{"report_id":"befcfe29-c30e-47eb-bfad-3446ada7b8cc","version":6,"status":"done","tags":[],"date":"2025-11-28T19:41:21Z","url":{"schema":"http","addr":"campfun.rzb.ir/","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":0,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"final":{"url":{"schema":"https","addr":"campfun.rzb.ir/","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"title":"عاشقانه 98لاورز","dom":{"size":1153,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"239afaed9f403b52dd32986dd749bb0a","sha1":"6bdb150fea035879f5fecc93a122968d3d2940f2","sha256":"75d1d02d92f7f91fd8264e14e854e8669776548cb1497172360f3bd012b936f8","sha512":"4b51b02329f1f43b934fb144d3fcd70874261ca8a41c5f17eeed131ecd6c6015d6f8c29baa106b1b9803f26e4614663e33b2270fce6fedce9a4c1f586cf3c7b0","ssdeep":"","tlshash":"0621e15300796037714341d472b57b05d1d2b965e282cb54d1f2a7ba27f8da2dc5f32a","dom_hash":"domhash6c40a06fd7eae0dc45babb2b27f660af","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"campfun.rzb.ir/","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":0,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-02T19:41:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"rozup.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"campfun.rzb.ir","ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-03-01T09:29:42.487811Z","last_seen":"2025-03-01T09:29:42.487811Z","alert_count":30,"request_count":15,"received_data":453001,"sent_data":8176,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"www.rozblog.com","ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"domain_registered":"2009-12-07","domain_rank":0,"first_seen":"2012-07-05T17:03:02Z","last_seen":"2025-11-28T14:32:14.061429Z","alert_count":0,"request_count":14,"received_data":92486,"sent_data":6480,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"rozblog.com","ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"domain_registered":"2009-12-07","domain_rank":37943,"first_seen":"2012-05-23T18:13:34Z","last_seen":"2025-11-21T04:32:08.39162Z","alert_count":0,"request_count":4,"received_data":3899,"sent_data":1686,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"rozup.ir","ip":{"addr":"79.127.127.67","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"domain_registered":"unknown","domain_rank":427021,"first_seen":"2012-10-26T09:47:59Z","last_seen":"2025-11-28T04:45:45.398834Z","alert_count":3,"request_count":3,"received_data":315898,"sent_data":1346,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"up.98lovers.ir","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-03-01T09:29:42.488837Z","last_seen":"2025-03-01T09:29:42.488838Z","alert_count":0,"request_count":28,"received_data":0,"sent_data":12006,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"campfun.rzb.ir/","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"introduction_type":"eval","is_inline":false,"md5":"22a2214d6bc75c7ca9f8a1b59281d3c9","sha1":"7460ebe76697609ad95a026a1a3bbe35651a0986","sha256":"ac7a643ea85d7458d8e394b68122cfe131679e59c4b746990515ba19294833a0","sha512":"7d224a3945f281fdcda782e41de00a35ff5f656db01090b8f272f340725735246258c7812a8839ab03524ed7fff9978f79fdb80de8dd318158845954de08e8d4","ssdeep":"","tlshash":"82e0202f60051537048470d17d8229542951263bf707b81dac14e4823a2fe032dbd468","size":350,"data":"","first_seen":"2023-09-03T23:51:13Z","last_seen":"2026-02-06T12:55:13.502054Z","times_seen":716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"901522f6c503734d3712767bb0770854","sha1":"2a7760a7ee836382383dcc7902b479bd6b6facf9","sha256":"1d3301f7680c4bc2b289ed57a0c583ffd1a5585f9445f655a25917eb26947902","sha512":"4ba524822c4596f8cc71ca4876581875aecbe98803b444770d05cf41ae00bb220799ccdec126945b03edd2a308c9cd2c5d8f8446dc921778fcf22d79610cf367","ssdeep":"","tlshash":"efc0c08507f42c8c504a3802dd460b5031936b0c9373e08c080410442108f4ec7313cc","size":170,"data":"","first_seen":"2023-03-07T12:09:41Z","last_seen":"2026-02-06T12:55:13.497678Z","times_seen":698,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/temp/default/script.js","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"0f79a0db21adf42d6692070342a13c8e","sha1":"bf3349841b9b81f0cb9b6694cbc5b4ebb8fe714a","sha256":"c73a5c5ae7ea0f3c2f22e53038af6a95f5ceaa91abb56a7ac80f61c14745f359","sha512":"022d5049a89fd890cf7dfe7f9dd69ec344a8432089beeb71aa57df15721b4f150d9fd54c41e4b1ae3ae270d53492a902b96ee58958b788f10f9855158a1fdfe6","ssdeep":"","tlshash":"ac21bb87793747d80be975b501e50bfebd36802a7d409d854f28c8708716e67203aaf8","size":1197,"data":"","first_seen":"2023-03-07T12:09:41Z","last_seen":"2026-02-06T12:55:13.495089Z","times_seen":673,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/code/popup","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"74aa9b233d4cb24e480d21ca85c520f9","sha1":"1099de3f4cde73527845760c0a2b7613fa68c35a","sha256":"8801dcd7b48e00e2cf2dc8a30d3d6cddba2bb4dda64519fb133f5c4a7df60382","sha512":"75a2fcc28ba27a21aea24f3e9f38ec5d55b121b236f7d6868ca2962f72f9b3846a0e916663062b5e904dfac06a8e7d006bf634be862980c9e0d26b9fa53e9a04","ssdeep":"","tlshash":"e65154086ac35054491b682b5f6e466c7ca45137210ac56abccce1a03fc092f76f5ffb","size":3109,"data":"","first_seen":"2025-11-28T19:41:30.032424Z","last_seen":"2025-11-28T19:41:30.032424Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"introduction_type":"eval","is_inline":false,"md5":"a89c17fe41f8c30cded2b40d908b4046","sha1":"b2c0c22975ec2c2ccd36cbd55f7fe7dbc6fd53f3","sha256":"76589eaae47466b16f06ac5b6442d9534917f538b4fdce9dfd5bae0f3b1ad5a8","sha512":"0d2aef294f5e4082005f52991af5f2efe20dca4b2c10e17639e581fd642693e2c175d7d750c195fea6cf8783d14a413a54307c3ced4bbecb2caf0959f3465c2d","ssdeep":"","tlshash":"49e0c0463001b1b5c503a2edbe765f44b4050815340bc5b54719d4c0182704cd14efab","size":339,"data":"","first_seen":"2023-11-06T03:28:39Z","last_seen":"2026-02-06T12:55:13.500957Z","times_seen":603,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"introduction_type":"eval","is_inline":false,"md5":"adda90a1ec2ad44862c1bf03ef149447","sha1":"01c283dfbde9ea42c0125abf6645bc78fcbbc091","sha256":"aad90e46b64cc7d2c6ef9ff48543b90b48ddb89f4a5ef8df8b0c7150f66275a5","sha512":"2db34e32e7296f89fcacdbbe7887274bc218f1b31ca93cd67fc2272aeda756be85400f52b3ee2dd753afb5a13b428168b1fe160151460f4c7333e5753cdd5b9e","ssdeep":"","tlshash":"1a01940f62806af64cd9b3f769e755787871452a3c42d2b1120ce0c02026469e60ff8e","size":684,"data":"","first_seen":"2024-07-05T06:35:48Z","last_seen":"2026-02-06T12:55:13.49867Z","times_seen":161,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"1a690c2ca51da010f860dc45d4babb0f","sha1":"5c519a6c0f1289585613eb23625c094e0eca6082","sha256":"e3f27d0c5e2306f2847c38b003b0445522056dd92560765cc4172fb106cc09b4","sha512":"23553a009b53237db6fbdba9d5c78bc47266907aeb6e1ecff0f30cb99f78fb6ef54b7086d0417fea3ca71449d304cae1d5894f8ce7352002768bf1bcad543558","ssdeep":"","tlshash":"9a1165e5b30c8e5f18f561fd0f5231a898691e253240d8b3957e5283103392e95eee5f","size":1004,"data":"","first_seen":"2023-10-01T23:46:30Z","last_seen":"2025-11-28T19:41:30.04719Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"e755fdd751bd4f9f3cde772cfa34d7bc","sha1":"c89499b8146f17aeff6f7f778b5036ca056b4fc0","sha256":"2d27e47f4e4fd2de77d418a65c4f3347b905af7526036f12d4ddff5c995450cc","sha512":"03bc6b1b6addfafd28927412898d2e8705736f869fabca0126c361264fc20e954c3d809476a780d18524e9ccee64f43498ed6e0099b408600d8d8a16fda4f1d3","ssdeep":"","tlshash":"181165e5b30c8e9f18f561fd0f5231ac98691e653240d8b3957e5283103392e95eee5f","size":1004,"data":"","first_seen":"2023-09-09T22:26:14Z","last_seen":"2025-11-28T19:41:30.048799Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/js/site.js?24.25","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"0eb2c94b13c1aa0cc10ce3f12c120c68","sha1":"bd4c3f3c2d6119521d3add7d0db6c97cc9bb1595","sha256":"90e24367dfbc6bdc33371e34ae1e2d0b05c8fc92a6213b9cff8582809a7ec040","sha512":"ab0beba1da4c2e9bd1dd0fc154589da7d9ade304675898bdc8552a87bbfae1943fc8cca79cb1f6fcdf92f3335bc461c6c8160e3303e33e09d08d189513d79467","ssdeep":"1536:ByKgwaySkqBgdU4gARLkBT09pke8Jhe1/LpNzLJFKXVKW95MjggmBNFSJkG5Jt46:BNgwaySkBkBT09pke8JheNKxQjtmNFSx","tlshash":"a873299a7294283601ef7077aaae538c75710517b849cc50bc1c84a11fa0e67d6bbffd","size":76107,"data":"","first_seen":"2025-08-27T05:20:01.166216Z","last_seen":"2026-01-03T16:27:20.093575Z","times_seen":50,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"dab04c8631f41a7502729de26ef01283","sha1":"35fc5e7a7e8563ac8ade34359e936a4068035899","sha256":"7aba0ff8a112646941014dcb7e9c113e7df3d3370b2b1ef099c8f16348729c75","sha512":"80ccd20cdadc57d357add79b94b2e484183a2207993e25468c4164a96f3798e117955b834cad2366b7d3b009f4c2b99da62b996233cb12116e621a4234ab230d","ssdeep":"","tlshash":"63a0028f75c6b03826c64665047f460bf33cccc5a8a9b50df15890993da112dea32e88","size":71,"data":"","first_seen":"2024-08-02T10:10:17Z","last_seen":"2026-02-06T12:55:13.499661Z","times_seen":137,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"introduction_type":"eval","is_inline":false,"md5":"379686aa20f7045d96c393363f6d117e","sha1":"7b948699c1ec200169dc9c470be04809b5da42d2","sha256":"818d91b37b1e996c8afdfd05018b5780ff2be46b14430eaf5a166463bfe2f0c3","sha512":"213f899507b5493b8471072757c37a21aecd6dd4a314f95f5e632ed300b7b64c37112afd04914e1907b4eba9dd2cdcc43df234ded06d925b27ce3eaac294e5e1","ssdeep":"","tlshash":"28c09b9625567750059db19714da0bd77434008d1a4402859d2c9077902fcf732379f5","size":142,"data":"","first_seen":"2023-03-07T12:09:41Z","last_seen":"2026-02-06T12:55:13.497023Z","times_seen":752,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"campfun.rzb.ir/images/no_image.png","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /images/no_image.png HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 12 Aug 2023 16:24:04 GMT\r\naccept-ranges: bytes\r\ncontent-length: 38401\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38401,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 578 x 423, 8-bit/color RGBA, non-interlaced","md5":"480874c4d09ee78c62f3c54188da6d63","sha1":"87a5d589012b6154193c9b6b2ee85270d74a5db9","sha256":"1ecdb8bb333e1fd849a68901df9fc9df554838b7e76ac0b18597ea3d5b95a72a","sha512":"5cd2f927c2a677030627d7c55ae92f7948e2dcaf8855ab7e285f7205a6aaf80f1e5eb612139d2e3669dce2fcedaddd809d107418edb5de655eecf74f786efdd4","ssdeep":"768:N2cqxcMfKX51assfo5B3Fk4IsehrxQTYrfpjpwOx8u4lRJJvPZp2vc2:MBxcMfKX5Mtx4IsehFQTYr5KOSrJJnZI","tlshash":"7503e1ba66a6732fd54961ffac2f639416ce0002f0f5991d60c79dbad885c0930ec6f1","first_seen":"2023-08-13T03:11:55Z","last_seen":"2026-02-06T12:55:13.490369Z","times_seen":605,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/theme/ads/style_ads.css","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.rozblog.com/theme/ads/banner.html","date":"2025-11-28T19:40:59.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /theme/ads/style_ads.css HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.rozblog.com/theme/ads/banner.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sun, 28 Dec 2025 19:40:59 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 09 Jul 2024 13:12:26 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 720\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2133,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"692c3a98b1967065e9adad2c348e9d08","sha1":"b9558f78445af0ceb359403fc8e67ed995f3f5a7","sha256":"42f4dc74e88e0c6e8e4f16e13ae40a013004a3bfa842d6210dc3dcc6ebef0e26","sha512":"34a78306f45055916b55cae7bb45e64d2da200acbdec25a57193350b2c748b75efea34d80739c38a9e577ff68605eebfafac6a23edf14329e69163748a6877ad","ssdeep":"","tlshash":"a74142530a732901b807851d3bef524b336c8003469fcb6c7e957498cfca29845e17ec","first_seen":"2024-08-02T10:10:17Z","last_seen":"2025-12-08T23:23:46.687549Z","times_seen":139,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/theme/ads/ecommerce.png","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.rozblog.com/theme/ads/banner.html","date":"2025-11-28T19:40:59.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /theme/ads/ecommerce.png HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.rozblog.com/theme/ads/banner.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 09 Jul 2024 11:20:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 9747\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":9747,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced","md5":"31ce9ee51ccddf63254006e1393ee127","sha1":"00af5daa90da5823a622626fe4354ed2bd174237","sha256":"b618833a26e46f5eb75306ff53b14894f75030eb2b996f17273fe4ebe9038d80","sha512":"2376370165c94a536b69b8f7d25c5f43edfd99698254522915fb7eee57ea4881665ab89c527e08731988d892f1cc0320657a7a9149b614d649b4e6b256687a70","ssdeep":"192:qjv3tNvAq0uxC+zKW8yTZamIwvaiAQPiZcafDTGlHpsJBM7RdDC:Q9N46Y+bA07iZcafDihpxDC","tlshash":"cd12b0084f1dc17dd6796d8bb44869edb943fe420cd26b08986dd8b800f192b45db347","first_seen":"2024-08-02T10:10:17Z","last_seen":"2025-12-08T23:23:46.734786Z","times_seen":152,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/temp/music3/MTForumBlock_row.png","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /temp/music3/MTForumBlock_row.png HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Jul 2011 21:45:04 GMT\r\naccept-ranges: bytes\r\ncontent-length: 155\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":155,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 18, 8-bit/color RGB, non-interlaced","md5":"3ae7d651d73f3b247f9737655c53e08e","sha1":"476c9a585906552a1054a74f88de640142ce40f5","sha256":"d5496cde5cf105a1cf8c8fe59e0efefba5859a4fbff07a4701ec4f4a7c6e5ac5","sha512":"ea6d85b82c4650fa57dfa1b6624a09fa8989f42ec9ebb1ddee7321daa440e111b8c8ca0f36a9432d96bb450ef12218b960c9e120679b8843d9d1aa5247566497","ssdeep":"","tlshash":"20c02bd3bba01e68cce302b37504c424e8b38681cb3287b80c86e028d7b431c84d830b","first_seen":"2023-04-30T22:47:54Z","last_seen":"2026-02-06T12:55:13.468574Z","times_seen":214,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/temp/default/script.js","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /temp/default/script.js HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Fri, 05 Dec 2025 19:40:59 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 18 Jul 2018 10:51:39 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 231\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1197,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"0f79a0db21adf42d6692070342a13c8e","sha1":"bf3349841b9b81f0cb9b6694cbc5b4ebb8fe714a","sha256":"c73a5c5ae7ea0f3c2f22e53038af6a95f5ceaa91abb56a7ac80f61c14745f359","sha512":"022d5049a89fd890cf7dfe7f9dd69ec344a8432089beeb71aa57df15721b4f150d9fd54c41e4b1ae3ae270d53492a902b96ee58958b788f10f9855158a1fdfe6","ssdeep":"","tlshash":"ac21bb87793747d80be975b501e50bfebd36802a7d409d854f28c8708716e67203aaf8","first_seen":"2023-03-07T12:09:41Z","last_seen":"2026-02-06T12:55:13.495089Z","times_seen":673,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rozblog.com/temp/nuke/FBarrow.gif","fqdn":"rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /temp/nuke/FBarrow.gif HTTP/1.1\r\nHost: rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ncontent-type: text/html\r\ncontent-length: 707\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nlocation: https://www.rozblog.com/temp/nuke/FBarrow.gif\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":59,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":666,"timings":{"blocked":253,"dns":10,"connect":133,"send":0,"wait":130,"receive":0,"ssl":137},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/temp/nuke/FBarrow.gif","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /temp/nuke/FBarrow.gif HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://campfun.rzb.ir/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/gif\r\nlast-modified: Sat, 26 Nov 2011 12:58:49 GMT\r\naccept-ranges: bytes\r\ncontent-length: 59\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":59,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 9 x 9","md5":"08f58683f752ec50ab890d4162cf9a03","sha1":"2a0e3923b77ab35c273bf5307fc980f4d4de42fe","sha256":"d8359b38e288d654bf46c6c01ea58f896a998390f848ca99eb4015900f1cdb42","sha512":"21fa2c2f74c37f5710e2e6caabbce93948d443537ae758f37780d4276fb8dbed26751e2b5641946f4e8870ffc5fb67cc562e4b57963ed0ee1457a49621715cad","ssdeep":"","tlshash":"c4a00286cd994115c15060370e264351f7e9e1168d1c6e315675a611ac760712787222","first_seen":"2023-04-30T22:47:54Z","last_seen":"2026-02-06T12:55:13.491598Z","times_seen":222,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rozup.ir/view/1029756/amir-tataloo-www.98lovers.ir.jpg","fqdn":"rozup.ir","domain":"rozup.ir","tld":"ir"},"ip":{"addr":"79.127.127.67","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozup.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 21 Nov 2025 19:39:09 GMT","end":"Thu, 19 Feb 2026 19:39:08 GMT"},"fingerprint":{"sha1":"36:F2:6E:AC:94:2E:08:9A:AC:C8:31:25:0A:84:55:92:95:8E:69:19","sha256":"D9:AC:42:FA:F8:F1:62:0E:7D:71:0A:FA:BD:3C:9E:59:D3:6D:4D:C1:E1:01:53:64:0E:E8:0D:DF:98:AD:8F:58"}}},"request":{"raw":"GET /view/1029756/amir-tataloo-www.98lovers.ir.jpg HTTP/1.1\r\nHost: rozup.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 10 Dec 2015 12:28:42 GMT\r\naccept-ranges: bytes\r\ncontent-length: 46261\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent,User-Agent\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":46261,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 500x500, components 3","md5":"9f9c67ea4ba0d5aa7898cf5099aa8138","sha1":"da0d480ba73f8655943cf8fa27bd36965ccee22c","sha256":"1224b600b92cdc8a9dedb552de5327239d6127da48f41aadc5f2ffa8568bd963","sha512":"ddf7f2f414bd7366380478f12fb85d456120e4f101137733c69f5992e783ff7346567557b2b4ba09557c5c5bbf0a9092d3502a85c45e592abf3a8dde0292e8fd","ssdeep":"768:LbWza2V+akNjY8vwV54D/5m8ThWAZeLKUK77GoYEZJAMGduTjYG+ZFjVKd/d727:vs3kNjYOi5MLsZK77CEZqMG8Y9DwdO","tlshash":"93230277671b18bdae2037429e9736b27a8fa11017c7943a9ecd239fe041871b2d415c","first_seen":"2025-03-01T09:29:46.766433Z","last_seen":"2025-11-28T19:41:30.004945Z","times_seen":2,"resource_available":false,"data":null}},"time_used":924,"timings":{"blocked":226,"dns":25,"connect":110,"send":0,"wait":442,"receive":3,"ssl":115},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"rozup.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/%E3%82%9C%20%E3%81%AF%E3%83%BC%E3%81%A8%20%E3%82%9C_m.gif","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.357Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/%E3%82%9C%20%E3%81%AF%E3%83%BC%E3%81%A8%20%E3%82%9C_m.gif HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Pictures/462485088.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.378Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Pictures/462485088.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/temp/tarahi/fonts/fontawesome-webfont.woff?v=4.2.0","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /temp/tarahi/fonts/fontawesome-webfont.woff?v=4.2.0 HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/temp/tarahi/styles.css\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002; c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; c_t=245676929facb5daa9334821882257007636\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sun, 30 Nov 2025 19:40:59 GMT\r\ncontent-type: font/woff\r\nlast-modified: Thu, 26 Feb 2015 19:00:20 GMT\r\netag: \"ffac-54ef6d44-11fea27943efc11b;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 65452\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\naccess-control-allow-origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65452,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 65452, version 1.0","md5":"d95d6f5d5ab7cfefd09651800b69bd54","sha1":"7d65e0227d0d7cdc1718119cd2a7dce0638f151c","sha256":"199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1","sha512":"e96012d2fcd5df03c2f7385c9ee2a2932b3909659d59e32bf3155e102eaf9eb7b4b00c5806c892ace1b8f4bdb58630fb20868ad368c771bd8d2aad7749b7a399","ssdeep":"1536:WhdmBOT/dMBXSeRkzJBJlLsZrzhWaSU82n:WLmBs/dMduJBJl2nQan","tlshash":"4f53023b2a717a74b8f5cda4af04f33229dbfe99f8840472d52a1b5a84671185b04b19","first_seen":"2023-04-06T01:39:02Z","last_seen":"2026-04-06T07:28:58.576633Z","times_seen":10843,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":144,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/s-mohammad-h/goooooo.gif","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.384Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/s-mohammad-h/goooooo.gif HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Pictures/638205726.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.777Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Pictures/638205726.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/s-mohammad-h/talagh.gif","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.790Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/s-mohammad-h/talagh.gif HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Pictures/300259198.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.791Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Pictures/300259198.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/1393/esfand/Yas-Bad-Shodam.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.374Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/1393/esfand/Yas-Bad-Shodam.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Pictures/638205726.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.386Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Pictures/638205726.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/temp/music3/MTForumBlock_row_over.png","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /temp/music3/MTForumBlock_row_over.png HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Jul 2011 21:44:44 GMT\r\naccept-ranges: bytes\r\ncontent-length: 139\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":139,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 18, 8-bit/color RGB, non-interlaced","md5":"1fd885e3d0a8fc062470706ae84ea56b","sha1":"f0e6c850b1794c523ca16bf087054cb843daf6fa","sha256":"e0dc411ff39139fd39b2cf6d027ab2d56fbd3b51bacc0935e1ae284e65c64e40","sha512":"ff0a1ac5f72a436770ea8b46170c92731bcfeaad208f2cd4481746a4ad2e44b53d2bb65c08c58cf99e84fe7c8347240c21bd0dff183cdf62b80c57a3e0b6adb9","ssdeep":"","tlshash":"47c02bc2bae0cc3cec1211f1c1188031c46347148102c5b0098a88303b29f0880ec503","first_seen":"2023-04-30T22:47:54Z","last_seen":"2026-02-06T12:55:13.474243Z","times_seen":221,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/weblog/file/loading/88.gif","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /weblog/file/loading/88.gif HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/gif\r\nlast-modified: Thu, 02 Feb 2012 21:52:24 GMT\r\naccept-ranges: bytes\r\ncontent-length: 5972\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5972,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 50 x 50","md5":"093445ee241c72e6dca01dc570c230dc","sha1":"32adb71ec06b5d29ec62c5511328d5970228b86d","sha256":"d40495f2a0e830c47fe4cd50574c68e206292f63545a0684516db0cd8716ee0e","sha512":"d3d9260079f2b7d1e41c98ccca20e3686fbdd8cf2e1127b6ef094005ce663e5666c40779a7d935481aa87d336c85eb61c42f51374644d65ab38dd6472f18362c","ssdeep":"96:dD5LqSj7XIoUML80xiPwPAEUjVY6uJps1PyszUUWOy6zHABe8jP5l9b:CkbI38nnPAfjVY7ahzvFy6zHo5lJ","tlshash":"72c18e1fedb23e02c6d422fa4c5a0e817f40a7fd053e512880ba4aef560953db95b525","first_seen":"2023-04-11T01:49:35Z","last_seen":"2026-02-06T12:55:13.465649Z","times_seen":726,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Temps/ver2/cover1.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.372Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Temps/ver2/cover1.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/temp/tarahi/fonts/yekanregular.woff","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /temp/tarahi/fonts/yekanregular.woff HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/temp/tarahi/styles.css\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002; c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; c_t=245676929facb5daa9334821882257007636\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sun, 30 Nov 2025 19:40:59 GMT\r\ncontent-type: font/woff\r\nlast-modified: Thu, 26 Feb 2015 19:00:25 GMT\r\netag: \"53fc-54ef6d49-80b982f1d7ce7ee2;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 21500\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\naccess-control-allow-origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":21500,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, CFF, length 21500, version 2.0","md5":"05727d32400b2008acbf7fc49251ede0","sha1":"b6c1a82539a2531eb1aad7d1cf05554d5a999154","sha256":"da78e001fab6f5d7b1c68e17d00fb1595c9b10085d6769a86aeb6a39dc7e43d6","sha512":"9fd195b3deb5695931c1809340082c0fcfb46302573d3b1dd75e68c62318e00d09d10c982a7ab15ecf3effef8f5a41c9633258d6ac9893cc5dae3b86d281ccaf","ssdeep":"384:NWGKLG8v6wG3FShn4PZKStFsEhRBpj8wroxx711afjChp2GWgHW99FAw048cih:QZ3QFWn4PZpFhPjyp1afmhHWgHWxAn4A","tlshash":"23a2f185ca810503d12b74fc71af71a3926ac2acfb3a4ada15982f547e07741376fd34","first_seen":"2023-04-11T06:00:03Z","last_seen":"2026-04-05T20:43:27.762875Z","times_seen":812,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rozblog.com/temp/music3/MTForumBlock_row.png","fqdn":"rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /temp/music3/MTForumBlock_row.png HTTP/1.1\r\nHost: rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ncontent-type: text/html\r\ncontent-length: 707\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nlocation: https://www.rozblog.com/temp/music3/MTForumBlock_row.png\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":155,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rozblog.com/temp/rang/like.png","fqdn":"rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /temp/rang/like.png HTTP/1.1\r\nHost: rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ncontent-type: text/html\r\ncontent-length: 707\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nlocation: https://www.rozblog.com/temp/rang/like.png\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2272,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/include/captcha/cap9.php","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /include/captcha/cap9.php HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-type: image/png\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2668,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 30, 8-bit/color RGB, non-interlaced","md5":"4cb467e79b675395ee3f7c6857850939","sha1":"fcf560bc6b425cbd8c878dd6cdae5a1e55d43fe4","sha256":"9d18c683585df5c526c93d92b0e7aebd9775d0f21d0b9e40578c9eeef31ee52d","sha512":"913951ee40b969a2959c932a4307b941c833971bf89f58e9d1f7b72635c2e57d3bd0121f327fb64bbe2f6c3060970fb0ff1f23f2c21774464fde44801e0268df","ssdeep":"","tlshash":"a4513b6b8a13d71d540437d96f84b1df2e6e0f4945a45188946aa9b3b3b4080bdc0a03","first_seen":"2025-11-28T19:41:30.010249Z","last_seen":"2025-11-28T19:41:30.010249Z","times_seen":1,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":172,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/temp/tarahi/fonts/wdtv.woff","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.549Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /temp/tarahi/fonts/wdtv.woff HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/temp/tarahi/styles.css\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002; c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; c_t=245676929facb5daa9334821882257007636\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sun, 30 Nov 2025 19:40:59 GMT\r\ncontent-type: font/woff\r\nlast-modified: Thu, 26 Feb 2015 19:00:22 GMT\r\netag: \"3938-54ef6d46-daf654b8921ad10f;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 14648\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\naccess-control-allow-origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14648,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 14648, version 1.0","md5":"259c4490256daceb6a5f275cee137627","sha1":"5c0eae14870f1ec6527aa64f3f675cb9063034ee","sha256":"bd4bdb99aa4a1cf56a05d7a913dce42b23b4cb021148b0a0f22d836105d98fc5","sha512":"6bfe4f97626fe0e9c6ef2b906352c8f69812d114e0b35464aa5a694ca33481863d81ca096947966013a03b5d25c4c3cf3e81104cb857d24bbf283d28605c60b0","ssdeep":"384:erHaPOP8ZC3vtK3McV/2LAHeoz8arU1ESEoZ+g8:eTatUvo3H/p5r6ESEoS","tlshash":"b562d09299687207f2d9e33d4397e3118b26120ac50fb7978bc0e16b3d250a1472f0eb","first_seen":"2023-04-30T21:09:21Z","last_seen":"2026-02-06T12:55:13.48721Z","times_seen":639,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Pictures/312714896.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.763Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Pictures/312714896.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/theme/ads/arrow-left.png","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.rozblog.com/theme/ads/banner.html","date":"2025-11-28T19:40:59.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /theme/ads/arrow-left.png HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.rozblog.com/theme/ads/banner.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 09 Jul 2024 11:20:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 4167\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4167,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced","md5":"46391ce1d25fa254f516224c73a046c7","sha1":"95329d21a757541712e4b80a9bec8956e9b73225","sha256":"786bf14fc49d5da14aa7da62d92e119c4e9c652430a071fdb77ccaf2949e640d","sha512":"e1d95d09707dcaf2ccb555aa42cf473420b666f43d4946b90cca8705a86f77227dccf54841b23fc826bc9b2aa4bf538a6e739de0c0b8086d31e588ac9ea33ead","ssdeep":"96:tbHMFGKKjnYy8QzTEPnPitmqECU8mKo3cqzgVb1QHyL6BZ:tbswYyUumq2v3cy8baSLw","tlshash":"c7815cf120526cb78908a21f7628e1d0c994d702e96ee434783fbb9c1d92cb6474f556","first_seen":"2023-09-19T12:06:39Z","last_seen":"2026-02-13T21:59:16.936241Z","times_seen":175,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/temp/rang/like.png","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /temp/rang/like.png HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 14 Feb 2015 11:52:19 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2272\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2272,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 42, 8-bit/color RGBA, non-interlaced","md5":"dd370ffbcd679da0d5c8547f34c6e2fb","sha1":"6df3b9ec0e82b1a6ef41bc83041d2b2e16200077","sha256":"2f14531974b17d9fd89de532694faf69ed7aa61b04ea990108b138d772ba96f7","sha512":"c25d651e5ea9f355ea8433ca7637fc5b0c5dba47a3d60bfa1f30ab046bead127f708925135e5db3366e67b851fd79a4d553e9951ae027daa82fc569ea2ec6862","ssdeep":"","tlshash":"5c412956b8207541da8187a324eb8077bab94440caace135938bc58e0f681f28f1ead7","first_seen":"2023-04-11T01:49:36Z","last_seen":"2026-02-06T12:55:13.483494Z","times_seen":217,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/editor/ckeditor/plugins/smiley/images/26.gif","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /editor/ckeditor/plugins/smiley/images/26.gif HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/gif\r\nlast-modified: Mon, 12 Mar 2012 09:37:46 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1976\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1976,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 24 x 18","md5":"62af1f420b2896a856f182bf303fa3b1","sha1":"632e1966270b4531a9f5c70f52e4c1fe2022e616","sha256":"36e5f9dae6196afe30c94a2032d214827192cfe1a3508bdb950dc14e669dc2ae","sha512":"b3d4905db5c8f05f5171dc63f8527c10877be7e3443df646954bd4fc0d21bf819f4246cd9da6fe40344b11cb0239dd408b20c3dc78f3a0ffc451792aac913371","ssdeep":"","tlshash":"83412054d4a703c29e3983337f48af0d66ca06129d2dde0ae46b9995a2f9178cf8818c","first_seen":"2023-10-26T10:02:26Z","last_seen":"2026-04-01T04:22:52.620785Z","times_seen":20,"resource_available":false,"data":null}},"time_used":531,"timings":{"blocked":288,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":152},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/editor/ckeditor/plugins/smiley/images/42.gif","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /editor/ckeditor/plugins/smiley/images/42.gif HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/gif\r\nlast-modified: Mon, 12 Mar 2012 09:38:12 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2170\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2170,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 36 x 18","md5":"d030c26b15c97c41db66f9d1ab88401c","sha1":"dd7bfd6f86db2fb9700c529ec3550f81da9cb34a","sha256":"1b96c9213549528cfbfd30332ca1756952397d415b5710b5697ffb8022f26532","sha512":"0a2efda29825c2910a707676562b6d7c549177c0feb0afbadfd66d54cf45ff618a70c70f16e05f0c01918d29ddb80aadf3965e2678aed33a15c400772b404778","ssdeep":"","tlshash":"ab4182846c226548cef97b75092b0e2f5f1d23b948fce65e062e62e0e5e03fc100d648","first_seen":"2023-10-26T10:02:27Z","last_seen":"2026-04-01T04:22:52.535303Z","times_seen":20,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":-1,"dns":1,"connect":95,"send":0,"wait":91,"receive":0,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Pictures/312714896.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.376Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Pictures/312714896.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Pictures/729925124.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.784Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Pictures/729925124.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rozblog.com/temp/music3/MTForumBlock_row_over.png","fqdn":"rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /temp/music3/MTForumBlock_row_over.png HTTP/1.1\r\nHost: rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ncontent-type: text/html\r\ncontent-length: 707\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nlocation: https://www.rozblog.com/temp/music3/MTForumBlock_row_over.png\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":139,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/temp/site.css?38.5","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /temp/site.css?38.5 HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sun, 28 Dec 2025 19:40:59 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 21 Jul 2025 11:37:54 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 16500\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73922,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (7735)","md5":"8739d80993e720c06af869fd2991f977","sha1":"d971d921edd962f275b433e6edebd7c7427b22d3","sha256":"a68f495d2ff7aeaeb4e3bfce8bdd42c028f96ba1f849492c808d7689401c045c","sha512":"63100c93d36243b259711430e5ab7333f245320fa6218ebcf69bca57e03661849545e296aa56fef5162df750a4c5dd5c8c00cd0c746800d0dfa2d760a5c7aead","ssdeep":"1536:SttjGlSpKNnUclDrUFzphPXlbTE2hgLkWGhBtrjgUxhwKHlN0P7FKzlpMr7pKioZ:IbpKNnUcZr0lFG4Jl8xc","tlshash":"af73ea62d9402119b023ca6979e56bdd32294113a71f4ffffd623138cb8b2d51a33b4a","first_seen":"2025-07-22T22:54:21.519426Z","last_seen":"2026-02-06T12:55:13.479213Z","times_seen":63,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/temp/pro/ads_468.jpg","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /temp/pro/ads_468.jpg HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 20 Feb 2015 09:52:01 GMT\r\naccept-ranges: bytes\r\ncontent-length: 6286\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6286,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.00, resolution (DPI), density 96x96, segment length 16, comment: \"LEAD Technologies Inc. V1.01\", baseline, precision 8, 468x60, components 3","md5":"db8cac5e50e0f1be65a3ec0756ea6612","sha1":"3053609e1039ab6d0d0be6adefeaf7ba7a243cf6","sha256":"8f10f1e719bda34ecfc3af6b50f8273e9c9676d10612eff12aad2382d458ef1d","sha512":"72b6dae7552434b07c243ae68b5e2edab0ff53c0173b2e093ce3dcd7a179f6cbf3ffa43f6d34e52f53eaed3d1297374ded1cfb0daf10c27e28b51c15d5988e1f","ssdeep":"96:YyzE1AaaaaaBq7GEY3l6PyjUXdol4pbCk3juGU8T7UYBEWv1TNDGA8n640+Y2yn:DhaZV6+MdDtClYU2B0A8A+An","tlshash":"d3d1c57b658b10f1e74d90e2790857c679e2b3be8f37d5b356999f81be88c1825c900c","first_seen":"2023-04-11T01:49:36Z","last_seen":"2026-02-06T12:55:13.492107Z","times_seen":638,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rozup.ir/view/1028142/54.jpg","fqdn":"rozup.ir","domain":"rozup.ir","tld":"ir"},"ip":{"addr":"79.127.127.67","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozup.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 21 Nov 2025 19:39:09 GMT","end":"Thu, 19 Feb 2026 19:39:08 GMT"},"fingerprint":{"sha1":"36:F2:6E:AC:94:2E:08:9A:AC:C8:31:25:0A:84:55:92:95:8E:69:19","sha256":"D9:AC:42:FA:F8:F1:62:0E:7D:71:0A:FA:BD:3C:9E:59:D3:6D:4D:C1:E1:01:53:64:0E:E8:0D:DF:98:AD:8F:58"}}},"request":{"raw":"GET /view/1028142/54.jpg HTTP/1.1\r\nHost: rozup.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000\r\nexpires: Sat, 28 Nov 2026 19:41:00 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 09 Dec 2015 21:21:07 GMT\r\naccept-ranges: bytes\r\ncontent-length: 89693\r\ndate: Fri, 28 Nov 2025 19:41:00 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent,User-Agent\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":89693,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 1024x768, components 3","md5":"26d9f2da766aa39681405240d01e237b","sha1":"0338aed6b32567981f6f6f55827ee09a70029749","sha256":"8b68f9efc8055cae519eb4ef64a7443984a2500e6c9fe67b9ba34f341db8b1f7","sha512":"06e047e4a1bd29abe81131236e60d4b07c047f68d8db2cdef454961f83bd69f280b4b5614941a1eba265ff17986d80562d3c8f0fa4c195ca17fc325d7d8513b0","ssdeep":"1536:CpMLe2arH9T27yRQT0ImJY5v/FHGWTSCXwgdaF3Khkr3u8G5IgrGP+TafbwpEVYp:2MnqY7yRQPmJYV9TS7gHkXGOP+TS2ElW","tlshash":"cc930213fc091bc4863620c2bd9f1f186f11bb0ea4d6aaaf00115e536d716b6fa4e5cb","first_seen":"2025-03-01T09:29:46.767408Z","last_seen":"2025-11-28T19:41:30.021224Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1076,"timings":{"blocked":271,"dns":26,"connect":132,"send":0,"wait":398,"receive":106,"ssl":138},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"rozup.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/js/site.js?24.25","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /js/site.js?24.25 HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Fri, 05 Dec 2025 19:40:59 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 24 Aug 2025 20:58:52 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 16907\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":76107,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2911)","md5":"0eb2c94b13c1aa0cc10ce3f12c120c68","sha1":"bd4c3f3c2d6119521d3add7d0db6c97cc9bb1595","sha256":"90e24367dfbc6bdc33371e34ae1e2d0b05c8fc92a6213b9cff8582809a7ec040","sha512":"ab0beba1da4c2e9bd1dd0fc154589da7d9ade304675898bdc8552a87bbfae1943fc8cca79cb1f6fcdf92f3335bc461c6c8160e3303e33e09d08d189513d79467","ssdeep":"1536:ByKgwaySkqBgdU4gARLkBT09pke8Jhe1/LpNzLJFKXVKW95MjggmBNFSJkG5Jt46:BNgwaySkBkBT09pke8JheNKxQjtmNFSx","tlshash":"a873299a7294283601ef7077aaae538c75710517b849cc50bc1c84a11fa0e67d6bbffd","first_seen":"2025-08-27T05:20:01.166216Z","last_seen":"2026-01-03T16:27:20.093575Z","times_seen":50,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/s-mohammad-h/sory.gif","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.383Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/s-mohammad-h/sory.gif HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/1393/esfand/9b82a8c54c082ed34f547_960.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.756Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/1393/esfand/9b82a8c54c082ed34f547_960.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/1393/esfand/Amir-Tataloo-Bade-Zemestoon.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.775Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/1393/esfand/Amir-Tataloo-Bade-Zemestoon.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/%E3%82%9C%20%E3%81%AF%E3%83%BC%E3%81%A8%20%E3%82%9C_m.gif","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.750Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/%E3%82%9C%20%E3%81%AF%E3%83%BC%E3%81%A8%20%E3%82%9C_m.gif HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/theme/ads/Vazir.woff","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.rozblog.com/theme/ads/banner.html","date":"2025-11-28T19:41:00.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /theme/ads/Vazir.woff HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.rozblog.com/theme/ads/style_ads.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sun, 30 Nov 2025 19:41:00 GMT\r\ncontent-type: font/woff\r\nlast-modified: Tue, 09 Jul 2024 11:20:37 GMT\r\netag: \"d2f4-668d1d05-beec0b8c8b94f6c8;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 54004\r\ndate: Fri, 28 Nov 2025 19:41:00 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\naccess-control-allow-origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54004,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 54004, version 0.0","md5":"abdaaf2e791f4416323efffec0a85b49","sha1":"a9a3ee5482b64dd5792a0845e576806c79354118","sha256":"2bcfbc8d9cbea056d3c0a8e511a28ef7461748230cec56b40ac0952058725adb","sha512":"6c688e792401b49f9345d3f5e16404a9b46bf8e4fb6f92d8ea6a4f6de81d71e8658552f1d63484acede23f04a898d007bf7485a714bf3dcd16674ac9f302584e","ssdeep":"1536:V2CG2swwg5u+mKH7ZTH9qGOE6D7nPhp6TOWxiH+nO52/PBLF/8:8C4U7mKHvFOEujPbNM9/JLF/8","tlshash":"a03302dc9b7d041ecaa36280d66235bbc2c16dcb1e61705f03c94c9eb6abe5d61213f5","first_seen":"2023-12-20T00:18:37Z","last_seen":"2025-12-08T23:23:46.69718Z","times_seen":153,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":139,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/temp/tarahi/styles.css","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /temp/tarahi/styles.css HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sun, 28 Dec 2025 19:40:59 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 26 Apr 2025 17:17:16 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 5510\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23039,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"d52d78ef23e2ca640b2d9cdc8be85be2","sha1":"ad6dab470d0c15dd48d0b782caf43c613af70e49","sha256":"02e3d17280c575aa44146c87a52c86e1b62c0e95ee0cb5632e67369192eb35c6","sha512":"222376763b2dea13e1456029915dbbf4feea34d4b69e5739aaea1d7c7f1e73b75c535b2f8d6a4bc4d9fbb20e52107fcf32492bd38071fa98f76bfd194511ba9c","ssdeep":"384:qDeYKF+vVVSN0MyrVCp7sh2aOhYkbQ0SoPQ/ah0/rrtoNeodhBoygcFpAe:GeUVMN0MyrVCp7sh2aOhYkbxSsQH/rmz","tlshash":"c5a2946d8a0210495333c96aabf15a956f3c4063ff0b07997fe17634e6939bc1971bc8","first_seen":"2025-04-28T02:17:34.927613Z","last_seen":"2026-02-06T12:55:13.469532Z","times_seen":66,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/editor/ckeditor/plugins/smiley/images/22.gif","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /editor/ckeditor/plugins/smiley/images/22.gif HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/gif\r\nlast-modified: Mon, 12 Mar 2012 09:37:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 613\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":613,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 18 x 18","md5":"ce342dd366fa6ca26f97affd167e4d24","sha1":"7663109ccb56658351b3df4474b4b9a41fa5011a","sha256":"1e42a23eb790c639d5228b2f20fc786d95c659c0f4f3d66ffe85e30c1b2d8067","sha512":"dfb4839b6632655de1a7666c6c7547be694ec542aa0bf80c85a4d5901a548a1ab3448d5f9de4fa91e86637d6d465290f5d1f1a833fea5a234b27a0096f4b943f","ssdeep":"","tlshash":"b7f041ded504da02f6efe4d42c4c8ce8430129368cfd2383e81d6864a0c7cbe219a259","first_seen":"2023-06-05T23:50:44Z","last_seen":"2026-04-01T04:22:52.540632Z","times_seen":19,"resource_available":false,"data":null}},"time_used":685,"timings":{"blocked":287,"dns":5,"connect":146,"send":0,"wait":91,"receive":0,"ssl":152},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/editor/ckeditor/plugins/smiley/images/25.gif","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /editor/ckeditor/plugins/smiley/images/25.gif HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/gif\r\nlast-modified: Mon, 12 Mar 2012 09:37:44 GMT\r\naccept-ranges: bytes\r\ncontent-length: 7815\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7815,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 30 x 18","md5":"73ee4ab7ce337d752cbeb90b8479835a","sha1":"e7412bddf83298a9e6727994f240a0ba450f2228","sha256":"4082ac8d4d6a325b27f998b4413f5e127019ea13b5da0151ad6e3a04f91e6db6","sha512":"84cad9b77296c344f345e1c6d7c413d6ca6e6526168ea315e8609e3c2a9f554da11e749b5907ec55320cf1810436e92ebdfcdf3101de4492c9b22588f1fbc6a1","ssdeep":"96:5vDiWDvZ6YZC3RXDvZ6YZC3RXDvZ6YZC3RXDvZ6YZC3RaDvZ6YZUB5w:5LiWDhOFDhOFDhOFDhOoDhuy","tlshash":"77f175c469c28495e88166bff3ceaffe05fc801f8255628d94369380b7a191a85df8a5","first_seen":"2023-10-26T10:02:26Z","last_seen":"2026-04-01T04:22:52.742137Z","times_seen":20,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":-1,"dns":3,"connect":149,"send":0,"wait":91,"receive":1,"ssl":113},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/1393/esfand/9b82a8c54c082ed34f547_960.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.368Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/1393/esfand/9b82a8c54c082ed34f547_960.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Pictures/729925124.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.387Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Pictures/729925124.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Pictures/j677mgv38dmt2juoiyzx.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.389Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Pictures/j677mgv38dmt2juoiyzx.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/1393/esfand/Yas-Bad-Shodam.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.760Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/1393/esfand/Yas-Bad-Shodam.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-28T19:40:58.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-language: fa\r\nset-cookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; path=/; secure\nid_guest=9057949002; expires=Sun, 28 Dec 2025 19:40:58 GMT; Max-Age=2592000; path=/; secure\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding,User-Agent\r\ncontent-encoding: gzip\r\ndate: Fri, 28 Nov 2025 19:40:58 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":112637,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1906), with CRLF, LF line terminators","md5":"41fd21c1252ec05f9d8e171790476fd5","sha1":"5960a9b5be10937fbe05c4d55a61bfdd5f96e3d2","sha256":"f89a4e0a59501537b324f47c55256243cc28f70f7dba3c4579296dd6b216400e","sha512":"8e64dcbb50cca94410ee248dab967db61b4438e7254c2a7353674de8c873464f3016473c3b3e2633f602eea6990ffbb474516a8a0d6e709ee5771b78c166d96b","ssdeep":"1536:p1JesgNBUeGhmFSeJ4z7Zemeb1emNeeq8eIeueceYneIeI+y1w70c5XC+00TUfGW:HgNBUeGOR11EZs","tlshash":"dab31ea201d459330277ca9465a17b3cde82892bdb878d01b2ee0ba71ff7f61dd07259","first_seen":"2025-11-28T19:41:30.030113Z","last_seen":"2025-11-28T19:41:30.030113Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1363,"timings":{"blocked":369,"dns":157,"connect":101,"send":0,"wait":625,"receive":0,"ssl":107},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/code/popup","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.313Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /code/popup HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-language: fa\r\ncontent-type: text/html; charset=UTF-8\r\nexpires: Mon, 26 Jul 1997 05:00:00 GMT\r\nlast-modified: Fri, 28 Nov 2025 19:40:59 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0,pre-check=0\r\npragma: no-cache\r\nset-cookie: c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; expires=Sat, 29 Nov 2025 19:40:59 GMT; Max-Age=86400; path=/; secure\nc_t=245676929facb5daa9334821882257007636; expires=Sat, 29 Nov 2025 19:40:59 GMT; Max-Age=86400; path=/; secure\r\nvary: Accept-Encoding,User-Agent\r\ncontent-encoding: gzip\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3109,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text","md5":"74aa9b233d4cb24e480d21ca85c520f9","sha1":"1099de3f4cde73527845760c0a2b7613fa68c35a","sha256":"8801dcd7b48e00e2cf2dc8a30d3d6cddba2bb4dda64519fb133f5c4a7df60382","sha512":"75a2fcc28ba27a21aea24f3e9f38ec5d55b121b236f7d6868ca2962f72f9b3846a0e916663062b5e904dfac06a8e7d006bf634be862980c9e0d26b9fa53e9a04","ssdeep":"","tlshash":"e65154086ac35054491b682b5f6e466c7ca45137210ac56abccce1a03fc092f76f5ffb","first_seen":"2025-11-28T19:41:30.032424Z","last_seen":"2025-11-28T19:41:30.032424Z","times_seen":1,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Pictures/j677mgv38dmt2juoiyzx.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.799Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Pictures/j677mgv38dmt2juoiyzx.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/editor/ckeditor/plugins/smiley/images/43.gif","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /editor/ckeditor/plugins/smiley/images/43.gif HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/gif\r\nlast-modified: Mon, 12 Mar 2012 09:38:14 GMT\r\naccept-ranges: bytes\r\ncontent-length: 613\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":613,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 18 x 18","md5":"7ef4a33e7818e2040a902a808397a8a4","sha1":"3d94e8e9c0b8671bd60b151be32957f38a40ec95","sha256":"c7f643830bd84bf1dcab1a3e01f3c9545c93cd9bbd9604946cd3a7f0d635e2b6","sha512":"89ed124e2a605a77d81c19c7e3035141a5e4cbf2cfa439e9b82cc1a4cdc3a33f5d18958a320e037e121208f916f069df307f1933c01d9d0ffde558885f2d3ccf","ssdeep":"","tlshash":"def0471e850004c4689798c59ad20e420b4830f9bc73710d645dea077cdddbc69a5445","first_seen":"2023-06-05T23:50:44Z","last_seen":"2026-04-01T04:22:52.713723Z","times_seen":21,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":-1,"dns":2,"connect":92,"send":0,"wait":91,"receive":0,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Pictures/300259198.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.388Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Pictures/300259198.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.rozblog.com/theme/ads/banner.html","fqdn":"www.rozblog.com","domain":"rozblog.com","tld":"com"},"ip":{"addr":"79.127.127.68","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.682Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozblog.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 18:03:55 GMT","end":"Thu, 12 Feb 2026 18:03:54 GMT"},"fingerprint":{"sha1":"74:FD:60:EF:8B:A3:73:6F:19:7F:50:4C:9B:8E:75:AA:6E:25:6B:FC","sha256":"61:8D:F8:42:93:66:59:AF:60:96:0B:69:88:CF:14:21:4D:41:18:88:15:C8:0B:85:D5:C9:F8:36:CE:6E:F8:C1"}}},"request":{"raw":"GET /theme/ads/banner.html HTTP/1.1\r\nHost: www.rozblog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=172800\r\nexpires: Sun, 30 Nov 2025 19:40:59 GMT\r\ncontent-type: text/html\r\nlast-modified: Tue, 09 Jul 2024 13:12:26 GMT\r\netag: \"48e-668d373a-e09a3ebd605f281b;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 487\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1166,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"0377aa42bd9e5ae1f2f2ddcb3ea29535","sha1":"bf289dd5d859564f1e39f5a688da73cb4e449ee2","sha256":"10bffb52c4cf3d40076d6130313040979d065ac405fdb398de59495707ff6122","sha512":"5261a89c386df7653e3032a84aa33c12e4a2b3e765a3394d696167ddbaa0328fbe663a5bbf3987bf70a581cb72951e3a4ac3497e3265d5d4a220bcb389e5dc46","ssdeep":"","tlshash":"0c21e15300796037714341d433b57b06d1d2ba61e682cb54d1f2a7ba2bf8da2dc5f32a","first_seen":"2025-04-15T21:02:52.703138Z","last_seen":"2025-12-08T23:23:46.691809Z","times_seen":80,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Pictures/462485088.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.765Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Pictures/462485088.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/s-mohammad-h/sory.gif","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.766Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/s-mohammad-h/sory.gif HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/s-mohammad-h/goooooo.gif","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.771Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/s-mohammad-h/goooooo.gif HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/theme/rozblog_v4/favi1.ico","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:41:00.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /theme/rozblog_v4/favi1.ico HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002; c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; c_t=245676929facb5daa9334821882257007636\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Sat, 28 Nov 2026 19:41:00 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Tue, 18 Nov 2014 15:12:07 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1150\r\ndate: Fri, 28 Nov 2025 19:41:00 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"129e0e4681906fae60ea32d066a7b4c5","sha1":"33c024415db44baa3aba0f13df1399d9b81ac9e6","sha256":"0a14eb14e53df8201b78084ab9a276a1f4ca01e55a20c3b8b0b6f3b660ee3ff0","sha512":"2bb170137d545c1cb80268ab9a39a356be4b50147e1007d571b902b69d5864d353b2f5218d08df8971098dfab16e0480b1863a089e77d171bda286d4ceadfb87","ssdeep":"","tlshash":"5721080e89f7cb0cd0138e3810c2877a07aa91e040601ec70c03b2546ad9cb457ce3d9","first_seen":"2023-04-30T21:09:21Z","last_seen":"2026-02-06T12:55:13.478334Z","times_seen":648,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"campfun.rzb.ir/images/refresh2.svg","fqdn":"campfun.rzb.ir","domain":"rzb.ir","tld":"ir"},"ip":{"addr":"178.216.251.232","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rzb.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 09:23:04 GMT","end":"Fri, 09 Jan 2026 09:23:03 GMT"},"fingerprint":{"sha1":"EF:B3:8C:06:60:6D:47:AA:D7:FE:32:51:7D:3D:0D:B0:88:3F:23:B9","sha256":"09:3B:F5:EC:E7:BC:33:C5:2F:78:F4:E4:9C:6A:D4:65:3D:BB:83:D1:BD:A2:0C:4E:9C:65:E1:04:FD:9E:3A:40"}}},"request":{"raw":"GET /images/refresh2.svg HTTP/1.1\r\nHost: campfun.rzb.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nCookie: PHPSESSID=561745739b6bd73c67818fcbe40f4a56; id_guest=9057949002\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000, no-transform\r\nexpires: Fri, 05 Dec 2025 19:40:59 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 28 Apr 2021 22:57:34 GMT\r\netag: \"114-6089e85e-9f2e18d89b796b95;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 276\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nstrict-transport-security: max-age=0;\r\nvary: User-Agent\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":276,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7082e86e2a3c9646fa1aa922b8e3a2d6","sha1":"7f704127e872b5b94b8e2dd7959e2d5c9b9379a8","sha256":"d1254b0bb9112500f8f39e1130f0a6c8dca1037d416e7f7d6524894b31b06b00","sha512":"04dec16ba14defd362178b1604b51a9cfa188f0aeaf2338968b1389692d98f664ffa06d38ae844bdcbc4cdc05c01208877a4140fb2243150aca0cc1d9d112f68","ssdeep":"","tlshash":"b1d02be5f759fa1081cae320d7b43b584883a1bf89db00b995f12f7294c5c8fa44664c","first_seen":"2023-04-11T01:49:36Z","last_seen":"2026-02-05T03:10:17.398503Z","times_seen":701,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"campfun.rzb.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/1393/esfand/Amir-Tataloo-Bade-Zemestoon.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.385Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/1393/esfand/Amir-Tataloo-Bade-Zemestoon.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/Temps/ver2/cover1.jpg","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.758Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/Temps/ver2/cover1.jpg HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rozup.ir/view/128696/www.98lovers.ir.png","fqdn":"rozup.ir","domain":"rozup.ir","tld":"ir"},"ip":{"addr":"79.127.127.67","port":443,"asn":43754,"as":"Asiatech Data Transmission company","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rozup.ir","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 21 Nov 2025 19:39:09 GMT","end":"Thu, 19 Feb 2026 19:39:08 GMT"},"fingerprint":{"sha1":"36:F2:6E:AC:94:2E:08:9A:AC:C8:31:25:0A:84:55:92:95:8E:69:19","sha256":"D9:AC:42:FA:F8:F1:62:0E:7D:71:0A:FA:BD:3C:9E:59:D3:6D:4D:C1:E1:01:53:64:0E:E8:0D:DF:98:AD:8F:58"}}},"request":{"raw":"GET /view/128696/www.98lovers.ir.png HTTP/1.1\r\nHost: rozup.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://campfun.rzb.ir/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31536000\r\nexpires: Sat, 28 Nov 2026 19:40:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 07 May 2015 14:54:28 GMT\r\naccept-ranges: bytes\r\ncontent-length: 178710\r\ndate: Fri, 28 Nov 2025 19:40:59 GMT\r\nserver: LiteSpeed\r\nvary: User-Agent,User-Agent\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":178710,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 450 x 350, 8-bit/color RGB, non-interlaced","md5":"733f7ce619078d980cde3df96cd681e0","sha1":"d6535f8332dea1087776509de4a129dfbcd86d2a","sha256":"56f453997f462c1ed6c4918cc1fdde786d52803af8ed201cead9caea227b0956","sha512":"82da6f7817f03635b3f9b57722fa39a5636ae9f52df1b5ef518bdbea8ad76e155f1fef82a2a0b864a4d5d8ed10e707a9f6ffc3d1b3f52282c06df1e2e9513aa3","ssdeep":"3072:ayJvQX1K6/SKcUsY7yLCRGsOjhnUiB0+c3pabwY3U9awSAbUEVxu+bpbgSA0TBn:FJoK6VHp7KC7OdnM/3pgN/wSAAELnpkS","tlshash":"870413158c7a983bbeed768453de9e2eb4b7a06028043455c102d864d53f9ffb81af86","first_seen":"2025-03-01T09:29:46.768292Z","last_seen":"2025-11-28T19:41:30.040525Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1031,"timings":{"blocked":221,"dns":27,"connect":108,"send":0,"wait":129,"receive":429,"ssl":114},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-28","alert":"Sinkholed","trigger":"rozup.ir","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"up.98lovers.ir/up/campfun/s-mohammad-h/talagh.gif","fqdn":"up.98lovers.ir","domain":"98lovers.ir","tld":"ir"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://campfun.rzb.ir/","date":"2025-11-28T19:40:59.387Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /up/campfun/s-mohammad-h/talagh.gif HTTP/1.1\r\nHost: up.98lovers.ir\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}