cc431b79b2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1e309628617789c29791d3e5d7dfeb19
bdcc8216d475268a7429c69a6b49a2c1febb8ff2
8810db74253ce6101c61ad97c59a3558e4ae7387593ff7ac66003a0d309d04c8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4ab1206-2f2c-4daf-abf7-d4cc431b79b2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7367
x-amzn-requestid: 1e89d117-3167-4873-b596-f7f93e75d009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EWHDYIAMF1tQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b5-17fd5e5649207dff1289c699;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ppdJECiDzgoYOBafVKAzErsXswgAYG83Glj_HFY9KgTJqdC5dqZYwA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:49:08 GMT
age: 46796
etag: "bdcc8216d475268a7429c69a6b49a2c1febb8ff2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ed1a0bd725b2078b4cfe4ed83877901
62493ca03be9870aac2341e033611a6d56bd322a
706e84bc63fd98acaeb72789239af3210ae6e3910e6589d92a25899dc9059dfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12397
x-amzn-requestid: e8436997-696d-483a-b03a-a84e7ca614ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T5HbzoAMFXsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-1c2ccd0a187d0a3e2f6a59cc;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmLHc8fKQYUpq9B-GyOQ0FKzhxi0ToTEPA7cu6JnQftgDFDNV8USvw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:37 GMT
etag: "62493ca03be9870aac2341e033611a6d56bd322a"
content-type: image/jpeg
age: 46347
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: otEuPlfCL7DeVwGZiGJuMjxjVyGdMwxPWeCz5T_mpXboi-oRujKhBw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 46806
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 43371
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 46338
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
searchdiscovered.com/__media__/pics/657/hostergator.gif
208.91.196.4302 Found 246 B URL HTTP/1.1 searchdiscovered.com/__media__/pics/657/hostergator.gif
IP 208.91.196.4:0
ASN #40034 CONFLUENCE-NETWORK-INC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6d6711a966a709b625b99abda74a4256
f996b24c7b05bdee4a06c7049cb248445ec0677c
b1656c00a494af260c5e61ff2fc13af17ba49a0ca02aeba2c809fe4122ba01f3
GET /__media__/pics/657/hostergator.gif HTTP/1.1
Host: searchdiscovered.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iyfhshsp.com/
HTTP/1.1 302 Found
Date: Sat, 28 Jan 2023 10:49:04 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
Location: http://freeresultsguide.com/__media__/pics/657/hostergator.gif
Content-Length: 246
Keep-Alive: timeout=5, max=127
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
searchdiscovered.com/__media__/pics/657/error-bg.gif
208.91.196.4302 Found 243 B URL HTTP/1.1 searchdiscovered.com/__media__/pics/657/error-bg.gif
IP 208.91.196.4:0
ASN #40034 CONFLUENCE-NETWORK-INC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9cd9326e3e1614d22b75e8d32ea585c0
1f2cd244c4541bcd15e2943e23f135029aa7adb8
f1e045a975646a4d179b4bd606dab7d7136f33782be4ae53caee769d78c8cec3
GET /__media__/pics/657/error-bg.gif HTTP/1.1
Host: searchdiscovered.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iyfhshsp.com/
HTTP/1.1 302 Found
Date: Sat, 28 Jan 2023 10:49:04 GMT
Server: Apache
Location: http://freeresultsguide.com/__media__/pics/657/error-bg.gif
Content-Length: 243
Keep-Alive: timeout=5, max=102
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
freeresultsguide.com/__media__/pics/657/error-bg.gif
208.91.196.4200 OK 2.0 kB URL HTTP/1.1 freeresultsguide.com/__media__/pics/657/error-bg.gif
IP 208.91.196.4:0
ASN #40034 CONFLUENCE-NETWORK-INC
File type GIF image data, version 89a, 526 x 2\012- data
Hash 2a0b3de86b6c212e0220f3a9757a5dbf
493f8e5c7a8c7c11645a99d22cfa8d637da6fe3e
76261ee6190ec30c36b297048d62eeb55240baa74253c6756c746d07d1fd8154
GET /__media__/pics/657/error-bg.gif HTTP/1.1
Host: freeresultsguide.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://iyfhshsp.com/
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 10:49:04 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
Last-Modified: Wed, 20 Jan 2021 10:46:09 GMT
ETag: "7d7-5b952a9b9b24e"
Accept-Ranges: bytes
Content-Length: 2007
Keep-Alive: timeout=5, max=124
Connection: Keep-Alive
Content-Type: image/gif
freeresultsguide.com/__media__/pics/657/hostergator.gif
208.91.196.4200 OK 8.0 kB URL HTTP/1.1 freeresultsguide.com/__media__/pics/657/hostergator.gif
IP 208.91.196.4:0
ASN #40034 CONFLUENCE-NETWORK-INC
File type GIF image data, version 89a, 220 x 63\012- data
Hash 1898aad5d11be03025f15b9137efa371
f61413766a2adcd018174b407e3e8e7e6f76feae
c91b0f2a8767a2c2dfb64ee200bd110a476b613a855a0c8982dd3c9b93095bb3
GET /__media__/pics/657/hostergator.gif HTTP/1.1
Host: freeresultsguide.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://iyfhshsp.com/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 10:49:05 GMT
Server: Apache
Last-Modified: Wed, 20 Jan 2021 10:46:09 GMT
ETag: "1f47-5b952a9b9b24e"
Accept-Ranges: bytes
Content-Length: 8007
Keep-Alive: timeout=5, max=125
Connection: Keep-Alive
Content-Type: image/gif