urlscan.io logo urlscan.io
SecurityTrails logo

2ad.ir Open in urlscan Pro
185.49.85.38  Public Scan

Go To Rescan Add Verdict Report
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Submission: On April 06 via manual from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 4 countries across 9 domains to perform 44 HTTP transactions. The main IP is 185.49.85.38, located in Iran, Islamic Republic Of and belongs to ASIATECH, IR. The main domain is 2ad.ir.
TLS certificate: Issued by R3 on February 25th 2021. Valid for: 3 months.
This is the only time 2ad.ir was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

24    185.49.85.38 (Iran, Islamic Republic Of)

ASN43754 (ASIATECH, IR)
PTR: hosted-by.hostdl.com.asiatech.ir
2ad.ir
1    2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    109.206.162.83 (Netherlands)

ASN50245 (SERVEREL-AS, NL)
PTR: 83.162.serverel.net
rukoval.com
1    2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
4    2606:4700::6810:8916 (United States)

ASN13335 (CLOUDFLARENET, US)
mellowads.com
8    104.21.31.16 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.yektanet.com
nfetch.yektanet.com
audience.yektanet.com
ua.yektanet.com
1    151.139.128.10 (United States)

ASN20446 (HIGHWINDS3, US)
cdn.popcash.net
1    2600:1f18:510:800:2943:bb87:a771:c207 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dcba.popcash.net
1    2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Domain Requested by
24 2ad.ir 2ad.ir
4 ua.yektanet.com cdn.yektanet.com
2ad.ir
ua.yektanet.com
4 mellowads.com 2ad.ir
mellowads.com
2 www.google-analytics.com 2ad.ir
www.google-analytics.com
2 cdn.yektanet.com 2ad.ir
cdn.yektanet.com
1 www.gstatic.com www.google.com
1 audience.yektanet.com cdn.yektanet.com
1 nfetch.yektanet.com cdn.yektanet.com
1 dcba.popcash.net cdn.popcash.net
1 cdn.popcash.net 2ad.ir
1 www.google.com 2ad.ir
1 rukoval.com 2ad.ir
1 fonts.googleapis.com 2ad.ir
44 13

This site contains links to these domains. Also see Links.

Domain
t.me
Subject Issuer Validity Valid
www.2ad.ir
R3		 2021-02-25 -
2021-05-26		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh
rukoval.com
R3		 2021-02-02 -
2021-05-03		 3 months crt.sh
www.google.com
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-14 -
2021-08-14		 a year crt.sh
cdn.popcash.net
R3		 2021-03-21 -
2021-06-19		 3 months crt.sh
*.popcash.net
AlphaSSL CA - SHA256 - G2		 2020-04-21 -
2021-04-22		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Frame ID: DE366D59E7EFD86EBA1B389ADBAAC976
Requests: 38 HTTP requests in this frame

Frame: https://mellowads.com/view/0A76E789C065/?ref=yT03YDKIydK1QYJN5IR6mu7dz28PyhrO3mfzL0aWhIPUdwjA1S6at1Z7XA3tfKcYnkAAitx5V2EMEzLthlezAa0&w=670&h=150
Frame ID: A3C95DF56D2A2A84DA2A7C2E42910047
Requests: 4 HTTP requests in this frame

Frame: https://ua.yektanet.com/cookie/iframe/
Frame ID: 795DF59A61D72E6AD9F2F074F1A81FC4
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i
Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • html /<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css/i

Page Statistics

44
Requests

100 %
HTTPS

64 %
IPv6

9
Domains

13
Subdomains

11
IPs

4
Countries

461 kB
Transfer

1323 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request DrNFrfvy
2ad.ir/ 		12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
6d9a4000d2ce17cf98a4e8d7b70f1d1e04509070adecef5cadab4f9632f478ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
2ad.ir
:scheme
https
:path
/DrNFrfvy?userid=K6ByetNo
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
content-encoding
br
vary
Accept-Encoding,User-Agent
date
Tue, 06 Apr 2021 02:51:03 GMT
server
LiteSpeed
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
alt-svc
h3-34=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
icon
fonts.googleapis.com/ 		568 B
461 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5418e55de2eda6d8940f3925f71cb3dc501c70848a8a23ad63ba1376f0cd009a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 06 Apr 2021 02:51:03 GMT
server
ESF
date
Tue, 06 Apr 2021 02:51:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 06 Apr 2021 02:51:03 GMT
icon-font.min.css
2ad.ir/css/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/css/icon-font.min.css
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
f90d0b6a571e8d4b9ec683cf79a6d0f7c0775de35ec289edf3a6a794c9b56ba7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:03 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Wed, 20 May 2020 09:16:17 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
1499
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:03 GMT
wow.min.js
2ad.ir/vendor/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/vendor/wow.min.js?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
cfa1739ee346d63a3d3cfdff8c18cbe8fdedbcb32d4b0895028c193ce828e7a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:03 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Wed, 29 May 2019 00:12:58 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
2524
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:03 GMT
owl.carousel.min.css
2ad.ir/vendor/owl/ 		3 KB
974 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/vendor/owl/owl.carousel.min.css?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:03 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Wed, 29 May 2019 00:12:58 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
915
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:03 GMT
owl.theme.default.css
2ad.ir/vendor/owl/ 		1 KB
500 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/vendor/owl/owl.theme.default.css?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
9d7055ec6af6954d2df80c0ab274b4e4362dcd9f35a184d74ba923ecb0501df3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:03 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Wed, 29 May 2019 00:12:58 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
464
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:03 GMT
bootstrap.min.css
2ad.ir/ojen_theme/css/ 		141 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/ojen_theme/css/bootstrap.min.css?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
2e1c6438ef38441c988bbfe871db2796fce5d2347461d4a014739578793f4363
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:03 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Sat, 03 Nov 2018 12:03:42 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
18618
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:03 GMT
animate.css
2ad.ir/ojen_theme/css/ 		57 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/ojen_theme/css/animate.css?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
3fdfe2323bbd7714631973620d41fff07d79b1e178d5fe9fc84d4fc61bfebe27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:03 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Sun, 28 Oct 2018 12:57:30 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
3838
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:03 GMT
style.css
2ad.ir/ojen_theme/css/ 		27 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/ojen_theme/css/style.css?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
1e6f205f077fbc37d28acaa78f301ef8e2a799fe54a8cb36e3849c4f1485c813
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:03 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 15:06:29 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
5275
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:03 GMT
anime.css
2ad.ir/ojen_theme/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/ojen_theme/css/anime.css?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
c75f80593f1f326e56f74c059c0854f653da882ad076e1db2259947bb7ff3dd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:03 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Sun, 28 Oct 2018 12:57:42 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
1573
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:03 GMT
responsive.css
2ad.ir/ojen_theme/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/ojen_theme/css/responsive.css?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
97778b4ffa451edae2d54d345883b6cc937280ca8ee8db6de5085d6a46ad34ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:03 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Fri, 12 Jul 2019 20:30:26 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
1301
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:03 GMT
jquery.min.js
2ad.ir/vendor/ 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/vendor/jquery.min.js?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:03 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Wed, 29 May 2019 00:12:58 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
29166
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:03 GMT
brt.js
rukoval.com/t/9/fret/meow4/1754337/ 		65 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rukoval.com/t/9/fret/meow4/1754337/brt.js
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_CBC
Server
109.206.162.83 , Netherlands, ASN50245 (SERVEREL-AS, NL),
Reverse DNS
83.162.serverel.net
Software
nginx /
Resource Hash
9c70b5db65fd6ee07ed02bcd746426512e708b3210113bf651a5e8c6e56f7713
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 06 Apr 2021 02:51:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 03 Mar 2021 10:33:44 GMT
Server
nginx
ETag
W/"603f6608-105a7"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
tether.png
2ad.ir/assets/methods/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2ad.ir/assets/methods/tether.png
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
c3c702120dabe28458194b4bcd5f14003b67f03f4d6308bb182fb8bea912edfe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
x-content-type-options
nosniff
last-modified
Fri, 01 Jan 2021 12:50:49 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
vary
User-Agent
content-length
8695
x-xss-protection
1; mode=block
expires
Wed, 06 Apr 2022 02:51:04 GMT
webmoney2.png
2ad.ir/assets/methods/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2ad.ir/assets/methods/webmoney2.png
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
b088053f143de8fbcfc34a2a1c97a8902baabc09bcebeabaeb5bc559e41e779f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
x-content-type-options
nosniff
last-modified
Fri, 01 Jan 2021 12:50:50 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
vary
User-Agent
content-length
17058
x-xss-protection
1; mode=block
expires
Wed, 06 Apr 2022 02:51:04 GMT
shetab.png
2ad.ir/ojen_theme/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2ad.ir/ojen_theme/img/shetab.png
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
e72153e433cb79df96dac0de4721b3654d530be58ba5758da4d464c8dca93bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
x-content-type-options
nosniff
last-modified
Tue, 06 Nov 2018 14:11:54 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
vary
User-Agent
content-length
4108
x-xss-protection
1; mode=block
expires
Wed, 06 Apr 2022 02:51:04 GMT
zarinpal.png
2ad.ir/ojen_theme/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2ad.ir/ojen_theme/img/zarinpal.png
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
f770a1bc3d67a50543fbf55333a835aab065346c3460f92145c9aa2ff1a34984
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
x-content-type-options
nosniff
last-modified
Tue, 06 Nov 2018 21:25:24 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
vary
User-Agent
content-length
3985
x-xss-protection
1; mode=block
expires
Wed, 06 Apr 2022 02:51:04 GMT
ads.js
2ad.ir/ojen_theme/js/ 		106 B
218 B 		Script
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/ojen_theme/js/ads.js
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
42deff51f77c2fad8526f708bf57a4300ecc3fd926c9df055962dc2cdca00cee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
x-content-type-options
nosniff
last-modified
Sun, 11 Feb 2018 06:31:22 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
User-Agent
content-length
106
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:04 GMT
popper.min.js
2ad.ir/ojen_theme/js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/ojen_theme/js/popper.min.js?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 29 Oct 2018 09:55:52 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
6644
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:04 GMT
bootstrap.min.js
2ad.ir/ojen_theme/js/ 		48 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/ojen_theme/js/bootstrap.min.js?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 29 Oct 2018 09:55:42 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
12542
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:04 GMT
clipboard.min.js
2ad.ir/vendor/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/vendor/clipboard.min.js?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
a966b18ec6e3b2e6676df4cd8e274cfba051df4bc26ae0d783a978f5533d2bb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Wed, 29 May 2019 00:12:58 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
3194
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:04 GMT
main.js
2ad.ir/ojen_theme/js/ 		2 KB
718 B 		Script
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/ojen_theme/js/main.js?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
79b18af33d3a5ef74b124a832b71ab46d563957b5ab979e98e540167d2e29c0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Fri, 12 Jul 2019 21:54:24 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
659
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:04 GMT
appc.js
2ad.ir/ojen_theme/js/ 		16 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/ojen_theme/js/appc.js?ver=6.0.4
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
b9e651f9f87e827ce383bcd1accbd3f6441d160fb5ca56e4b24039e736cd1f18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/DrNFrfvy?userid=K6ByetNo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Wed, 25 Dec 2019 01:09:00 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-length
4144
x-xss-protection
1; mode=block
expires
Thu, 06 May 2021 02:51:04 GMT
api.js
www.google.com/recaptcha/ 		918 B
675 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?hl=fa&onload=onloadRecaptchaCallback&render=explicit
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
389cd9e00972bd6ac0ad5550f3ade7351c80a16a37b31136a4b540c543fde2cb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
583
x-xss-protection
1; mode=block
expires
Tue, 06 Apr 2021 02:51:04 GMT
Cookie set 0A76E789C065
mellowads.com/view/ Frame A3C9 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mellowads.com/view/0A76E789C065
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
447e1faa6cf0ec08a42be5dc342077ce1644dff7d62f108ef7d0832aaae3bf09

Request headers

Host
mellowads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://2ad.ir/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://2ad.ir/

Response headers

Date
Tue, 06 Apr 2021 02:51:04 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=dbce4b41b0258bb890ac63ee1495a47bc1617677464; expires=Thu, 06-May-21 02:51:04 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Mon, 05-Jul-2021 02:51:11 GMT; path=/
Cache-Control
private
Vary
Accept-Encoding
X-AspNet-Version
4.0.30319
CF-Cache-Status
DYNAMIC
cf-request-id
0946b04b31000063e9bd850000000001
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server
cloudflare
CF-RAY
63b7b6584e1a63e9-FRA
Content-Encoding
gzip
logo-white.png
2ad.ir/ojen_theme/img/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2ad.ir/ojen_theme/img/logo-white.png
Requested by
Host: 2ad.ir
URL: https://2ad.ir/ojen_theme/css/style.css?ver=6.0.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
ec57324f11c244d438a9d6173ae4654b5f73217deffda8d30e79bda5ed2aa7cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/ojen_theme/css/style.css?ver=6.0.4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
x-content-type-options
nosniff
last-modified
Sun, 23 Dec 2018 19:45:00 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
vary
User-Agent
content-length
17959
x-xss-protection
1; mode=block
expires
Wed, 06 Apr 2022 02:51:04 GMT
IRANSansWeb.woff2
2ad.ir/ojen_theme/fonts/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://2ad.ir/ojen_theme/fonts/IRANSansWeb.woff2
Requested by
Host: 2ad.ir
URL: https://2ad.ir/ojen_theme/css/style.css?ver=6.0.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
13812a30ddb5f43dee6b08795045e14f2463e6a54b0153f94c87d78e0ae2ca11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://2ad.ir
Referer
https://2ad.ir/ojen_theme/css/style.css?ver=6.0.4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
x-content-type-options
nosniff
last-modified
Thu, 22 Dec 2016 17:24:10 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
vary
User-Agent
content-length
31304
x-xss-protection
1; mode=block
expires
Tue, 13 Apr 2021 02:51:04 GMT
native-2ad.ir.js
cdn.yektanet.com/js/2ad.ir/ 		132 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.yektanet.com/js/2ad.ir/native-2ad.ir.js?v=2021030604
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.31.16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37085088115260de8cd8074cd7c9c5ffe996792ffe33694e4d113d6b4faf4db8

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Mon, 05 Apr 2021 14:02:35 GMT
server
cloudflare
etag
W/"606b187b-21005"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CDzWATMsZo4vYBa3OMoSi3uDaxd6q7q%2FBb%2Fruf47VOxeYBb6g8JeGuZLloXbHLRwBwQe%2FempqPNI8H314bUvDnMeXBerh8o1c2vCe4kuB8OW"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=2678400
nel
{"max_age":604800,"report_to":"cf-nel"}
cf-ray
63b7b6594fcbfa58-AMS
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0946b04bca0000fa58ecacd000000001
show.js
cdn.popcash.net/ 		125 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.popcash.net/show.js
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a12f358b0d0eb8cd45b81bf39485969c511224ea79e84980294523b1cd72519

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uqZaACAinHDuNG9yI3jlOM6fDzpl1d9QTneq0guCwvf1JPUzqz8lAHc5Vn5i60eYJXgpyKrY3xkk2iT3YwVNem7lOvUWatI6gb8Hvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-length
36325
cf-request-id
08bd4a4b39000006568b8f9000000001
last-modified
Wed, 10 Mar 2021 10:25:53 GMT
server
cloudflare
etag
W/"60489eb1-1f3c3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-hw
1617677464.cds074.lo4.hn,1617677464.cds053.lo4.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000, public
accept-ranges
bytes
cf-ray
62dbdff1e9aa0656-LHR
logo.png
2ad.ir/ojen_theme/img/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2ad.ir/ojen_theme/img/logo.png
Requested by
Host: 2ad.ir
URL: https://2ad.ir/ojen_theme/css/style.css?ver=6.0.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.49.85.38 , Iran, Islamic Republic Of, ASN43754 (ASIATECH, IR),
Reverse DNS
hosted-by.hostdl.com.asiatech.ir
Software
LiteSpeed /
Resource Hash
a31d82c522e9f52a1cd187f5905bf9e6a4cb3629174cd75701a003d0e80ac451
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2ad.ir/ojen_theme/css/style.css?ver=6.0.4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
x-content-type-options
nosniff
last-modified
Sun, 23 Dec 2018 19:54:18 GMT
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
vary
User-Agent
content-length
16518
x-xss-protection
1; mode=block
expires
Wed, 06 Apr 2022 02:51:04 GMT
znWaa3gu
dcba.popcash.net/ 		0
118 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dcba.popcash.net/znWaa3gu
Requested by
Host: cdn.popcash.net
URL: https://cdn.popcash.net/show.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:510:800:2943:bb87:a771:c207 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Tue, 06 Apr 2021 02:51:04 GMT
cache-control
no-cache, no-store, must-revalidate
expires
0
Cookie set /
mellowads.com/view/0A76E789C065/ Frame A3C9 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mellowads.com/view/0A76E789C065/?ref=yT03YDKIydK1QYJN5IR6mu7dz28PyhrO3mfzL0aWhIPUdwjA1S6at1Z7XA3tfKcYnkAAitx5V2EMEzLthlezAa0&w=670&h=150
Requested by
Host: mellowads.com
URL: https://mellowads.com/view/0A76E789C065
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb403e47847546163a7608c0bdc64e789a6ef1a836e80b9800d1ea59d15e11ce

Request headers

Host
mellowads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://mellowads.com/view/0A76E789C065
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://mellowads.com/view/0A76E789C065

Response headers

Date
Tue, 06 Apr 2021 02:51:04 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=df9a840bb88d44fa74031f902cc7780481617677464; expires=Thu, 06-May-21 02:51:04 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=yT03YDKIydK1QYJN5IR6mu7dz28PyhrO3mfzL0aWhIPUdwjA1S6at1Z7XA3tfKcYnkAAitx5V2EMEzLthlezAa0; expires=Mon, 05-Jul-2021 02:51:12 GMT; path=/
Cache-Control
private
Vary
Accept-Encoding
X-AspNet-Version
4.0.30319
CF-Cache-Status
DYNAMIC
cf-request-id
0946b04c2f000063e9b7bb5000000001
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server
cloudflare
CF-RAY
63b7b659ee3a63e9-FRA
Content-Encoding
gzip
publisher.js
cdn.yektanet.com/rg_woebegone/scripts_v3/Gx4wxUPc/ 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.yektanet.com/rg_woebegone/scripts_v3/Gx4wxUPc/publisher.js?v=2021030604
Requested by
Host: cdn.yektanet.com
URL: https://cdn.yektanet.com/js/2ad.ir/native-2ad.ir.js?v=2021030604
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.31.16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
278bcbfe013b15d38fef6f7264397cfb214beb1419da6a1e7a10ac4c7444a798

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:04 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Mon, 05 Apr 2021 14:13:02 GMT
server
cloudflare
etag
W/"606b1aee-8525"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XShs17%2FAeKEjEs3SgABNnPHky58YJ3BKpkHW8pE8AHro4jq3%2FaRWo2i6n3mFbbv%2FHC0PVtFaffcaLFLIcJqChWCJInn3NEe%2B76mUL9w8UgCp"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=2678400
nel
{"max_age":604800,"report_to":"cf-nel"}
cf-ray
63b7b65b190afa58-AMS
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0946b04ced0000fa58ed8e7000000001
size13.css
mellowads.com/css/ Frame A3C9 		405 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mellowads.com/css/size13.css?v18
Requested by
Host: mellowads.com
URL: https://mellowads.com/view/0A76E789C065/?ref=yT03YDKIydK1QYJN5IR6mu7dz28PyhrO3mfzL0aWhIPUdwjA1S6at1Z7XA3tfKcYnkAAitx5V2EMEzLthlezAa0&w=670&h=150
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc8fdb8b8d09767faff8cec309e20c4578b5e4b8ba9e659a9e2c50a2dd988592

Request headers

Referer
https://mellowads.com/view/0A76E789C065/?ref=yT03YDKIydK1QYJN5IR6mu7dz28PyhrO3mfzL0aWhIPUdwjA1S6at1Z7XA3tfKcYnkAAitx5V2EMEzLthlezAa0&w=670&h=150
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 06 Apr 2021 02:51:04 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
Age
5158
Cf-Polished
origSize=603
Transfer-Encoding
chunked
Connection
keep-alive
cf-request-id
0946b04d35000063e9be069000000001
Last-Modified
Wed, 15 Nov 2017 09:57:32 GMT
Server
cloudflare
ETag
W/"24e81328f85dd31:0"
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
text/css
Expires
Fri, 07 May 2021 02:51:04 GMT
Cache-Control
public, max-age=2678400
CF-RAY
63b7b65b8e5963e9-FRA
Cf-Bgj
minify
minibrand.png
mellowads.com/img/ Frame A3C9 		880 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mellowads.com/img/minibrand.png
Requested by
Host: mellowads.com
URL: https://mellowads.com/view/0A76E789C065/?ref=yT03YDKIydK1QYJN5IR6mu7dz28PyhrO3mfzL0aWhIPUdwjA1S6at1Z7XA3tfKcYnkAAitx5V2EMEzLthlezAa0&w=670&h=150
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer
https://mellowads.com/view/0A76E789C065/?ref=yT03YDKIydK1QYJN5IR6mu7dz28PyhrO3mfzL0aWhIPUdwjA1S6at1Z7XA3tfKcYnkAAitx5V2EMEzLthlezAa0&w=670&h=150
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 06 Apr 2021 02:51:04 GMT
CF-Cache-Status
HIT
Age
946406
Cf-Polished
status=not_needed
Connection
keep-alive
Content-Length
880
cf-request-id
0946b04d410000c272fbb78000000001
Last-Modified
Wed, 15 Nov 2017 09:57:38 GMT
Server
cloudflare
ETag
"db70512bf85dd31:0"
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
image/png
Expires
Fri, 07 May 2021 02:51:04 GMT
Cache-Control
public, max-age=2678400
Accept-Ranges
bytes
CF-RAY
63b7b65b9dc0c272-FRA
Cf-Bgj
imgq:100,h2pri
/
nfetch.yektanet.com/api/v2/load/ 		2 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nfetch.yektanet.com/api/v2/load/?format=json&ids=5757,4675&counts=1,3&image_types=1,1&w=1600&h=1200&is-mobile=0&android=0&ios=0&page_title=Error&page_url=https%3A%2F%2F2ad.ir%2FDrNFrfvy&ref=
Requested by
Host: cdn.yektanet.com
URL: https://cdn.yektanet.com/js/2ad.ir/native-2ad.ir.js?v=2021030604
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.31.16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:05 GMT
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2
cf-request-id
0946b04d520000fa589d032000000001
last-modified
Tuesday, 06-Apr-2021 02:51:04 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yhQ4EzTiAzJrXC8gqv09s7cRm9VmBRadp0hGjx0dYeKMc3%2F3y8GOF44Br%2BhA7EixxF3JU3rUw%2FeUyNAm3vC5sG%2FIZ1GUTpr9iT0vILuymLz35TQf"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
https://2ad.ir
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
63b7b65bb97ffa58-AMS
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 19 Mar 2021 19:22:18 GMT
server
Golfe2
age
1326
date
Tue, 06 Apr 2021 02:28:59 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19463
expires
Tue, 06 Apr 2021 04:28:59 GMT
/
audience.yektanet.com/api/v1/scripts/preview/validate/ 		5 B
485 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://audience.yektanet.com/api/v1/scripts/preview/validate/?app_id=sMPlOBKg
Requested by
Host: cdn.yektanet.com
URL: https://cdn.yektanet.com/rg_woebegone/scripts_v3/Gx4wxUPc/publisher.js?v=2021030604
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.31.16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:05 GMT
access-control-allow-methods
GET, OPTIONS
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5
cf-request-id
0946b04e450000fa58f683a000000001
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
allow
GET, OPTIONS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bQzFAw%2Fz674rNaHoKwe6rXpaoWpGqhN1HjO7zjs8SArC4mxzhqNGMZglujgbZHaBSKFPndmf%2Fp1eUcjwZJdcxNDL2g%2Fy7NshAlltNmbaWsyK3rhY41g%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://2ad.ir
access-control-allow-credentials
true
cf-ray
63b7b65d3a94fa58-AMS
access-control-allow-headers
Authorization
/
ua.yektanet.com/cookie/iframe/ Frame 795D 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ua.yektanet.com/cookie/iframe/
Requested by
Host: cdn.yektanet.com
URL: https://cdn.yektanet.com/rg_woebegone/scripts_v3/Gx4wxUPc/publisher.js?v=2021030604
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.31.16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
febd31db8278d7a55e757999e51483f44a130fda12c1cdbd196f420fc3704f8f

Request headers

:method
GET
:authority
ua.yektanet.com
:scheme
https
:path
/cookie/iframe/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://2ad.ir/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cf_bm=a31fe337d312bd04831a72d7a4aac7cf0bac5f12-1617677464-1800-AX2f05fUdHwSAKRfi9Dcldp/sqnfwmF6vmRxymNjZL9AhXYh9ksNXf+TqTAyfDMrtKnS2lL5IppAhDYtwKrWWf4=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://2ad.ir/

Response headers

date
Tue, 06 Apr 2021 02:51:05 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d5ee8575bf2e16e11836d02b7142cc3051617677465; expires=Thu, 06-May-21 02:51:05 GMT; path=/; domain=.yektanet.com; HttpOnly; SameSite=Lax; Secure
last-modified
Tuesday, 06-Apr-2021 02:51:05 GMT
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-request-id
0946b04e5b0000fa58bc88e000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pVlU%2BTMa5CkGst4yF0cCctoQHSx%2F9pzh94YmDi84gP5B7vOAqWxHaSCQMZJ1LLHToIF3CqCcioKsYsp%2BVqUVAMiCSz8hjDXtQc2OsB3zwyw%3D"}],"group":"cf-nel","max_age":604800}
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
cf-ray
63b7b65d5aaafa58-AMS
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
__fake.gif
ua.yektanet.com/ 		42 B
316 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ua.yektanet.com/__fake.gif?aa=event&abe=L&abf=9274fc96-e217-4851-a4d4-957d15d07d9a&abj=0&aed=pub&ac=https%3A%2F%2F2ad.ir%2FDrNFrfvy%3Fuserid%3DK6ByetNo&ae=%7B%22userid%22%3A%22K6ByetNo%22%7D&ad=2ad.ir&as=Error&aef=sMPlOBKg&aea=24263&aeb=yektanet&aec=9295&aaa=direct&aab=null&ai=789fce30-77fd-d404-8ec3-c2ae62ad10ad&abw=1600&abb=910&aby=1600&abz=1200&al=1600&am=1200&abk=
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.31.16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:05 GMT
cf-cache-status
BYPASS
last-modified
Tuesday, 06-Apr-2021 02:51:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RlLJhn%2B3oJsJxGcLljXhGCVvYs2LYXO5OjDmYK%2BIrrdqrFMI94CMwNmMdocf8li4kO%2B6yMuAWC1Scj9e4cjl7yepDfelmrlW6avY02T2Y9k%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
nel
{"max_age":604800,"report_to":"cf-nel"}
accept-ranges
bytes
cf-ray
63b7b65d6ab4fa58-AMS
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
42
cf-request-id
0946b04e610000fa58e4a14000000001
__fake.gif
ua.yektanet.com/ 		42 B
782 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ua.yektanet.com/__fake.gif?aa=event&abe=L&abf=3c074d68-4699-4bf9-af63-16a8099315a9&abj=1&aed=adv&ac=https%3A%2F%2F2ad.ir%2FDrNFrfvy%3Fuserid%3DK6ByetNo&ae=%7B%22userid%22%3A%22K6ByetNo%22%7D&ad=2ad.ir&as=Error&aef=sMPlOBKg&aea=24263&aeb=yektanet&aec=9295&aaa=direct&aab=null&ai=789fce30-77fd-d404-8ec3-c2ae62ad10ad&abw=1600&abb=910&aby=1600&abz=1200&al=1600&am=1200&abk=
Requested by
Host: 2ad.ir
URL: https://2ad.ir/DrNFrfvy?userid=K6ByetNo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.31.16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:05 GMT
cf-cache-status
BYPASS
last-modified
Tuesday, 06-Apr-2021 02:51:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pY5I3IPGq84PyYm1nO8Cam0CvhfvW0Ubfq7B01x95%2BJZhnvsBlSVdYQrncTaoNKvoJaCKjXrMoZ09FKi3l6PNIUqonjVVbyZezENhmcvL9I%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
nel
{"max_age":604800,"report_to":"cf-nel"}
accept-ranges
bytes
cf-ray
63b7b65d6ab6fa58-AMS
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
42
cf-request-id
0946b04e610000fa58cdb98000000001
recaptcha__fa.js
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/ 		363 KB
133 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__fa.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=fa&onload=onloadRecaptchaCallback&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0078a5aa8561dccb8a15542b24d5613884d2e5e55460a8969ab6a845ab4859b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://2ad.ir
Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 05 Apr 2021 03:43:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
83262
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
136389
x-xss-protection
0
last-modified
Mon, 22 Mar 2021 04:06:11 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 05 Apr 2022 03:43:23 GMT
collect
www.google-analytics.com/j/ 		2 B
119 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j89&a=2001936844&t=pageview&_s=1&dl=https%3A%2F%2F2ad.ir%2FDrNFrfvy%3Fuserid%3DK6ByetNo&ul=en-us&de=UTF-8&dt=Error&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=351945569&gjid=1446488683&cid=1175110920.1617677465&tid=UA-90058927-1&_gid=1473116224.1617677465&_r=1&_slc=1&z=896969896
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://2ad.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 06 Apr 2021 02:51:05 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://2ad.ir
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
set
ua.yektanet.com/cookie/ Frame 795D 		74 B
792 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ua.yektanet.com/cookie/set?candidate=null
Requested by
Host: ua.yektanet.com
URL: https://ua.yektanet.com/cookie/iframe/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.31.16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8756ef392c552ff8990409b6e004207db92c7bf196d1278ba7536ced530de3a1

Request headers

Referer
https://ua.yektanet.com/cookie/iframe/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 06 Apr 2021 02:51:05 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Tuesday, 06-Apr-2021 02:51:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vjNsB%2Fpp%2F6jgFOyeH%2Bs7r0R96cNcIVDlNhX1670675vbQl9A9VcYhMM%2BQAMwcqwKHXNSYwKLeVfERB7%2BZw%2FZYXpGISpVRoIg65NlPVC5eZ8%3D"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
nel
{"max_age":604800,"report_to":"cf-nel"}
cf-ray
63b7b65edbaafa58-AMS
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0946b04f480000fa58eb2a5000000001

Verdicts & Comments Add Verdict or Comment

79 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| WOW function| $ function| jQuery function| v2oo function| F9aa function| L3BB function| Z2oo undefined| handleException function| T9II function| _clqvvwdp8wdl8chfd3llyy string| uid string| wid string| pop_fback object| pop_tag object| app_vars string| popns number| pop_cdn boolean| N3 object| IOarzRhPlP number| pop_fcap object| e object| __core-js_shared__ object| core boolean| yektanet_2ad.ir_native-2ad.ir_is_loaded object| ynObserver function| Popper object| ynWebpackJsonp object| bootstrap function| ClipboardJS function| fixHeight undefined| captchaShort undefined| captchaContact undefined| captchaSignup undefined| captchaForgotpassword undefined| captchaShortlink undefined| invisibleCaptchaShort undefined| invisibleCaptchaContact undefined| invisibleCaptchaSignup undefined| invisibleCaptchaForgotpassword undefined| invisibleCaptchaShortlink function| onloadRecaptchaCallback function| getCookie object| go_popup function| checkAdblockUser function| checkAdsbypasserUser function| checkPrivateMode object| body string| ad_type object| counter_start_object undefined| selectedTab undefined| clipboard function| copIed function| setTooltip function| setCookie function| cookie_accept string| GoogleAnalyticsObject function| ga boolean| yektanet_ua-script-sMPlOBKg_is_loaded function| yektanet object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| recaptcha

12 Cookies

Domain/Path Name / Value
.yektanet.com/ Name: analytics_global_token
Value: e42a85b0-01df8-865f7-7f280-01d7acf41b9c4
2ad.ir/ Name: _yngt_iframe
Value: 1
.yektanet.com/ Name: __cf_bm
Value: a31fe337d312bd04831a72d7a4aac7cf0bac5f12-1617677464-1800-AX2f05fUdHwSAKRfi9Dcldp/sqnfwmF6vmRxymNjZL9AhXYh9ksNXf+TqTAyfDMrtKnS2lL5IppAhDYtwKrWWf4=
.2ad.ir/ Name: _ga
Value: GA1.2.1175110920.1617677465
.yektanet.com/ Name: gearbox_ad_token
Value: e42a85b0-01df8-865f7-7f280-01d7acf41b9c4
.2ad.ir/ Name: _gat
Value: 1
2ad.ir/ Name: analytics_session_token
Value: 789fce30-77fd-d404-8ec3-c2ae62ad10ad
2ad.ir/ Name: yektanet_session_last_activity
Value: 4/6/2021
2ad.ir/ Name: analytics_token
Value: 0778e348-5415-1bcc-44ba-9dea0d8fec25
.2ad.ir/ Name: _gid
Value: GA1.2.1473116224.1617677465
2ad.ir/ Name: analytics_campaign
Value: {%22source%22:%22direct%22%2C%22medium%22:null}
2ad.ir/ Name: ab
Value: 2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2ad.ir
audience.yektanet.com
cdn.popcash.net
cdn.yektanet.com
dcba.popcash.net
fonts.googleapis.com
mellowads.com
nfetch.yektanet.com
rukoval.com
ua.yektanet.com
www.google-analytics.com
www.google.com
www.gstatic.com
104.21.31.16
109.206.162.83
151.139.128.10
185.49.85.38
2600:1f18:510:800:2943:bb87:a771:c207
2606:4700::6810:8916
2a00:1450:4001:800::200e
2a00:1450:4001:803::2004
2a00:1450:4001:80e::200a
2a00:1450:4001:811::200e
2a00:1450:4001:828::2003
0078a5aa8561dccb8a15542b24d5613884d2e5e55460a8969ab6a845ab4859b7
13812a30ddb5f43dee6b08795045e14f2463e6a54b0153f94c87d78e0ae2ca11
1e6f205f077fbc37d28acaa78f301ef8e2a799fe54a8cb36e3849c4f1485c813
278bcbfe013b15d38fef6f7264397cfb214beb1419da6a1e7a10ac4c7444a798
2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0
2e1c6438ef38441c988bbfe871db2796fce5d2347461d4a014739578793f4363
37085088115260de8cd8074cd7c9c5ffe996792ffe33694e4d113d6b4faf4db8
389cd9e00972bd6ac0ad5550f3ade7351c80a16a37b31136a4b540c543fde2cb
3fdfe2323bbd7714631973620d41fff07d79b1e178d5fe9fc84d4fc61bfebe27
42deff51f77c2fad8526f708bf57a4300ecc3fd926c9df055962dc2cdca00cee
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
447e1faa6cf0ec08a42be5dc342077ce1644dff7d62f108ef7d0832aaae3bf09
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc
5418e55de2eda6d8940f3925f71cb3dc501c70848a8a23ad63ba1376f0cd009a
6d9a4000d2ce17cf98a4e8d7b70f1d1e04509070adecef5cadab4f9632f478ce
79b18af33d3a5ef74b124a832b71ab46d563957b5ab979e98e540167d2e29c0f
7a12f358b0d0eb8cd45b81bf39485969c511224ea79e84980294523b1cd72519
8756ef392c552ff8990409b6e004207db92c7bf196d1278ba7536ced530de3a1
97778b4ffa451edae2d54d345883b6cc937280ca8ee8db6de5085d6a46ad34ef
9c70b5db65fd6ee07ed02bcd746426512e708b3210113bf651a5e8c6e56f7713
9d7055ec6af6954d2df80c0ab274b4e4362dcd9f35a184d74ba923ecb0501df3
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a31d82c522e9f52a1cd187f5905bf9e6a4cb3629174cd75701a003d0e80ac451
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a966b18ec6e3b2e6676df4cd8e274cfba051df4bc26ae0d783a978f5533d2bb4
b088053f143de8fbcfc34a2a1c97a8902baabc09bcebeabaeb5bc559e41e779f
b9e651f9f87e827ce383bcd1accbd3f6441d160fb5ca56e4b24039e736cd1f18
c3c702120dabe28458194b4bcd5f14003b67f03f4d6308bb182fb8bea912edfe
c75f80593f1f326e56f74c059c0854f653da882ad076e1db2259947bb7ff3dd6
cc8fdb8b8d09767faff8cec309e20c4578b5e4b8ba9e659a9e2c50a2dd988592
cfa1739ee346d63a3d3cfdff8c18cbe8fdedbcb32d4b0895028c193ce828e7a5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e72153e433cb79df96dac0de4721b3654d530be58ba5758da4d464c8dca93bda
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
ec57324f11c244d438a9d6173ae4654b5f73217deffda8d30e79bda5ed2aa7cb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f770a1bc3d67a50543fbf55333a835aab065346c3460f92145c9aa2ff1a34984
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
f90d0b6a571e8d4b9ec683cf79a6d0f7c0775de35ec289edf3a6a794c9b56ba7
fb403e47847546163a7608c0bdc64e789a6ef1a836e80b9800d1ea59d15e11ce
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa
fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46
febd31db8278d7a55e757999e51483f44a130fda12c1cdbd196f420fc3704f8f