Overview

URLturbocell.ir/slavaukraine.exe
IP 185.94.98.117 (Iran)
ASN#204213 Netmihan Communication Company Ltd
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-21 21:18:08 UTC
StatusLoading report..
IDS alerts0
Blocklist alert105
urlquery alerts No alerts detected
Tags None

Domain Summary (13)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-21 05:36:45 UTC 34.102.187.140
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-21 05:38:14 UTC 34.117.237.239
region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-11-21 05:58:49 UTC 216.239.32.36 Domain (google-analytics.com) ranked at: 8401
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-21 14:07:59 UTC 142.250.74.10
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-21 09:31:33 UTC 142.250.74.168
r3.o.lencr.org (7) 344 No data No data 23.36.77.32
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.41.201.177
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
turbocell.ir (65) 0 2019-04-07 20:07:20 UTC 2022-11-21 20:55:26 UTC 185.94.98.117 Unknown ranking
ocsp.pki.goog (4) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.35
www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-11-21 16:31:09 UTC 142.250.74.174

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-21 2 turbocell.ir/wp-content/plugins/iran-agency-map/public/css/iam-style.css?ve (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/bdthemes-element-pack/assets/css/bdt-uikit. (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/bdthemes-element-pack/assets/css/ep-helper. (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/sitepress-multilingual-cms/templates/langua (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/css/frontend-rtl.min.css?v (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/agency/js/fr_agency.js?ver=2 Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-i (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/lib/animations/animations. (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/themes/karauos/assets/js/slick.min.js?ver=3.0.0 Phishing
2022-11-21 2 turbocell.ir/wp-content/themes/karauos/assets/js/inc.js?ver=1.0.0 Phishing
2022-11-21 2 turbocell.ir/wp-content/themes/karauos/assets/js/prefixfree.min.js?ver=1.0.0 Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.mi (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/lib/share-link/share-link. (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?v (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/bdthemes-element-pack/assets/js/common/help (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime (...) Phishing
2022-11-21 2 turbocell.ir/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 Phishing
2022-11-21 2 turbocell.ir/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.stic (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/themes/karauos/style.css?ver=6.0.3 Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/regul (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/brand (...) Phishing
2022-11-21 2 turbocell.ir/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/iran-agency-map/public/js/jquery.mapael.min (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/js/frontend-modules.min.js (...) Phishing
2022-11-21 2 turbocell.ir/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor-pro/assets/js/preloaded-elements- (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/js/preloaded-modules.min.j (...) Phishing
2022-11-21 2 turbocell.ir/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/iran-agency-map/public/js/raphael-2.2.7.min (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?v (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.7.7 Phishing
2022-11-21 2 turbocell.ir/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?v (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/themes/karauos/assets/images/member.svg Phishing
2022-11-21 2 turbocell.ir/wp-content/themes/karauos/assets/fonts/IRANSansWeb.woff2 Phishing
2022-11-21 2 turbocell.ir/wp-content/themes/karauos/assets/fonts/IRANSansWeb_Bold.woff2 Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ (...) Phishing
2022-11-21 2 turbocell.ir/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.4 Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed
2022-11-21 2 turbocell.ir Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 185.94.98.117
Date UQ / IDS / BL URL IP
2022-12-01 14:07:15 +0000 0 - 0 - 175 turbocell.ir/ukr.exe 185.94.98.117
2022-11-30 16:45:02 +0000 0 - 0 - 2 turbocell.ir/ukr.exe 185.94.98.117
2022-11-21 21:18:08 +0000 0 - 0 - 105 turbocell.ir/slavaukraine.exe 185.94.98.117
2022-11-21 17:05:51 +0000 0 - 0 - 1 turbocell.ir/slavaukraine.exe 185.94.98.117
2022-09-12 16:34:34 +0000 0 - 0 - 2 noverfood.com/techsmith-camtasia-studio-9-0-4 (...) 185.94.98.117


Last 5 reports on ASN: Netmihan Communication Company Ltd
Date UQ / IDS / BL URL IP
2023-01-30 07:28:00 +0000 0 - 0 - 1 daneshdimond.ir/nproject-tag/software 188.212.22.181
2023-01-28 04:10:31 +0000 0 - 0 - 2 khademalhossein.ir/xevczhf/rE/Xu/a0KMaPx9.zip 86.106.142.118
2023-01-26 18:41:36 +0000 0 - 0 - 3 academyarghavan.com/product/%DA%86%DA%A9-%D9% (...) 217.144.105.187
2023-01-25 07:01:47 +0000 0 - 0 - 1 faranla.com/well-known/acme-challenge/c/j/e/a (...) 89.39.208.139
2023-01-24 22:19:50 +0000 0 - 0 - 2 electron-eng.com/wp-content/plugins/jupiterx- (...) 217.144.105.105


Last 4 reports on domain: turbocell.ir
Date UQ / IDS / BL URL IP
2022-12-01 14:07:15 +0000 0 - 0 - 175 turbocell.ir/ukr.exe 185.94.98.117
2022-11-30 16:45:02 +0000 0 - 0 - 2 turbocell.ir/ukr.exe 185.94.98.117
2022-11-21 21:18:08 +0000 0 - 0 - 105 turbocell.ir/slavaukraine.exe 185.94.98.117
2022-11-21 17:05:51 +0000 0 - 0 - 1 turbocell.ir/slavaukraine.exe 185.94.98.117


No other reports with similar screenshot

JavaScript

Executed Scripts (43)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (93)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B7F7A4D355ED3B847A5E28F16030D5CBC715D47326AEA20F292CD76DCAF59794"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12819
Expires: Tue, 22 Nov 2022 00:51:36 GMT
Date: Mon, 21 Nov 2022 21:17:57 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3975
Cache-Control: max-age=137975
Date: Mon, 21 Nov 2022 21:17:57 GMT
Etag: "637b5375-1d7"
Expires: Wed, 23 Nov 2022 11:37:32 GMT
Last-Modified: Mon, 21 Nov 2022 10:31:17 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "79FF4A450C749D64E116C00CA3B00D40E968906C5C3881D6EEB2DC6374A4C858"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7339
Expires: Mon, 21 Nov 2022 23:20:16 GMT
Date: Mon, 21 Nov 2022 21:17:57 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 21 Nov 2022 21:09:17 GMT
cache-control: public,max-age=3600
age: 520
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: OA0OZ0/q/5MX/gCIlU7SchNBcRaa8vrpe1/iBXJRFPH0kzktCBButWZNlyCMoez1gyw8K90e9+Q=
x-amz-request-id: WQS7RZBFFSEQ215V
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 21 Nov 2022 20:42:15 GMT
age: 2142
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 21 Nov 2022 21:17:57 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 21 Nov 2022 21:08:53 GMT
cache-control: public,max-age=3600
age: 545
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4682
Cache-Control: 'max-age=158059'
Date: Mon, 21 Nov 2022 21:17:58 GMT
Last-Modified: Mon, 21 Nov 2022 19:59:56 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: D+6/CbtaSwyIJ8bCBEaRmQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.41.201.177
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: po5WoEp1tKCI7liCmQei6wga0d4=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11185
Expires: Tue, 22 Nov 2022 00:24:24 GMT
Date: Mon, 21 Nov 2022 21:17:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11185
Expires: Tue, 22 Nov 2022 00:24:24 GMT
Date: Mon, 21 Nov 2022 21:17:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11185
Expires: Tue, 22 Nov 2022 00:24:24 GMT
Date: Mon, 21 Nov 2022 21:17:59 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11185
Expires: Tue, 22 Nov 2022 00:24:24 GMT
Date: Mon, 21 Nov 2022 21:17:59 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8089
x-amzn-requestid: f3c55266-9b03-4b7f-b076-fdf56704318e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QQyECioAMFzdQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6b-3e10cef6117a10a4115cfce7;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ngJvyUydpRDSiYy9kfeh8JmydmR_K8mjfZtGLgT0qeE2JaABbDMSaQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 21:48:42 GMT
age: 84557
etag: "318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8089
Md5:    c8f6118fc03f31862ff68fef8a2b9a7f
Sha1:   318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73
Sha256: cdd4d44f05cc524d7f2b1d6d792ecd8a9a933e52ecb7685a7d7ea786a510ef39
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F645dc32f-cd66-4021-92e9-77c4eff2fa1f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5045
x-amzn-requestid: a1d93586-2973-4156-8b59-a4be8bfb8cc4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b6x2zF6YoAMFazQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637a9691-7c6f10a850f8cbaa3065e39a;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 21:05:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8DDV0ZMws_Ta7xMvRiefhpDx6TuAynkYB-rX0KWpLtqq8HaW3Le0rA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 21:50:48 GMT
age: 84431
etag: "bc8b0612b79cb30817880fac9728318f837854b4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5045
Md5:    96135f96986369533c0362367c1e6fd8
Sha1:   bc8b0612b79cb30817880fac9728318f837854b4
Sha256: f4eab133baf21daae8b809966e8ffbe64a2414fd334538a226a2a39ab39c3d46
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff64f225f-d92d-42e1-a0cd-0b9c89e36291.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9042
x-amzn-requestid: 0bd8ae24-b687-4316-8af5-f9dc83c8d97a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b7ty7FrPIAMF3Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637af678-5fe271a8364a884a5f952619;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 03:54:32 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: f6irLwhMIC7KOVrudjGqGSqMHd67Izf_2ARgvjJvNFP_eJP4azhBIA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 8cb7de37a1655236518810d0aabb8656.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 04:32:21 GMT
age: 60338
etag: "14a81b4e2bdcdcdd951aa6660dc640c0292a2109"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9042
Md5:    4a8070a1aa0d48b75c639fa24eec3d96
Sha1:   14a81b4e2bdcdcdd951aa6660dc640c0292a2109
Sha256: 70b29ce3872a0c46d8d0e61f2801df1a98c8ea6e516adb1c2fe1bdad35f654f6
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e2c726b-e91a-4cf6-95b8-c267e110416c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5342
x-amzn-requestid: e396cea4-ddae-4b88-a73a-ceafb1e11620
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0b91EMLoAMFYYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63780d25-7f1187713f288a0c158508ea;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 22:54:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: PkFAourr7ixQ5NYcdMugerMxFTdCLgIAaBz6erANuppgzE2Tm4yVpA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 3236f234d59c0fda99b416088c283260.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 21:55:58 GMT
age: 84121
etag: "2dcc6187d7173ce741975ad4ec24435c9dcb0880"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5342
Md5:    a9e0f5c07511d0f6ad0f2441db92797d
Sha1:   2dcc6187d7173ce741975ad4ec24435c9dcb0880
Sha256: 3c57bf58bab9d54dd152eb0260a203b1cb201a9e2d960f25a0cea685b539ea04
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23dd0640-fd46-469c-ae06-acb832cc4160.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11271
x-amzn-requestid: 144705ac-0cc1-46ba-a6a9-3942bf3c9433
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b61qlFriIAMF7oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637a9ca9-27e45603577195a2769b3fc3;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 21:31:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 8l8Tx5yYL6IuPGe8yAhO7vDefWOKb4U9EOlSXubRdh-chq0GvEaFBg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 21:45:41 GMT
age: 84738
etag: "1f07e8182159f68134776366e0bea78a130c5b85"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11271
Md5:    901093397261ec8888c61a6c88f8b7cd
Sha1:   1f07e8182159f68134776366e0bea78a130c5b85
Sha256: 9982e83a02d1595431c397a00a0a339067681fdbcb7538ca40ffd7138c7aa9f0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308504cf-ed6b-4fb8-bc67-4165549bba4e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7996
x-amzn-requestid: af3a6545-f0ad-40de-b1f6-56b9607242f4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1BvREKZoAMFzDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63784994-2659c8ec5fc04c510ea0e643;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 03:12:20 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: UU9m-kzHM4oKCHNiK2q4NWftsCueXeiBpJkk0cDv3et4v3MpF6eCtQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 f268a165a18929fd0a24a3189fbd16b2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 12:56:19 GMT
age: 30100
etag: "01b7bf2cfcdac73911dbd0a570d262978a43daf1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7996
Md5:    131cae0245e456c2497833b48cc1be0e
Sha1:   01b7bf2cfcdac73911dbd0a570d262978a43daf1
Sha256: 539cc2fdefb049df026b18d450c56d85b7821b8723ea0070efa460096669576e
                                        
                                            GET /slavaukraine.exe HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         185.94.98.117
HTTP/1.1 301 Moved Permanently
content-type: text/html; charset=UTF-8
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://turbocell.ir/slavaukraine.exe
content-length: 0
date: Mon, 21 Nov 2022 21:17:59 GMT
server: LiteSpeed
vary: Accept-Encoding


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5EC2E339A438E7EE9C7FAFEB9A3C7D66C85B433D6FE500E80B6CA2277282A1A6"
Last-Modified: Sun, 20 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 22 Nov 2022 03:18:00 GMT
Date: Mon, 21 Nov 2022 21:18:00 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 21 Nov 2022 21:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 21 Nov 2022 21:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/agency/css/agency_style.css?ver=6.0.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 13 Sep 2022 07:28:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2681
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (895), with CRLF line terminators
Size:   2681
Md5:    79a2bd76e06a0e1d7227c7df02536c1a
Sha1:   bce6871156d745e3826f8ccd1425cf7835adc63f
Sha256: 6639c8f9c3e1ac6e97ed39528e58b2a53358015213203437edeb796621be7d5b

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/iran-agency-map/public/css/iam-style.css?ver=6.0.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Wed, 09 Feb 2022 08:18:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 997
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   997
Md5:    603362c6ab612c087d931c4b36e83b80
Sha1:   25e73d4fd60d567cd0217a9db120bde601125176
Sha256: 59bbe291634e3d68bebe54b6fa2525679bd86bcf4a64ac9639de881f6783eba5

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/useanyfont/uaf.css?ver=1666527895 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Sun, 23 Oct 2022 12:24:55 GMT
accept-ranges: bytes
content-length: 291
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   291
Md5:    b7d676d85f41526b583f763fcc75f7fc
Sha1:   114cac252148ac3c3a20003c4220f1b230ae5b57
Sha256: b67169990117e9bf24901790a776f23275452543bbac1e855b6f2d592ec27734

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /gtag/js?id=UA-131898604-2 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 21 Nov 2022 21:18:03 GMT
expires: Mon, 21 Nov 2022 21:18:03 GMT
cache-control: private, max-age=900
last-modified: Mon, 21 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43681
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   43681
Md5:    40effa6fe17ab9ed7ac7a5572fd79260
Sha1:   491a4ca84f855630318a82255d0c08829b9d6bf5
Sha256: 146ded4c813dab527b76c7349716b5c8683600e3a88f5f830b0877b38f3669e4
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 21 Nov 2022 21:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 21 Nov 2022 21:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/bdthemes-element-pack/assets/css/bdt-uikit.rtl.css?ver=3.15.1 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:25:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 14621
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size:   14621
Md5:    401bb62cbb0bacc03e8b086e18bd0980
Sha1:   b4d90e8c783f1682e9d567aa86a9bce8dcec26f6
Sha256: c6ea0b0a6e76447b08f2fdd2da7ee0377f4f8d7f73b8863f849b60bfb315f843

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/bdthemes-element-pack/assets/css/ep-helper.rtl.css?ver=6.6.2 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:25:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 4404
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (31203), with no line terminators
Size:   4404
Md5:    dcdf8f60e85919ab657b655ce6631255
Sha1:   71b603adbf8f80c80705673e9753fcf125cf85d6
Sha256: 4dab7533186c0517e0ed49c40dbe709ec969fbd7a69ed530db2a33c3b42e3097

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.0.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Wed, 07 Sep 2022 12:00:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 10900
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   10900
Md5:    763e0b0069b9c761216dbdea68491759
Sha1:   17d6923d9cd08def13de1e54daf2baf43187cc35
Sha256: db6e19d275816cbc71fbd71569eb65031f43c8a6f0b315441c384a26c7065f7c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 10:35:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 235
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (907)
Size:   235
Md5:    7005c701f6f732e8ad3f8410ab358c0b
Sha1:   23f4e42be1ce084e17e6d310306f5436e5221757
Sha256: c48cc13de7f72ae72c236523fedd2ed9eebef8826895f935ed5e1fcc7228f77c

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/css/frontend-legacy-rtl.min.css?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 741
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (13766)
Size:   741
Md5:    77fd2796ca14b11a4dede61cfa34609e
Sha1:   8296a2cebbdac0347b509c3e1d7246526a06bd3a
Sha256: 5d3b09a1871a41d1210bf06dfb2c0c38ab0e68f2ef7cbfca8b5776b1eda22575

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/css/frontend-rtl.min.css?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 18716
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65497)
Size:   18716
Md5:    f55ad10ccec515e56cd5adfef7231841
Sha1:   2c1303414b00de1b1323b7cd38ae9f54c216e87d
Sha256: c7d81f8304bf00c2f116f7595d40a953d01928c256f3590fb646c3428930ff9d

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Sat, 21 Aug 2021 10:33:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 3995
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   3995
Md5:    7e058b51f939eacfa31cdface14dded5
Sha1:   9d732e5afdeb42edef9e1b9631b7e95e054787cc
Sha256: 4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/agency/js/fr_agency.js?ver=2 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 13 Sep 2022 07:28:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2723
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with CRLF line terminators
Size:   2723
Md5:    cefb03f9aa5027678fe2e5e3e67a1afe
Sha1:   316f1d4cace05ed8b5937a3c12d0d2b8cba48330
Sha256: 9c61b3510508c7168352731cf288587f27f50be1049a34e43677be42f4328f30

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/iran-agency-map/public/js/jquery.mousewheel-3.1.13.min.js?ver=6.0.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Wed, 09 Feb 2022 08:18:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1127
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2609)
Size:   1127
Md5:    47b998c4287cbc7c6a937715c57fb2e2
Sha1:   36c555f88c12b40198021fe3b8a48b1cfc4755fc
Sha256: 727dcadcb46d22c183334fe1d60f52ca714e38e786001d8bde2b0d8318b9cb85

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 3629
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (19233)
Size:   3629
Md5:    af3bdf44d09914e8adb51fec560d8816
Sha1:   84bb225e096bab405868dd504e62133ba75cf1c1
Sha256: 4325dab21d3eb9efb8e285a0926be743f27e46446ccf5f9be65bb4b60c024152

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/elementor/css/post-3632.css?ver=1663841505 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Thu, 22 Sep 2022 10:11:45 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 404
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1381), with no line terminators
Size:   404
Md5:    94a2665a480cc0f6ceddc9382e237ba2
Sha1:   a8ab3beb232a69a341de4c284f861ae387bd9f5d
Sha256: 07aec5187474987711bb8a17421a9d276362905ceb5a4a6d424f16441a39cf61

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2442
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10019)
Size:   2442
Md5:    d2db71c82a8f672aea59a3e050cd8cd7
Sha1:   af626566f94b3164e4310288cfb142431e8349a6
Sha256: bcd2c9c2ba22a48a8fabf9fbe5e947deb6404367e4be24f48326e302aead1180

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /slavaukraine.exe HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         185.94.98.117
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://turbocell.ir/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Size:   26647
Md5:    11a163e39be7f444366e2c778f118dd4
Sha1:   293a64d46e581b5eb45b8068c1adeb0c0f0866bb
Sha256: e36a5042a3522a6160077aad287e06d56e445951329379d9f7ccc5f7afc2e60f

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/karauos/assets/js/slick.min.js?ver=3.0.0 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 10097
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (42862)
Size:   10097
Md5:    09ed72c756aef05979d1c10d176eeb7a
Sha1:   1f3c35043f1aae481a38b40327fefb959ff63885
Sha256: 8638bee02f96fc15e4a3dae0ae220e31f020ee0b10c8eb5f829d9986b3fc53c4

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/karauos/assets/js/inc.js?ver=1.0.0 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1427
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1427
Md5:    04092ef0e04a341198316510a644e878
Sha1:   3c3c42962d18aa3f29477de94d3e3a327150f0dd
Sha256: df1830a149f1c3e6f07a01bde5cbd2edb0ab9e5b37d1493679a2beaa34014352

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/karauos/assets/js/prefixfree.min.js?ver=1.0.0 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2525
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (540)
Size:   2525
Md5:    f18718bbc338e53501c84dcc02c97054
Sha1:   be32d703abf54a790cb0ad01aedbe0f7577adbad
Sha256: c338a9cdff54f63abf6b482df1926b06d3ce918e8a4f5e70752cc5c0ac24c34a

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/karauos/assets/js/sticky.min.js?ver=2.0.0 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 709
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2567), with no line terminators
Size:   709
Md5:    ed8708b31bcab8357d199493640d0177
Sha1:   ffeb15c9032fc956ad4f6a760d33db90df1b05fa
Sha256: fdc7c9ebe4b71d3f2668776dbeef080678f4668ebf2418e58a8ea029cfe8559d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2044
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4918)
Size:   2044
Md5:    addd6b2b47516aab871a8c846e4208eb
Sha1:   72c83f580bfc1ce85f6fc394e0bac5fc1446d8bf
Sha256: 6b1770e81200444e4cffdeee08a8af358f5e35edd3398a2e2f4a7fc62c2c5734

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2867
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (12198), with no line terminators
Size:   2867
Md5:    869caa171b68cbec9fee5abbfb944ee8
Sha1:   f237e485e41f88b77384cfdb880f9d5a8f46eac8
Sha256: 25c2896e2790fb0e52f6b6ba1ce97bd87eb40463b4bb65ba16ad434c1d7a36dc

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1047
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2620), with no line terminators
Size:   1047
Md5:    906c4decdcd32482c1cf583b07925d30
Sha1:   30e726b9febb4b651544266df656a21251f0e8e3
Sha256: 53f86e9641d0e35772d6b54294cc6dd685fb9a376a1baad151da120fef609423

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 3268
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10544)
Size:   3268
Md5:    3821415a39954c48c7927e661467c6b8
Sha1:   dfe1116a0efc9898cb6caf094213880da83d6990
Sha256: 5f7f5b28f47c366a0bb70435dc3b2253278222c92429f013084f71fd7d29a32e

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/bdthemes-element-pack/assets/js/common/helper.min.js?ver=6.6.2 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:25:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 313
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (668), with no line terminators
Size:   313
Md5:    2bee1daebcbecce9e887e02cb4711f92
Sha1:   201df91c0531211f631ecb17df9a9ca7636f8de2
Sha256: 4c2391320ccb0c68556ded3635fb242d56462b3f16f8c160fa9a0a5e55ead712

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Thu, 22 Sep 2022 09:44:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2188
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5141)
Size:   2188
Md5:    11a09eb3f8095f34cefa3029aa381c64
Sha1:   cfc98d6be411e8cb44817c2146a08b2261fa355d
Sha256: 829c945db9dc945562d7f0dd726f296e90f1bf9b0076fe3e96291ca1db0807f7

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Wed, 07 Sep 2022 12:00:43 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2354
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (6475), with no line terminators
Size:   2354
Md5:    4e773d7cec56bacab6d2db420be6f262
Sha1:   c95573d884c1caec0ec9c6f3e2a8c0fbf28d939a
Sha256: 5c8839d0b02f21e8d83d856bbf85a6b87fbedf9ba0b70711b11a1c378d5443e7

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Wed, 07 Sep 2022 12:00:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1575
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4875)
Size:   1575
Md5:    06a8ac0e71976bc143cfa7861a31169d
Sha1:   def6031fe13259bf17752661832d815e37068bf2
Sha256: e6f42d97e7299522bbb002364128fdf72cd22263ca72c5edc41dcd8f4672cd33

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Wed, 07 Sep 2022 12:00:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 3717
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   3717
Md5:    f778ade6a70be55cbf039cfafb20fa7f
Sha1:   68d7a7f2d88907a038ec557ae0ab67f58d7bcdc5
Sha256: 88fd2a2f80a5ff9f70a6c4019d81f3bae8bc92623697454faa44f448cc43ad93

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Thu, 22 Sep 2022 09:44:51 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1477
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3703)
Size:   1477
Md5:    7a67ac94b6ebafd94c82dfa591065fdc
Sha1:   5190d1ef32403a4ad195ece088c0fba145562f13
Sha256: 2bd8dfe375603969948af382eb62f2957f2c51bfe8fd1db0c2f64af284cb0107

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/karauos/style.css?ver=6.0.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 27269
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (12761)
Size:   27269
Md5:    1cfbbee090d742ee80dd3bcc88c81675
Sha1:   c67a2c4a4f3dbfebdd380c07501366d0a5a39c17
Sha256: 31287b20e023622af6e4a1fa5bfa85c8c77c954475c57606cc15b7565cf37c7f

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/elementor/css/post-3662.css?ver=1663841504 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Thu, 22 Sep 2022 10:11:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1113
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (8234), with no line terminators
Size:   1113
Md5:    e8c44b4448de5d52b9f4e0514c53d5b9
Sha1:   46cef578822f5702ed36a2795afb5a1cd8de77af
Sha256: 723766c635c5b743b656630bdc2a65fdb17db606de5bfa79ae294298867e92bc

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/elementor/css/post-3639.css?ver=1665483478 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 11 Oct 2022 10:17:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1519
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (16269), with CRLF line terminators
Size:   1519
Md5:    4620c33283462d4626d58e4271bd70b2
Sha1:   b411ba9a68d20bffaf526f3c163ac3c14fcc366f
Sha256: b7ad97b3a9b4543a80a5ad3eecfb8e18d6911a433efc4fbd8c2cdc8730121344

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/elementor/css/post-3784.css?ver=1663841930 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Thu, 22 Sep 2022 10:18:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 624
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3358), with no line terminators
Size:   624
Md5:    2d3855040cbf48e7b3f3748f3a025307
Sha1:   b42e3ecd92d7da11fcaad08d1a8f8cb3fe87203c
Sha256: 469404a3641e121135666fa38029aae197e45087ddd2dc9b0328872964ca3af3

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/tmt/custom-style.css HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Mon, 21 Nov 2022 04:53:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 504
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1996), with no line terminators
Size:   504
Md5:    209a06f6da81211b15804f889b581d64
Sha1:   268af6add045e2b265b35b197a3247daeafe52cc
Sha256: 7306b649cfb768abd73bba303354c82b8c2bf07ae73c6378492bd3e3f303b49d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 12133
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (57726)
Size:   12133
Md5:    f463afd8661ddc733305df1f0cbdaff2
Sha1:   77262f0209e75e340eb7014aba9cd8d69966032f
Sha256: c4b6541be58a0ca61549cd4562850315077880c459c019f01e835cf2d7b764de

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 283
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (491)
Size:   283
Md5:    453a93dc816be89f942ebb253ff199fb
Sha1:   01563d6019803e3ff2a94c5397e7e771ee6f440d
Sha256: 36beebcd3778e04c8973faa581d07c7e7dc0bac2a77f637379e7d110383ab5d7

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 286
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (483)
Size:   286
Md5:    8828fa3c5bdcfa66615714a2b8c9d807
Sha1:   4f556d0b005ac7754af607418df445f8cf98e8b1
Sha256: 16950dcce60bc3ee2613b60439c99e7ed74d10245f59fe6f68346b7e72dd95e7

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 284
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (489)
Size:   284
Md5:    dc279c928e2924b07a4a7575f8070ee8
Sha1:   0196756cacdb61ef40483af7ea982b699b0933de
Sha256: 80b6d9e3f0304f4199350c6015fd96084646c2a0121332bcb5a46d3956b7df5c

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Sat, 21 Aug 2021 10:33:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 30273
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   30273
Md5:    34f918ada1fe4f01c5a4b90065bbc37a
Sha1:   a731f6ce2d413805e39ae45994012b1bd5ea1e2b
Sha256: eba158d5ab26a5a54a3dcfcea1072c636f44e92fc2eb30a3f27cd5be3f891dfc

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/iran-agency-map/public/js/jquery.mapael.min.js?ver=6.0.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Wed, 09 Feb 2022 08:18:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 9392
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (31977)
Size:   9392
Md5:    0bcb274e5b420451bbb541cb4cb69ecd
Sha1:   93b390c5c3bc9b86504c403706334f88d8b05610
Sha256: 742a28fb105e6a3486c7f11aa9aaa14e3b9d6a05ad50f7092f7d02be1428b9a7

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 10420
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (32889)
Size:   10420
Md5:    cb762f3d93a33a602d19b3994fe4e699
Sha1:   a9168bedc5f58243b41aaab73c68b32f6992635c
Sha256: ca59fddd171412b6972463da0ac99bf372e17578816d3e79f4c247c34102a27d

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Wed, 07 Sep 2022 12:00:41 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 6637
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (8189)
Size:   6637
Md5:    139a41f01d192d239e7dce15ca307983
Sha1:   62a3e7c0c77209832dc649bc5583e5e0b4918bf5
Sha256: d796462a5d212cd93b315b43dafb6e77dbe1c3aa567964dc40c1ab0e2c28f405

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Thu, 22 Sep 2022 09:44:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 30190
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65493)
Size:   30190
Md5:    8f68946ac33b3b084868e087958a7064
Sha1:   d0bb40ec245e83fab006d2fd72fd157c60e87b39
Sha256: e9ee0dc890f2493e0631c6c56b734019b8a700488bdb4b3ead77bf3c3b77e4d4

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 12548
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43101)
Size:   12548
Md5:    95ab4688337578005feed2e876f1e880
Sha1:   62bef5780eeb438cc4f9ddd7783dee0c6ac2267d
Sha256: f6d86b74234d919ce018b3660d4afc427f2a3a39a09235ce89b33565c27c678e

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Wed, 07 Sep 2022 12:00:41 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 4619
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   4619
Md5:    0232689bd203f330529b36a437f41a68
Sha1:   9046583f7469ad38297969f10a9513eb895d5316
Sha256: feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/iran-agency-map/public/js/raphael-2.2.7.min.js?ver=6.0.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Wed, 09 Feb 2022 08:18:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 31262
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (32031)
Size:   31262
Md5:    4b680ed5c64bca7fa91369bf1cbe9f79
Sha1:   2f0a15b8a941100118bb59f07f2c9fd8f2b77494
Sha256: 170ddd1c818d230ba726004bf174f08e6d93345d6059512f83e7340a69491e72

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/iran-agency-map/public/js/iranmapael.js?ver=6.0.3 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Wed, 09 Feb 2022 08:18:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 31214
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3926)
Size:   31214
Md5:    434d0a15abf95e04ef8a04c5ec634501
Sha1:   6881d54209674f540dce56fad6aab074a805e99b
Sha256: 12bf87383ea6de628ae35aaca66f2d575b0b48828c425c6ab790f950e98d1465

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/karauos/assets/js/jquery.fancybox.min.js?ver=3.0.0 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 20983
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (31994)
Size:   20983
Md5:    2e58be706b6020705a1c2f4504f310ef
Sha1:   a885e766fe68cfc593d9c0c5cb2dd579ba69251c
Sha256: c894590df0ec97e1dadc2bcda067029dcdf8988e47a5bfb0e8819e5b3f864366

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 34004
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65280)
Size:   34004
Md5:    83a90323ac82b98062b4b2c8ac8c5051
Sha1:   d7d376677e3546b756b4fec6219be72b85c4f8f5
Sha256: 7fd68e9ea0ebd35958da46d7373113d1a3646a671217cf2cf471c65c3d710613

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 11703
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (40474)
Size:   11703
Md5:    cf9df4d15291b14a459fdd30b118a1a4
Sha1:   450c2a4389a4d7e12fac3f1c49e79ca477521140
Sha256: f109234d786cb6f29e805b2a5764f33f04b918bd76f4249ac94a3f39887facaf

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Wed, 07 Sep 2022 12:00:43 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 6872
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (19138), with no line terminators
Size:   6872
Md5:    1f5152610686781567fb3008c4429792
Sha1:   d0c0bddf5fb8603ed8e55c32f3093c2207f72471
Sha256: 75806ece853d0d76e655a433bd03548d3be6237ea1e4cacd5963f528bbe0d192

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Thu, 22 Sep 2022 09:44:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 5506
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21374)
Size:   5506
Md5:    67e48785dcd857201122c8f46d2c7758
Sha1:   72ab94428b614ae30d4644aa48b4f570ca4a8ed7
Sha256: 19097c0a7dfc7529811bc5379d5784a750b220e547ddb74240c039d038315575

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.4 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:25:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 59937
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (45047)
Size:   59937
Md5:    bff9aba3bdefe77175a7151d7c3fa120
Sha1:   d2cbd7bfc2f728778ecb6c478cb16ad26709a973
Sha256: 7a38cd90a2e06a96c15119f08e30fbf7d1e4102d1089f2035a2909ebb5fc0ecf

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/bdthemes-element-pack/assets/js/bdt-uikit.min.js?ver=3.15.1 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:25:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 44395
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (60588)
Size:   44395
Md5:    f343043307c312608c0bd262e16d11fa
Sha1:   14540595ba3a97f234a3cf877d501c11d514de22
Sha256: 0893faf836a24bab621b81022ae377f5b159c3c5088243e8c534f6715ee7227c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/2022/08/logo-turbocell.png HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=10368000,public
expires: Tue, 21 Mar 2023 21:18:03 GMT
last-modified: Mon, 29 Aug 2022 11:43:53 GMT
accept-ranges: bytes
content-length: 1784
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 300 x 100, 8-bit colormap, non-interlaced\012- data
Size:   1784
Md5:    efe2826ce7b6d259c03e09ce331dd888
Sha1:   a99a4db540f5b8c6b4b250e64395bae8726e8b54
Sha256: a2a63c084cff7cd87422376ec370213962990ba3633f8130d59a0fa4ec154b88

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/karauos/assets/images/member.svg HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: image/svg+xml
                                        
cache-control: public, max-age=10368000,public
expires: Tue, 21 Mar 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1511
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   1511
Md5:    95fabb16cd112940b3345863ce2529dc
Sha1:   f73a922210a21a29f46b22f9f625deaa8011186d
Sha256: a1f98af8ab0e6b88c4c839df0720e47b1bb3eb16de11504027566924f32af7ef

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/karauos/assets/fonts/IRANSansWeb.woff2 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://turbocell.ir/wp-content/uploads/tmt/custom-style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: font/woff2
                                        
cache-control: public, max-age=10368000
expires: Tue, 21 Mar 2023 21:18:04 GMT
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-length: 29284
date: Mon, 21 Nov 2022 21:18:04 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 29284, version 1.0\012- data
Size:   29284
Md5:    eb5adaac0d814e1e8e5cbd75efb9db3e
Sha1:   86437711b342274a5f43ba41870b38eb6205fb97
Sha256: e3822f2d078338746add72d0f2a1b2725df116b9daa09c40cf3b970742893713

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/themes/karauos/assets/fonts/IRANSansWeb_Bold.woff2 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://turbocell.ir/wp-content/uploads/tmt/custom-style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: font/woff2
                                        
cache-control: public, max-age=10368000
expires: Tue, 21 Mar 2023 21:18:04 GMT
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-length: 28392
date: Mon, 21 Nov 2022 21:18:04 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 28392, version 1.0\012- data
Size:   28392
Md5:    ceaf6d89af9fb96d0466b26d6f1c022a
Sha1:   aa33f1de8fb862c1b97882fd4f930cff23b0d1d3
Sha256: b8232be0950dd94043cc996ae738ff3569c21ba9c2c744a382b14fec96a9c515

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: font/woff2
                                        
cache-control: public, max-age=10368000
expires: Tue, 21 Mar 2023 21:18:04 GMT
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-length: 13276
date: Mon, 21 Nov 2022 21:18:04 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 13276, version 331.-31261\012- data
Size:   13276
Md5:    f0f8230116992e521526097a28f54066
Sha1:   0447c6b10bbf73f97b23dcfd6e6a48510822cb6e
Sha256: 8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: font/woff2
                                        
cache-control: public, max-age=10368000
expires: Tue, 21 Mar 2023 21:18:04 GMT
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-length: 76764
date: Mon, 21 Nov 2022 21:18:04 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 76764, version 331.-31261\012- data
Size:   76764
Md5:    f7307680c7fe85959f3ecf122493ea7d
Sha1:   fce0da592a3e536d6d5df5b50cb513398d8c5161
Sha256: 43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 21 Nov 2022 20:41:09 GMT
expires: Mon, 21 Nov 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 2216
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 404 Not Found
content-type: text/html
                                        
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 708
date: Mon, 21 Nov 2022 21:18:05 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   708
Md5:    2382378378c002d88b9a507c712c3349
Sha1:   2e894db3808b554abadc8b144338ad9e2ea937ba
Sha256: 37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /g/collect?v=2&tid=G-YQJ8Y65C1D&gtm=2oeb90&_p=2016277943&gdid=dZTNiMT&cid=1592691048.1669065485&ul=en-us&sr=1280x1024&_s=1&sid=1669065485&sct=1&seg=0&dl=https%3A%2F%2Fturbocell.ir%2Fslavaukraine.exe&dt=Page%20Not%20Found%20-%20%D8%AA%D9%88%D8%B1%D8%A8%D9%88%D8%B3%D9%84&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://turbocell.ir
Connection: keep-alive
Referer: https://turbocell.ir/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

search
                                         216.239.32.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://turbocell.ir
date: Mon, 21 Nov 2022 21:18:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /wp-content/plugins/elementor-pro/assets/css/frontend-rtl.min.css?ver=3.7.7 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Thu, 22 Sep 2022 09:44:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 40086
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.4 HTTP/1.1 
Host: turbocell.ir
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.94.98.117
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
last-modified: Tue, 25 Oct 2022 08:25:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 101513
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.3 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 21 Nov 2022 21:18:03 GMT
date: Mon, 21 Nov 2022 21:18:03 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---