r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dfb72f04bd7a4410640c0543bb4bd402
7c63b7e220b337b6a4f39864e11d6aa9e26c38ac
b7f7a4d355ed3b847a5e28f16030d5cbc715d47326aea20f292cd76dcaf59794
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7F7A4D355ED3B847A5E28F16030D5CBC715D47326AEA20F292CD76DCAF59794"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12819
Expires: Tue, 22 Nov 2022 00:51:36 GMT
Date: Mon, 21 Nov 2022 21:17:57 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4843de3bf95411e6aa89834def44bb86
1f1882351ac63fba73a22014382f69df5e02ec96
1e6ed1df02f8fa6c89ddca66f7c9981f8a06127d7ec90b503703137e823bb4b7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3975
Cache-Control: max-age=137975
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 21:17:57 GMT
Etag: "637b5375-1d7"
Expires: Wed, 23 Nov 2022 11:37:32 GMT
Last-Modified: Mon, 21 Nov 2022 10:31:17 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1cee7787feebac18f9eca273e56e3741
3a7dac544172921e24c2a1701beef5079b21d01b
79ff4a450c749d64e116c00ca3b00d40e968906c5c3881d6eeb2dc6374a4c858
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79FF4A450C749D64E116C00CA3B00D40E968906C5C3881D6EEB2DC6374A4C858"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7339
Expires: Mon, 21 Nov 2022 23:20:16 GMT
Date: Mon, 21 Nov 2022 21:17:57 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 21 Nov 2022 21:09:17 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 520
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: OA0OZ0/q/5MX/gCIlU7SchNBcRaa8vrpe1/iBXJRFPH0kzktCBButWZNlyCMoez1gyw8K90e9+Q=
x-amz-request-id: WQS7RZBFFSEQ215V
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 21 Nov 2022 20:42:15 GMT
age: 2142
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 21 Nov 2022 21:17:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 21 Nov 2022 21:08:53 GMT
cache-control: public,max-age=3600
age: 545
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2db0ebb9efcf3be3c92f23b61de5c065
dd830565723f18a7944c26d24b0fb142d06a71a5
8615316184c4d1d64db923a5364363bbb3d25e146a042c5fbd5bf0cfcec8effb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4682
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 21:17:58 GMT
Last-Modified: Mon, 21 Nov 2022 19:59:56 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.41.201.177101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.201.177:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: D+6/CbtaSwyIJ8bCBEaRmQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: po5WoEp1tKCI7liCmQei6wga0d4=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 798ef0955be535268547903e74dacfcd
782823486f9ded693609cade264d1950e816f7d0
75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11185
Expires: Tue, 22 Nov 2022 00:24:24 GMT
Date: Mon, 21 Nov 2022 21:17:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 798ef0955be535268547903e74dacfcd
782823486f9ded693609cade264d1950e816f7d0
75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11185
Expires: Tue, 22 Nov 2022 00:24:24 GMT
Date: Mon, 21 Nov 2022 21:17:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 798ef0955be535268547903e74dacfcd
782823486f9ded693609cade264d1950e816f7d0
75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11185
Expires: Tue, 22 Nov 2022 00:24:24 GMT
Date: Mon, 21 Nov 2022 21:17:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 798ef0955be535268547903e74dacfcd
782823486f9ded693609cade264d1950e816f7d0
75df3810e787be95774282d4851ce350bba5c326843f1bd02348746355866e95
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "75DF3810E787BE95774282D4851CE350BBA5C326843F1BD02348746355866E95"
Last-Modified: Sat, 19 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11185
Expires: Tue, 22 Nov 2022 00:24:24 GMT
Date: Mon, 21 Nov 2022 21:17:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8f6118fc03f31862ff68fef8a2b9a7f
318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73
cdd4d44f05cc524d7f2b1d6d792ecd8a9a933e52ecb7685a7d7ea786a510ef39
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8089
x-amzn-requestid: f3c55266-9b03-4b7f-b076-fdf56704318e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0QQyECioAMFzdQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6377fa6b-3e10cef6117a10a4115cfce7;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 21:34:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ngJvyUydpRDSiYy9kfeh8JmydmR_K8mjfZtGLgT0qeE2JaABbDMSaQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 21:48:42 GMT
age: 84557
etag: "318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F645dc32f-cd66-4021-92e9-77c4eff2fa1f.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F645dc32f-cd66-4021-92e9-77c4eff2fa1f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 96135f96986369533c0362367c1e6fd8
bc8b0612b79cb30817880fac9728318f837854b4
f4eab133baf21daae8b809966e8ffbe64a2414fd334538a226a2a39ab39c3d46
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F645dc32f-cd66-4021-92e9-77c4eff2fa1f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5045
x-amzn-requestid: a1d93586-2973-4156-8b59-a4be8bfb8cc4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b6x2zF6YoAMFazQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637a9691-7c6f10a850f8cbaa3065e39a;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 21:05:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8DDV0ZMws_Ta7xMvRiefhpDx6TuAynkYB-rX0KWpLtqq8HaW3Le0rA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 21:50:48 GMT
age: 84431
etag: "bc8b0612b79cb30817880fac9728318f837854b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff64f225f-d92d-42e1-a0cd-0b9c89e36291.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff64f225f-d92d-42e1-a0cd-0b9c89e36291.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4a8070a1aa0d48b75c639fa24eec3d96
14a81b4e2bdcdcdd951aa6660dc640c0292a2109
70b29ce3872a0c46d8d0e61f2801df1a98c8ea6e516adb1c2fe1bdad35f654f6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff64f225f-d92d-42e1-a0cd-0b9c89e36291.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9042
x-amzn-requestid: 0bd8ae24-b687-4316-8af5-f9dc83c8d97a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b7ty7FrPIAMF3Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637af678-5fe271a8364a884a5f952619;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 03:54:32 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: f6irLwhMIC7KOVrudjGqGSqMHd67Izf_2ARgvjJvNFP_eJP4azhBIA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 8cb7de37a1655236518810d0aabb8656.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 04:32:21 GMT
age: 60338
etag: "14a81b4e2bdcdcdd951aa6660dc640c0292a2109"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e2c726b-e91a-4cf6-95b8-c267e110416c.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e2c726b-e91a-4cf6-95b8-c267e110416c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9e0f5c07511d0f6ad0f2441db92797d
2dcc6187d7173ce741975ad4ec24435c9dcb0880
3c57bf58bab9d54dd152eb0260a203b1cb201a9e2d960f25a0cea685b539ea04
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e2c726b-e91a-4cf6-95b8-c267e110416c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5342
x-amzn-requestid: e396cea4-ddae-4b88-a73a-ceafb1e11620
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b0b91EMLoAMFYYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63780d25-7f1187713f288a0c158508ea;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 22:54:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: PkFAourr7ixQ5NYcdMugerMxFTdCLgIAaBz6erANuppgzE2Tm4yVpA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 3236f234d59c0fda99b416088c283260.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 21:55:58 GMT
age: 84121
etag: "2dcc6187d7173ce741975ad4ec24435c9dcb0880"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23dd0640-fd46-469c-ae06-acb832cc4160.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23dd0640-fd46-469c-ae06-acb832cc4160.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 901093397261ec8888c61a6c88f8b7cd
1f07e8182159f68134776366e0bea78a130c5b85
9982e83a02d1595431c397a00a0a339067681fdbcb7538ca40ffd7138c7aa9f0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23dd0640-fd46-469c-ae06-acb832cc4160.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11271
x-amzn-requestid: 144705ac-0cc1-46ba-a6a9-3942bf3c9433
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b61qlFriIAMF7oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637a9ca9-27e45603577195a2769b3fc3;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 21:31:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 8l8Tx5yYL6IuPGe8yAhO7vDefWOKb4U9EOlSXubRdh-chq0GvEaFBg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 20 Nov 2022 21:45:41 GMT
age: 84738
etag: "1f07e8182159f68134776366e0bea78a130c5b85"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308504cf-ed6b-4fb8-bc67-4165549bba4e.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308504cf-ed6b-4fb8-bc67-4165549bba4e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131cae0245e456c2497833b48cc1be0e
01b7bf2cfcdac73911dbd0a570d262978a43daf1
539cc2fdefb049df026b18d450c56d85b7821b8723ea0070efa460096669576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F308504cf-ed6b-4fb8-bc67-4165549bba4e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7996
x-amzn-requestid: af3a6545-f0ad-40de-b1f6-56b9607242f4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1BvREKZoAMFzDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63784994-2659c8ec5fc04c510ea0e643;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 03:12:20 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: UU9m-kzHM4oKCHNiK2q4NWftsCueXeiBpJkk0cDv3et4v3MpF6eCtQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 f268a165a18929fd0a24a3189fbd16b2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 12:56:19 GMT
age: 30100
etag: "01b7bf2cfcdac73911dbd0a570d262978a43daf1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
turbocell.ir/slavaukraine.exe
185.94.98.117301 Moved Permanently 0 B URL HTTP/1.1 turbocell.ir/slavaukraine.exe
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /slavaukraine.exe HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://turbocell.ir/slavaukraine.exe
content-length: 0
date: Mon, 21 Nov 2022 21:17:59 GMT
server: LiteSpeed
vary: Accept-Encoding
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2a134d3e835d47a2485e9862f2e080c3
c33a5447faeac2c49e3ed33793d12736eaa18795
5ec2e339a438e7ee9c7fafeb9a3c7d66c85b433d6fe500e80b6ca2277282a1a6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EC2E339A438E7EE9C7FAFEB9A3C7D66C85B433D6FE500E80B6CA2277282A1A6"
Last-Modified: Sun, 20 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 22 Nov 2022 03:18:00 GMT
Date: Mon, 21 Nov 2022 21:18:00 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 662c6190c63609f87a23660fc808a650
a4178dd92d6f8a4f7c4da846a08d4104575f3636
93a8fd2af027f09640a8f5c3e2f10603d8b7aff4c74bc274cdbea7deeb396f3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 21:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 8796b1bba5e0df458c07179adea64173
b3c3f64718de099805a200e156774ea356a08132
ae32033094ed99df37e4537b91ec3d52a8fd2f0d2f538e3c81901e1f9c29a0a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 21:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
turbocell.ir/wp-content/plugins/agency/css/agency_style.css?ver=6.0.3
185.94.98.117200 OK 2.7 kB URL HTTP/2 turbocell.ir/wp-content/plugins/agency/css/agency_style.css?ver=6.0.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (895), with CRLF line terminators
Hash 79a2bd76e06a0e1d7227c7df02536c1a
bce6871156d745e3826f8ccd1425cf7835adc63f
6639c8f9c3e1ac6e97ed39528e58b2a53358015213203437edeb796621be7d5b
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/agency/css/agency_style.css?ver=6.0.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 13 Sep 2022 07:28:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2681
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/iran-agency-map/public/css/iam-style.css?ver=6.0.3
185.94.98.117200 OK 997 B URL HTTP/2 turbocell.ir/wp-content/plugins/iran-agency-map/public/css/iam-style.css?ver=6.0.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
Hash 603362c6ab612c087d931c4b36e83b80
25e73d4fd60d567cd0217a9db120bde601125176
59bbe291634e3d68bebe54b6fa2525679bd86bcf4a64ac9639de881f6783eba5
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/iran-agency-map/public/css/iam-style.css?ver=6.0.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Wed, 09 Feb 2022 08:18:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 997
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/uploads/useanyfont/uaf.css?ver=1666527895
185.94.98.117200 OK 291 B URL HTTP/2 turbocell.ir/wp-content/uploads/useanyfont/uaf.css?ver=1666527895
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with CRLF line terminators
Hash b7d676d85f41526b583f763fcc75f7fc
114cac252148ac3c3a20003c4220f1b230ae5b57
b67169990117e9bf24901790a776f23275452543bbac1e855b6f2d592ec27734
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/useanyfont/uaf.css?ver=1666527895 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Sun, 23 Oct 2022 12:24:55 GMT
accept-ranges: bytes
content-length: 291
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-131898604-2
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-131898604-2
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 40effa6fe17ab9ed7ac7a5572fd79260
491a4ca84f855630318a82255d0c08829b9d6bf5
146ded4c813dab527b76c7349716b5c8683600e3a88f5f830b0877b38f3669e4
GET /gtag/js?id=UA-131898604-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 21 Nov 2022 21:18:03 GMT
expires: Mon, 21 Nov 2022 21:18:03 GMT
cache-control: private, max-age=900
last-modified: Mon, 21 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43681
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 8796b1bba5e0df458c07179adea64173
b3c3f64718de099805a200e156774ea356a08132
ae32033094ed99df37e4537b91ec3d52a8fd2f0d2f538e3c81901e1f9c29a0a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 21:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 662c6190c63609f87a23660fc808a650
a4178dd92d6f8a4f7c4da846a08d4104575f3636
93a8fd2af027f09640a8f5c3e2f10603d8b7aff4c74bc274cdbea7deeb396f3c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 21 Nov 2022 21:18:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
turbocell.ir/wp-content/plugins/bdthemes-element-pack/assets/css/bdt-uikit.rtl.css?ver=3.15.1
185.94.98.117200 OK 15 kB URL HTTP/2 turbocell.ir/wp-content/plugins/bdthemes-element-pack/assets/css/bdt-uikit.rtl.css?ver=3.15.1
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash 401bb62cbb0bacc03e8b086e18bd0980
b4d90e8c783f1682e9d567aa86a9bce8dcec26f6
c6ea0b0a6e76447b08f2fdd2da7ee0377f4f8d7f73b8863f849b60bfb315f843
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/bdthemes-element-pack/assets/css/bdt-uikit.rtl.css?ver=3.15.1 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 08:25:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 14621
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/bdthemes-element-pack/assets/css/ep-helper.rtl.css?ver=6.6.2
185.94.98.117200 OK 4.4 kB URL HTTP/2 turbocell.ir/wp-content/plugins/bdthemes-element-pack/assets/css/ep-helper.rtl.css?ver=6.6.2
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (31203), with no line terminators
Hash dcdf8f60e85919ab657b655ce6631255
71b603adbf8f80c80705673e9753fcf125cf85d6
4dab7533186c0517e0ed49c40dbe709ec969fbd7a69ed530db2a33c3b42e3097
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/bdthemes-element-pack/assets/css/ep-helper.rtl.css?ver=6.6.2 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 08:25:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 4404
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.0.3
185.94.98.117200 OK 11 kB URL HTTP/2 turbocell.ir/wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.0.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (65536), with no line terminators
Hash 763e0b0069b9c761216dbdea68491759
17d6923d9cd08def13de1e54daf2baf43187cc35
db6e19d275816cbc71fbd71569eb65031f43c8a6f0b315441c384a26c7065f7c
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.0.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Wed, 07 Sep 2022 12:00:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 10900
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1
185.94.98.117200 OK 235 B URL HTTP/2 turbocell.ir/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (907)
Hash 7005c701f6f732e8ad3f8410ab358c0b
23f4e42be1ce084e17e6d310306f5436e5221757
c48cc13de7f72ae72c236523fedd2ed9eebef8826895f935ed5e1fcc7228f77c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 10:35:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 235
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/css/frontend-legacy-rtl.min.css?ver=3.7.7
185.94.98.117200 OK 741 B URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/css/frontend-legacy-rtl.min.css?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (13766)
Hash 77fd2796ca14b11a4dede61cfa34609e
8296a2cebbdac0347b509c3e1d7246526a06bd3a
5d3b09a1871a41d1210bf06dfb2c0c38ab0e68f2ef7cbfca8b5776b1eda22575
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/css/frontend-legacy-rtl.min.css?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 741
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/css/frontend-rtl.min.css?ver=3.7.7
185.94.98.117200 OK 19 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/css/frontend-rtl.min.css?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (65497)
Hash f55ad10ccec515e56cd5adfef7231841
2c1303414b00de1b1323b7cd38ae9f54c216e87d
c7d81f8304bf00c2f116f7595d40a953d01928c256f3590fb646c3428930ff9d
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/css/frontend-rtl.min.css?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 18716
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
185.94.98.117200 OK 4.0 kB URL HTTP/2 turbocell.ir/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (11126)
Hash 7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Sat, 21 Aug 2021 10:33:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 3995
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/agency/js/fr_agency.js?ver=2
185.94.98.117200 OK 2.7 kB URL HTTP/2 turbocell.ir/wp-content/plugins/agency/js/fr_agency.js?ver=2
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash cefb03f9aa5027678fe2e5e3e67a1afe
316f1d4cace05ed8b5937a3c12d0d2b8cba48330
9c61b3510508c7168352731cf288587f27f50be1049a34e43677be42f4328f30
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/agency/js/fr_agency.js?ver=2 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 07:28:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2723
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/iran-agency-map/public/js/jquery.mousewheel-3.1.13.min.js?ver=6.0.3
185.94.98.117200 OK 1.1 kB URL HTTP/2 turbocell.ir/wp-content/plugins/iran-agency-map/public/js/jquery.mousewheel-3.1.13.min.js?ver=6.0.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (2609)
Hash 47b998c4287cbc7c6a937715c57fb2e2
36c555f88c12b40198021fe3b8a48b1cfc4755fc
727dcadcb46d22c183334fe1d60f52ca714e38e786001d8bde2b0d8318b9cb85
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/iran-agency-map/public/js/jquery.mousewheel-3.1.13.min.js?ver=6.0.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Wed, 09 Feb 2022 08:18:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1127
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
185.94.98.117200 OK 3.6 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (19233)
Hash af3bdf44d09914e8adb51fec560d8816
84bb225e096bab405868dd504e62133ba75cf1c1
4325dab21d3eb9efb8e285a0926be743f27e46446ccf5f9be65bb4b60c024152
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 3629
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/uploads/elementor/css/post-3632.css?ver=1663841505
185.94.98.117200 OK 404 B URL HTTP/2 turbocell.ir/wp-content/uploads/elementor/css/post-3632.css?ver=1663841505
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (1381), with no line terminators
Hash 94a2665a480cc0f6ceddc9382e237ba2
a8ab3beb232a69a341de4c284f861ae387bd9f5d
07aec5187474987711bb8a17421a9d276362905ceb5a4a6d424f16441a39cf61
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-3632.css?ver=1663841505 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Thu, 22 Sep 2022 10:11:45 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 404
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.7.7
185.94.98.117200 OK 2.4 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (10019)
Hash d2db71c82a8f672aea59a3e050cd8cd7
af626566f94b3164e4310288cfb142431e8349a6
bcd2c9c2ba22a48a8fabf9fbe5e947deb6404367e4be24f48326e302aead1180
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2442
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/slavaukraine.exe
185.94.98.117404 Not Found 27 kB URL HTTP/2 turbocell.ir/slavaukraine.exe
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Hash 11a163e39be7f444366e2c778f118dd4
293a64d46e581b5eb45b8068c1adeb0c0f0866bb
e36a5042a3522a6160077aad287e06d56e445951329379d9f7ccc5f7afc2e60f
Analyzer Verdict Alert quad9 Sinkholed
GET /slavaukraine.exe HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://turbocell.ir/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
turbocell.ir/wp-content/themes/karauos/assets/js/slick.min.js?ver=3.0.0
185.94.98.117200 OK 10 kB URL HTTP/2 turbocell.ir/wp-content/themes/karauos/assets/js/slick.min.js?ver=3.0.0
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (42862)
Hash 09ed72c756aef05979d1c10d176eeb7a
1f3c35043f1aae481a38b40327fefb959ff63885
8638bee02f96fc15e4a3dae0ae220e31f020ee0b10c8eb5f829d9986b3fc53c4
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/karauos/assets/js/slick.min.js?ver=3.0.0 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 10097
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/themes/karauos/assets/js/inc.js?ver=1.0.0
185.94.98.117200 OK 1.4 kB URL HTTP/2 turbocell.ir/wp-content/themes/karauos/assets/js/inc.js?ver=1.0.0
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
Hash 04092ef0e04a341198316510a644e878
3c3c42962d18aa3f29477de94d3e3a327150f0dd
df1830a149f1c3e6f07a01bde5cbd2edb0ab9e5b37d1493679a2beaa34014352
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/karauos/assets/js/inc.js?ver=1.0.0 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1427
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/themes/karauos/assets/js/prefixfree.min.js?ver=1.0.0
185.94.98.117200 OK 2.5 kB URL HTTP/2 turbocell.ir/wp-content/themes/karauos/assets/js/prefixfree.min.js?ver=1.0.0
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (540)
Hash f18718bbc338e53501c84dcc02c97054
be32d703abf54a790cb0ad01aedbe0f7577adbad
c338a9cdff54f63abf6b482df1926b06d3ce918e8a4f5e70752cc5c0ac24c34a
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/karauos/assets/js/prefixfree.min.js?ver=1.0.0 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2525
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/themes/karauos/assets/js/sticky.min.js?ver=2.0.0
185.94.98.117200 OK 709 B URL HTTP/2 turbocell.ir/wp-content/themes/karauos/assets/js/sticky.min.js?ver=2.0.0
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (2567), with no line terminators
Hash ed8708b31bcab8357d199493640d0177
ffeb15c9032fc956ad4f6a760d33db90df1b05fa
fdc7c9ebe4b71d3f2668776dbeef080678f4668ebf2418e58a8ea029cfe8559d
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/karauos/assets/js/sticky.min.js?ver=2.0.0 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 709
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.7.7
185.94.98.117200 OK 2.0 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (4918)
Hash addd6b2b47516aab871a8c846e4208eb
72c83f580bfc1ce85f6fc394e0bac5fc1446d8bf
6b1770e81200444e4cffdeee08a8af358f5e35edd3398a2e2f4a7fc62c2c5734
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2044
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
185.94.98.117200 OK 2.9 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (12198), with no line terminators
Hash 869caa171b68cbec9fee5abbfb944ee8
f237e485e41f88b77384cfdb880f9d5a8f46eac8
25c2896e2790fb0e52f6b6ba1ce97bd87eb40463b4bb65ba16ad434c1d7a36dc
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2867
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.7.7
185.94.98.117200 OK 1.0 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (2620), with no line terminators
Hash 906c4decdcd32482c1cf583b07925d30
30e726b9febb4b651544266df656a21251f0e8e3
53f86e9641d0e35772d6b54294cc6dd685fb9a376a1baad151da120fef609423
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1047
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
185.94.98.117200 OK 3.3 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (10544)
Hash 3821415a39954c48c7927e661467c6b8
dfe1116a0efc9898cb6caf094213880da83d6990
5f7f5b28f47c366a0bb70435dc3b2253278222c92429f013084f71fd7d29a32e
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 3268
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/bdthemes-element-pack/assets/js/common/helper.min.js?ver=6.6.2
185.94.98.117200 OK 313 B URL HTTP/2 turbocell.ir/wp-content/plugins/bdthemes-element-pack/assets/js/common/helper.min.js?ver=6.6.2
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (668), with no line terminators
Hash 2bee1daebcbecce9e887e02cb4711f92
201df91c0531211f631ecb17df9a9ca7636f8de2
4c2391320ccb0c68556ded3635fb242d56462b3f16f8c160fa9a0a5e55ead712
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/bdthemes-element-pack/assets/js/common/helper.min.js?ver=6.6.2 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:25:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 313
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.7.7
185.94.98.117200 OK 2.2 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (5141)
Hash 11a09eb3f8095f34cefa3029aa381c64
cfc98d6be411e8cb44817c2146a08b2261fa355d
829c945db9dc945562d7f0dd726f296e90f1bf9b0076fe3e96291ca1db0807f7
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Thu, 22 Sep 2022 09:44:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2188
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
185.94.98.117200 OK 2.4 kB URL HTTP/2 turbocell.ir/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (6475), with no line terminators
Hash 4e773d7cec56bacab6d2db420be6f262
c95573d884c1caec0ec9c6f3e2a8c0fbf28d939a
5c8839d0b02f21e8d83d856bbf85a6b87fbedf9ba0b70711b11a1c378d5443e7
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 12:00:43 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 2354
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3
185.94.98.117200 OK 1.6 kB URL HTTP/2 turbocell.ir/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (4875)
Hash 06a8ac0e71976bc143cfa7861a31169d
def6031fe13259bf17752661832d815e37068bf2
e6f42d97e7299522bbb002364128fdf72cd22263ca72c5edc41dcd8f4672cd33
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 12:00:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1575
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94
185.94.98.117200 OK 3.7 kB URL HTTP/2 turbocell.ir/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
Hash f778ade6a70be55cbf039cfafb20fa7f
68d7a7f2d88907a038ec557ae0ab67f58d7bcdc5
88fd2a2f80a5ff9f70a6c4019d81f3bae8bc92623697454faa44f448cc43ad93
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 12:00:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 3717
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.7.7
185.94.98.117200 OK 1.5 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (3703)
Hash 7a67ac94b6ebafd94c82dfa591065fdc
5190d1ef32403a4ad195ece088c0fba145562f13
2bd8dfe375603969948af382eb62f2957f2c51bfe8fd1db0c2f64af284cb0107
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Thu, 22 Sep 2022 09:44:51 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1477
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/themes/karauos/style.css?ver=6.0.3
185.94.98.117200 OK 27 kB URL HTTP/2 turbocell.ir/wp-content/themes/karauos/style.css?ver=6.0.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (12761)
Hash 1cfbbee090d742ee80dd3bcc88c81675
c67a2c4a4f3dbfebdd380c07501366d0a5a39c17
31287b20e023622af6e4a1fa5bfa85c8c77c954475c57606cc15b7565cf37c7f
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/karauos/style.css?ver=6.0.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 27269
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/uploads/elementor/css/post-3662.css?ver=1663841504
185.94.98.117200 OK 1.1 kB URL HTTP/2 turbocell.ir/wp-content/uploads/elementor/css/post-3662.css?ver=1663841504
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (8234), with no line terminators
Hash e8c44b4448de5d52b9f4e0514c53d5b9
46cef578822f5702ed36a2795afb5a1cd8de77af
723766c635c5b743b656630bdc2a65fdb17db606de5bfa79ae294298867e92bc
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-3662.css?ver=1663841504 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Thu, 22 Sep 2022 10:11:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1113
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/uploads/elementor/css/post-3639.css?ver=1665483478
185.94.98.117200 OK 1.5 kB URL HTTP/2 turbocell.ir/wp-content/uploads/elementor/css/post-3639.css?ver=1665483478
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (16269), with CRLF line terminators
Hash 4620c33283462d4626d58e4271bd70b2
b411ba9a68d20bffaf526f3c163ac3c14fcc366f
b7ad97b3a9b4543a80a5ad3eecfb8e18d6911a433efc4fbd8c2cdc8730121344
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-3639.css?ver=1665483478 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 10:17:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1519
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/uploads/elementor/css/post-3784.css?ver=1663841930
185.94.98.117200 OK 624 B URL HTTP/2 turbocell.ir/wp-content/uploads/elementor/css/post-3784.css?ver=1663841930
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (3358), with no line terminators
Hash 2d3855040cbf48e7b3f3748f3a025307
b42e3ecd92d7da11fcaad08d1a8f8cb3fe87203c
469404a3641e121135666fa38029aae197e45087ddd2dc9b0328872964ca3af3
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-3784.css?ver=1663841930 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Thu, 22 Sep 2022 10:18:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 624
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/uploads/tmt/custom-style.css
185.94.98.117200 OK 504 B URL HTTP/2 turbocell.ir/wp-content/uploads/tmt/custom-style.css
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (1996), with no line terminators
Hash 209a06f6da81211b15804f889b581d64
268af6add045e2b265b35b197a3247daeafe52cc
7306b649cfb768abd73bba303354c82b8c2bf07ae73c6378492bd3e3f303b49d
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/tmt/custom-style.css HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Mon, 21 Nov 2022 04:53:46 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 504
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
185.94.98.117200 OK 12 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (57726)
Hash f463afd8661ddc733305df1f0cbdaff2
77262f0209e75e340eb7014aba9cd8d69966032f
c4b6541be58a0ca61549cd4562850315077880c459c019f01e835cf2d7b764de
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 12133
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
185.94.98.117200 OK 283 B URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (491)
Hash 453a93dc816be89f942ebb253ff199fb
01563d6019803e3ff2a94c5397e7e771ee6f440d
36beebcd3778e04c8973faa581d07c7e7dc0bac2a77f637379e7d110383ab5d7
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 283
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
185.94.98.117200 OK 286 B URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (483)
Hash 8828fa3c5bdcfa66615714a2b8c9d807
4f556d0b005ac7754af607418df445f8cf98e8b1
16950dcce60bc3ee2613b60439c99e7ed74d10245f59fe6f68346b7e72dd95e7
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 286
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
185.94.98.117200 OK 284 B URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (489)
Hash dc279c928e2924b07a4a7575f8070ee8
0196756cacdb61ef40483af7ea982b699b0933de
80b6d9e3f0304f4199350c6015fd96084646c2a0121332bcb5a46d3956b7df5c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 284
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
185.94.98.117200 OK 30 kB URL HTTP/2 turbocell.ir/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (65447)
Hash 34f918ada1fe4f01c5a4b90065bbc37a
a731f6ce2d413805e39ae45994012b1bd5ea1e2b
eba158d5ab26a5a54a3dcfcea1072c636f44e92fc2eb30a3f27cd5be3f891dfc
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Sat, 21 Aug 2021 10:33:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 30273
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/iran-agency-map/public/js/jquery.mapael.min.js?ver=6.0.3
185.94.98.117200 OK 9.4 kB URL HTTP/2 turbocell.ir/wp-content/plugins/iran-agency-map/public/js/jquery.mapael.min.js?ver=6.0.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (31977)
Hash 0bcb274e5b420451bbb541cb4cb69ecd
93b390c5c3bc9b86504c403706334f88d8b05610
742a28fb105e6a3486c7f11aa9aaa14e3b9d6a05ad50f7092f7d02be1428b9a7
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/iran-agency-map/public/js/jquery.mapael.min.js?ver=6.0.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Wed, 09 Feb 2022 08:18:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 9392
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.7.7
185.94.98.117200 OK 10 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type Unicode text, UTF-8 text, with very long lines (32889)
Hash cb762f3d93a33a602d19b3994fe4e699
a9168bedc5f58243b41aaab73c68b32f6992635c
ca59fddd171412b6972463da0ac99bf372e17578816d3e79f4c247c34102a27d
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 10420
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
185.94.98.117200 OK 6.6 kB URL HTTP/2 turbocell.ir/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 139a41f01d192d239e7dce15ca307983
62a3e7c0c77209832dc649bc5583e5e0b4918bf5
d796462a5d212cd93b315b43dafb6e77dbe1c3aa567964dc40c1ab0e2c28f405
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 12:00:41 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 6637
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.7.7
185.94.98.117200 OK 30 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (65493)
Hash 8f68946ac33b3b084868e087958a7064
d0bb40ec245e83fab006d2fd72fd157c60e87b39
e9ee0dc890f2493e0631c6c56b734019b8a700488bdb4b3ead77bf3c3b77e4d4
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Thu, 22 Sep 2022 09:44:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 30190
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.7.7
185.94.98.117200 OK 12 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (43101)
Hash 95ab4688337578005feed2e876f1e880
62bef5780eeb438cc4f9ddd7783dee0c6ac2267d
f6d86b74234d919ce018b3660d4afc427f2a3a39a09235ce89b33565c27c678e
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 12548
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
185.94.98.117200 OK 4.6 kB URL HTTP/2 turbocell.ir/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (15660)
Hash 0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 12:00:41 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 4619
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/iran-agency-map/public/js/raphael-2.2.7.min.js?ver=6.0.3
185.94.98.117200 OK 31 kB URL HTTP/2 turbocell.ir/wp-content/plugins/iran-agency-map/public/js/raphael-2.2.7.min.js?ver=6.0.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type Unicode text, UTF-8 text, with very long lines (32031)
Hash 4b680ed5c64bca7fa91369bf1cbe9f79
2f0a15b8a941100118bb59f07f2c9fd8f2b77494
170ddd1c818d230ba726004bf174f08e6d93345d6059512f83e7340a69491e72
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/iran-agency-map/public/js/raphael-2.2.7.min.js?ver=6.0.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Wed, 09 Feb 2022 08:18:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 31262
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/iran-agency-map/public/js/iranmapael.js?ver=6.0.3
185.94.98.117200 OK 31 kB URL HTTP/2 turbocell.ir/wp-content/plugins/iran-agency-map/public/js/iranmapael.js?ver=6.0.3
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (3926)
Hash 434d0a15abf95e04ef8a04c5ec634501
6881d54209674f540dce56fad6aab074a805e99b
12bf87383ea6de628ae35aaca66f2d575b0b48828c425c6ab790f950e98d1465
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/iran-agency-map/public/js/iranmapael.js?ver=6.0.3 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Wed, 09 Feb 2022 08:18:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 31214
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/themes/karauos/assets/js/jquery.fancybox.min.js?ver=3.0.0
185.94.98.117200 OK 21 kB URL HTTP/2 turbocell.ir/wp-content/themes/karauos/assets/js/jquery.fancybox.min.js?ver=3.0.0
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type HTML document, ASCII text, with very long lines (31994)
Hash 2e58be706b6020705a1c2f4504f310ef
a885e766fe68cfc593d9c0c5cb2dd579ba69251c
c894590df0ec97e1dadc2bcda067029dcdf8988e47a5bfb0e8819e5b3f864366
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/karauos/assets/js/jquery.fancybox.min.js?ver=3.0.0 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 20983
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
185.94.98.117200 OK 34 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (65280)
Hash 83a90323ac82b98062b4b2c8ac8c5051
d7d376677e3546b756b4fec6219be72b85c4f8f5
7fd68e9ea0ebd35958da46d7373113d1a3646a671217cf2cf471c65c3d710613
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 34004
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.7.7
185.94.98.117200 OK 12 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (40474)
Hash cf9df4d15291b14a459fdd30b118a1a4
450c2a4389a4d7e12fac3f1c49e79ca477521140
f109234d786cb6f29e805b2a5764f33f04b918bd76f4249ac94a3f39887facaf
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:40:31 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 11703
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
185.94.98.117200 OK 6.9 kB URL HTTP/2 turbocell.ir/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type Unicode text, UTF-8 text, with very long lines (19138), with no line terminators
Hash 1f5152610686781567fb3008c4429792
d0c0bddf5fb8603ed8e55c32f3093c2207f72471
75806ece853d0d76e655a433bd03548d3be6237ea1e4cacd5963f528bbe0d192
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 12:00:43 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 6872
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.7
185.94.98.117200 OK 5.5 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (21374)
Hash 67e48785dcd857201122c8f46d2c7758
72ab94428b614ae30d4644aa48b4f570ca4a8ed7
19097c0a7dfc7529811bc5379d5784a750b220e547ddb74240c039d038315575
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Thu, 22 Sep 2022 09:44:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 5506
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.4
185.94.98.117200 OK 60 kB URL HTTP/2 turbocell.ir/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.4
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (45047)
Hash bff9aba3bdefe77175a7151d7c3fa120
d2cbd7bfc2f728778ecb6c478cb16ad26709a973
7a38cd90a2e06a96c15119f08e30fbf7d1e4102d1089f2035a2909ebb5fc0ecf
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.4 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:25:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 59937
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/bdthemes-element-pack/assets/js/bdt-uikit.min.js?ver=3.15.1
185.94.98.117200 OK 44 kB URL HTTP/2 turbocell.ir/wp-content/plugins/bdthemes-element-pack/assets/js/bdt-uikit.min.js?ver=3.15.1
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type ASCII text, with very long lines (60588)
Hash f343043307c312608c0bd262e16d11fa
14540595ba3a97f234a3cf877d501c11d514de22
0893faf836a24bab621b81022ae377f5b159c3c5088243e8c534f6715ee7227c
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/bdthemes-element-pack/assets/js/bdt-uikit.min.js?ver=3.15.1 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:25:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 44395
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/uploads/2022/08/logo-turbocell.png
185.94.98.117200 OK 1.8 kB URL HTTP/2 turbocell.ir/wp-content/uploads/2022/08/logo-turbocell.png
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type PNG image data, 300 x 100, 8-bit colormap, non-interlaced\012- data
Hash efe2826ce7b6d259c03e09ce331dd888
a99a4db540f5b8c6b4b250e64395bae8726e8b54
a2a63c084cff7cd87422376ec370213962990ba3633f8130d59a0fa4ec154b88
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2022/08/logo-turbocell.png HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=10368000,public
expires: Tue, 21 Mar 2023 21:18:03 GMT
content-type: image/png
last-modified: Mon, 29 Aug 2022 11:43:53 GMT
accept-ranges: bytes
content-length: 1784
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2
turbocell.ir/wp-content/themes/karauos/assets/images/member.svg
185.94.98.117200 OK 1.5 kB URL HTTP/2 turbocell.ir/wp-content/themes/karauos/assets/images/member.svg
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 95fabb16cd112940b3345863ce2529dc
f73a922210a21a29f46b22f9f625deaa8011186d
a1f98af8ab0e6b88c4c839df0720e47b1bb3eb16de11504027566924f32af7ef
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/karauos/assets/images/member.svg HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=10368000,public
expires: Tue, 21 Mar 2023 21:18:03 GMT
content-type: image/svg+xml
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 1511
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/themes/karauos/assets/fonts/IRANSansWeb.woff2
185.94.98.117200 OK 29 kB URL HTTP/2 turbocell.ir/wp-content/themes/karauos/assets/fonts/IRANSansWeb.woff2
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type Web Open Font Format (Version 2), TrueType, length 29284, version 1.0\012- data
Hash eb5adaac0d814e1e8e5cbd75efb9db3e
86437711b342274a5f43ba41870b38eb6205fb97
e3822f2d078338746add72d0f2a1b2725df116b9daa09c40cf3b970742893713
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/karauos/assets/fonts/IRANSansWeb.woff2 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://turbocell.ir/wp-content/uploads/tmt/custom-style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=10368000
expires: Tue, 21 Mar 2023 21:18:04 GMT
content-type: font/woff2
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-length: 29284
date: Mon, 21 Nov 2022 21:18:04 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2
turbocell.ir/wp-content/themes/karauos/assets/fonts/IRANSansWeb_Bold.woff2
185.94.98.117200 OK 28 kB URL HTTP/2 turbocell.ir/wp-content/themes/karauos/assets/fonts/IRANSansWeb_Bold.woff2
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type Web Open Font Format (Version 2), TrueType, length 28392, version 1.0\012- data
Hash ceaf6d89af9fb96d0466b26d6f1c022a
aa33f1de8fb862c1b97882fd4f930cff23b0d1d3
b8232be0950dd94043cc996ae738ff3569c21ba9c2c744a382b14fec96a9c515
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/themes/karauos/assets/fonts/IRANSansWeb_Bold.woff2 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://turbocell.ir/wp-content/uploads/tmt/custom-style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=10368000
expires: Tue, 21 Mar 2023 21:18:04 GMT
content-type: font/woff2
last-modified: Tue, 25 Oct 2022 08:42:19 GMT
accept-ranges: bytes
content-length: 28392
date: Mon, 21 Nov 2022 21:18:04 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2
185.94.98.117200 OK 13 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type Web Open Font Format (Version 2), TrueType, length 13276, version 331.-31261\012- data
Hash f0f8230116992e521526097a28f54066
0447c6b10bbf73f97b23dcfd6e6a48510822cb6e
8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=10368000
expires: Tue, 21 Mar 2023 21:18:04 GMT
content-type: font/woff2
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-length: 13276
date: Mon, 21 Nov 2022 21:18:04 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
185.94.98.117200 OK 77 kB URL HTTP/2 turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type Web Open Font Format (Version 2), TrueType, length 76764, version 331.-31261\012- data
Hash f7307680c7fe85959f3ecf122493ea7d
fce0da592a3e536d6d5df5b50cb513398d8c5161
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://turbocell.ir/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=10368000
expires: Tue, 21 Mar 2023 21:18:04 GMT
content-type: font/woff2
last-modified: Tue, 25 Oct 2022 08:40:32 GMT
accept-ranges: bytes
content-length: 76764
date: Mon, 21 Nov 2022 21:18:04 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 21 Nov 2022 20:41:09 GMT
expires: Mon, 21 Nov 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 2216
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
turbocell.ir/favicon.ico
185.94.98.117404 Not Found 708 B IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Mon, 21 Nov 2022 21:18:05 GMT
server: LiteSpeed
vary: Accept-Encoding
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-YQJ8Y65C1D>m=2oeb90&_p=2016277943&gdid=dZTNiMT&cid=1592691048.1669065485&ul=en-us&sr=1280x1024&_s=1&sid=1669065485&sct=1&seg=0&dl=https%3A%2F%2Fturbocell.ir%2Fslavaukraine.exe&dt=Page%20Not%20Found%20-%20%D8%AA%D9%88%D8%B1%D8%A8%D9%88%D8%B3%D9%84&en=page_view&_fv=1&_ss=1&_ee=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-YQJ8Y65C1D>m=2oeb90&_p=2016277943&gdid=dZTNiMT&cid=1592691048.1669065485&ul=en-us&sr=1280x1024&_s=1&sid=1669065485&sct=1&seg=0&dl=https%3A%2F%2Fturbocell.ir%2Fslavaukraine.exe&dt=Page%20Not%20Found%20-%20%D8%AA%D9%88%D8%B1%D8%A8%D9%88%D8%B3%D9%84&en=page_view&_fv=1&_ss=1&_ee=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-YQJ8Y65C1D>m=2oeb90&_p=2016277943&gdid=dZTNiMT&cid=1592691048.1669065485&ul=en-us&sr=1280x1024&_s=1&sid=1669065485&sct=1&seg=0&dl=https%3A%2F%2Fturbocell.ir%2Fslavaukraine.exe&dt=Page%20Not%20Found%20-%20%D8%AA%D9%88%D8%B1%D8%A8%D9%88%D8%B3%D9%84&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://turbocell.ir
Connection: keep-alive
Referer: https://turbocell.ir/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://turbocell.ir
date: Mon, 21 Nov 2022 21:18:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/elementor-pro/assets/css/frontend-rtl.min.css?ver=3.7.7
185.94.98.117200 OK 0 B URL HTTP/2 turbocell.ir/wp-content/plugins/elementor-pro/assets/css/frontend-rtl.min.css?ver=3.7.7
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/elementor-pro/assets/css/frontend-rtl.min.css?ver=3.7.7 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: text/css
last-modified: Thu, 22 Sep 2022 09:44:49 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 40086
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
turbocell.ir/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.4
185.94.98.117200 OK 0 B URL HTTP/2 turbocell.ir/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.4
IP 185.94.98.117:0
ASN #204213 Netmihan Communication Company Ltd
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.4 HTTP/1.1
Host: turbocell.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/slavaukraine.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000,public
expires: Tue, 21 Nov 2023 21:18:03 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:25:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,Accept-Encoding
content-length: 101513
date: Mon, 21 Nov 2022 21:18:03 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.3
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.3
IP 142.250.74.10:0
GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.3 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbocell.ir/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 21 Nov 2022 21:18:03 GMT
date: Mon, 21 Nov 2022 21:18:03 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2