r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14541
Expires: Sun, 04 Dec 2022 19:36:20 GMT
Date: Sun, 04 Dec 2022 15:33:59 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3120
Cache-Control: max-age=157758
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:33:59 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:23:17 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 15:18:24 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 935
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4842
Expires: Sun, 04 Dec 2022 16:54:41 GMT
Date: Sun, 04 Dec 2022 15:33:59 GMT
Connection: keep-alive
dlsorkh.rzb.ir/Cat/57/karbordi.aspx
79.127.127.68200 OK 11 kB URL HTTP/1.1 dlsorkh.rzb.ir/Cat/57/karbordi.aspx
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (1212), with CRLF, LF, NEL line terminators
Hash 4365f65e83cbcb44430613c4a7f64b2b
7321e528ac6f43a97354e42a3bc8802531b47ce6
ac94869404964f0e42318248a8c13930f484656b21f27334358ce37ebbb7eb00
Analyzer Verdict Alert fortinet Malware
GET /Cat/57/karbordi.aspx HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
set-cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
transfer-encoding: chunked
content-encoding: gzip
date: Sun, 04 Dec 2022 15:33:59 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZAY5tl3OXiKdhdCSzU6VfXMfbyD5DKIUt2zd1OWt7tmoIQPidFJPOf9GlYMEnhLslFuWLVydXUaW4SlFVFvMGQ==
x-amz-request-id: XR53846W1CWHM1CC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 14:47:01 GMT
age: 2818
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 15:33:59 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.lenzfa.ir/showbanneri.php?a=MQ==&bs=MTc=&s=NDY4eDEwMA==&c=5f615f&u=45386&row=1&col=1&text=1&window=0
116.203.149.169404 Not Found 153 B URL HTTP/1.1 www.lenzfa.ir/showbanneri.php?a=MQ==&bs=MTc=&s=NDY4eDEwMA==&c=5f615f&u=45386&row=1&col=1&text=1&window=0
IP 116.203.149.169:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash a1ed5ecb9c651451520019b3747a06ef
724e59314a0890297915c1010e38e3267cdd810e
1b47c0dc50d20d7239392e8e3917cf1340aa2acf53b7e6a84ee56714471e26f4
GET /showbanneri.php?a=MQ==&bs=MTc=&s=NDY4eDEwMA==&c=5f615f&u=45386&row=1&col=1&text=1&window=0 HTTP/1.1
Host: www.lenzfa.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 404 Not Found
Server: nginx/1.16.1
Date: Sun, 04 Dec 2022 15:33:59 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive
dlsorkh.rzb.ir/temp/site.css?22
79.127.127.68200 OK 3.9 kB URL HTTP/1.1 dlsorkh.rzb.ir/temp/site.css?22
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type ASCII text, with very long lines (860)
Hash 787a6674aa05de4919a7c90cdbb150c9
2159cc3ec669621f05f361bd91b956e573faef9a
e234a5881c33e5ff75519381140d07f15611e92efbb0bb45ecf73437048d376c
Analyzer Verdict Alert fortinet Malware
GET /temp/site.css?22 HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/Cat/57/karbordi.aspx
Cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Tue, 03 Jan 2023 15:33:59 GMT
content-type: text/css
last-modified: Wed, 02 Mar 2022 08:28:27 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 3945
date: Sun, 04 Dec 2022 15:33:59 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
dlsorkh.rzb.ir/temp/tarahi/styles.css
79.127.127.68200 OK 6.1 kB URL HTTP/1.1 dlsorkh.rzb.ir/temp/tarahi/styles.css
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type Unicode text, UTF-8 (with BOM) text
Hash 28cf21c53411f845b0888677cbc74828
25bf3bc9920ad37a3f81d88e46001cab51eea3f6
d18ec6839084bfa3a36008f9f5f03cf0de9c8c656677aac9a5a62c2b6890f5ab
GET /temp/tarahi/styles.css HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/Cat/57/karbordi.aspx
Cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Tue, 03 Jan 2023 15:33:59 GMT
content-type: text/css
last-modified: Tue, 15 Feb 2022 00:08:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 6091
date: Sun, 04 Dec 2022 15:33:59 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
dlsorkh.rzb.ir/js/site.js?7
79.127.127.68200 OK 9.4 kB URL HTTP/1.1 dlsorkh.rzb.ir/js/site.js?7
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type Unicode text, UTF-8 (with BOM) text, with very long lines (5730)
Hash 3a9e608b97ff4d23f8a1649f24b6ed66
794e50a615ef78e2f2bd7616c7d9e033fc4bbe9d
82faf31dfa45299d23061f2c05579901ca592090ce35f1dc48a6ff61f24ac28a
Analyzer Verdict Alert fortinet Malware
GET /js/site.js?7 HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/Cat/57/karbordi.aspx
Cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sun, 11 Dec 2022 15:33:59 GMT
content-type: application/javascript
last-modified: Sat, 14 May 2022 01:34:44 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 9422
date: Sun, 04 Dec 2022 15:33:59 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
dlsorkh.rzb.ir/temp/default/script.js
79.127.127.68200 OK 302 B URL HTTP/1.1 dlsorkh.rzb.ir/temp/default/script.js
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
Hash f63434fb5b29fa6044b1a1e30e6c1162
2e7ada06c79c670f0dff3bd7d0474d07c49104e0
a9396929db33b5a927292dc2e2f33891c594811b1b37dd993abbc9db9afbb7cb
Analyzer Verdict Alert fortinet Malware
GET /temp/default/script.js HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/Cat/57/karbordi.aspx
Cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sun, 11 Dec 2022 15:33:59 GMT
content-type: application/javascript
last-modified: Wed, 18 Jul 2018 10:51:39 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 302
date: Sun, 04 Dec 2022 15:33:59 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
www.unp.ir/feeds/code_gn.php?val=http://www.unp.ir/feeds/jad.php?page=1.cache-per_item_bg_color_hex=FFFFFF-per_item_txt_color_hex=000000-border=0--Title_bg=c9c9c9
77.238.121.199301 Moved Permanently 378 B URL HTTP/1.1 www.unp.ir/feeds/code_gn.php?val=http://www.unp.ir/feeds/jad.php?page=1.cache-per_item_bg_color_hex=FFFFFF-per_item_txt_color_hex=000000-border=0--Title_bg=c9c9c9
IP 77.238.121.199:0
ASN #43754 Asiatech Data Transmission company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fe9365307d90d8c648b18a9dd3d140cd
b9eb6edefb4afe667b9ff45e0d568a94d50b12f3
60e31225f295a08d7391fcc2765bec422460396a2cced0f131ad52f4561c6b4f
GET /feeds/code_gn.php?val=http://www.unp.ir/feeds/jad.php?page=1.cache-per_item_bg_color_hex=FFFFFF-per_item_txt_color_hex=000000-border=0--Title_bg=c9c9c9 HTTP/1.1
Host: www.unp.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Dec 2022 15:33:59 GMT
Server: Apache/2
Location: https://www.unp.ir/feeds/code_gn.php?val=http://www.unp.ir/feeds/jad.php?page=1.cache-per_item_bg_color_hex=FFFFFF-per_item_txt_color_hex=000000-border=0--Title_bg=c9c9c9
Content-Length: 378
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
dlsorkh.rzb.ir/code/popup
79.127.127.68200 OK 1.2 kB URL HTTP/1.1 dlsorkh.rzb.ir/code/popup
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
Hash 6ffa320605d7054dc19241bac815d124
7a4894d09e7ebe89d6c276fec44a080da62b6a59
4084dcafd03a9b116a3ca147ffa5ce88ab76029ee2aea9b01bd4a8166d4a9c52
Analyzer Verdict Alert fortinet Malware
GET /code/popup HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/Cat/57/karbordi.aspx
Cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-language: fa
content-type: text/html; charset=charset
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 04 Dec 2022 15:34:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: pop_id=11276%2C; expires=Mon, 05-Dec-2022 03:34:00 GMT; Max-Age=43200; path=/
c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; expires=Mon, 05-Dec-2022 15:34:00 GMT; Max-Age=86400; path=/
c_t=51572638cbde8007e444781188140780724; expires=Mon, 05-Dec-2022 15:34:00 GMT; Max-Age=86400; path=/
vary: Accept-Encoding,User-Agent
content-length: 1175
content-encoding: gzip
date: Sun, 04 Dec 2022 15:33:59 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 15:08:58 GMT
cache-control: public,max-age=3600
age: 1502
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
dlsorkh.rzb.ir/weblog/file/loading/88.gif
79.127.127.68200 OK 6.0 kB URL HTTP/1.1 dlsorkh.rzb.ir/weblog/file/loading/88.gif
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type GIF image data, version 89a, 50 x 50\012- data
Hash 093445ee241c72e6dca01dc570c230dc
32adb71ec06b5d29ec62c5511328d5970228b86d
d40495f2a0e830c47fe4cd50574c68e206292f63545a0684516db0cd8716ee0e
GET /weblog/file/loading/88.gif HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/Cat/57/karbordi.aspx
Cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Mon, 04 Dec 2023 15:34:00 GMT
content-type: image/gif
last-modified: Thu, 02 Feb 2012 21:52:24 GMT
accept-ranges: bytes
content-length: 5972
date: Sun, 04 Dec 2022 15:34:00 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
dlsorkh.rzb.ir/images/no_image.png
79.127.127.68200 OK 6.3 kB URL HTTP/1.1 dlsorkh.rzb.ir/images/no_image.png
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c675d607343c154f0ef074dc145988a
2f3713c21ed04a225f16439b200e2b2a6062454e
2e8f7285f7325ed8db6a0d253158db2c8962125173a1e6973e8fcb39a325a7ba
GET /images/no_image.png HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/Cat/57/karbordi.aspx
Cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Mon, 04 Dec 2023 15:34:00 GMT
content-type: image/png
last-modified: Sat, 12 Jan 2013 13:14:07 GMT
accept-ranges: bytes
content-length: 6278
date: Sun, 04 Dec 2022 15:34:00 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
dlsorkh.rzb.ir/images/refresh2.svg
79.127.127.68200 OK 276 B URL HTTP/1.1 dlsorkh.rzb.ir/images/refresh2.svg
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 7082e86e2a3c9646fa1aa922b8e3a2d6
7f704127e872b5b94b8e2dd7959e2d5c9b9379a8
d1254b0bb9112500f8f39e1130f0a6c8dca1037d416e7f7d6524894b31b06b00
Analyzer Verdict Alert fortinet Malware
GET /images/refresh2.svg HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/Cat/57/karbordi.aspx
Cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sun, 11 Dec 2022 15:34:00 GMT
content-type: image/svg+xml
last-modified: Wed, 28 Apr 2021 22:57:34 GMT
etag: "114-6089e85e-9f2e18d89b796b95;;;"
accept-ranges: bytes
content-length: 276
date: Sun, 04 Dec 2022 15:34:00 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
dlsorkh.rzb.ir/include/captcha/cap9.php
79.127.127.68200 OK 3.8 kB URL HTTP/1.1 dlsorkh.rzb.ir/include/captcha/cap9.php
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type PNG image data, 100 x 30, 8-bit/color RGB, non-interlaced\012- data
Hash 1056fcee813e036b7abc94cb25c9faef
105ca4b208a5401ed44d3711e924d1e8fa82bc03
ec5f812d402a40b22d32dd759ea7e3780cf98c2ec2bd070ca0c3be08e1f449e8
Analyzer Verdict Alert fortinet Malware
GET /include/captcha/cap9.php HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/Cat/57/karbordi.aspx
Cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: image/png
content-length: 3799
date: Sun, 04 Dec 2022 15:34:00 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
rozblog.com/temp/pro/ads_468.jpg
79.127.127.68200 OK 6.3 kB URL HTTP/1.1 rozblog.com/temp/pro/ads_468.jpg
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type JPEG image data, JFIF standard 1.00, resolution (DPI), density 96x96, segment length 16, comment: "LEAD Technologies Inc. V1.01", baseline, precision 8, 468x60, components 3\012- data
Hash db8cac5e50e0f1be65a3ec0756ea6612
3053609e1039ab6d0d0be6adefeaf7ba7a243cf6
8f10f1e719bda34ecfc3af6b50f8273e9c9676d10612eff12aad2382d458ef1d
GET /temp/pro/ads_468.jpg HTTP/1.1
Host: rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Mon, 04 Dec 2023 15:34:00 GMT
content-type: image/jpeg
last-modified: Fri, 20 Feb 2015 09:52:01 GMT
accept-ranges: bytes
content-length: 6286
date: Sun, 04 Dec 2022 15:34:00 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
dlsorkh.rzb.ir/temp/tarahi/fonts/wdtv.woff
79.127.127.68200 OK 15 kB URL HTTP/1.1 dlsorkh.rzb.ir/temp/tarahi/fonts/wdtv.woff
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type Web Open Font Format, TrueType, length 14648, version 1.0\012- data
Hash 259c4490256daceb6a5f275cee137627
5c0eae14870f1ec6527aa64f3f675cb9063034ee
bd4bdb99aa4a1cf56a05d7a913dce42b23b4cb021148b0a0f22d836105d98fc5
Analyzer Verdict Alert fortinet Malware
GET /temp/tarahi/fonts/wdtv.woff HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/temp/tarahi/styles.css
Cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334; pop_id=11276%2C; c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; c_t=51572638cbde8007e444781188140780724
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Tue, 06 Dec 2022 15:34:00 GMT
content-type: font/woff
last-modified: Thu, 26 Feb 2015 19:00:22 GMT
etag: "3938-54ef6d46-daf654b8921ad10f;;;"
accept-ranges: bytes
content-length: 14648
date: Sun, 04 Dec 2022 15:34:00 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3111
Cache-Control: max-age=152682
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:34:00 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:58:42 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
dlsorkh.rzb.ir/temp/tarahi/fonts/yekanregular.woff
79.127.127.68200 OK 22 kB URL HTTP/1.1 dlsorkh.rzb.ir/temp/tarahi/fonts/yekanregular.woff
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type Web Open Font Format, CFF, length 21500, version 2.0\012- data
Hash 05727d32400b2008acbf7fc49251ede0
b6c1a82539a2531eb1aad7d1cf05554d5a999154
da78e001fab6f5d7b1c68e17d00fb1595c9b10085d6769a86aeb6a39dc7e43d6
Analyzer Verdict Alert fortinet Malware
GET /temp/tarahi/fonts/yekanregular.woff HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/temp/tarahi/styles.css
Cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334; pop_id=11276%2C; c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; c_t=51572638cbde8007e444781188140780724
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Tue, 06 Dec 2022 15:34:00 GMT
content-type: font/woff
last-modified: Thu, 26 Feb 2015 19:00:25 GMT
etag: "53fc-54ef6d49-80b982f1d7ce7ee2;;;"
accept-ranges: bytes
content-length: 21500
date: Sun, 04 Dec 2022 15:34:00 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
www.tooptarin.ir/wp-content/uploads/2012/02/GoldSolution_PC_Auto_Shutdown.jpg
79.127.127.84500 Internal Server Error 1.3 kB URL HTTP/1.1 www.tooptarin.ir/wp-content/uploads/2012/02/GoldSolution_PC_Auto_Shutdown.jpg
IP 79.127.127.84:0
ASN #43754 Asiatech Data Transmission company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 20082c79bd8f4b4ad5208137d5b62617
8733a08ae6a2a4201256c2ba43a8afc15f0e269e
e5b37273b646f0298e29c179bcfdf7100cc92b6a6d7b7ca6be4d510933bbc0d9
GET /wp-content/uploads/2012/02/GoldSolution_PC_Auto_Shutdown.jpg HTTP/1.1
Host: www.tooptarin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 500 Internal Server Error
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1311
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 04 Dec 2022 15:34:00 GMT
server: LiteSpeed
www.softgozar.com/Image/Softwares/Screenshot/FreeiSMS_AllInOne_1249_1_SoftGozar.com.png
178.216.249.195302 Redirect 161 B URL HTTP/1.1 www.softgozar.com/Image/Softwares/Screenshot/FreeiSMS_AllInOne_1249_1_SoftGozar.com.png
IP 178.216.249.195:0
ASN #43754 Asiatech Data Transmission company
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 3fddd3b00311e827ec75f591c2ce4c0e
80d04166b9db16b072e8f6a4c663e23a8e21abe9
9e35dc21720acc5d4e6f08b73edfa9ca0ab1ebff5863feecc0077ea2a68881c4
GET /Image/Softwares/Screenshot/FreeiSMS_AllInOne_1249_1_SoftGozar.com.png HTTP/1.1
Host: www.softgozar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: http://www.softgozar.com/Error404.aspx
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sun, 04 Dec 2022 15:33:58 GMT
Content-Length: 161
dvcasha2.ocsp-certum.com/
95.101.10.193200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP 95.101.10.193:0
ASN #20940 Akamai International B.V.
Hash 18a01a779ff8b574dc89822a600cfcec
827567e64d1c09ef5485caf5a0c7332e83a50b35
ab81fd691850a2e82d85139e06b4b5791a3c69a6464be9b276e2ad444464087b
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=866
Date: Sun, 04 Dec 2022 15:34:00 GMT
Connection: keep-alive
X-N: S
www.tooptarin.ir/wp-content/uploads/2012/03/chista.jpg
79.127.127.84500 Internal Server Error 1.3 kB URL HTTP/1.1 www.tooptarin.ir/wp-content/uploads/2012/03/chista.jpg
IP 79.127.127.84:0
ASN #43754 Asiatech Data Transmission company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 20082c79bd8f4b4ad5208137d5b62617
8733a08ae6a2a4201256c2ba43a8afc15f0e269e
e5b37273b646f0298e29c179bcfdf7100cc92b6a6d7b7ca6be4d510933bbc0d9
GET /wp-content/uploads/2012/03/chista.jpg HTTP/1.1
Host: www.tooptarin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 500 Internal Server Error
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1311
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 04 Dec 2022 15:34:00 GMT
server: LiteSpeed
www.tooptarin.ir/wp-content/uploads/2012/03/bluetoothview.jpg
79.127.127.84500 Internal Server Error 1.3 kB URL HTTP/1.1 www.tooptarin.ir/wp-content/uploads/2012/03/bluetoothview.jpg
IP 79.127.127.84:0
ASN #43754 Asiatech Data Transmission company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 20082c79bd8f4b4ad5208137d5b62617
8733a08ae6a2a4201256c2ba43a8afc15f0e269e
e5b37273b646f0298e29c179bcfdf7100cc92b6a6d7b7ca6be4d510933bbc0d9
GET /wp-content/uploads/2012/03/bluetoothview.jpg HTTP/1.1
Host: www.tooptarin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 500 Internal Server Error
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1311
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 04 Dec 2022 15:34:00 GMT
server: LiteSpeed
www.img4up.com/up2/45519868618924699667.bmp
150.95.219.152301 Moved Permanently 162 B URL HTTP/1.1 www.img4up.com/up2/45519868618924699667.bmp
IP 150.95.219.152:0
ASN #7506 GMO Internet,Inc
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /up2/45519868618924699667.bmp HTTP/1.1
Host: www.img4up.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 04 Dec 2022 15:34:00 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.img4up.com/up2/45519868618924699667.bmp
www.softgozar.com/Error404.aspx
178.216.249.195301 Moved Permanently 156 B URL HTTP/1.1 www.softgozar.com/Error404.aspx
IP 178.216.249.195:0
ASN #43754 Asiatech Data Transmission company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 53c6a4c30754bfae801962a50043466e
8ade24ef8fa614a627cafeb774eef12f495945d9
76c9d4fcaf5da4d56b902d65097745a852c505e4f9c7f25f2f7098e6c7953d32
GET /Error404.aspx HTTP/1.1
Host: www.softgozar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://dlsorkh.rzb.ir/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
Location: https://www.softgozar.com/Error404.aspx
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Sun, 04 Dec 2022 15:33:58 GMT
Content-Length: 156
push.services.mozilla.com/
34.215.94.42101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.215.94.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: u2SSWmdNuiqNuL4evGT6YQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iUWjkmkrz9E60Z138Ru+HGbgjbY=
www.unp.ir/feeds/code_gn.php?val=http://www.unp.ir/feeds/jad.php?page=1.cache-per_item_bg_color_hex=FFFFFF-per_item_txt_color_hex=000000-border=0--Title_bg=c9c9c9
77.238.121.199200 OK 482 B URL HTTP/2 www.unp.ir/feeds/code_gn.php?val=http://www.unp.ir/feeds/jad.php?page=1.cache-per_item_bg_color_hex=FFFFFF-per_item_txt_color_hex=000000-border=0--Title_bg=c9c9c9
IP 77.238.121.199:0
ASN #43754 Asiatech Data Transmission company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash 6ccce17a7e11316d226df3d1645a7c0b
fd59909a0f641f7ef52f08ada86c5f841255041b
888049b32fef4d7452177eb4401e6411f60d27afb4437470a845ced2976c3c5d
GET /feeds/code_gn.php?val=http://www.unp.ir/feeds/jad.php?page=1.cache-per_item_bg_color_hex=FFFFFF-per_item_txt_color_hex=000000-border=0--Title_bg=c9c9c9 HTTP/1.1
Host: www.unp.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dlsorkh.rzb.ir/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:34:00 GMT
server: Apache/2
x-powered-by: PHP/5.6.37
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 482
content-type: text/html; charset=utf-8
X-Firefox-Spdy: h2
www.lenzfa.ir/showbanneri.php?a=MQ==&bs=MTc=&s=NDY4eDEwMA==&c=5f615f&u=45386&row=1&col=1&text=1&window=0
116.203.149.169404 Not Found 153 B URL HTTP/1.1 www.lenzfa.ir/showbanneri.php?a=MQ==&bs=MTc=&s=NDY4eDEwMA==&c=5f615f&u=45386&row=1&col=1&text=1&window=0
IP 116.203.149.169:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash a1ed5ecb9c651451520019b3747a06ef
724e59314a0890297915c1010e38e3267cdd810e
1b47c0dc50d20d7239392e8e3917cf1340aa2acf53b7e6a84ee56714471e26f4
GET /showbanneri.php?a=MQ==&bs=MTc=&s=NDY4eDEwMA==&c=5f615f&u=45386&row=1&col=1&text=1&window=0 HTTP/1.1
Host: www.lenzfa.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 404 Not Found
Server: nginx/1.16.1
Date: Sun, 04 Dec 2022 15:34:00 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive
www.lenzfa.ir/showbanneri.php?a=MQ==&bs=MTc=&s=NDY4eDEwMA==&c=5f615f&u=45386&row=1&col=1&text=1&window=0
116.203.149.169404 Not Found 153 B URL HTTP/1.1 www.lenzfa.ir/showbanneri.php?a=MQ==&bs=MTc=&s=NDY4eDEwMA==&c=5f615f&u=45386&row=1&col=1&text=1&window=0
IP 116.203.149.169:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash a1ed5ecb9c651451520019b3747a06ef
724e59314a0890297915c1010e38e3267cdd810e
1b47c0dc50d20d7239392e8e3917cf1340aa2acf53b7e6a84ee56714471e26f4
GET /showbanneri.php?a=MQ==&bs=MTc=&s=NDY4eDEwMA==&c=5f615f&u=45386&row=1&col=1&text=1&window=0 HTTP/1.1
Host: www.lenzfa.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 404 Not Found
Server: nginx/1.16.1
Date: Sun, 04 Dec 2022 15:34:00 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb707539609cfc7d4f52b89925b50e0b
87232c24ba5486877c44f1ace8e52fe2d2bde3d5
179c0c6cab5900f910a28f10d4132c999ec8289854de6df88fad6db70b8f89e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "179C0C6CAB5900F910A28F10D4132C999EC8289854DE6DF88FAD6DB70B8F89E4"
Last-Modified: Sun, 04 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3733
Expires: Sun, 04 Dec 2022 16:36:14 GMT
Date: Sun, 04 Dec 2022 15:34:01 GMT
Connection: keep-alive
www.tooptarin.ir/wp-content/uploads/2012/03/bluetoothview.jpg
79.127.127.84500 Internal Server Error 1.3 kB URL HTTP/1.1 www.tooptarin.ir/wp-content/uploads/2012/03/bluetoothview.jpg
IP 79.127.127.84:0
ASN #43754 Asiatech Data Transmission company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 20082c79bd8f4b4ad5208137d5b62617
8733a08ae6a2a4201256c2ba43a8afc15f0e269e
e5b37273b646f0298e29c179bcfdf7100cc92b6a6d7b7ca6be4d510933bbc0d9
GET /wp-content/uploads/2012/03/bluetoothview.jpg HTTP/1.1
Host: www.tooptarin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 500 Internal Server Error
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1311
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 04 Dec 2022 15:34:01 GMT
server: LiteSpeed
www.tooptarin.ir/wp-content/uploads/2012/03/chista.jpg
79.127.127.84500 Internal Server Error 1.3 kB URL HTTP/1.1 www.tooptarin.ir/wp-content/uploads/2012/03/chista.jpg
IP 79.127.127.84:0
ASN #43754 Asiatech Data Transmission company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 20082c79bd8f4b4ad5208137d5b62617
8733a08ae6a2a4201256c2ba43a8afc15f0e269e
e5b37273b646f0298e29c179bcfdf7100cc92b6a6d7b7ca6be4d510933bbc0d9
GET /wp-content/uploads/2012/03/chista.jpg HTTP/1.1
Host: www.tooptarin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 500 Internal Server Error
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1311
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 04 Dec 2022 15:34:01 GMT
server: LiteSpeed
rozblog.com/temp/rang/like.png
79.127.127.68200 OK 2.3 kB URL HTTP/1.1 rozblog.com/temp/rang/like.png
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type PNG image data, 22 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash dd370ffbcd679da0d5c8547f34c6e2fb
6df3b9ec0e82b1a6ef41bc83041d2b2e16200077
2f14531974b17d9fd89de532694faf69ed7aa61b04ea990108b138d772ba96f7
GET /temp/rang/like.png HTTP/1.1
Host: rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Mon, 04 Dec 2023 15:34:01 GMT
content-type: image/png
last-modified: Sat, 14 Feb 2015 11:52:19 GMT
accept-ranges: bytes
content-length: 2272
date: Sun, 04 Dec 2022 15:34:01 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
www.tooptarin.ir/wp-content/uploads/2012/02/GoldSolution_PC_Auto_Shutdown.jpg
79.127.127.84500 Internal Server Error 1.3 kB URL HTTP/1.1 www.tooptarin.ir/wp-content/uploads/2012/02/GoldSolution_PC_Auto_Shutdown.jpg
IP 79.127.127.84:0
ASN #43754 Asiatech Data Transmission company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 20082c79bd8f4b4ad5208137d5b62617
8733a08ae6a2a4201256c2ba43a8afc15f0e269e
e5b37273b646f0298e29c179bcfdf7100cc92b6a6d7b7ca6be4d510933bbc0d9
GET /wp-content/uploads/2012/02/GoldSolution_PC_Auto_Shutdown.jpg HTTP/1.1
Host: www.tooptarin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 500 Internal Server Error
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1311
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 04 Dec 2022 15:34:01 GMT
server: LiteSpeed
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6db5448041ebae1eaebb7cf36925f1f2
1656eb821b452c43f17f43f7cb7fb56d1dfcfe9a
fb96a69103b5d2682fc299369201a1b6e04ae2d1ec11defb68bfc272eb71ecb2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FB96A69103B5D2682FC299369201A1B6E04AE2D1EC11DEFB68BFC272EB71ECB2"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13788
Expires: Sun, 04 Dec 2022 19:23:49 GMT
Date: Sun, 04 Dec 2022 15:34:01 GMT
Connection: keep-alive
dlsorkh.rzb.ir/temp/tarahi/fonts/fontawesome-webfont.woff?v=4.2.0
79.127.127.68200 OK 66 kB URL HTTP/1.1 dlsorkh.rzb.ir/temp/tarahi/fonts/fontawesome-webfont.woff?v=4.2.0
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type Web Open Font Format, TrueType, length 65452, version 1.0\012- data
Hash d95d6f5d5ab7cfefd09651800b69bd54
7d65e0227d0d7cdc1718119cd2a7dce0638f151c
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
Analyzer Verdict Alert fortinet Malware
GET /temp/tarahi/fonts/fontawesome-webfont.woff?v=4.2.0 HTTP/1.1
Host: dlsorkh.rzb.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/temp/tarahi/styles.css
Cookie: PHPSESSID=419796dd3e5b951250b728ee96d32334; pop_id=11276%2C; c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; c_t=51572638cbde8007e444781188140780724
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Tue, 06 Dec 2022 15:34:01 GMT
content-type: font/woff
last-modified: Thu, 26 Feb 2015 19:00:20 GMT
etag: "ffac-54ef6d44-11fea27943efc11b;;;"
accept-ranges: bytes
content-length: 65452
date: Sun, 04 Dec 2022 15:34:01 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
www.img4up.com/up2/45519868618924699667.bmp
150.95.219.152301 Moved Permanently 225 B URL HTTP/2 www.img4up.com/up2/45519868618924699667.bmp
IP 150.95.219.152:0
ASN #7506 GMO Internet,Inc
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 248d0b7aa92cc52b130e0f72ff3bfe2f
3a1bd68d305237768535b353dddf4fe5575e26f5
23963137aa272df213ffb86e9262f04db72c9f2377b716642c2887e61da058ff
GET /up2/45519868618924699667.bmp HTTP/1.1
Host: www.img4up.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dlsorkh.rzb.ir/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Sun, 04 Dec 2022 15:34:01 GMT
content-type: text/html; charset=iso-8859-1
content-length: 225
location: http://img4up.com
x-nginx-cache: MISS
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3435
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 15:34:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3435
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 15:34:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3435
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 15:34:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3435
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 15:34:01 GMT
Connection: keep-alive
www.softgozar.com/Error404.aspx
178.216.249.195200 OK 17 kB URL HTTP/2 www.softgozar.com/Error404.aspx
IP 178.216.249.195:0
ASN #43754 Asiatech Data Transmission company
Hash 3100017a20837e2e487ed26b202d4c7b
13e63f1afafea3270f0dc9afbd3867d7d0eb19d9
507741700bfd6bf991366b02784a5d04ecd40fccd0c42d3a72266fe62eb55196
GET /Error404.aspx HTTP/1.1
Host: www.softgozar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dlsorkh.rzb.ir/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
set-cookie: ASP.NET_SessionId=ixbkipapvwcw1cfnwqqm44gf; path=/; HttpOnly; SameSite=Lax
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sun, 04 Dec 2022 15:33:59 GMT
content-length: 65247
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 34721
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img4up.com/
150.95.219.152301 Moved Permanently 162 B IP 150.95.219.152:0
ASN #7506 GMO Internet,Inc
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET / HTTP/1.1
Host: img4up.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://dlsorkh.rzb.ir/
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 04 Dec 2022 15:34:01 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://img4up.com/
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 64200
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 63859
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
native-removal.triboon.net/?hash=429176184,685028440,887596774,976929553,330840058
185.143.233.120200 OK 10 kB URL HTTP/2 native-removal.triboon.net/?hash=429176184,685028440,887596774,976929553,330840058
IP 185.143.233.120:0
ASN #202468 Noyan Abr Arvan Co. ( Private Joint Stock)
File type JSON data\012- , ASCII text
Hash 4d9262b9e5c442daca8214400c80252c
3be406b785a56401facfb27536b225b5b7087a62
4bb514bf13e21dc14915690abeff3752ed0b8c2bd25ffa3afab3e1b741786cec
OPTIONS /?hash=429176184,685028440,887596774,976929553,330840058 HTTP/1.1
Host: native-removal.triboon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: href
Referer: http://dlsorkh.rzb.ir/
Origin: http://dlsorkh.rzb.ir
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ArvanCloud
date: Sun, 04 Dec 2022 15:34:01 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: http://dlsorkh.rzb.ir
access-control-allow-headers: *
cache-control: public, max-age=14400, s-maxage=14400, stale-while-revalidate=3600, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
pragma: no-cache
expires: 0
x-xss-protection: 1; mode=block
ar-sid: 2056
ar-atime: 0.201
ar-request-id: 4b6134445e4519d37337b76c512a9e00
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 64282
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1521243a6fc065bb631bfbde22886fa2
527220e4e8cd1065ce05fcd0694d0d703d817e2e
b83ebf768bbfb34f49d5467f3dfb43ceb3ca3d30d3454e6f37db9aef72d7689a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11482
x-amzn-requestid: d1db05ab-bd5d-4ad4-96b4-8f439152e435
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clssNEeAoAMFh_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc181-0221c53842a2f5ef071e8071;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UZ5kblxfN8fkp55YeSpUA55GzDxZgsLpFZrYTsdJBihf53HLCN0hTA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 22:17:35 GMT
age: 62186
etag: "527220e4e8cd1065ce05fcd0694d0d703d817e2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.rozblog.com/theme/rozblog_v4/favi1.ico
79.127.127.68200 OK 1.2 kB URL HTTP/1.1 www.rozblog.com/theme/rozblog_v4/favi1.ico
IP 79.127.127.68:0
ASN #43754 Asiatech Data Transmission company
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 129e0e4681906fae60ea32d066a7b4c5
33c024415db44baa3aba0f13df1399d9b81ac9e6
0a14eb14e53df8201b78084ab9a276a1f4ca01e55a20c3b8b0b6f3b660ee3ff0
GET /theme/rozblog_v4/favi1.ico HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Mon, 04 Dec 2023 15:34:02 GMT
content-type: image/x-icon
last-modified: Tue, 18 Nov 2014 15:12:07 GMT
accept-ranges: bytes
content-length: 1150
date: Sun, 04 Dec 2022 15:34:02 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 231fdf9745b4e6dfd3822094e04f3b39
a69c0eca5c0d1747377d808eb8af67ead302838c
154ee8d54118e93e7a017789114142bb35b0f27176879f61c4bddfc836b0e0b2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "154EE8D54118E93E7A017789114142BB35B0F27176879F61C4BDDFC836B0E0B2"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9449
Expires: Sun, 04 Dec 2022 18:11:31 GMT
Date: Sun, 04 Dec 2022 15:34:02 GMT
Connection: keep-alive
native-removal.triboon.net/?hash=429176184,685028440,887596774,976929553,330840058
185.143.233.120200 OK 19 B URL HTTP/2 native-removal.triboon.net/?hash=429176184,685028440,887596774,976929553,330840058
IP 185.143.233.120:0
ASN #202468 Noyan Abr Arvan Co. ( Private Joint Stock)
File type JSON data\012- , ASCII text
Hash e3b9c64ad768cb0789f9a59dbb2503f7
371c834ddad061176d5410bd2e6ba5d6ef5d9fc4
dac7d9e138e4dc4d37bcc15dd7fd2a281da87f1731cbfff9687cca0a83d48c92
GET /?hash=429176184,685028440,887596774,976929553,330840058 HTTP/1.1
Host: native-removal.triboon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
href: http://dlsorkh.rzb.ir/Cat/57/karbordi.aspx
Origin: http://dlsorkh.rzb.ir
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ArvanCloud
date: Sun, 04 Dec 2022 15:34:02 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: http://dlsorkh.rzb.ir
access-control-allow-headers: *
cache-control: public, max-age=14400, s-maxage=14400, stale-while-revalidate=3600, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
pragma: no-cache
expires: 0
x-xss-protection: 1; mode=block
ar-sid: 2056
ar-atime: 0.184
ar-cache: BYPASS
ar-request-id: d75d6f9917a8ac369280ab01b5c56696
content-encoding: br
X-Firefox-Spdy: h2
nfetch.yektanet.com/api/v2/load
87.107.144.247200 OK 1.3 kB URL HTTP/2 nfetch.yektanet.com/api/v2/load
IP 87.107.144.247:0
ASN #204544 Dade Pardazi Mobinhost Co LTD
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1230), with no line terminators
Hash 38950c2ceba5c0b2b0d9a37a58bc5836
75a36fcb441a7b0541e348d339f923700f3e1c2e
58426dfe2b1a3c31c101481917cfdc87b95e2e5f18f8730e83620ce7356e3883
POST /api/v2/load HTTP/1.1
Host: nfetch.yektanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 268
Origin: http://dlsorkh.rzb.ir
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:34:02 GMT
content-type: application/json; charset=utf-8
content-length: 1291
vary: Origin
access-control-allow-origin: http://dlsorkh.rzb.ir
access-control-allow-credentials: true
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
pragma: no-cache
expires: 0
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cac552464d6ed6d71a69863ea252fb6a
c86d920ed76632e9b5cf631d77431056a23bb002
6a24f4606d4ffd7675de8339dd1d34f5ba05558a470e761ae457b186ef869820
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A24F4606D4FFD7675DE8339DD1D34F5BA05558A470E761AE457B186EF869820"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3988
Expires: Sun, 04 Dec 2022 16:40:31 GMT
Date: Sun, 04 Dec 2022 15:34:03 GMT
Connection: keep-alive
native-scripts.yektanet.com/public/chunk/minified/105.f36f6d25fc7e25189ab2.js
185.143.233.120200 OK 12 kB URL HTTP/2 native-scripts.yektanet.com/public/chunk/minified/105.f36f6d25fc7e25189ab2.js
IP 185.143.233.120:0
ASN #202468 Noyan Abr Arvan Co. ( Private Joint Stock)
File type Unicode text, UTF-8 text, with very long lines (19524), with no line terminators
Hash 3d6c922db6ed7c70c25e1c438dbfbb25
225b4f5dab24ff3999c121e873e4622a2c9547e9
2aa323e7690d5d98f0ef3da1179e88e9b8d5d2191bf904f5f9eeecc484a108fc
GET /public/chunk/minified/105.f36f6d25fc7e25189ab2.js HTTP/1.1
Host: native-scripts.yektanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ArvanCloud
date: Sun, 04 Dec 2022 15:34:03 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 30 Nov 2022 08:34:54 GMT
x-rgw-object-type: Normal
etag: W/"6f410aa994e04b66a6e45c56a85e4e9b"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: max-age=3600
content-security-policy-report-only: default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-to default
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://csp-reports.yektanet.com"}],"include_subdomains":true}
expires: Sun, 04 Dec 2022 16:34:03 GMT
x-xss-protection: 1; mode=block
ar-sid: 2052
ar-atime: 0.000
ar-cache: HIT
ar-request-id: aff8dbf2b2ba335f77b1e31ba612360c
content-encoding: br
X-Firefox-Spdy: h2
audience.yektanet.com/api/v1/scripts/preview/validate/?app_id=xywHAyqU
185.143.233.120200 OK 5 B URL HTTP/2 audience.yektanet.com/api/v1/scripts/preview/validate/?app_id=xywHAyqU
IP 185.143.233.120:0
ASN #202468 Noyan Abr Arvan Co. ( Private Joint Stock)
File type ASCII text, with no line terminators
Hash 68934a3e9455fa72420237eb05902327
7cb6efb98ba5972a9b5090dc2e517fe14d12cb04
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa
GET /api/v1/scripts/preview/validate/?app_id=xywHAyqU HTTP/1.1
Host: audience.yektanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://dlsorkh.rzb.ir
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ArvanCloud
date: Sun, 04 Dec 2022 15:34:04 GMT
content-type: application/json
content-length: 5
access-control-allow-origin: http://dlsorkh.rzb.ir
allow: GET, OPTIONS
access-control-allow-methods: GET, OPTIONS
access-control-allow-credentials: true
access-control-allow-headers: Authorization
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
pragma: no-cache
expires: 0
x-xss-protection: 1; mode=block
ar-sid: 2052
ar-atime: 0.172
ar-cache: BYPASS
ar-request-id: bf0375065d0a86822d3971032c111a7c
accept-ranges: bytes
X-Firefox-Spdy: h2
ua.yektanet.com/__fake.gif/?aa=event&abe=L&abf=9ccd67bd-7f56-4395-bca2-12bdaf14464f&abj=1&aed=pub&ac=http%3A%2F%2Fdlsorkh.rzb.ir%2FCat%2F57%2Fkarbordi.aspx&ae=%7B%7D&ad=dlsorkh.rzb.ir&as=%D9%86%D8%B1%D9%85%20%D8%A7%D9%81%D8%B2%D8%A7%D8%B1%20%D9%87%D9%85%D8%B1%D8%A7%D9%87&aef=xywHAyqU&aec=156927&aaa=direct&aab=null&ai=142ce464-b9ff-ebd6-a0f3-01006ea61056&abw=1268&abb=3351&aby=1280&abz=1024&al=1280&am=939&abk=.%3A%3A%D8%AF%D8%A7%D9%86%D9%84%D9%88%D8%AF%20%D8%A8%D8%A7%20%D9%84%DB%8C%D9%86%DA%A9%20%D9%85%D8%B3%D8%AA%D9%82%DB%8C%D9%85%3A%3A.
185.143.233.120200 OK 42 B URL HTTP/2 ua.yektanet.com/__fake.gif/?aa=event&abe=L&abf=9ccd67bd-7f56-4395-bca2-12bdaf14464f&abj=1&aed=pub&ac=http%3A%2F%2Fdlsorkh.rzb.ir%2FCat%2F57%2Fkarbordi.aspx&ae=%7B%7D&ad=dlsorkh.rzb.ir&as=%D9%86%D8%B1%D9%85%20%D8%A7%D9%81%D8%B2%D8%A7%D8%B1%20%D9%87%D9%85%D8%B1%D8%A7%D9%87&aef=xywHAyqU&aec=156927&aaa=direct&aab=null&ai=142ce464-b9ff-ebd6-a0f3-01006ea61056&abw=1268&abb=3351&aby=1280&abz=1024&al=1280&am=939&abk=.%3A%3A%D8%AF%D8%A7%D9%86%D9%84%D9%88%D8%AF%20%D8%A8%D8%A7%20%D9%84%DB%8C%D9%86%DA%A9%20%D9%85%D8%B3%D8%AA%D9%82%DB%8C%D9%85%3A%3A.
IP 185.143.233.120:0
ASN #202468 Noyan Abr Arvan Co. ( Private Joint Stock)
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /__fake.gif/?aa=event&abe=L&abf=9ccd67bd-7f56-4395-bca2-12bdaf14464f&abj=1&aed=pub&ac=http%3A%2F%2Fdlsorkh.rzb.ir%2FCat%2F57%2Fkarbordi.aspx&ae=%7B%7D&ad=dlsorkh.rzb.ir&as=%D9%86%D8%B1%D9%85%20%D8%A7%D9%81%D8%B2%D8%A7%D8%B1%20%D9%87%D9%85%D8%B1%D8%A7%D9%87&aef=xywHAyqU&aec=156927&aaa=direct&aab=null&ai=142ce464-b9ff-ebd6-a0f3-01006ea61056&abw=1268&abb=3351&aby=1280&abz=1024&al=1280&am=939&abk=.%3A%3A%D8%AF%D8%A7%D9%86%D9%84%D9%88%D8%AF%20%D8%A8%D8%A7%20%D9%84%DB%8C%D9%86%DA%A9%20%D9%85%D8%B3%D8%AA%D9%82%DB%8C%D9%85%3A%3A. HTTP/1.1
Host: ua.yektanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ArvanCloud
date: Sun, 04 Dec 2022 15:34:04 GMT
content-type: image/gif
content-length: 42
set-cookie: gearbox_ad_token=84ea2439-98bf1-1e297-793a3-316aff7a5601a; Path=/; Domain=.yektanet.com; SameSite=None; Secure; HttpOnly; Max-Age=315360000; Expires=Wed, 01-Dec-32 15:34:04 GMT
analytics_global_token=84ea2439-98bf1-1e297-793a3-316aff7a5601a; Path=/; Domain=.yektanet.com; SameSite=None; Secure; HttpOnly; Max-Age=315360000; Expires=Wed, 01-Dec-32 15:34:04 GMT
last-modified: Sunday, 04-Dec-2022 15:34:04 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
pragma: no-cache
expires: 0
x-xss-protection: 1; mode=block
ar-sid: 2052
ar-atime: 0.197
ar-cache: BYPASS
ar-request-id: bcfa76bfdd404f714e8da781f75322c3
accept-ranges: bytes
X-Firefox-Spdy: h2
dvcasha2.ocsp-certum.com/
95.101.10.193200 OK 1.6 kB URL HTTP/1.1 dvcasha2.ocsp-certum.com/
IP 95.101.10.193:0
ASN #20940 Akamai International B.V.
Hash d9dace4f9e0277c17372dde71a0f93c4
bc03b4c48d603487ab2d4a18a9be8558b9d6621e
a3b50a4ce6eb3b3dd980bf4be3d8a9e8c7f2ea993a4cae3cbff6f93990089ad8
POST / HTTP/1.1
Host: dvcasha2.ocsp-certum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=150
Date: Sun, 04 Dec 2022 15:34:04 GMT
Connection: keep-alive
X-N: S
plus.sabavision.com/csync/3P/pixel?id=yektanet
185.147.178.24200 OK 597 B URL HTTP/2 plus.sabavision.com/csync/3P/pixel?id=yektanet
IP 185.147.178.24:0
ASN #44932 Fannavaran-e Idea Pardaz-e Saba PJSC
File type JPEG image data, baseline, precision 8, 1x1, components 3\012- data
Hash 91c97a3dd65bdf0bcd2fa45d5b1c1b86
68cf099726f6e1cc8f3b31ff481a1d2479fc682d
af64a6f3ffc388b91cd70eae25893f7bea7e8e7d84d2c2b41c378cfbe13651ff
GET /csync/3P/pixel?id=yektanet HTTP/1.1
Host: plus.sabavision.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:34:04 GMT
content-type: image/jpeg
content-length: 597
cache-control: no-cache
cache-directive: no-cache
expires: 0
pragma: no-cache
pragma-directive: no-cache
server: nginx
x-upstream-ct: 0.000
x-upstream-ht: 0.388
x-upstream: 0
X-Firefox-Spdy: h2
cdn.yektanet.com/fp/fingerprint.js?v=umd
185.166.104.4200 OK 0 B URL HTTP/2 cdn.yektanet.com/fp/fingerprint.js?v=umd
IP 185.166.104.4:0
ASN #202319 Avaye Hamrahe Houshmande Hezardastan PJSC
GET /fp/fingerprint.js?v=umd HTTP/1.1
Host: cdn.yektanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:34:04 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 20 Sep 2022 08:24:54 GMT
vary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
etag: W/"632978d6-7c6a"
x-zrk-us: 206
cache-control: public, max-age=3600
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: *
access-control-expose-headers: *
strict-transport-security: max-age=31536000
server: Delivery
x-zrk-cs: HIT
x-zrk-sn: 3001
content-encoding: br
X-Firefox-Spdy: h2
img4up.com/
150.95.219.152200 OK 0 B IP 150.95.219.152:0
ASN #7506 GMO Internet,Inc
GET / HTTP/1.1
Host: img4up.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dlsorkh.rzb.ir/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 15:34:01 GMT
content-type: text/html; charset=UTF-8
last-modified: Thu, 11 Feb 2021 01:35:53 GMT
etag: W/"1295d-5bb058a4bb040"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: User-Agent
x-nginx-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
native-scripts.yektanet.com/public/chunk/minified/footer.bfd8764144380485185d.js
185.143.233.120200 OK 0 B URL HTTP/2 native-scripts.yektanet.com/public/chunk/minified/footer.bfd8764144380485185d.js
IP 185.143.233.120:0
ASN #202468 Noyan Abr Arvan Co. ( Private Joint Stock)
GET /public/chunk/minified/footer.bfd8764144380485185d.js HTTP/1.1
Host: native-scripts.yektanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ArvanCloud
date: Sun, 04 Dec 2022 15:34:03 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 30 Nov 2022 08:34:54 GMT
x-rgw-object-type: Normal
etag: W/"df720023140bf329daee625d31687072"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: max-age=3600
content-security-policy-report-only: default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-to default
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://csp-reports.yektanet.com"}],"include_subdomains":true}
expires: Sun, 04 Dec 2022 16:34:03 GMT
x-xss-protection: 1; mode=block
ar-sid: 2052
ar-atime: 0.000
ar-cache: HIT
ar-request-id: 755e4a467019092e1fe3a6412ec2d4e3
content-encoding: br
X-Firefox-Spdy: h2
native-scripts.yektanet.com/public/chunk/minified/929.9891672dd3947978da68.js
185.143.233.120200 OK 0 B URL HTTP/2 native-scripts.yektanet.com/public/chunk/minified/929.9891672dd3947978da68.js
IP 185.143.233.120:0
ASN #202468 Noyan Abr Arvan Co. ( Private Joint Stock)
GET /public/chunk/minified/929.9891672dd3947978da68.js HTTP/1.1
Host: native-scripts.yektanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ArvanCloud
date: Sun, 04 Dec 2022 15:34:03 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Wed, 30 Nov 2022 08:34:54 GMT
x-rgw-object-type: Normal
etag: W/"cf17456fe0401ed248dda555f4021356"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: max-age=3600
content-security-policy-report-only: default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-to default
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://csp-reports.yektanet.com"}],"include_subdomains":true}
expires: Sun, 04 Dec 2022 16:34:03 GMT
x-xss-protection: 1; mode=block
ar-sid: 2052
ar-atime: 0.000
ar-cache: HIT
ar-request-id: 1cfb19109bfe3f35ac65d1444b7d4f56
content-encoding: br
X-Firefox-Spdy: h2
cdn.yektanet.com/js/rozblog.com/native-rozblog.com-23662.js?v=202201104015
185.166.104.4200 OK 0 B URL HTTP/2 cdn.yektanet.com/js/rozblog.com/native-rozblog.com-23662.js?v=202201104015
IP 185.166.104.4:0
ASN #202319 Avaye Hamrahe Houshmande Hezardastan PJSC
GET /js/rozblog.com/native-rozblog.com-23662.js?v=202201104015 HTTP/1.1
Host: cdn.yektanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:34:00 GMT
content-type: application/javascript; charset=utf-8
cache-tag: native_rozblog.com,native
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://csp-reports.yektanet.com"}],"include_subdomains":true}
last-modified: Wed, 30 Nov 2022 12:19:39 GMT
x-rgw-object-type: Normal
etag: W/"1d1c4277fd7a4a4dcb0a0002681edd5f"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: public, max-age=3600
content-security-policy-report-only: default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-to default
x-zrk-us: 206
access-control-allow-headers: *
access-control-allow-methods: *
access-control-expose-headers: *
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
server: Delivery
x-zrk-cs: HIT
x-zrk-sn: 3001
content-encoding: br
X-Firefox-Spdy: h2
cdn.yektanet.com/rg_woebegone/scripts_v3/D138M2Bm/publisher.js?v=202201104015
185.166.104.4200 OK 0 B URL HTTP/2 cdn.yektanet.com/rg_woebegone/scripts_v3/D138M2Bm/publisher.js?v=202201104015
IP 185.166.104.4:0
ASN #202319 Avaye Hamrahe Houshmande Hezardastan PJSC
GET /rg_woebegone/scripts_v3/D138M2Bm/publisher.js?v=202201104015 HTTP/1.1
Host: cdn.yektanet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dlsorkh.rzb.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:34:01 GMT
content-type: application/javascript; charset=utf-8
cache-tag: ua_D138M2Bm,ua
report-to: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://csp-reports.yektanet.com"}],"include_subdomains":true}
last-modified: Tue, 18 Oct 2022 09:48:05 GMT
x-rgw-object-type: Normal
etag: W/"483e3c65d46da98a641fddb5d5ec97c5"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: public, max-age=3600
content-security-policy-report-only: default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-to default
x-zrk-us: 206
access-control-allow-headers: *
access-control-allow-methods: *
access-control-expose-headers: *
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
server: Delivery
x-zrk-cs: HIT
x-zrk-sn: 3001
content-encoding: br
X-Firefox-Spdy: h2