habeb-alroh.forumfa.net/t8271-topic
301 Moved Permanently 0 B URL HTTP/1.1 habeb-alroh.forumfa.net/t8271-topic
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /t8271-topic HTTP/1.1
Host: habeb-alroh.forumfa.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 02 Dec 2022 02:26:26 GMT
Content-Length: 0
Location: https://habeb-alroh.forumfa.net/t8271-topic
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3833
Expires: Fri, 02 Dec 2022 03:30:19 GMT
Date: Fri, 02 Dec 2022 02:26:26 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16039
Expires: Fri, 02 Dec 2022 06:53:45 GMT
Date: Fri, 02 Dec 2022 02:26:26 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 883
Cache-Control: max-age=116369
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:26 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 10:45:55 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: hwHBe0QmiNzFM0QOzyXKl3u9hm2G+rdjfMrGbQX3igjBRn3gQSRb4JX93xjiJs4DUIv7gO7LlAo=
x-amz-request-id: 0N5T1924E036P0JJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 01:46:31 GMT
age: 2395
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 02:18:10 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 496
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:26 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 217e5885867db6f9099129fec3af0a1a
8a7303593f5af452f974006c9ccc58bc90606ddd
1dc0b0d83b49be226498470d07b10d3dbf165e10893f83e07061c77dda7f342f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DC0B0D83B49BE226498470D07B10D3DBF165E10893F83E07061C77DDA7F342F"
Last-Modified: Thu, 01 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21544
Expires: Fri, 02 Dec 2022 08:25:31 GMT
Date: Fri, 02 Dec 2022 02:26:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 02:08:57 GMT
cache-control: public,max-age=3600
age: 1050
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 6183097fc3acb73bc74e12362dd1531e
7c2d711c1a0ca30778a246be77e402c89783f1c1
a1836155ae22469158e6ec1cd0641204fda63a03e8c098a4ce0375d0ef4bb7ba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5520
Cache-Control: max-age=103355
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "63883d7e-116"
Expires: Sat, 03 Dec 2022 07:09:02 GMT
Last-Modified: Thu, 01 Dec 2022 05:37:02 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3519a58310eefa01756f0440e2acd7dd
50153382830684a6abb653dc7b4e41d7c7e386b5
5f321e771fa62d9f794339006752655316cdb6e8d69bc23e1d0e3c8bc526f12e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
IP
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d989f35706c62ce4a5c561586c55566e
d32e7958e5765609bf08dcdefd0b2c2a8714ce34
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716
GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33845
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 13:01:47 GMT
expires: Wed, 29 Nov 2023 13:01:47 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 221080
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 6183097fc3acb73bc74e12362dd1531e
7c2d711c1a0ca30778a246be77e402c89783f1c1
a1836155ae22469158e6ec1cd0641204fda63a03e8c098a4ce0375d0ef4bb7ba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5520
Cache-Control: max-age=103355
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "63883d7e-116"
Expires: Sat, 03 Dec 2022 07:09:02 GMT
Last-Modified: Thu, 01 Dec 2022 05:37:02 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 278 B IP
Hash 6183097fc3acb73bc74e12362dd1531e
7c2d711c1a0ca30778a246be77e402c89783f1c1
a1836155ae22469158e6ec1cd0641204fda63a03e8c098a4ce0375d0ef4bb7ba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5520
Cache-Control: max-age=103355
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "63883d7e-116"
Expires: Sat, 03 Dec 2022 07:09:02 GMT
Last-Modified: Thu, 01 Dec 2022 05:37:02 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
www.googletagmanager.com/gtag/js?id=UA-144347007-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-144347007-1
IP
File type ASCII text, with very long lines (1921)
Hash 51c7b3856db39f739a60d1a65f53a8f1
1666db19a695558d8f05cf55b226194775446558
80f8f88fc85dfe72f68d05643e90d47faf0eb378f9622a8093c906ea6b869760
GET /gtag/js?id=UA-144347007-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 02:26:27 GMT
expires: Fri, 02 Dec 2022 02:26:27 GMT
cache-control: private, max-age=900
last-modified: Fri, 02 Dec 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43572
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 868
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "63886ea9-1d7"
Last-Modified: Fri, 02 Dec 2022 02:11:59 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 279 B IP
Hash c694d6b28a189b0333ea5175470947d6
37ff464379d6b946a601f6213534ad72996e17a9
969b608a7ed602f124838644ac458ab7daac9a47f300f28e245bc818c758807d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5590
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Last-Modified: Fri, 02 Dec 2022 00:53:17 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 279 B IP
Hash c694d6b28a189b0333ea5175470947d6
37ff464379d6b946a601f6213534ad72996e17a9
969b608a7ed602f124838644ac458ab7daac9a47f300f28e245bc818c758807d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6583
Cache-Control: max-age=106570
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "638845e6-117"
Expires: Sat, 03 Dec 2022 08:02:37 GMT
Last-Modified: Thu, 01 Dec 2022 06:12:54 GMT
Server: ECS (amb/6B85)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 727 B IP
Hash e7fc2528d7428abd1a3d6d3e4b6f65f0
c65826cbd24fd2297dfa15d284f5daa22d3a7d05
b3d5dc92bbd3be48a17a0d0ccf5b571acc28a3cae388f2bc4d9e2e182bc54097
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6597
Cache-Control: max-age=146560
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "6388e20e-2d7"
Expires: Sat, 03 Dec 2022 19:09:07 GMT
Last-Modified: Thu, 01 Dec 2022 17:19:10 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 727
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 0c418a5bc285d3b90a530fa83a523eb0
56684bd1424ffea9231dc1d656fcb16145797dc3
65ba7358d48a889546dd310973f8bc8855db01ef53c6d3861791fec926dc8395
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.servimg.com/u/f65/13/95/29/87/a3d76410.gif
200 OK 1.1 kB URL HTTP/2 i.servimg.com/u/f65/13/95/29/87/a3d76410.gif
IP
File type GIF image data, version 89a, 24 x 24\012- data
Hash ec1c3cf3bad68a28080cdc3999e1c393
6cef558492a59565c4b304ab84c5bafd29c50ec6
f8fb548ef8bbe2a2fecc2827aa7a4515493bbeac686846e6fda3f807ca71c495
GET /u/f65/13/95/29/87/a3d76410.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 1135
last-modified: Wed, 05 May 2010 21:36:04 GMT
etag: "4be1e4c4-46f"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 31 Oct 2023 06:30:45 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 55105
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dUvbErm1Rrnkfgg%2FsnRp3skRanQGYqhd6o1LIIzL922WaL3yQEG36agsxA2HTLPNiugohHQfVux53lE%2Bc9knpnbrk9Ppw1yrB9u6Ih1H8qjY%2B6r1XrGvZlX52th8QgNJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2afad0b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash c694d6b28a189b0333ea5175470947d6
37ff464379d6b946a601f6213534ad72996e17a9
969b608a7ed602f124838644ac458ab7daac9a47f300f28e245bc818c758807d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5641
Cache-Control: max-age=105628
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "638845e6-117"
Expires: Sat, 03 Dec 2022 07:46:55 GMT
Last-Modified: Thu, 01 Dec 2022 06:12:54 GMT
Server: ECS (amb/6B94)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
200 OK 278 B IP
Hash 4768395bbaedae42f1b5699b4125ea70
7a183697ad7a73d05dfbb2081d822bfe87567bc9
9c49dc7731b01004b5c3cd11cc6c1899961dd4e36fd2688acdf9fbc63e2d6c72
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3745
Cache-Control: max-age=160996
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "63892596-116"
Expires: Sat, 03 Dec 2022 23:09:43 GMT
Last-Modified: Thu, 01 Dec 2022 22:07:18 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
200 OK 313 B IP
Hash 71cfb0d515178ddb8f4ff5a3c4d7f95a
35dff6eed87807a50f6f2cbdca6015d8419551be
c88dfa7b36b0b6eb14aab6d3d8c06020c7d281b3bffec17303946778e99b6e52
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 798
Cache-Control: max-age=156610
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "63891ff7-139"
Expires: Sat, 03 Dec 2022 21:56:37 GMT
Last-Modified: Thu, 01 Dec 2022 21:43:19 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
200 OK 278 B IP
Hash 6183097fc3acb73bc74e12362dd1531e
7c2d711c1a0ca30778a246be77e402c89783f1c1
a1836155ae22469158e6ec1cd0641204fda63a03e8c098a4ce0375d0ef4bb7ba
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5520
Cache-Control: max-age=103355
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "63883d7e-116"
Expires: Sat, 03 Dec 2022 07:09:02 GMT
Last-Modified: Thu, 01 Dec 2022 05:37:02 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
i.servimg.com/u/f43/16/43/22/50/page_r10.png
200 OK 43 B URL HTTP/2 i.servimg.com/u/f43/16/43/22/50/page_r10.png
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /u/f43/16/43/22/50/page_r10.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cyfVONBGIpqbilaLHWvbwh%2FZMpeUZAs7Bhh2cQbAwQdIMcE7sVkrGno60RultOXzWGi6NxU8inYZzQ6nLYp4x4XG0nRgrIdo8TwbL6RzCyssxdADKIC5gseY30sO%2B4ty"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeac7b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
apis.google.com/js/plusone.js
200 OK 21 kB URL HTTP/2 apis.google.com/js/plusone.js
IP
File type ASCII text, with very long lines (1279)
Hash 327d33b72373a953dc7ddef0c6463b48
2fd9b26cb459ff01c3a1dd3507f1c7484cce6ce4
1f9becca80520826519f7908eff9bc2cdf551f9afc5d2a276f9d3c4a55a0e79c
GET /js/plusone.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20984
date: Fri, 02 Dec 2022 02:26:27 GMT
expires: Fri, 02 Dec 2022 02:26:27 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "34fae0e5dab49917"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.servimg.com/u/f27/11/66/67/10/8010.gif
200 OK 909 B URL HTTP/2 i.servimg.com/u/f27/11/66/67/10/8010.gif
IP
File type GIF image data, version 89a, 72 x 20\012- data
Hash d3845acf38daffbd53aef9546acadd6a
478f1e37ba7f192ccda5f51ca91aa0eea66dff96
beb34496701603c315417c73de35aa6904eb5413f50d877d31047b4e580ea992
GET /u/f27/11/66/67/10/8010.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 909
last-modified: Fri, 04 Jan 2008 09:50:17 GMT
etag: "477e0159-38d"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Sat, 19 Aug 2023 02:36:22 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0U5xXOY0VDJCf5iWjnybxWSQ4XG41iVr3qzBQ0geLKwj8xrYOjrPEXiuPe0pUvQwWpqOzsFOiy3qjitZ9e%2BoeRVeKpHjsGJQKTLxadqWmXl3Q4JwlRMk%2BKH5M29%2BHaTf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeac4b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash a11a991958dbd78dfb3392214590ef38
c5fb54ce1ad1c51598623b66827af482c565e0d5
01d67dc39941deea93712fa87453fd27679357916ab856358e0bda7a63b2624d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5390
Cache-Control: max-age=168397
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "63893c12-1d7"
Expires: Sun, 04 Dec 2022 01:13:04 GMT
Last-Modified: Thu, 01 Dec 2022 23:43:14 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
i.servimg.com/u/f45/16/75/43/85/fb110.png
200 OK 5.6 kB URL HTTP/2 i.servimg.com/u/f45/16/75/43/85/fb110.png
IP
File type PNG image data, 33 x 101, 8-bit/color RGBA, non-interlaced\012- data
Hash 4911e62acc17de7d7431a2ba1fce58a4
05368c00922098d284a74013d5e10d2eef7e652f
27fe4044aa1f66bf4235cfe0c969968c6810b68f913b33be2f4d919a7501a879
GET /u/f45/16/75/43/85/fb110.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/png
content-length: 5557
last-modified: Sun, 01 Apr 2012 20:30:49 GMT
etag: "4f78baf9-15b5"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 31 Oct 2023 07:33:19 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a6nC429Uq%2B8AGk4vAtSxvCd7Jrthq3YCqpxeemNQwIcjDlIXA8q%2B1yRq3aToR8oLaE7Utdo%2BOKi0TSUh1kv%2BPIvRo8%2F6TN74RUjhREfdiu0t8NLWVlD6EfrzTnXg5iYl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeac8b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash bcc479a6bf7902dbf5fcc408e9b9ca6d
da44e632a1e411092b276cb0f182cb6623252747
b02b337856de6c2b5582d4f7d017cd32bbc05b7e397cef6c9921efe523686bee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=97811
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "63883d66-117"
Expires: Sat, 03 Dec 2022 05:36:38 GMT
Last-Modified: Thu, 01 Dec 2022 05:36:38 GMT
Server: nginx
Content-Length: 279
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2img.net/i/fa/icon_minitime.gif
200 OK 298 B URL HTTP/2 2img.net/i/fa/icon_minitime.gif
IP
File type GIF image data, version 89a, 12 x 9\012- data
Hash 71647c2ce78f706f8b4b0d84b3369cf5
18fe4a449c64acf98e9570486627f29d3884dff9
de0294a906e3fa470d188c8d596e3a5fc3efc59bab8080506015498db73c18e6
GET /i/fa/icon_minitime.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 298
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-12a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 318942
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2FVuY4DNy%2F3pIsijXoZT656DSY52H7DW72jKo%2BNmKrN3Iuwk5WxjRo2eaAjEqQyc37UVTkbcBIOjdldeZDHxS7pslLg9SJ3G8Q49lXSTOQbL%2BViZfZqTIMLqPw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b581a74f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/empty.gif
200 OK 42 B IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /i/fa/empty.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 42
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-2a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 318944
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SlfBl2Mp5jAUb6Xw2iW85G8UhVvHygMvhPjgZ06H59Q8QTgVXG8mZiTj%2BHGAFQQe8T9XrYun0%2FgotPadS5BAmJw5uzodMd%2BP9%2FC9SRks5NRrRxeEfLZoYBqIoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b581874f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/icon_zodiac_virgo_1.gif
200 OK 252 B URL HTTP/2 2img.net/i/fa/subsilver/icon_zodiac_virgo_1.gif
IP
File type GIF image data, version 89a, 19 x 18\012- data
Hash 31c620bcc03bfc876110e7907e05bd6b
139202061eafeebed9957c274922c1241ccfbaff
d11ba65760782cb4d6b64b46c56cdc559eb1ec085fdfb0913b4dc5ec5ab9556e
GET /i/fa/subsilver/icon_zodiac_virgo_1.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 252
last-modified: Mon, 16 May 2016 11:01:57 GMT
etag: "5739a8a5-fc"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 317369
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=thiSRqMFI4G6v0DKPVH96nw27HO6F8e%2F5gAb9aVirXe4%2Fgr1A3TIphIuj%2FoF5J2ntoNY3%2FVfq%2B5PYfu520wCafdZK%2BgfE3lsk%2FJYXyTDiPUBVAikcj2WKE8aOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b581e74f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
habeb-alroh.forumfa.net/0-rtl.css
200 OK 57 kB URL HTTP/2 habeb-alroh.forumfa.net/0-rtl.css
IP
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash d5ce5b48affd8d65fe70b418d5e3ca59
9dab02a176988bda9435f92f8bfd05ea0afb88ab
4f1b0fa0c7ba30ae762eea3c186199c154dbd35fcadf988418a31110bf3a1476
GET /0-rtl.css HTTP/1.1
Host: habeb-alroh.forumfa.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/t8271-topic
Cookie: exadd=166996
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: text/css
content-length: 57084
last-modified: Fri, 02 Dec 2022 00:00:00 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: MISS
X-Firefox-Spdy: h2
sharebar.addthiscdn.com/v1/sharebar.js
200 OK 400 B URL HTTP/2 sharebar.addthiscdn.com/v1/sharebar.js
IP
Hash 0c033864356694df724d897b6f141ee4
386ddcd43e657cb6fe0cf095a94dfdf87688b1a9
9a393b57c509959832ed340583fe7d553eceab5264f2ab4e1470e226a3be4a93
GET /v1/sharebar.js HTTP/1.1
Host: sharebar.addthiscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Thu, 11 Jan 2018 22:02:15 GMT
etag: W/"5a57dee7-25e"
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 400
date: Fri, 02 Dec 2022 02:26:27 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 05917f7542a781275c12d43562be1507
1ea730e7e2b5a84fb0341ef9a64b141a4dd469b3
2f24492a077b583bd9dfe049c16c60b219d950712879f187ff2160214df9bd0e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2img.net/i/empty.gif
200 OK 43 B IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6d22e4f2d2057c6e8d6fab098e76e80f
b80b11203d97fe01c5597ca3be70406ea48f5709
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
GET /i/empty.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 09 May 2016 08:45:50 GMT
etag: "57304e3e-2b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 3491
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6GzildvwuCRoeZ%2BqJxR%2F%2BM5Pw1VcN%2BRrfXFO5cB1oOf%2BgSiLRQAIB2uhEYVXJmYgNXqbPL2yUb8ChgcNpLfLp6a8dJ%2BOCGwF8rDSiEE4JOglTIGrMnXalwYuFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b682974f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/wysiwyg/quote.gif
200 OK 122 B URL HTTP/2 2img.net/i/fa/subsilver/wysiwyg/quote.gif
IP
File type GIF image data, version 89a, 21 x 20\012- data
Hash 3b56481d6e6f60079a3c15f2350e1f3b
0e21fe63ed661103db16eb368980756a30dd7664
bb21e5e16d25835984f34075e14d18fa6024df1373c6650aba4c2ef8a7de1a23
GET /i/fa/subsilver/wysiwyg/quote.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 122
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-7a"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 295321
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eLvP90sdV7v2fGeqdY4oP2wWqO7hL6s6DVAbqiJS8pTh5YCEYMcYqsYC2y1xiWzhCm5Ma7iHKCaXR9h3eQVGCvC8Xu%2B%2Fqa12T%2B2JXSjvqS6i45Oua0FCvA4vLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b682b74f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash c694d6b28a189b0333ea5175470947d6
37ff464379d6b946a601f6213534ad72996e17a9
969b608a7ed602f124838644ac458ab7daac9a47f300f28e245bc818c758807d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5590
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Last-Modified: Fri, 02 Dec 2022 00:53:17 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
2img.net/i/fa/subsilver/icon_chinese_snake_1.gif
200 OK 241 B URL HTTP/2 2img.net/i/fa/subsilver/icon_chinese_snake_1.gif
IP
File type GIF image data, version 89a, 19 x 18\012- data
Hash 81969ebf6a1ebefe119208dd57e9e6a5
303b2e188f5f5d8db6c178d758f3358aa7aec6d0
a84fcba92176161a7686f9c6676ea7307cb54cd2a2b50292839e6a77d2c7cb46
GET /i/fa/subsilver/icon_chinese_snake_1.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 241
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-f1"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 160934
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5SpTsajgiIZ0%2FeT08MOnBauiGMPBz%2B%2BdUTnVxatw8imKn5anRhU8OeqPDo2TiNOBQhXd8amzKxrACRcXzd%2FddnjCQf84QNLTak1uRxtPeUV9srGbBtCDFgLL8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b683574f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/wysiwyg/bold.gif
200 OK 77 B URL HTTP/2 2img.net/i/fa/subsilver/wysiwyg/bold.gif
IP
File type GIF image data, version 89a, 21 x 20\012- data
Hash a275addf194180d9af9c654a250425e9
f41d7dd4c57212b4fc38c5d4e0f12424b07b4147
9c393fee7e3e451fdac483a6dc0e6dfa38e6e5b2191ded42009bfcaae9f09414
GET /i/fa/subsilver/wysiwyg/bold.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 77
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-4d"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 146121
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lDwkNcNJO6fuP%2FsAxtqeM0yhOA6FGU%2B1%2FE1K82Mo3IOyHdYj7pLNwp90IRvyRxSulFPkaxLDHJbogc6WiRH51%2BhqFbws3NkgHEnYPDWnF7GVg1lSyHkI9W%2FhlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b683874f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/prosilver/icon_contact_www.gif
200 OK 347 B URL HTTP/2 2img.net/i/fa/prosilver/icon_contact_www.gif
IP
File type GIF image data, version 89a, 20 x 20\012- data
Hash c338e10bf84bc5fa3152835f5b66c030
e73f388dda6f87b9bbabf962b36caedcadb72a29
c935da35fc40d1f900c7f05926db8dbd26daceabf9e61a6744f3ca1eb3e91cf7
GET /i/fa/prosilver/icon_contact_www.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 347
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-15b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 318853
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f056RP%2BwHLrMTjile1srVIZam5ISt%2BA25XuV7pWFTLeW7BNE6b5Pbd65KibahIjSbMJyr0Hh0Jtab%2Fqaqoi4hs8i2QK26zd%2FsumPCF6v0QaJ8U4XFCDlP7Zl6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b683b74f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/icon_chinese_monkey_1.gif
200 OK 247 B URL HTTP/2 2img.net/i/fa/subsilver/icon_chinese_monkey_1.gif
IP
File type GIF image data, version 89a, 19 x 18\012- data
Hash c39a5185f893f301f6b60ab7a091590d
35e0a6716306696deb3f4c2345037c1e3d0f0288
e70f18f7e0c2d707366f5247262aee51b1c207a3488fdc33325ca0317628b539
GET /i/fa/subsilver/icon_chinese_monkey_1.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 247
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-f7"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 153909
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2BsGSms%2F7CI6TNH6BdY1lNhXmxghwNDBsGeZwh%2FpEk35b3jsgvq6maK7Qq3rbZ%2FcTyPqucgSCCtyq5QSLu6AtasPs7JvU1m91Xh%2Fg8DXwn2lASUlO3jiwGVnHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b683c74f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
connect.facebook.net/ar_AR/all.js
200 OK 1.7 kB URL HTTP/2 connect.facebook.net/ar_AR/all.js
IP
File type ASCII text, with very long lines (1957)
Hash 95350785e8f295ccdf03eb671a1fd4c0
104f3a824127246b668952cc158e0add1bbf3afc
cbb7600cd62f95541b93fb4c9fb7c19c7130af81ced1c78567bf20934115e391
GET /ar_AR/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 903448b7c7efcf0f682885045359a359
etag: "2018094fb3782cd366502ad87e3c64cb"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 02 Dec 2022 02:43:59 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: lTUHhejylczfA+tnGh/UwA==
x-fb-debug: D+VC8h6EyaZ6I+hof6WKasLSezK0+dXL8qZFJ+DH6SgrgQy71A0f/gKquLCkd+HrjP310jt2p/H/YvE6UkfSyA==
content-length: 1686
x-fb-trip-id: 1679558926
date: Fri, 02 Dec 2022 02:26:27 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/s/t/21/21/56/i_icon_mini_index.png
200 OK 1.4 kB URL HTTP/2 2img.net/s/t/21/21/56/i_icon_mini_index.png
IP
File type PNG image data, 70 x 35, 8-bit gray+alpha, non-interlaced\012- data
Hash bd09f8e64e85993294753b229f07363d
e33f2967f5aeb589dc05a2040a72311699d5ec37
260d9f76c286161391f0fb05888a342d9fd022fd144ea041dba48f63fba58fb2
GET /s/t/21/21/56/i_icon_mini_index.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/png
content-length: 1410
last-modified: Thu, 29 Sep 2016 22:25:04 GMT
etag: "57ed94c0-582"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lb3hVRoS6kargWPSz7VKu%2BBxA9SaW1tj4%2FoRLtLbFcyJkoBKwOqqLRAC86g9emK8dMNSWojJVLLm0zXWl6EUcsI0JTfyTjTLu0BcR1KcAbF30RLvijTP5Ia5Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b581974f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/icon_zodiac_sagittarius_1.gif
200 OK 253 B URL HTTP/2 2img.net/i/fa/subsilver/icon_zodiac_sagittarius_1.gif
IP
File type GIF image data, version 89a, 19 x 18\012- data
Hash efc5e2a8bdc2fdb3fd7de7a59258e392
5a00bf4ae6ed32777f0d968fa64b2374a2dbb19c
e716caa4c89cb937b9df1c99b61c84e29f7fff4cc0409b9792ffb98ca66ec04a
GET /i/fa/subsilver/icon_zodiac_sagittarius_1.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 253
last-modified: Sat, 01 Jan 2005 00:00:00 GMT
etag: "41d5e800-fd"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ctE9GPgzPVdjYKGlAym8ojDIBOD2r%2FicGcZOCK%2Fgz6WbzPeGdxajsK7uG3iEi0W6RSLKIvxvqDIVBMU%2F6PybMncGXMKhBWUzYmQStzRcIqfnxteNWHCbnLzBuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b683474f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/s/t/21/21/56/i_icon_mini_gallery.png
200 OK 2.3 kB URL HTTP/2 2img.net/s/t/21/21/56/i_icon_mini_gallery.png
IP
File type PNG image data, 70 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 61c7f58215f4c0b8965b360f7a1fe103
51af2a204d2437fbf29593b64d918dfbe1653d10
8922e30e27cc58907bac112f8798e3e63294b0d3dc010cd4a5932ff2221ee9fb
GET /s/t/21/21/56/i_icon_mini_gallery.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/png
content-length: 2267
last-modified: Thu, 29 Sep 2016 22:25:04 GMT
etag: "57ed94c0-8db"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FhXdew6jHWNfmOe59AA%2FRZvaosgmpQjlQO%2FrmlqgfWaSILNqR3iUfgJvamyvNpWbcRynk1%2B8yd7t8c4psL38RSU4tGeffgnI%2BFapPAYB0emHnY9H%2BJBhjBwP9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b683f74f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 4768395bbaedae42f1b5699b4125ea70
7a183697ad7a73d05dfbb2081d822bfe87567bc9
9c49dc7731b01004b5c3cd11cc6c1899961dd4e36fd2688acdf9fbc63e2d6c72
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3745
Cache-Control: max-age=160996
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "63892596-116"
Expires: Sat, 03 Dec 2022 23:09:43 GMT
Last-Modified: Thu, 01 Dec 2022 22:07:18 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
2img.net/s/t/21/21/56/i_icon_gender_male.gif
200 OK 1.9 kB URL HTTP/2 2img.net/s/t/21/21/56/i_icon_gender_male.gif
IP
File type GIF image data, version 89a, 72 x 15\012- data
Hash ac9db8766913cf80d1f2ce48965f953e
7d741f2f6f45d19878399f99661df159a777bf29
0d63a4cbfb49aa1ce2de2c388b26145678cb8f629dfc206c21645ddbce4eceda
GET /s/t/21/21/56/i_icon_gender_male.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 1929
last-modified: Thu, 29 Sep 2016 22:25:02 GMT
etag: "57ed94be-789"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sWYFUN3oXqhcw4oUMClUAOGFqis6CiOLQK%2F9C3Kuy0cPsh1ajfrME83TJrc3fY4z%2FiRjyon0U2QQ3x83MKE0U8c8e72Zk0aP50wcufz%2FPFh2fRO2TDIKcdWgHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b683774f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2img.net/s/t/21/21/56/i_icon_mini_register.png
200 OK 2.6 kB URL HTTP/2 2img.net/s/t/21/21/56/i_icon_mini_register.png
IP
File type PNG image data, 70 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c04af30c26e0350c717f3c279df103e
456703a7c0d9a7a6e7b8b228f448234c2955e9b1
5bc41ebae262c24c0d5a24b986b9f57fa6fac0358d5d3f66887d1e53af67f9a6
GET /s/t/21/21/56/i_icon_mini_register.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/png
content-length: 2614
last-modified: Thu, 29 Sep 2016 22:25:03 GMT
etag: "57ed94bf-a36"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AIqTLgdQGB0Clhxh120eAb7ip8H8T85rcNHq2T9hIuHgPAccqBnLQNtNSq5j460fA3m2aYGjMQPKbqf45%2BDhJVuDVDK0IFlPW4kLy8w0cxPls2JJWD3PTLm1EQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b683674f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/h/www.almrah.com/images/icons/rose.gif
200 OK 2.5 kB URL HTTP/2 2img.net/h/www.almrah.com/images/icons/rose.gif
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2522), with no line terminators
Hash 42ec65e70392d81c1cd17e71f9be5bd0
a2326ec4790bb8c67487fd8a59db536b74bedd90
7b5c1bd8ee01037e269d4a4569d85a8b89f630e7b4994152a1fcd27de6c44370
GET /h/www.almrah.com/images/icons/rose.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 2522
last-modified: Mon, 27 Jul 2020 16:39:11 GMT
etag: "5f1f032f-9da"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2BTgm0Whfi3qcvxjTE6Eihc3J3eLGp4P5BVrgLJCYikrfGq%2B%2BobNkeEii1RtwMqHuJ%2Bei6UvRU%2B96cA2U5%2FiamzQy9FCaxVL0YtcOmfpMOM2gFvST5ySkycCzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b683174f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/s/t/21/21/56/i_icon_mini_login.png
200 OK 1.1 kB URL HTTP/2 2img.net/s/t/21/21/56/i_icon_mini_login.png
IP
File type PNG image data, 70 x 35, 8-bit gray+alpha, non-interlaced\012- data
Hash 53fe8fa41805a2af071ac5c027744a54
23b8b98a87fcabcb02f223b5387d7df74764910d
3f0c2854b0791a6d756ef450db1841536377e5e1f1a66f5039cab557745dd42f
GET /s/t/21/21/56/i_icon_mini_login.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/png
content-length: 1138
last-modified: Thu, 29 Sep 2016 22:25:04 GMT
etag: "57ed94c0-472"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=acX%2F%2Bm1Zm2CEpUcXs8%2F9phf494ApPtw%2BEdJTTWaPzb%2Fj4SYtYP2uCIWpG0ALC0Bgri3TjGslmF7hg8JYYBKCDEYft9gy98bxchv6%2B0WwrIjZiC4GSVKGsqg61Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b581b74f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f45/16/75/43/85/twitte10.png
200 OK 17 kB URL HTTP/2 i.servimg.com/u/f45/16/75/43/85/twitte10.png
IP
File type PNG image data, 33 x 101, 8-bit/color RGBA, non-interlaced\012- data
Hash 159ee0cfdc8e98f47db763a7ebcbb1a1
5600d1fd1921764ae1ea2cc60057aa3e5f58662b
1156e7857c303c84340a45e18161bc8d24ea52acde3457465058b944654952ab
GET /u/f45/16/75/43/85/twitte10.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/png
content-length: 16904
last-modified: Sun, 01 Apr 2012 20:29:49 GMT
etag: "4f78babd-4208"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 25 Apr 2023 08:17:38 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5eop3FE7VDYo5bpt0NZBFwJa5%2BnVkItdw%2FlqAIVnvw821bj8Cyuk7UCSZ4IndjtYZ3sg10UG%2FkrkxS%2BRo%2F0eK5xN3hqRjl9CRuqqxevvFmv5JuP0QTIkQ2e9NF1qM8nq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeac3b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f43/16/43/22/50/vcard_10.png
200 OK 43 B URL HTTP/2 i.servimg.com/u/f43/16/43/22/50/vcard_10.png
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /u/f43/16/43/22/50/vcard_10.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vDcCiwn7es1cCSLgvEqyct1vYizibvzMrP0sdCipsbk8YrhCPxfAVV1b%2BqLErDuWv3jW1FA%2B%2FETVXkKSU1PG9xPPTll99CPNJQqY8SVDrQuKMjsAOeOjYi8QVeN4NHrA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeacbb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/i/fa/subsilver/wysiwyg/insertimage.gif
200 OK 145 B URL HTTP/2 2img.net/i/fa/subsilver/wysiwyg/insertimage.gif
IP
File type GIF image data, version 89a, 21 x 20\012- data
Hash 32baf25f03b9901187afabae580bf4a7
bf97ec3e3b189038bc4698d813153166cf557654
8e1a0bd241aa4be7fbe8bf8d18bd57727959ebd3c6b6be93dfcc729001a14082
GET /i/fa/subsilver/wysiwyg/insertimage.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 145
last-modified: Mon, 16 May 2016 11:02:04 GMT
etag: "5739a8ac-91"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JgNONTwcaT%2BwpbzWQdxBg%2BceL5YGOZJKhM2UKlcvw2h%2FjnTQDw1J2R43oAOfPeHn%2FUbGSElVu0ldSRQrKhuvk%2BrDcSKBkuq3gtPOD0DG9uo%2F3DgR%2FTyJNTj9HQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b683974f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f43/16/43/22/50/page_w10.png
200 OK 43 B URL HTTP/2 i.servimg.com/u/f43/16/43/22/50/page_w10.png
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /u/f43/16/43/22/50/page_w10.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E0MG3WzZbYf95xQYTD%2Bp1HzIcSA4DFRHzRdKhMIHtRJGYVJu9NXGFFsSH74gazDaeJGb3Cp7TGQRX%2B794cpyiBr3GbJdh595kKOE%2BuQxGHCRJR66TnQ31K%2BpJapuH6QJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeac9b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/s/t/21/21/56/i_icon_minipost.gif
200 OK 257 B URL HTTP/2 2img.net/s/t/21/21/56/i_icon_minipost.gif
IP
File type GIF image data, version 89a, 16 x 16\012- data
Hash d63c31b681cbebc794c57f1e5e48f8a4
afb6ddbdc3f157f2e72bcd268c9a7b6db2a721d9
1e048091ee6509e5dc0e08d8b7e7c056bb57935d071def9eef44580a7d1dda40
GET /s/t/21/21/56/i_icon_minipost.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 257
last-modified: Thu, 29 Sep 2016 22:25:02 GMT
etag: "57ed94be-101"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ByiymciS2jQDHXfrbGHXaLCXq7GMB9JeQGKFF3CBFbzKnfkrx%2F7jm8w67BLL7K0O1r458Qc58quBF5MRYqL9UreEV3BFOA3jsBUhtUEX%2Be6t%2FvznvjM0IHvNBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b683074f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f43/16/43/22/50/group_10.png
200 OK 807 B URL HTTP/2 i.servimg.com/u/f43/16/43/22/50/group_10.png
IP
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b78ca881bc7039e2f224c69c6e43cae3
ffffded4580b1077130c1aea09ef090a24ebaa93
96608478c1032a9cf112d812a6f25b9c394de4424931e86921004bc84528411e
GET /u/f43/16/43/22/50/group_10.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/png
content-length: 807
last-modified: Wed, 05 Nov 2014 06:45:10 GMT
etag: "5459c776-327"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Wed, 18 Oct 2023 02:28:35 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N5ktLZu%2FN7v64oBIBt3aTVcL2SwB1jRWDrLqX2sbVbSbKEuSyStb4%2BNKqqw14xP0XyE3klaYjZ9gtPYHk1zp0zjul%2FCfeS1IIYnmnwjux4Rr9liJ55bUU64K2o7mXwWu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeacab51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
2img.net/s/t/21/21/56/i_icon_mini_portal.png
200 OK 1.5 kB URL HTTP/2 2img.net/s/t/21/21/56/i_icon_mini_portal.png
IP
File type PNG image data, 70 x 35, 8-bit gray+alpha, non-interlaced\012- data
Hash 946a47eb0d526fd17242bb5443de1bd3
ed14e532dbf494e940411a41d7e78d7b3762f7f4
898d5d002d200dc2e430c4e4dc852bfaf4afb2447b6147daaccc7824ab1f899b
GET /s/t/21/21/56/i_icon_mini_portal.png HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/png
content-length: 1482
last-modified: Thu, 29 Sep 2016 22:25:04 GMT
etag: "57ed94c0-5ca"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vta6h4y9RCk4oTOypFP8%2F3m9eoCaxMWxGY7F%2F7JRE5cbwh9wGfkwS7aWFHUzMPu2BM1748uEEHur%2FIPQFC6VA5PRD55lI3uu5ulIG2yIlzFg3gV1%2FCY1NBU%2Fpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2b683374f5-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f27/11/66/67/10/810.gif
200 OK 1.2 kB URL HTTP/2 i.servimg.com/u/f27/11/66/67/10/810.gif
IP
File type GIF image data, version 89a, 72 x 15\012- data
Hash f3c9c8ae50ec4931abb7639a273964d0
2f94b414ba5e6b0fff89780ebaafd18aedff1c73
4372b2d8a43725848b0da7ef060304c0d12c4c64323a80ef922aca36bdc5945f
GET /u/f27/11/66/67/10/810.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 1179
last-modified: Fri, 04 Jan 2008 10:12:14 GMT
etag: "477e067e-49b"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Wed, 18 Oct 2023 05:51:46 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIVIrvX9j%2FKqRgetUgWOpD0aP1ZGLMkNK3TId%2FZln2qP%2Ff9QIHBFoXf91kqKCzvSUsSNTTBIRUhcih6qHAVO89GKi4B%2F%2BImZQ9doPRXSu7Gx1mMULVIWzATMEo3gN0Z7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeac5b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f45/16/75/43/85/google10.png
200 OK 4.1 kB URL HTTP/2 i.servimg.com/u/f45/16/75/43/85/google10.png
IP
File type PNG image data, 33 x 101, 8-bit/color RGBA, non-interlaced\012- data
Hash 3cae6bf24dc92dde869f2ff4b8a52e9b
97f782e6766954425662054e1eb55b7e1ab19a9c
ced46625689e36b372bfd0564e94b8b951983092d66e9dbb7ca0c415c33dbe2c
GET /u/f45/16/75/43/85/google10.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/png
content-length: 4127
last-modified: Fri, 04 May 2012 10:04:57 GMT
etag: "4fa3a9c9-101f"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Sat, 02 Dec 2023 02:26:27 GMT
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2aSqJqgTCAoY4PiDiU4rsL%2BbeOCcQ3FrM5%2BdUhuV5Q0aS4qG1lih65eV6zTqDnK9s3wwsL%2BxQNg7RKc149pR5Yvbckye365SJ80N%2FfFHyTGPoi3AS4loUgizVOxZT6W3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeaccb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f43/16/43/22/50/email_10.png
200 OK 43 B URL HTTP/2 i.servimg.com/u/f43/16/43/22/50/email_10.png
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /u/f43/16/43/22/50/email_10.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=074JRM%2Bw95eoktYTuY%2FsmFdp7HuCVoL1Y0BBdQfdMsv4PX2AXqxwGw9JyR8wNwYbNMFCJMgYCEmMh0dBh4Lp%2BtesQRdbHGPOsmRGdVtpZoCPrS24G7D3jkqCaKxVgVaC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeac6b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f43/16/43/22/50/group_11.png
200 OK 43 B URL HTTP/2 i.servimg.com/u/f43/16/43/22/50/group_11.png
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /u/f43/16/43/22/50/group_11.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NXUakvtcJrY8dVDVZw55nUxsnq586GfLVUcjZBQIj2uuztHD9gG2gzWWXYuMBqWBKjDY8GTX4dZbTk9opjnJ2EuhpAEMh6JIvyoer4%2BcSmxUcNmkMb%2FAJoRdCh32%2FK9R"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeaceb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 44njA8EUg2leKXgimqMbzA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: z2u3+y5BIjOYvktjgnNqicBfZVI=
i.servimg.com/u/f43/16/43/22/50/0111.png
200 OK 43 B URL HTTP/2 i.servimg.com/u/f43/16/43/22/50/0111.png
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /u/f43/16/43/22/50/0111.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mhWOzb2mogegyjwBmswEgIDCA3rjMG9VD28G4eeA0NIiwV%2FB5oa825gdrZ0KAgYVwanONLTuwKRmD4yNncRaYRXXyfiKbiOeLuoxadKm%2F5xUMu5sEkA4Rd4v8%2FyzL12b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeacfb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f43/16/43/22/50/user_a10.png
200 OK 43 B URL HTTP/2 i.servimg.com/u/f43/16/43/22/50/user_a10.png
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /u/f43/16/43/22/50/user_a10.png HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KMWJFphagE4PbH7b%2FoDNe5jLS81QEYaJQdbXTIXKr%2BXilEeWTRzMP8Sr0x9n8WAEso%2B8YrYOnOPDPdFUEFZVEKo7Z44jpt2ayFffZzN8NX7%2BRs0EXgmacrfPbLJHGAIs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2afad1b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.servimg.com/u/f65/13/95/29/87/56x76311.gif
200 OK 1.2 kB URL HTTP/2 i.servimg.com/u/f65/13/95/29/87/56x76311.gif
IP
File type GIF image data, version 89a, 24 x 24\012- data
Hash d1a5331b5a92573fac3e6eb39174b02a
7feaf8565390e3a71b6de5941dda3d08430af74f
24209a93a8d95ab9bf4f46acab37a66a87cc6f80f3d73a5c184a593401d4cf3e
GET /u/f65/13/95/29/87/56x76311.gif HTTP/1.1
Host: i.servimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: image/gif
content-length: 1177
last-modified: Wed, 05 May 2010 21:35:15 GMT
etag: "4be1e493-499"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
expires: Tue, 31 Oct 2023 07:17:26 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ro2%2FozT1KNWkYm6Rx%2BU9wSdb42UYNksWOW8UbnryHSCYn7%2FEb0viqSAgMfb7OQ6m6tk2O7dkWdqqYa%2BvUsVb66Q727Bl0YV%2BHZ55qPrSl2%2F6uaCB5JNA7IwK5hO4FOdd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2aeacdb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash bcc479a6bf7902dbf5fcc408e9b9ca6d
da44e632a1e411092b276cb0f182cb6623252747
b02b337856de6c2b5582d4f7d017cd32bbc05b7e397cef6c9921efe523686bee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=97811
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:27 GMT
Etag: "63883d66-117"
Expires: Sat, 03 Dec 2022 05:36:38 GMT
Last-Modified: Thu, 01 Dec 2022 05:36:38 GMT
Server: nginx
Content-Length: 279
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9fc0dcc572763eb9c2ced86204777cd1
fb3c465c18c81e8267a13f90e3ef55dd14d8bde1
190203622df327916a6740b04f6868767c6daea0b92b6748aa920e2359609325
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "190203622DF327916A6740B04F6868767C6DAEA0B92B6748AA920E2359609325"
Last-Modified: Thu, 01 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21554
Expires: Fri, 02 Dec 2022 08:25:41 GMT
Date: Fri, 02 Dec 2022 02:26:27 GMT
Connection: keep-alive
static.criteo.net/js/ld/publishertag.js
200 OK 60 kB URL HTTP/2 static.criteo.net/js/ld/publishertag.js
IP
Hash a472bbec715aa7db4f65538a138d8b30
2ea824b3bc0f0f1e61a85f9e893b900d216ec579
c50d545976d2bb9f93d4f024ae3b2027ec0936900e428a2fa1ff437fc25b20bd
GET /js/ld/publishertag.js HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: text/javascript
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
etag: W/"6356752f-1e444"
expires: Sat, 03 Dec 2022 02:26:27 GMT
cross-origin-resource-policy: cross-origin
cache-control: max-age=86400, public
timing-allow-origin: *
access-control-allow-origin: *
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
www.crezeman.com/vb/js/widget.js
404 Not Found 1.0 kB URL HTTP/2 www.crezeman.com/vb/js/widget.js
IP
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 (with BOM) text
Hash d5ac4d6e535abfb01bb8419ef20fe0be
408f49f8148164ddac604f7fc88200b907432182
1c0fedb456f6f76ee27fc0c68afddf2aee18376f44216519c6de471fdc54da7e
GET /vb/js/widget.js HTTP/1.1
Host: www.crezeman.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Sat, 21 Aug 2021 13:03:02 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=urJ5%2BAwqQx4%2BVIp0T%2FhgfPloh5ICpKBgCKcFV73dxahRvOlRuRAneXeWQv70pFYHT%2F03gCih7c4s8jDQm6l0oOPC3YLv%2BYZxOFrYiVgUxwb1VipO1GOaqyutXF%2BSMdiBeLlx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77309e2b6e90b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adminstar20.3rab.pro/10969.js
301 Moved Permanently 0 B URL HTTP/2 adminstar20.3rab.pro/10969.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /10969.js HTTP/1.1
Host: adminstar20.3rab.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Fri, 02 Dec 2022 02:26:27 GMT
content-length: 0
location: http://adminstar20.rigala.net/10969.js
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash f62e5a8763a67bf7ef9ede871bfa29b6
953d9e2208344a9d7f77b2c241c90edeb97623a6
2abf2eba14f7fc362eb5ebf918e25a8d6bcd6f7e9291070e16ab4a6be2aaf09c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=89916
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:28 GMT
Etag: "63881e90-117"
Expires: Sat, 03 Dec 2022 03:25:04 GMT
Last-Modified: Thu, 01 Dec 2022 03:25:04 GMT
Server: nginx
Content-Length: 279
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 66a8e328e684aee2b6c736ef49c05c38
902d1e682b0261a9fe52b5d9341056c3aff3a6c3
3a8d87cc66e9cb3baebdc844aeb4ddf237114a7b2b7966cf13bb89e6ca7ac1a2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=170772
Date: Fri, 02 Dec 2022 02:26:28 GMT
Etag: "63894321-1d7"
Expires: Sun, 04 Dec 2022 01:52:40 GMT
Last-Modified: Fri, 02 Dec 2022 00:13:21 GMT
Server: ECS (bsa/EB18)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: cVY7MPazz-GbLqKCcbGV08CmXw3ZcO-mEjVvXVhzD4obaJhvBoe0AQ==
Age: 5959
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 0c097a888bfae1a2f6689659badc177c
e9502837ad513fc7a0412bbcea337399ce887cb8
76a78f7e844cee2cb9a300d517fb42f95e0030d29a8ba1e006232e1a3a359588
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "76A78F7E844CEE2CB9A300D517FB42F95E0030D29A8BA1E006232E1A3A359588"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11467
Expires: Fri, 02 Dec 2022 05:37:35 GMT
Date: Fri, 02 Dec 2022 02:26:28 GMT
Connection: keep-alive
a1.pnghunt.com/preview/1012/104/942/neon-hearts-blueneon-png-clipart.jpg
200 OK 3.5 kB URL HTTP/2 a1.pnghunt.com/preview/1012/104/942/neon-hearts-blueneon-png-clipart.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 128x128, components 3\012- data
Hash 9422cf6e019e88c1459e1f277acac264
9e0def273c1faa0d027814c412417164a6b7f582
3b89bb54cdd5d7ca84e83464269fc21906f82fb7b0e729b21309932aa7dfe47b
GET /preview/1012/104/942/neon-hearts-blueneon-png-clipart.jpg HTTP/1.1
Host: a1.pnghunt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:28 GMT
content-type: image/jpeg
content-length: 3525
last-modified: Mon, 02 Dec 2019 09:09:43 GMT
etag: "5de4d4d7-dc5"
expires: Mon, 27 Nov 2023 02:26:28 GMT
cache-control: max-age=31104000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HWQBYVSiMquNo%2BIaLNBh9nM8A0pqQBHtKFWPC8N7lAayfoUVavciQVQxuwvhlYVr6rbU2nVxc%2BhIsXJHDoms5KMka%2Fh5MIZk1Jyb7R%2BoXUj%2B8787SoptPbIRidUMrXgePQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2d7d5fb4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/addthis/addthis_widget.js
200 OK 3.6 kB URL HTTP/2 illiweb.com/rs3/66/frm/addthis/addthis_widget.js
IP
File type ASCII text, with very long lines (6873), with no line terminators
Hash 15af2a7637bd28a5b25cf0e108ad6f40
958413f792f4c018243de87324e0b5a3344e692d
94dea2f4cbf9f9b4aa0f00fea983b6078374e52885dbdc33eb0f012f0aec6a8e
GET /rs3/66/frm/addthis/addthis_widget.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:28:03 GMT
last-modified: Tue, 27 Aug 2019 14:00:11 GMT
x-cache-ne: EXPIRED
x-cache-pr: EXPIRED
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 752304
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HPXdE%2Fz%2Bgj4emvyV0C17RGzWMxFZB0BfVIUP9PACIInqu7hLhjHdKhFbHMazWC1dcNuGwID%2F4G6cFNM7uNs2oC6ZqJ2zWGbS3HXcq0e4CEAfeosMz0F3CJPuTxEMOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2a5ff4b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash f62e5a8763a67bf7ef9ede871bfa29b6
953d9e2208344a9d7f77b2c241c90edeb97623a6
2abf2eba14f7fc362eb5ebf918e25a8d6bcd6f7e9291070e16ab4a6be2aaf09c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=89916
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:28 GMT
Etag: "63881e90-117"
Expires: Sat, 03 Dec 2022 03:25:04 GMT
Last-Modified: Thu, 01 Dec 2022 03:25:04 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
habeb-alroh.forumfa.net/users/1311/13/28/86/avatars/gallery/uuoou10.gif
200 OK 8.3 kB URL HTTP/2 habeb-alroh.forumfa.net/users/1311/13/28/86/avatars/gallery/uuoou10.gif
IP
File type GIF image data, version 89a, 150 x 112\012- data
Hash a7fb6d3a7ad805f36bf4dfeaa69cd5b4
8b4fa7a9d2c5e732bce1ca521e49b9e7b6d585fb
06870f8f56acd2ad205b2514a86bcfb091b95943beb5487f2de06397ec1f9888
GET /users/1311/13/28/86/avatars/gallery/uuoou10.gif HTTP/1.1
Host: habeb-alroh.forumfa.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/t8271-topic
Cookie: exadd=166996; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:28 GMT
content-type: image/gif
content-length: 8298
last-modified: Wed, 17 Aug 2011 13:45:52 GMT
etag: "4e4bc610-206a"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash eac21c018b331c380a594610bc4d25ad
6b3a72c908edc11e5e389bbc0bb768fb2757adbe
8315de5b82f2596de9c7f2d790853d2026f842d1c024647e71e64b4b00973256
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8315DE5B82F2596DE9C7F2D790853D2026F842D1C024647E71E64B4B00973256"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=185
Expires: Fri, 02 Dec 2022 02:29:33 GMT
Date: Fri, 02 Dec 2022 02:26:28 GMT
Connection: keep-alive
s08.flagcounter.com/count/Jfyc/bg_FFFFFF/txt_000000/border_29C1CC/columns_2/maxflags_12/viewers_0/labels_1/pageviews_1/flags_1/
200 OK 14 kB URL HTTP/1.1 s08.flagcounter.com/count/Jfyc/bg_FFFFFF/txt_000000/border_29C1CC/columns_2/maxflags_12/viewers_0/labels_1/pageviews_1/flags_1/
IP
File type PNG image data, 186 x 162, 8-bit/color RGB, non-interlaced\012- data
Hash 66df6f31a61296ecee37cd55515716fc
3f11f4fe73c8d0300298e20045d15f05f7472ec3
8e505158f05f960f3ab53e4c8b53cb55da40f4601313a8d5ec77e6d55a3b597a
GET /count/Jfyc/bg_FFFFFF/txt_000000/border_29C1CC/columns_2/maxflags_12/viewers_0/labels_1/pageviews_1/flags_1/ HTTP/1.1
Host: s08.flagcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 02:26:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Pragma: no-cache
Cache-control: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: image/png
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9e476c7f51632b2ae08c6ec199977342
609e442852e675cdbad89c6f10718d09e1acf66c
ac33d2438deb8c72f4ea11caef4a6b851b79a72faab429719223133a7d8cf491
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC33D2438DEB8C72F4EA11CAEF4A6B851B79A72FAAB429719223133A7D8CF491"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13892
Expires: Fri, 02 Dec 2022 06:18:00 GMT
Date: Fri, 02 Dec 2022 02:26:28 GMT
Connection: keep-alive
s10.histats.com/js15.js
200 OK 4.2 kB IP
File type HTML document, ASCII text, with very long lines (11088), with no line terminators
Hash b6d296cf9da7653944a8125ae7837d4f
2731746edd88e58f0d673f063b4e02b2b5c0b239
d67feaaf613c6961d7eda0de54abe7aa39c4e20c545ee2617d13a64cf9cf6f17
GET /js15.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:21:15 GMT
etag: "980881274"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 292652325
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4214
X-Firefox-Spdy: h2
www.wieistmeineip.de/ip-address/?size=468x60
200 OK 4.6 kB URL HTTP/2 www.wieistmeineip.de/ip-address/?size=468x60
IP
File type GIF image data, version 87a, 468 x 60\012- data
Hash d51c636f22e748f476358086ea02ca51
d124b1372a024cb867957847a43a9c25f0dd2231
0909e1f146a085b29e3e4ec804681425581adbe426dc9452590386f591136cca
GET /ip-address/?size=468x60 HTTP/1.1
Host: www.wieistmeineip.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:28 GMT
content-type: image/gif
content-length: 4552
server: Apache
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000; includeSubDomains
set-cookie: session=3r67ia2kdp4oomkv9ap418hias; path=/; domain=.wieistmeineip.de
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: sameorigin
access-control-allow-origin: *
X-Firefox-Spdy: h2
adminstar20.rigala.net/10969.js
301 Moved Permanently 0 B URL HTTP/2 adminstar20.rigala.net/10969.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /10969.js HTTP/1.1
Host: adminstar20.rigala.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Fri, 02 Dec 2022 02:26:28 GMT
content-length: 0
location: https://adminstar20.rigala.net/10586.js
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: HIT
X-Firefox-Spdy: h2
adminstar20.rigala.net/10586.js
200 OK 25 kB URL HTTP/2 adminstar20.rigala.net/10586.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash daff633cc64b54082f39cd3c033e716f
3888948d49bdbcc9029c8a28f3e14a94a3ef3bfa
a367758d1b741524551e7b16fe1dd7f00e96ef4ea425792dcf21903002a3403a
GET /10586.js HTTP/1.1
Host: adminstar20.rigala.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:28 GMT
content-type: application/x-javascript
content-length: 25244
last-modified: Tue, 03 Nov 2020 20:33:06 GMT
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: HIT
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 67ba6e40cead49277ca150244d8c2b8e
377f59178c973b818d101dd1aaecff642ae56853
9f229f83cfd7eb1a3f4f3cc53749433d58b102b8b762ef571ca3174fa94ab5df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1820
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:28 GMT
Last-Modified: Fri, 02 Dec 2022 01:56:08 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
2img.net/h/afalaz.files.wordpress.com/2009/05/palestine.gif
404 Not Found 11 kB URL HTTP/2 2img.net/h/afalaz.files.wordpress.com/2009/05/palestine.gif
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 2725a59bf5cfe32739484bf4b5c9e3f7
20b0458abc482020fcf9c395507208cb1384f000
b57e442b9f5c2e51485ff70d4aeb19e66eef203a0bab9620e47f884f0a2cac11
GET /h/afalaz.files.wordpress.com/2009/05/palestine.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
date: Fri, 02 Dec 2022 02:26:28 GMT
content-type: text/html
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=st5d5AdTHrxnL0WghcdN8ulmEpzwzluyJnCide4yxo8nH9eo3%2Bb0%2FsrSozZcEcY%2Bd%2Ba6uI3zFZumrkacDQrhgGygILmmYBzLFHSglmHKMUOhSPlINlw9%2FOavqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2b581d74f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 67ba6e40cead49277ca150244d8c2b8e
377f59178c973b818d101dd1aaecff642ae56853
9f229f83cfd7eb1a3f4f3cc53749433d58b102b8b762ef571ca3174fa94ab5df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1820
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:28 GMT
Last-Modified: Fri, 02 Dec 2022 01:56:08 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
adminstar20.3rab.pro/26802.js
301 Moved Permanently 0 B URL HTTP/2 adminstar20.3rab.pro/26802.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /26802.js HTTP/1.1
Host: adminstar20.3rab.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 02 Dec 2022 02:26:28 GMT
content-length: 0
location: http://adminstar20.rigala.net/26802.js
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: HIT
X-Firefox-Spdy: h2
ahmedto.github.io/wahetaleslam/a7la.js
200 OK 1.2 kB URL HTTP/2 ahmedto.github.io/wahetaleslam/a7la.js
IP
File type ASCII text, with very long lines (1204)
Hash 160d1f52dbf5de6ec8b8fef396d7da5d
79ae88d8897b7dd9209c4ef7881c0c546f8ad88a
6730362ddb860c2008b419da1542f8a2e4819c6e7d309a052ee480f96851a9f1
GET /wahetaleslam/a7la.js HTTP/1.1
Host: ahmedto.github.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Sat, 09 Apr 2022 21:07:28 GMT
access-control-allow-origin: *
etag: W/"6251f590-3bd6"
expires: Thu, 01 Dec 2022 23:46:14 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: D144:1978:D3E77B:1297E38:63893A6E
accept-ranges: bytes
date: Fri, 02 Dec 2022 02:26:28 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1668-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669947989.657728,VS0,VE107
vary: Accept-Encoding
x-fastly-request-id: 331d42e63a3ddf5582d53c8f4ff992816b2f523f
content-length: 1244
X-Firefox-Spdy: h2
adminstar20.rigala.net/26802.js
301 Moved Permanently 0 B URL HTTP/2 adminstar20.rigala.net/26802.js
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /26802.js HTTP/1.1
Host: adminstar20.rigala.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 02 Dec 2022 02:26:28 GMT
content-length: 0
location: https://adminstar20.rigala.net/26260.js
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: HIT
X-Firefox-Spdy: h2
adminstar20.rigala.net/26260.js
200 OK 2.9 kB URL HTTP/2 adminstar20.rigala.net/26260.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 02d3cce8d28fd3d88b9a4c9e770b3b85
5d59c2c85487c29d2d60cf642fee3f7d1c29a247
2a9c0b398d7b4e5084ba858392d8fe50d51602146d3fe2f50bf070512712fb27
GET /26260.js HTTP/1.1
Host: adminstar20.rigala.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:28 GMT
content-type: application/x-javascript
content-length: 2949
last-modified: Sun, 22 Nov 2020 10:17:40 GMT
content-encoding: gzip
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: HIT
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 41281bca0845b88bd9a0d621b21fd5db
29236c09e46ba0f50711ccdaf87a571aafcf63b7
ed64c349b7daad719166aeb8a454d27a82e50aa69cbb91419eaf1583e94e3fc5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED64C349B7DAAD719166AEB8A454D27A82E50AA69CBB91419EAF1583E94E3FC5"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18596
Expires: Fri, 02 Dec 2022 07:36:25 GMT
Date: Fri, 02 Dec 2022 02:26:29 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 78db0e1ebba5cafd2ca1f0ea7b0d01f3
9211c3a050019a7ba48dbded081dc8ed87819b03
b00733b61913fb48bf2d070b335077e43f9eb9f99b86a7b80b8ad3d44b362849
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B00733B61913FB48BF2D070B335077E43F9EB9F99B86A7B80B8AD3D44B362849"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2661
Expires: Fri, 02 Dec 2022 03:10:50 GMT
Date: Fri, 02 Dec 2022 02:26:29 GMT
Connection: keep-alive
go.mobisla.com/notice.php?p=1427601&interactive=1&pushup=1
302 Found 138 B URL HTTP/2 go.mobisla.com/notice.php?p=1427601&interactive=1&pushup=1
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /notice.php?p=1427601&interactive=1&pushup=1 HTTP/1.1
Host: go.mobisla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 02 Dec 2022 02:26:29 GMT
content-type: text/html
content-length: 138
location: https://mobpushup.com/notice.php?p=1427601&interactive=1&pushup=1
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
go.oclaserver.com/apu.php?zoneid=1427604
302 Found 138 B URL HTTP/2 go.oclaserver.com/apu.php?zoneid=1427604
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /apu.php?zoneid=1427604 HTTP/1.1
Host: go.oclaserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Fri, 02 Dec 2022 02:26:29 GMT
content-type: text/html
content-length: 138
location: https://cobalten.com/apu.php?zoneid=1427604
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 951f1b90ed320c3474aba1862d4d1940
988434817abf95e6270b6393da59ec7631df4090
c52e4d5030086652a73da2e1c2197067aa53f6fd4d0bf19237c534f302f63161
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C52E4D5030086652A73DA2E1C2197067AA53F6FD4D0BF19237C534F302F63161"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1029
Expires: Fri, 02 Dec 2022 02:43:38 GMT
Date: Fri, 02 Dec 2022 02:26:29 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20161
Expires: Fri, 02 Dec 2022 08:02:30 GMT
Date: Fri, 02 Dec 2022 02:26:29 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20161
Expires: Fri, 02 Dec 2022 08:02:30 GMT
Date: Fri, 02 Dec 2022 02:26:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:20:09 GMT
age: 68780
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 16593
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20161
Expires: Fri, 02 Dec 2022 08:02:30 GMT
Date: Fri, 02 Dec 2022 02:26:29 GMT
Connection: keep-alive
2img.net/h/afalaz.files.wordpress.com/2009/05/iraq.gif
404 Not Found 114 B URL HTTP/2 2img.net/h/afalaz.files.wordpress.com/2009/05/iraq.gif
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash e113f96bf03a3d167e9c84a5b787cd69
e3fb51666eccbd566e915c06a5bc12f59438ff9d
cfa9ac4c36d0953a068103f3ecf2ce38c6c33092f524cf70783a0928b53e7e70
GET /h/afalaz.files.wordpress.com/2009/05/iraq.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
date: Fri, 02 Dec 2022 02:26:28 GMT
content-type: text/html
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=noHfYdn%2BhHmqSe6qqQSOa4ltvNY%2BGhbF7FV5y4INBim0aDJBURmNImUQLXnDyCU4hpvKdCerQgK9gCIA3qwU9w9rZz3wtKclYjoONXpDVTZXUa89i1i%2B3xXFAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77309e2b581c74f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20161
Expires: Fri, 02 Dec 2022 08:02:30 GMT
Date: Fri, 02 Dec 2022 02:26:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c7113338bc3310b13d23ca415c177e2
2cb4edc6b161c6d2d5b47aa498ae54e677966466
3a83adce869dd7eb064c583bf7ff93c57fabd7ea2da872f7d1f7d868b8a492e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10270
x-amzn-requestid: ac2d2825-2ec4-435e-9921-3ea6524df1dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfG1nEvYoAMFliA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e8a-4419423112b5723e3dba46ea;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2ihxuuXiECC4oX11t_vswhnLF0UpqDuboPLkrhpWwp-vfCR5pxGGxw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:50 GMT
age: 16359
etag: "2cb4edc6b161c6d2d5b47aa498ae54e677966466"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20161
Expires: Fri, 02 Dec 2022 08:02:30 GMT
Date: Fri, 02 Dec 2022 02:26:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png
200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 82ea44d6cb116fb1f5752ce9bb87e345
f799dfd89a4f5a452dc837b8616549f578fb4184
e9087e7fce332289d67d4d5646d0233c2f2d871cc88dc1c51d5ea1e9f2fb5abd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F356e23df-cb76-452a-b299-da5410086837.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15495
x-amzn-requestid: 977cdbce-3a9c-4006-a5a1-5c4c82bd4a94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDIFxzIAMFzEw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-4b2cb3a16ca745537a8caf8c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KnOx0PJ8BR9OoAzXfuWk_Je_yawqzY4isC0hYTZRvJ74YiVs8jqyIQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 22:25:42 GMT
age: 14447
etag: "f799dfd89a4f5a452dc837b8616549f578fb4184"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F092f8542-1ed2-47c2-82aa-d5ef970a77ca.png
200 OK 3.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F092f8542-1ed2-47c2-82aa-d5ef970a77ca.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 89e1a735e16f55c78fa75ae434294029
6c56f4015305eff04a99cec9758cd40bf4e5f704
26e8b042c0bbef2c7f93f77451563cf6e12af282251ef864652574be2b2c5b15
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F092f8542-1ed2-47c2-82aa-d5ef970a77ca.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3711
x-amzn-requestid: 68772438-16c4-40ab-a40e-860425d8301c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGyhHVsIAMFmsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e76-21d27db6708228002e738938;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: JOCSKxy4WUDbS22Gd9BlyN1gmcDsDNlNWnT57KITGlNwfOe_Iaco9g==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:59 GMT
age: 16650
etag: "6c56f4015305eff04a99cec9758cd40bf4e5f704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash edd194309c9cbc386ef7a933d10d316b
fe32e32bae196c8a48d51cd0d275f8be697ae071
1eb6f12535a634001c711c7a567b6070dd8ced61dfcc6700e01ec02176c5074c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1EB6F12535A634001C711C7A567B6070DD8CED61DFCC6700E01EC02176C5074C"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18609
Expires: Fri, 02 Dec 2022 07:36:38 GMT
Date: Fri, 02 Dec 2022 02:26:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:43:11 GMT
age: 67398
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1a5f1b4d273b7964e66f38c2f522d716
e05d791b00a23095cde196f8f02932859496cb3b
3d858aafb850ca0bf8cb15b637df05b548ffa68f916f11e1654a4196e415498c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3D858AAFB850CA0BF8CB15B637DF05B548FFA68F916F11E1654A4196E415498C"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=513
Expires: Fri, 02 Dec 2022 02:35:02 GMT
Date: Fri, 02 Dec 2022 02:26:29 GMT
Connection: keep-alive
mobpushup.com/notice.php?p=1427601&interactive=1&pushup=1
200 OK 8 B URL HTTP/2 mobpushup.com/notice.php?p=1427601&interactive=1&pushup=1
IP
File type ASCII text, with no line terminators
Hash 3bbbac058fc4ed9e8078f0318d31d9fa
fb3f78865eac1bdd3406f00b9cae5c6cdf6211b8
3938c63e8b782001c4b451b439634c1380b1e262d919e11ba7374862835d83e4
GET /notice.php?p=1427601&interactive=1&pushup=1 HTTP/1.1
Host: mobpushup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:29 GMT
content-type: application/octet-stream
content-length: 8
X-Firefox-Spdy: h2
cobalten.com/apu.php?zoneid=1427604
403 Forbidden 7 B URL HTTP/2 cobalten.com/apu.php?zoneid=1427604
IP
File type ASCII text, with no line terminators
Hash 758ff964ee78d0c90f3a14d8d4af8ab3
f248d30ac9849b0ead400537632beb02c9c703d1
00e3fbbf542561da72fdc5ea89cfd1405c17739dd49210252e611c3122018efe
GET /apu.php?zoneid=1427604 HTTP/1.1
Host: cobalten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
server: nginx
date: Fri, 02 Dec 2022 02:26:29 GMT
content-type: text/plain; charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
go.mobtrks.com/notice.php?p=1442053&interstitial=1
404 Not Found 7 B URL HTTP/2 go.mobtrks.com/notice.php?p=1442053&interstitial=1
IP
File type ASCII text, with no line terminators
Hash 3b66fb7a307f3ca29bd59b2f354055bd
d6ae6ccb37eb272d94d4a5191fa50372f4d06bba
de68e8f959bc131328db7581860711517d6ae1eb03aa047043dc7f826906e5a4
GET /notice.php?p=1442053&interstitial=1 HTTP/1.1
Host: go.mobtrks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Cookie: scm=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 02 Dec 2022 02:26:29 GMT
content-type: text/plain; charset=utf-8
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: f7936e93ecf8a3ebe50383cf7c6267d6
access-control-expose-headers: X-Sc
X-Firefox-Spdy: h2
go.mobisla.com/notice.php?p=678856&interactive=1&pushup=1
302 Found 138 B URL HTTP/2 go.mobisla.com/notice.php?p=678856&interactive=1&pushup=1
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /notice.php?p=678856&interactive=1&pushup=1 HTTP/1.1
Host: go.mobisla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 02 Dec 2022 02:26:29 GMT
content-type: text/html
content-length: 138
location: https://mobpushup.com/notice.php?p=678856&interactive=1&pushup=1
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
go.mobtrks.com/notice.php?p=678262&interstitial=1
404 Not Found 7 B URL HTTP/2 go.mobtrks.com/notice.php?p=678262&interstitial=1
IP
File type ASCII text, with no line terminators
Hash 3b66fb7a307f3ca29bd59b2f354055bd
d6ae6ccb37eb272d94d4a5191fa50372f4d06bba
de68e8f959bc131328db7581860711517d6ae1eb03aa047043dc7f826906e5a4
GET /notice.php?p=678262&interstitial=1 HTTP/1.1
Host: go.mobtrks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Cookie: scm=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 02 Dec 2022 02:26:29 GMT
content-type: text/plain; charset=utf-8
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 2a05f143320650dcbeca6f828801c920
access-control-expose-headers: X-Sc
X-Firefox-Spdy: h2
go.oclaserver.com/apu.php?zoneid=678260
302 Found 138 B URL HTTP/2 go.oclaserver.com/apu.php?zoneid=678260
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /apu.php?zoneid=678260 HTTP/1.1
Host: go.oclaserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 02 Dec 2022 02:26:29 GMT
content-type: text/html
content-length: 138
location: https://cobalten.com/apu.php?zoneid=678260
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
mobpushup.com/notice.php?p=678856&interactive=1&pushup=1
200 OK 8 B URL HTTP/2 mobpushup.com/notice.php?p=678856&interactive=1&pushup=1
IP
File type ASCII text, with no line terminators
Hash 3bbbac058fc4ed9e8078f0318d31d9fa
fb3f78865eac1bdd3406f00b9cae5c6cdf6211b8
3938c63e8b782001c4b451b439634c1380b1e262d919e11ba7374862835d83e4
GET /notice.php?p=678856&interactive=1&pushup=1 HTTP/1.1
Host: mobpushup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:29 GMT
content-type: application/octet-stream
content-length: 8
X-Firefox-Spdy: h2
cobalten.com/apu.php?zoneid=678260
403 Forbidden 7 B URL HTTP/2 cobalten.com/apu.php?zoneid=678260
IP
File type ASCII text, with no line terminators
Hash 758ff964ee78d0c90f3a14d8d4af8ab3
f248d30ac9849b0ead400537632beb02c9c703d1
00e3fbbf542561da72fdc5ea89cfd1405c17739dd49210252e611c3122018efe
GET /apu.php?zoneid=678260 HTTP/1.1
Host: cobalten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 403 Forbidden
server: nginx
date: Fri, 02 Dec 2022 02:26:29 GMT
content-type: text/plain; charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
www.facebook.com/plugins/like.php?locale=en_GB&href=https%3A%2F%2Fhabeb-alroh.forumfa.net%2Ft8271-topic&send=false&layout=standard&width=60&show_faces=false&action=like&colorscheme=light&font&height=60
200 OK 0 B URL HTTP/2 www.facebook.com/plugins/like.php?locale=en_GB&href=https%3A%2F%2Fhabeb-alroh.forumfa.net%2Ft8271-topic&send=false&layout=standard&width=60&show_faces=false&action=like&colorscheme=light&font&height=60
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /plugins/like.php?locale=en_GB&href=https%3A%2F%2Fhabeb-alroh.forumfa.net%2Ft8271-topic&send=false&layout=standard&width=60&show_faces=false&action=like&colorscheme=light&font&height=60 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html;charset=utf-8
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-xss-protection: 0
x-fb-debug: xVawlPah8HYX1R1xeonIX5eFadjsJe8tLFJES6XIxVeO8Mp9/tWc/0wihdwa6CWtoJdf1uNMO1RQ++U6KVTjMA==
content-length: 0
date: Fri, 02 Dec 2022 02:26:30 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 312 B IP
Hash 2d32250acb87fcde65ccaf9be20d6e6e
897d188617fb1c743fe8398202307b31e52f72a5
d503ce28e00cb28993f547a72c519f7cea3bd25e3447b98f3b81ab000ebffad5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 868
Cache-Control: max-age=118483
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:30 GMT
Etag: "63888ac5-138"
Expires: Sat, 03 Dec 2022 11:21:13 GMT
Last-Modified: Thu, 01 Dec 2022 11:06:45 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 312
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adminstar20.3rab.pro/26802.js?_=1669947988431
301 Moved Permanently 0 B URL HTTP/2 adminstar20.3rab.pro/26802.js?_=1669947988431
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /26802.js?_=1669947988431 HTTP/1.1
Host: adminstar20.3rab.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 02 Dec 2022 02:26:30 GMT
content-length: 0
location: http://adminstar20.rigala.net/26802.js?_=1669947988431
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: MISS
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e0d777fa1fa7f20756be68639f40c8ea
f69cf5289f67226c3c76b3ac0438ae12089b1a7c
d8e6bbb67fa25a6487cd2cf767976e7771977be00831800667f68587bb9b8733
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8E6BBB67FA25A6487CD2CF767976E7771977BE00831800667F68587BB9B8733"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5299
Expires: Fri, 02 Dec 2022 03:54:49 GMT
Date: Fri, 02 Dec 2022 02:26:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7299d0ffaf4f5c4451ccf146d0462632
bca1212c6de7d47ec530e35e326cbcbf75fd41c3
a78060a54a55f5410c76ef19ddfd3b3ec1bd482e295ee14eede67c7ca010ff00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A78060A54A55F5410C76EF19DDFD3B3EC1BD482E295EE14EEDE67C7CA010FF00"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6894
Expires: Fri, 02 Dec 2022 04:21:24 GMT
Date: Fri, 02 Dec 2022 02:26:30 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 314 B IP
Hash 96a324f9bbaffcb08eb052a90c10fd44
4140b22e29900bed26433a2ed42321614a01f057
6a175fa4123b17dc17a41f94d69e2c19803eecb88045cae84279691f1df46086
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 812
Cache-Control: max-age=142226
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:30 GMT
Etag: "6388e7bc-13a"
Expires: Sat, 03 Dec 2022 17:56:56 GMT
Last-Modified: Thu, 01 Dec 2022 17:43:24 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 314
adminstar20.rigala.net/26802.js?_=1669947988431
301 Moved Permanently 0 B URL HTTP/2 adminstar20.rigala.net/26802.js?_=1669947988431
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /26802.js?_=1669947988431 HTTP/1.1
Host: adminstar20.rigala.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 02 Dec 2022 02:26:30 GMT
content-length: 0
location: https://adminstar20.rigala.net/26260.js
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-cache-ma: MISS
X-Firefox-Spdy: h2
stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=habeb-alroh.forumfa.net&var=&ymid=&var_3=
200 OK 758 B URL HTTP/2 stootsou.net/zone?pub=0&zone_id=2308013&is_mobile=false&domain=habeb-alroh.forumfa.net&var=&ymid=&var_3=
IP
File type JSON data\012- , ASCII text, with very long lines (757)
Hash 64e7ea65df612caffd18bab6d44ce421
3a3226b19bcd1e0476c127bf1f2d202313568bcd
702a202c3f274421d95d2ff0bac21c942489e65610e3a73be56d47391d5cc04f
GET /zone?pub=0&zone_id=2308013&is_mobile=false&domain=habeb-alroh.forumfa.net&var=&ymid=&var_3= HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/
Origin: https://habeb-alroh.forumfa.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:30 GMT
content-type: application/json; charset=utf-8
content-length: 758
x-trace-id: 44052308562fdf6a3c6de38cf122d51e
access-control-allow-origin: https://habeb-alroh.forumfa.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:30 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=ZwOxF180M0RITmhlJTJCZkMwOUJGQlhaMUN2czQlMkZlUXppQTFYRGFFTXlTaFRWV0ZBWm1XempOakw5a2pwVW5tSm5kcWpqYw; expires=Wed, 27 Dec 2023 02:26:30 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 296610
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 312 B IP
Hash 50d5643a01fdc1a69b2f7c79a4f07d4f
4bc197dc38546ab8498ca8560dd124c3d7a0abbb
fcb9c71044d8b368a84ba31efa11b7827fc4d5c80760bd2c6be9e7221e16112f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 895
Cache-Control: max-age=114559
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:30 GMT
Etag: "63887b56-138"
Expires: Sat, 03 Dec 2022 10:15:49 GMT
Last-Modified: Thu, 01 Dec 2022 10:00:54 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 312
stootsou.net/pfe/current/universal.min.js?v=3.1.409
200 OK 34 kB URL HTTP/2 stootsou.net/pfe/current/universal.min.js?v=3.1.409
IP
Hash ea2ce5823bf270266cf9b22d935a68aa
9f10293ef915756a67aec565a82cf411fa6c5a29
a73e2beba90af14e79f6043310e00cc048c7ce4ef79180512135e522d21d7eef
GET /pfe/current/universal.min.js?v=3.1.409 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/
Origin: https://habeb-alroh.forumfa.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:30 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-18c6c"
access-control-allow-origin: https://habeb-alroh.forumfa.net
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 127 B IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 7ef58af6e64f3c1e7638ec5401f2fe6f
fd030b84af7d517d518aeaefac07ab5f73b41e11
8aaa5fb31fb7ef0d6563ed0cfd334088adb918bbaf75d17cdd4c573bdf90a05a
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=ZwOxF180M0RITmhlJTJCZkMwOUJGQlhaMUN2czQlMkZlUXppQTFYRGFFTXlTaFRWV0ZBWm1XempOakw5a2pwVW5tSm5kcWpqYw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:30 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=wAargl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czQlMkZlUXppQTFYRGFFTXlTaFRWV0ZBYTVJZFZrempQNXVmRmNBRHhMVzdqVQ; expires=Wed, 27 Dec 2023 02:26:31 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 357932
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://habeb-alroh.forumfa.net/
Origin: https://habeb-alroh.forumfa.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:31 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://habeb-alroh.forumfa.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/
Content-Type: application/json
Origin: https://habeb-alroh.forumfa.net
Content-Length: 394
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f0c1c8c94591d1f1f797830aeab5d2f3
access-control-allow-origin: https://habeb-alroh.forumfa.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/
Content-Type: application/json
Origin: https://habeb-alroh.forumfa.net
Content-Length: 476
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b805a10780c00e7f4a4975caadc41c46
access-control-allow-origin: https://habeb-alroh.forumfa.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fbd16ed380b6c658b17110d3a9bb2839
75eac87847b31afbc248840f4481586a52a31beb
0f4e898e0807ba3f2056c7015f528e3c7b20f4acdb07cfab823f4cd133abfa9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F4E898E0807BA3F2056C7015F528E3C7B20F4ACDB07CFAB823F4CD133ABFA9F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1754
Expires: Fri, 02 Dec 2022 02:55:46 GMT
Date: Fri, 02 Dec 2022 02:26:32 GMT
Connection: keep-alive
cdn.betgorebysson.club/apu.php?zoneid=3765907
200 OK 30 kB URL HTTP/2 cdn.betgorebysson.club/apu.php?zoneid=3765907
IP
Hash 3f865709480892530acebe163051755c
abb7be294e63d6e516389e5bfa95eedb4aecd37e
fbe3f0bad524f421af0a453dce63c91f9ef6533362a5686ba52ea4bc81dd010f
GET /apu.php?zoneid=3765907 HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:32 GMT
content-type: application/javascript
x-trace-id: 1c806a54d90ec4319eb10defe5600c4c
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=f08061920cf34f5b89309d06aff494b6; expires=Sat, 02 Dec 2023 02:26:32 GMT; path=/; secure; SameSite=None
oaidts=1669947992; expires=Sat, 02 Dec 2023 02:26:32 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=publishertag&domain=forumfa.net&sn=FirefoxSyncframe&so=0&topUrl=habeb-alroh.forumfa.net&info=wAargl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czQlMkZlUXppQTFYRGFFTXlTaFRWV0ZBYTVJZFZrempQNXVmRmNBRHhMVzdqVQ&idsd=1322187498,2127513210&cw=1&lsw=1
200 OK 817 B URL HTTP/2 gum.criteo.com/sid/json?origin=publishertag&domain=forumfa.net&sn=FirefoxSyncframe&so=0&topUrl=habeb-alroh.forumfa.net&info=wAargl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czQlMkZlUXppQTFYRGFFTXlTaFRWV0ZBYTVJZFZrempQNXVmRmNBRHhMVzdqVQ&idsd=1322187498,2127513210&cw=1&lsw=1
IP
Hash 3326b00229a95ffd11d4d75072a7f9d7
e4fef488a8ccdcfdce542927e233c1949c4442ad
45b07398195dbe0e9e2f777d6bb5e19bd84a8d648ef56ca1b5aea6f1ab053012
GET /sid/json?origin=publishertag&domain=forumfa.net&sn=FirefoxSyncframe&so=0&topUrl=habeb-alroh.forumfa.net&info=wAargl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czQlMkZlUXppQTFYRGFFTXlTaFRWV0ZBYTVJZFZrempQNXVmRmNBRHhMVzdqVQ&idsd=1322187498,2127513210&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=habeb-alroh.forumfa.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:32 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1021680
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
200 OK 5.5 kB IP
File type ASCII text, with very long lines (12966), with no line terminators
Hash a1d0be233f718ca777491b288ed81e06
67ac1c13cf11c0d64ed45eb1ef972cde904c7697
7ff113f1070424190770b551118b7b9f902805c68559f964917fa2e024c10a4c
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:32 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 533
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GwXz1xPTRi%2BdCnG%2FMOagyDt0G1chIPZKlsCHk4uSBzTXaIaH%2BT94wJDLA%2BNv7kE2OxExSimoT%2Bfgilt5q%2BG9eUuHuPl5jjWtlxcl7og9cUgEYEeio88inyl41A1LPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e497bddb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
habeb-alroh.forumfa.net/sw.js
200 OK 2.2 kB URL HTTP/2 habeb-alroh.forumfa.net/sw.js
IP
Hash dcb1bbf4b6cba969d8d637a515203c6a
846a0156cdc852da42036d1a907b6f955c3e902a
6224e1cdaefb5ca12927246e9148d4a7aeccf292095c0d1abe8b520471e01eeb
Analyzer Verdict Alert fortinet Malware
GET /sw.js HTTP/1.1
Host: habeb-alroh.forumfa.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/t8271-topic
Connection: keep-alive
Cookie: exadd=166996; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D; HstCfa1809172=1669947986721; HstCla1809172=1669947986721; HstCmu1809172=1669947986721; HstPn1809172=1; HstPt1809172=1; HstCnv1809172=1; HstCns1809172=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:31 GMT
content-type: application/javascript
last-modified: Tue, 27 Aug 2019 13:54:01 GMT
etag: W/"5d6535f9-1554"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash 081f27e87b02fb79b3453a116e731959
03e52819d86a0fa523e77ed24126e76e5369bd21
10283df9fce094267720532246e9d80b3c2061425f657497652e71de4c95de06
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 02:26:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 01:33:19 GMT
Expires: Tue, 06 Dec 2022 01:33:18 GMT
Etag: "03e52819d86a0fa523e77ed24126e76e5369bd21"
Cache-Control: max-age=341805,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77309e4a8e560afe-OSL
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 906
Origin: https://habeb-alroh.forumfa.net
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 02 Dec 2022 02:26:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://habeb-alroh.forumfa.net
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
stootsou.net/pfe/current/tag.min.js?z=2308013
200 OK 28 kB URL HTTP/2 stootsou.net/pfe/current/tag.min.js?z=2308013
IP
Hash 5fa88f0496e3e2c79a22f6bcec5701c7
368938aa74dd6e2c40450a4a9c457d4c64de1921
c0d6a7d4a9fbef65d0f37f82409e90fbe3d7d3c2c657cfeb26100464889bad3c
GET /pfe/current/tag.min.js?z=2308013 HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:30 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 15:42:47 GMT
etag: W/"6388cb77-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
a7la.0wn0.com/h4-
200 OK 70 kB IP
File type HTML document text\012- HTML document text\012- C source, ASCII text, with very long lines (32077)
Hash a9ad89e53bd8d8bce46e11f806d89a2b
37b6431a0f7592b704ce4a342538db4a036caf52
df6bd859f14c6710d43ea634a05382c440d45b2212e328f2c5667ccc57809571
GET /h4- HTTP/1.1
Host: a7la.0wn0.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:31 GMT
content-type: text/html
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
static.criteo.net/images/pixel.gif?ch=2
200 OK 43 B URL HTTP/2 static.criteo.net/images/pixel.gif?ch=2
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /images/pixel.gif?ch=2 HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:34 GMT
content-type: image/gif
content-length: 43
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
etag: "493ea254-2b"
expires: Mon, 27 Nov 2023 02:26:34 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
static.criteo.net/images/pixel.gif?ch=1
200 OK 43 B URL HTTP/2 static.criteo.net/images/pixel.gif?ch=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /images/pixel.gif?ch=1 HTTP/1.1
Host: static.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:34 GMT
content-type: image/gif
content-length: 43
last-modified: Tue, 09 Dec 2008 16:52:36 GMT
etag: "493ea254-2b"
expires: Mon, 27 Nov 2023 02:26:34 GMT
cache-control: max-age=31104000, public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/jquery/marquee/jquery.marquee.min.js
200 OK 30 kB URL HTTP/2 illiweb.com/rs3/66/frm/jquery/marquee/jquery.marquee.min.js
IP
File type HTML document, ASCII text, with very long lines (4467), with no line terminators
Hash ac15b499e6385ea76b55d81a9b86a7e8
030af0e8a37d55e4f6b4a5e02188d960ad9bb71b
dea640fc7b6555e7c92e0286eaca59b62ff25a6db766edab7878b93f949a61da
GET /rs3/66/frm/jquery/marquee/jquery.marquee.min.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: application/x-javascript
last-modified: Tue, 27 Aug 2019 14:00:14 GMT
expires: Thu, 23 Nov 2023 09:22:24 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
x-cache-ne: HIT
x-cache-pr: HIT
cf-cache-status: HIT
age: 752643
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BZ%2FBg%2BEV2HoN60oTf0kY47tjUuhS1KlAfVs8oDqH5aKtMbmPawjqTHt72skOr%2Bo7g3cZbg55iX1ntr9fu8YR4%2FSkMhizw6FzKnfCrQ%2FcPvrQFdD%2B%2Bpkto%2FQUfbGChw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2a5ff5b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
developers.google.com/
200 OK 32 kB IP
Hash 5ebfb0ecf6ee98cfc05f1f3cdf725e87
d03958f2dbab37c2fdfb4a76ee59956ea68b2871
fd52db23953ee543fc15888356430887a3ffee9d6aacd73be25a7b484321dc13
GET / HTTP/1.1
Host: developers.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 10 Nov 2022 18:10:23 GMT
content-type: text/html; charset=utf-8
set-cookie: _ga_devsite=GA1.3.2423050405.1669947990; Expires=Sun, 01 Dec 2024 02:26:30 GMT; Max-Age=63072000; Path=/
content-security-policy: base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-JrsRmVb2AC/3Ayr/NR/dMvFBAk79UW' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-content-type-options: nosniff
cache-control: no-cache, must-revalidate
expires: 0
pragma: no-cache
content-encoding: gzip
x-cloud-trace-context: 25b12dfbaac23523918175ec255794c0
vary: Accept-Encoding
date: Fri, 02 Dec 2022 02:26:30 GMT
server: Google Frontend
content-length: 25235
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.betgorebysson.club/?rb=YYfgAHSVZ0oAA3ri7w2aG1CgkCf1mWgw25A8Jcxi40fxZr5YyaZZHms5mQwUKBQy0wC9ad1TksfN0JaE7bpqNQwsjwzKLtv6PQhc-hpywTqLaqKitfC3O2eGxFDkPwV1K83zrmrOPb2EOBNPOrNkiuAGJiJzWKlMXhHO7eELcqvfQPrq-BrwYfaYxlgOC1FIMfINajKp6cX3RE5p6LwV2dKHzX6OQWA_QOig2XaSUtXKVj-d19MaNrhuY0k%3D&request_ab2=96001&zoneid=3765907&js_build=iclick-v1.457.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=5&pl=https%3A%2F%2Fhabeb-alroh.forumfa.net%2Ft8271-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.457.0&bs=2bd5be9a-476a-404b-8fb9-5d8c555b4b76&userId=f08061920cf34f5b89309d06aff494b6&m=link
200 OK 21 kB URL HTTP/2 cdn.betgorebysson.club/?rb=YYfgAHSVZ0oAA3ri7w2aG1CgkCf1mWgw25A8Jcxi40fxZr5YyaZZHms5mQwUKBQy0wC9ad1TksfN0JaE7bpqNQwsjwzKLtv6PQhc-hpywTqLaqKitfC3O2eGxFDkPwV1K83zrmrOPb2EOBNPOrNkiuAGJiJzWKlMXhHO7eELcqvfQPrq-BrwYfaYxlgOC1FIMfINajKp6cX3RE5p6LwV2dKHzX6OQWA_QOig2XaSUtXKVj-d19MaNrhuY0k%3D&request_ab2=96001&zoneid=3765907&js_build=iclick-v1.457.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=5&pl=https%3A%2F%2Fhabeb-alroh.forumfa.net%2Ft8271-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.457.0&bs=2bd5be9a-476a-404b-8fb9-5d8c555b4b76&userId=f08061920cf34f5b89309d06aff494b6&m=link
IP
File type JSON data\012- , ASCII text, with very long lines (1664)
Hash ad5ce99efa2f79a062e610f605feb01f
132912aa3eb327ebf23fe633347715433f1ddb7f
12af9ff06219b79ec2bd8f8101081fea8bd3fad51c217dddfc23d17dc95c3dfa
GET /?rb=YYfgAHSVZ0oAA3ri7w2aG1CgkCf1mWgw25A8Jcxi40fxZr5YyaZZHms5mQwUKBQy0wC9ad1TksfN0JaE7bpqNQwsjwzKLtv6PQhc-hpywTqLaqKitfC3O2eGxFDkPwV1K83zrmrOPb2EOBNPOrNkiuAGJiJzWKlMXhHO7eELcqvfQPrq-BrwYfaYxlgOC1FIMfINajKp6cX3RE5p6LwV2dKHzX6OQWA_QOig2XaSUtXKVj-d19MaNrhuY0k%3D&request_ab2=96001&zoneid=3765907&js_build=iclick-v1.457.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=5&pl=https%3A%2F%2Fhabeb-alroh.forumfa.net%2Ft8271-topic&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.457.0&bs=2bd5be9a-476a-404b-8fb9-5d8c555b4b76&userId=f08061920cf34f5b89309d06aff494b6&m=link HTTP/1.1
Host: cdn.betgorebysson.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/
Origin: https://habeb-alroh.forumfa.net
Connection: keep-alive
Cookie: OAID=f08061920cf34f5b89309d06aff494b6; oaidts=1669947992
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:33 GMT
content-type: application/json
x-trace-id: 855448faaec34ffbf8d1797a8f7d88bc
access-control-allow-origin: https://habeb-alroh.forumfa.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=f08061920cf34f5b89309d06aff494b6; expires=Sat, 02 Dec 2023 02:26:33 GMT; path=/; secure; SameSite=None
oaidts=1669947993; expires=Sat, 02 Dec 2023 02:26:33 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 09 Dec 2022 02:26:33 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
2img.net/h/www.feedage.com/images/add2feedage.gif
504 Gateway Timeout 36 kB URL HTTP/2 2img.net/h/www.feedage.com/images/add2feedage.gif
IP
Hash 298e9d52cdfa64c252e6f58967293338
b98bb2080b2d8f075bb9379e3772013b1ffd00b2
5d4916078ef7fe0bf9c7fb977b7874fdcd8c9d638ec730ebdc1b94b2e0fad5f5
GET /h/www.feedage.com/images/add2feedage.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 504 Gateway Timeout
date: Fri, 02 Dec 2022 02:26:32 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_ob_info=504:77309e2b683274f5:LHR; path=/; expires=Fri, 02-Dec-22 02:27:02 GMT
cf_use_ob=443; path=/; expires=Fri, 02-Dec-22 02:27:02 GMT
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 77309e2b683274f5-LHR
server: cloudflare
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/forumotion-ar/loader.js
200 OK 26 kB URL HTTP/2 cdn.taboola.com/libtrc/forumotion-ar/loader.js
IP
File type Unicode text, UTF-8 text, with very long lines (65465)
Hash 0a960d6d7a880e1ff90ee2825e2969bd
bf835510a303b3701256ea423e31db023cd4a1c6
245e080c9d812170ff617c3f0fecf65643ccd9c7891bd7032e56acc5fc633c96
GET /libtrc/forumotion-ar/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
etag: "88483618ee97b688b86360d575290f30e643fc87"
last-modified: Thu, 01 Dec 2022 17:54:45 UTC
x-amz-id-2: VkcPBSGXtwxp4+doJDEGTeQPO0WJMZd1hg9XrrPToTcb287TVs/jPBFMQkvIziGZGm6JlIASn58=
x-amz-request-id: MX5NGB66KJ23HZHA
x-amz-version-id: a.U.DfhSKhVCHhVVLDDfQd.ZK916Y1wo
x-from-cache: 1
x-envoy-upstream-service-time: 6
accept-ranges: bytes
date: Fri, 02 Dec 2022 02:26:34 GMT
via: 1.1 varnish
age: 8448
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669947994.428535,VS0,VE1
cache-control: private,max-age=14400
vary: Accept-Encoding, Accept-Encoding
abp: 28
content-length: 25573
X-Firefox-Spdy: h2
habeb-alroh.forumfa.net/images/icons-180.png
200 OK 6.1 kB URL HTTP/2 habeb-alroh.forumfa.net/images/icons-180.png
IP
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 6bbc173a2c7add9b97ed5fe2dea15269
2e00950d0813a6d995784905a90c5eb2041f05ee
689c95c5a53fd85782d965279cafd0c06042391eca615fe7e7f799e1bae5cc82
GET /images/icons-180.png HTTP/1.1
Host: habeb-alroh.forumfa.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/t8271-topic
Cookie: exadd=166996; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D; HstCfa1809172=1669947986721; HstCla1809172=1669947986721; HstCmu1809172=1669947986721; HstPn1809172=1; HstPt1809172=1; HstCnv1809172=1; HstCns1809172=1; cto_bundle=sumnFF8zQ1g4V3UxSWJURGlzMklabFlhSTZ5cGF4aGV4MXZTV0RLeVVKTjlJaDE0NU1nYTVGaVdqWEVNdGdNUXF1RVVOZ2VzRTJTa1owbldnSzI0SmwlMkY1USUyQmlWUkhna1l1bmxXbEdqS084JTJGWVhzV2NRaDk3MFk3YnpzUk1sdmF6aWZmRE1YeGJTNHpGdjJ1WW9sd2tOcWp6N3clM0QlM0Q; prefetchAd_3765907=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:34 GMT
content-type: image/png
content-length: 6055
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 02 Dec 2022 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
x-cache-ic: MISS
X-Firefox-Spdy: h2
connect.facebook.net/ar_AR/all.js?hash=d29d8d6e85092f4af21eef02cac89603
200 OK 88 kB URL HTTP/2 connect.facebook.net/ar_AR/all.js?hash=d29d8d6e85092f4af21eef02cac89603
IP
File type ASCII text, with very long lines (18613)
Hash d8cdd01856fd222657b73982a66f16b3
456bc664afdb988db006e0cba2e80a5d9cbe7908
1d6a2619ea4536ea3918f077ff295037ffbb3f782aabfb4227a75c17a7773730
GET /ar_AR/all.js?hash=d29d8d6e85092f4af21eef02cac89603 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://habeb-alroh.forumfa.net
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 5e775607250ad452c34bbc8d8114e8b1
etag: "946b61d7c4be618cd44636621c71ab8c"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Dec 2023 22:14:41 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 2M3QGFb9IiZXtzmCpm8Wsw==
x-fb-debug: vcFHOQCNn3yGbmW8/jw4SkyZXhC4jb3sVZmxh4iGe8SoOMMAMizgi+F1WFv7NoF8X8AgBq1hMdABrMZCi/hvqA==
priority: u=3,i
content-length: 88492
x-fb-trip-id: 1679558926
date: Fri, 02 Dec 2022 02:26:34 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash a26afaaadb2a0ed8f3adf3ba46f076b0
fd5066cc90bd627ab0cf7f2463ae71b26f7ebf38
0ef7ce87cf40f2eabf3daab6d1336bfd51f0539f6d174a5f66afdd898acd1d06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bidder.criteo.com/cdb?ptv=132&profileId=206&cb=60323101847
200 OK 159 B URL HTTP/2 bidder.criteo.com/cdb?ptv=132&profileId=206&cb=60323101847
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 892cb489759ef6f7140b73c6933d456b
39bb0f66c48654de851a704873512dd3d4ff8b4f
22064eb36544212d7d00349430f2cf4addd76b58984a005a262a5f0121404c12
POST /cdb?ptv=132&profileId=206&cb=60323101847 HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 573
Origin: https://habeb-alroh.forumfa.net
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:34 GMT
vary: Origin
server: Finatra
content-type: application/json; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: https://habeb-alroh.forumfa.net
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-encoding: gzip
content-length: 159
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fhabeb-alroh.forumfa.net
200 OK 105 kB URL HTTP/1.1 platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fhabeb-alroh.forumfa.net
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56168)
Size 105 kB (105445 bytes)
Hash 2b4968b185495eddda0d85b2351ebb71
c665785ca0f4039f8c71d94631cd50a879d866b5
eb8af089d8082a58a6e90fedc23007f17a9e89ddbc6a29b6e535e4847ba94160
GET /widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fhabeb-alroh.forumfa.net HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 102038
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Dec 2022 02:26:34 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:59 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105445
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fhabeb-alroh.forumfa.net&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
200 OK 4.7 kB URL HTTP/2 accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fhabeb-alroh.forumfa.net&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2267)
Hash 93177d6282d2aab2ca1cd89041632f57
98e37113f254650082083478237a68b1fa128dbe
57d112a724eb60cb447bde6f85b6e17554a3116d6e1576d23dc390c26dbac932
GET /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fhabeb-alroh.forumfa.net&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.geaHZXF2-fw.O%2Fd%3D1%2Frs%3DAHpOoo9yYF5eCIYPx4UH9gpJptM2Q_GGxQ%2Fm%3D__features__ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 02 Dec 2022 02:26:34 GMT
content-security-policy: script-src 'nonce--hWcoQSwsOkpasDMyIzHkg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport, require-trusted-types-for 'script';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=publishertag&topUrl=habeb-alroh.forumfa.net
200 OK 5.2 kB URL HTTP/2 gum.criteo.com/syncframe?origin=publishertag&topUrl=habeb-alroh.forumfa.net
IP
Hash e853f61ffdc924f5f0b42158f66c5723
0dbdceedb1868ce89aea7422b29f7e2a4e69388f
c0b6ea65a53c3790066359a6e6e6c96e33ed0dcd463ba29d7b7cb5f6d342bd58
GET /syncframe?origin=publishertag&topUrl=habeb-alroh.forumfa.net HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:29 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=3b4106ff-cd47-4432-a070-241277d9216a; expires=Wed, 27 Dec 2023 02:26:29 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 822773
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 2.1 kB IP
Hash 87038e71323fd027d6230c0dadbaf377
5d6f232fad010643b37663afa4208a0050ba2d14
b59fa041668f8af8bd3e4fc00448444cbded130efe6523326624293dc2906f8e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 402
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:34 GMT
Last-Modified: Fri, 02 Dec 2022 02:19:52 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 02:26:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
syndication.twitter.com/settings?session_id=d96865b8b30e317163a62402e71bc9793ea2902c
200 OK 374 B URL HTTP/2 syndication.twitter.com/settings?session_id=d96865b8b30e317163a62402e71bc9793ea2902c
IP
File type JSON data\012- , ASCII text, with very long lines (913), with no line terminators
Hash 925c2a7587f39436ea29513221652474
695b7f2f3d99f407bcdfd0b372db0e28193cc60c
62e36e14e5c219119cb51c3cdf43a2005512a1bd6ebf2d68d0c610a2e6e3ef0f
GET /settings?session_id=d96865b8b30e317163a62402e71bc9793ea2902c HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:34 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Fri, 02 Dec 2022 02:26:34 GMT
content-length: 374
content-encoding: gzip
x-transaction-id: 5738f6f903c23161
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 106
x-connection-hash: 9735a9d28939dcd3db13c12af4e0fff7ed4ba70e98736a186cdf4993c2c4362f
X-Firefox-Spdy: h2
sharebar.addthiscdn.com/v1/sharebar.js?_=1669947988424
200 OK 400 B URL HTTP/2 sharebar.addthiscdn.com/v1/sharebar.js?_=1669947988424
IP
Hash 0c033864356694df724d897b6f141ee4
386ddcd43e657cb6fe0cf095a94dfdf87688b1a9
9a393b57c509959832ed340583fe7d553eceab5264f2ab4e1470e226a3be4a93
GET /v1/sharebar.js?_=1669947988424 HTTP/1.1
Host: sharebar.addthiscdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Thu, 11 Jan 2018 22:02:15 GMT
etag: W/"5a57dee7-25e"
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 400
date: Fri, 02 Dec 2022 02:26:34 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
sharebar.addthis.com/1.0/xd.html
200 OK 1.2 kB URL HTTP/2 sharebar.addthis.com/1.0/xd.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 7ff5d2c2e6d9337f29fb5e066bcf08b0
3f8eaf049f0c71f4e38cca6408b56214a77a9936
4b16d4f7c7c5097016134e512b785d5d0312bed827bf8b1848912c4002030182
GET /1.0/xd.html HTTP/1.1
Host: sharebar.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Thu, 11 Jan 2018 21:53:34 GMT
etag: W/"5a57dcde-c14"
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 1153
date: Fri, 02 Dec 2022 02:26:35 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
bidder.criteo.com/csm/events
204 No Content 0 B URL HTTP/2 bidder.criteo.com/csm/events
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csm/events HTTP/1.1
Host: bidder.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 256
Origin: https://habeb-alroh.forumfa.net
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 02 Dec 2022 02:26:35 GMT
vary: Origin
server: Finatra
timing-allow-origin: *
access-control-allow-origin: https://habeb-alroh.forumfa.net
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
stootsou.net/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: stootsou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/
Content-Type: application/json
Origin: https://habeb-alroh.forumfa.net
Content-Length: 402
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:35 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b008b7b0b71220ca02a2d102b0a971cb
access-control-allow-origin: https://habeb-alroh.forumfa.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=18067ea0bdd14953a33d03f7e8c482ec&zoneId=2308013&checkDuplicate=true&ymid=&var=
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=18067ea0bdd14953a33d03f7e8c482ec&zoneId=2308013&checkDuplicate=true&ymid=&var=
IP
File type JSON data\012- , ASCII text
Hash f365eb30d0b80c3cfcc9c86a7112bdbf
cb73b2ffaebf182f8efe6ec2b3c6a3f1aaacffdc
411beaaeac92b667a52487a1cf39af50b3b805a6f76039a69d2fb79584317ece
GET /gid.js?pub=0&userId=18067ea0bdd14953a33d03f7e8c482ec&zoneId=2308013&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/
Origin: https://habeb-alroh.forumfa.net
Connection: keep-alive
Cookie: ID=f08061920cf34f5b89309d06aff494b6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 02:26:35 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://habeb-alroh.forumfa.net
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f08061920cf34f5b89309d06aff494b6; expires=Sat, 02 Dec 2023 02:26:35 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/embed/FA_Embed.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/embed/FA_Embed.js
IP
GET /rs3/66/frm/embed/FA_Embed.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:27 GMT
last-modified: Tue, 20 Apr 2021 14:17:00 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 752640
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F9n4fWtu7vuZ3hdcp3nB6rvFcF08jzPFuShGtSKbsYeFrtqBSwmImglCqoZCfjSLY2jIgTvTvkvPEAFiszhsuH0r4Gfgyn9NiekdMSBcXbXoct%2FhHOqiCZXdMKKcXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2aa80db51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/jquery/ticker/ticker.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/jquery/ticker/ticker.js
IP
GET /rs3/66/frm/jquery/ticker/ticker.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=8803
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:29 GMT
last-modified: Tue, 27 Aug 2019 14:00:13 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 752638
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lEA%2Fi4FRrVC1PNSWvgY4eHT%2BqWZlQOzppFSpBmBbbZfhOyuhzu88MQsgjmt4kJZyBzifF1Y8FrapT1euIFbuCgQdSelUm64FIuPULMlP0YOEBjmWtyB6IMNT6rjzDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2a5ff7b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
twemoji.maxcdn.com/twemoji.min.js
200 OK 0 B URL HTTP/2 twemoji.maxcdn.com/twemoji.min.js
IP
GET /twemoji.min.js HTTP/1.1
Host: twemoji.maxcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Thu, 31 Mar 2022 03:24:15 GMT
access-control-allow-origin: *
etag: W/"62451edf-3bc8"
expires: Sun, 01 Jan 2023 02:26:27 GMT
cache-control: max-age=2592000
x-proxy-cache: MISS
x-github-request-id: 6614:117A1:2B1DBB:2C71C2:63814BB4
vary: Accept-Encoding
x-fastly-request-id: 176c4a400e778dc2fd4a57324dbcfaa60441b871
server: NetDNA-cache/2.2
powered-by: MaxCDN
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
habeb-alroh.forumfa.net/serviceworker.js
200 OK 0 B URL HTTP/2 habeb-alroh.forumfa.net/serviceworker.js
IP
Analyzer Verdict Alert fortinet Malware
GET /serviceworker.js HTTP/1.1
Host: habeb-alroh.forumfa.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: exadd=166996; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: application/javascript
last-modified: Thu, 25 Feb 2021 14:30:57 GMT
etag: W/"6037b4a1-b0d"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
connect.topicit.net/scripts/connect.js
200 OK 0 B URL HTTP/2 connect.topicit.net/scripts/connect.js
IP
GET /scripts/connect.js HTTP/1.1
Host: connect.topicit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:30 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5437
access-control-allow-origin: *
etag: W/"5d653880-153d"
last-modified: Tue, 27 Aug 2019 14:04:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=86400
cf-cache-status: HIT
age: 2033
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z7jZQejKwMxzlQuqs1Sq5KiGj4EJhKdAKoeMufNlxEHdDOExsvXT0FqJPMpWw%2BMuCJmMnuf8Ma0Er2K0%2FIocNT29k25Cr7HztcKjQhGYlGjzoGZ78ND5PsEUFlFA1qRu2ogmUkco"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e3a6bbdb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/lang/ar.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/lang/ar.js
IP
GET /rs3/66/frm/lang/ar.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=74879
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:36:20 GMT
last-modified: Thu, 08 Sep 2022 07:38:48 GMT
x-cache-ne: EXPIRED
x-cache-pr: EXPIRED
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 751807
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rxixoq4aWCTEqK5llyJyX%2FBX5%2Fg1bxGmSe%2BsOvHWLNfrwPyKLpDAGFp4dTOpEqvj5j0yZTmMpbMRLSys8UEm5N3162Q2ndc42FpOldkfawWiCXZLDFMbNwnsvpLxTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2a5ff2b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
habeb-alroh.forumfa.net/?utm_source=pwa
200 OK 0 B URL HTTP/2 habeb-alroh.forumfa.net/?utm_source=pwa
IP
Analyzer Verdict Alert fortinet Malware
GET /?utm_source=pwa HTTP/1.1
Host: habeb-alroh.forumfa.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://habeb-alroh.forumfa.net/serviceworker.js
Connection: keep-alive
Cookie: exadd=166996; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:28 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache, no-store
pragma: no-cache
expires: Fri, 02 Dec 2022 00:00:00 GMT
last-modified: Fri, 02 Dec 2022 02:26:28 GMT
vary: User-Agent
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/ograph/fb_login.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/ograph/fb_login.js
IP
GET /rs3/66/frm/ograph/fb_login.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:40:53 GMT
last-modified: Tue, 27 Aug 2019 14:00:11 GMT
x-cache-ne: EXPIRED
x-cache-pr: EXPIRED
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 751534
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=48TkgVkoinavdPc2rxTzUl8WC%2FuvaNlirbOjFrNafPswcECoIUMlOHzxUaMOsEF4KlzOXi3lfTLBrVOAsGGp8Y2v%2FhctfaklHTe3f2suPjM5O6MY1m5Q%2BhwQQdS8mQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2a5ff8b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/jquery/ticker/ticker.css
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/jquery/ticker/ticker.css
IP
GET /rs3/66/frm/jquery/ticker/ticker.css HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: text/css;charset=UTF-8
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=390
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:29 GMT
last-modified: Tue, 27 Aug 2019 14:00:13 GMT
vary: Accept-Encoding
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 752638
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Piz7gogm1xQjjQCO9cKxfoUosp2bMrY3pvg%2FGOUAp2bZI4HJzmrDgwWAVnnooO65YZnCMKfjwN5%2BXgUS1gJUnFMhBBk7GRpECzzKRyGu1uv8W1%2Bz9Oz3cAvTP2gHAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77309e2a5ff6b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js
200 OK 0 B URL HTTP/2 illiweb.com/rs3/66/frm/jquery/cookie/jquery.cookie.js
IP
GET /rs3/66/frm/jquery/cookie/jquery.cookie.js HTTP/1.1
Host: illiweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: application/x-javascript
cache-control: max-age=31536000
cf-bgj: minify
access-control-allow-origin: *
expires: Thu, 23 Nov 2023 09:22:23 GMT
last-modified: Wed, 09 Sep 2020 09:40:28 GMT
x-cache-ne: HIT
x-cache-pr: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 752644
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=80RLUVFitCQzfkcX%2BGrQtJUWfz7oya2nm9YtEkgLY%2FCuX013THsJhTTvAGmrbgFjmQ5U8c3v0dyZD7PbNjGkVf4VmX99LV6KCqfNAIMZBQcs%2FH6%2BBJ7kc6bO5ype%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77309e2ab815b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
habeb-alroh.forumfa.net/%D8%B1%D8%A7%D8%A8%D8%B7%20%D8%B5%D9%88%D8%B1%D9%87%20%D8%B4%D8%B9%D8%A7%D8%B1%20%D9%85%D9%86%D8%AA%D8%AF%D8%A7%D9%83%20%D9%89%D9%87%D9%86%D8%A7
404 Not Found 0 B URL HTTP/2 habeb-alroh.forumfa.net/%D8%B1%D8%A7%D8%A8%D8%B7%20%D8%B5%D9%88%D8%B1%D9%87%20%D8%B4%D8%B9%D8%A7%D8%B1%20%D9%85%D9%86%D8%AA%D8%AF%D8%A7%D9%83%20%D9%89%D9%87%D9%86%D8%A7
IP
Analyzer Verdict Alert fortinet Malware
GET /%D8%B1%D8%A7%D8%A8%D8%B7%20%D8%B5%D9%88%D8%B1%D9%87%20%D8%B4%D8%B9%D8%A7%D8%B1%20%D9%85%D9%86%D8%AA%D8%AF%D8%A7%D9%83%20%D9%89%D9%87%D9%86%D8%A7 HTTP/1.1
Host: habeb-alroh.forumfa.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/0-rtl.css
Cookie: exadd=166996; _fa-screen=%7B%22w%22%3A1280%2C%22h%22%3A939%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Fri, 02 Dec 2022 02:26:28 GMT
content-type: text/html
etag: W/"5db7f6f0-1044"
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
2img.net/h/up.arabseyes.com/gif/Sst35698.gif
200 OK 0 B URL HTTP/2 2img.net/h/up.arabseyes.com/gif/Sst35698.gif
IP
GET /h/up.arabseyes.com/gif/Sst35698.gif HTTP/1.1
Host: 2img.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://habeb-alroh.forumfa.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-cache-enabled: True
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
link: <https://w6w.net/wp-json/>; rel="https://api.w.org/"
x-httpd: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-proxy-cache: HIT
access-control-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
last-modified: Fri, 02 Dec 2022 02:26:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O4%2BWJYUKYoSmXDRfif9BW0NikNlsKC3UQqfmb0nWwethV3DLCWJrPP0mTfXF2ju8atJrWftpMEqS0eSXvPFtNqbdeDUyX6negWVfmZuKt22FDbFFUUCA5zDH4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77309e2b581f74f5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
habeb-alroh.forumfa.net/t8271-topic
200 OK 0 B URL HTTP/2 habeb-alroh.forumfa.net/t8271-topic
IP
Analyzer Verdict Alert fortinet Malware
GET /t8271-topic HTTP/1.1
Host: habeb-alroh.forumfa.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 02 Dec 2022 02:26:27 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-cache
pragma: no-cache
expires: Fri, 02 Dec 2022 00:00:00 GMT
last-modified: Fri, 02 Dec 2022 02:26:27 GMT
vary: User-Agent
set-cookie: exadd=166996; expires=Fri, 02-Dec-2022 06:26:27 GMT; Max-Age=14400
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
94.23.73.212
142.250.74.131
139.45.197.236
37.48.68.71
23.33.119.27
178.250.2.130
104.21.83.105
18.156.94.73
188.114.96.1