Report - www.xscript.ir

Report Overview

Visited public
2025-03-19 16:27:01
Tags
Submit Tags
URL
www.xscript.ir
Finishing URL
www.xscript.ir/
IP / ASN
185.18.212.71
#48715 Sefroyek Pardaz Engineering PJSC
Title
ایکس اسکریپت | دانلود اسکریپت

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.triboon.net	unknown	2020-04-21	2021-09-22	2023-11-14	1.9 kB	267 kB	185.166.104.3
rednosehorse.com	unknown	2025-01-16	2025-01-20	2025-03-13	447 B	797 B	46.173.214.32
www.gstatic.com	unknown	2008-02-11	2012-05-29	2025-03-19	492 B	566 kB	142.250.178.99
blessedwirrow.org	unknown	2024-11-12	2025-03-02	2025-03-17	426 B	798 B	46.173.214.32
blackshelter.org	unknown	2024-12-01	2024-12-05	2025-03-12	448 B	796 B	46.173.214.32
www.google.com	7	1997-09-15	2015-05-10	2025-03-19	427 B	1.6 kB	142.250.74.68
www.xscript.ir	unknown	unknown	2013-05-17	2025-03-19	13 kB	1.6 MB	185.18.212.71
groundrats.org	unknown	2024-12-01	2024-12-18	2025-03-13	2.7 kB	4.8 kB	46.173.214.32
packedbrick.com	unknown	2024-07-22	2024-08-05	2025-03-13	446 B	797 B	46.173.214.32
apiexplorerzone.com	unknown	2025-02-10	2025-02-12	2025-03-14	450 B	798 B	46.173.214.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-03-19 16:26:35	high	Client IP	46.173.214.32	ET EXPLOIT_KIT TA569 Keitaro TDS Domain in TLS SNI (packedbrick .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-19	medium	groundrats.org	Sinkholed
2025-03-19	medium	groundrats.org	Sinkholed
2025-03-19	medium	groundrats.org	Sinkholed
2025-03-19	medium	packedbrick.com	Sinkholed
2025-03-19	medium	groundrats.org	Sinkholed
2025-03-19	medium	rednosehorse.com	Sinkholed
2025-03-19	medium	blessedwirrow.org	Sinkholed
2025-03-19	medium	groundrats.org	Sinkholed
2025-03-19	medium	groundrats.org	Sinkholed
2025-03-19	medium	apiexplorerzone.com	Sinkholed
2025-03-19	medium	blackshelter.org	Sinkholed

ThreatFox

No alerts detected

JavaScript (25)

	URL	From	Size	First Seen	Last Seen
	www.gstatic.com/recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/recaptcha__fa.js	ScriptElement	565 kB	2025-03-19	2025-03-19
Pretty URL www.gstatic.com/recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/recaptcha__fa.js IP 142.250.178.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-19 12:28 Last Seen2025-03-19 16:27 Times Seen2 Hash 3020fedb6298947faa93ff513780db06 8edd6112b45a99d5d78a5efa008fb5e4058a0b31 515753820b81b433481cfe1305e8dd2f3eead7bde4ba10210866f3aaf3b7ce97 Loading...

	www.xscript.ir/wp-content/themes/download-ronakweb/js/jquery-ronakweb.js?ver=1.11.1	ScriptElement	149 kB	2023-12-03	2025-06-25
Pretty URL www.xscript.ir/wp-content/themes/download-ronakweb/js/jquery-ronakweb.js?ver=1.11.1 IP 185.18.212.71 ASN #48715 Sefroyek Pardaz Engineering PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 16:31 Last Seen2025-06-25 04:05 Times Seen41 Hash 7c7657287c79bbc68db9734f1db542b8 ec3e8d744fa65a8daabb704939aaeb31f712656e 6c82c413c824d6e39062aa3e29825179ae6cfc4f48bc6a14deb3fe6d4b7be415 Loading...

	rednosehorse.com/UAcBfRjO2gnlBsXxFJ9movpnBUaqO5vU-iz9AeVEbOE	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL rednosehorse.com/UAcBfRjO2gnlBsXxFJ9movpnBUaqO5vU-iz9AeVEbOE IP 46.173.214.32 ASN #47196 Garant-Park-Internet LLC Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 09:55 Times Seen5434762 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	packedbrick.com/IB4zUEmTzFv831zG2HSjRlSntuq8fJ6Q0-JaBCv4v6g	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL packedbrick.com/IB4zUEmTzFv831zG2HSjRlSntuq8fJ6Q0-JaBCv4v6g IP 46.173.214.32 ASN #47196 Garant-Park-Internet LLC Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 09:55 Times Seen5434762 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.xscript.ir/wp-content/themes/download-ronakweb/js/modernizr.min.js	ScriptElement	15 kB	2023-03-07	2025-07-08
Pretty URL www.xscript.ir/wp-content/themes/download-ronakweb/js/modernizr.min.js IP 185.18.212.71 ASN #48715 Sefroyek Pardaz Engineering PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 17:33 Last Seen2025-07-08 01:25 Times Seen36 Hash 1c5182657024e9a13ec0b5dc5da6e8d8 75257c2701399aef2933dc4a51bb67c42eda7bad 6d77e62deaa43cca81560bf11cd5ccd8d3583bd4936ed1ea2d639d13d3e5c4c0 Loading...

	www.xscript.ir/	ScriptElement	3.3 kB	2025-03-19	2025-03-19
Pretty URL www.xscript.ir/ IP 185.18.212.71 ASN #48715 Sefroyek Pardaz Engineering PJSC Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-19 12:28 Last Seen2025-03-19 16:27 Times Seen2 Hash 03e2590d087e30dfa5cfde37d0c18565 4df408cbb4fa66bb863a35ca93d1dae2cdafa320 fbdbb9296c7dd148015ea4ecc238c2fbb5514995f2bb6852af61902d9a744058 Loading...

	www.xscript.ir/wp-includes/js/wp-emoji-release.min.js?ver=6.6.2	ScriptElement	19 kB	2024-03-13	2025-07-16
Pretty URL www.xscript.ir/wp-includes/js/wp-emoji-release.min.js?ver=6.6.2 IP 185.18.212.71 ASN #48715 Sefroyek Pardaz Engineering PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-13 16:02 Last Seen2025-07-16 09:54 Times Seen54254 Hash b976b651932bfd25b9ddb5b7693d88a7 7fcb7cb5c11227f9213b1e08a07d0212209e1432 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3 Loading...

	www.xscript.ir/wp-content/plugins/wordpress-popular-posts/public/js/wpp-4.2.0.min.js?ver=4.2.2	ScriptElement	2.8 kB	2025-03-19	2025-03-19
Pretty URL www.xscript.ir/wp-content/plugins/wordpress-popular-posts/public/js/wpp-4.2.0.min.js?ver=4.2.2 IP 185.18.212.71 ASN #48715 Sefroyek Pardaz Engineering PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-19 12:28 Last Seen2025-03-19 16:27 Times Seen2 Hash 087aff2687d309800c5d6a55a6c9632f ad45ad381585078281606d5b3780020b1d14f8a1 180ff88aabe82a2a1b2f4be4d8ecdb6d4e1ca5436a301da674a6bff6dc6838cb Loading...

	www.xscript.ir/	ScriptElement	224 B	2025-03-19	2025-03-19
Pretty URL www.xscript.ir/ IP 185.18.212.71 ASN #48715 Sefroyek Pardaz Engineering PJSC Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-19 12:28 Last Seen2025-03-19 16:27 Times Seen2 Hash dfd463db1eff7f4c54f0b8f069327a9f d6f169986b47df1f5f0e1eb9d6b9318f3028a826 7f8d7b8b094cd0fe280eb0d838857c1a9521493395bb7bc05ea6dbdd211aefa2 Loading...

	www.xscript.ir/wp-content/themes/download-ronakweb/js/jquery.slicknav.js	ScriptElement	6.9 kB	2025-03-19	2025-03-19
Pretty URL www.xscript.ir/wp-content/themes/download-ronakweb/js/jquery.slicknav.js IP 185.18.212.71 ASN #48715 Sefroyek Pardaz Engineering PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-19 12:28 Last Seen2025-03-19 16:27 Times Seen2 Hash 78bf89aa8767e7c4b45e9aeb27e74a56 50ab4e581335ec2ba5d9da61ae31df5944faa758 d541f6a86ad1fc0a9fc33304b6bdfed7656ac5d79cfb92dcd49084efe1415240 Loading...

	www.google.com/recaptcha/api.js?hl=fa_IR	ScriptElement	911 B	2025-03-19	2025-03-19
Pretty URL www.google.com/recaptcha/api.js?hl=fa_IR IP 142.250.74.68 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-19 12:28 Last Seen2025-03-19 16:27 Times Seen2 Hash c90ab0c6e1672bc73aec434097c83004 488e79b8e51cbcc888ccb40f60cad9b64f89bfc0 35837a60499660af6a2c66bd8a41e81ab8a7643a48778deccf891557ffede08c Loading...

	groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox IP 46.173.214.32 ASN #47196 Garant-Park-Internet LLC Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 09:55 Times Seen5434762 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox IP 46.173.214.32 ASN #47196 Garant-Park-Internet LLC Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 09:55 Times Seen5434762 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	blessedwirrow.org/qlZvFjfnSJFACbQAFa8YG	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL blessedwirrow.org/qlZvFjfnSJFACbQAFa8YG IP 46.173.214.32 ASN #47196 Garant-Park-Internet LLC Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 09:55 Times Seen5434762 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	apiexplorerzone.com/cKxDXshtxehIvuHjdk6snOKnBGNM3qpOcIzOAO8CJWm	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL apiexplorerzone.com/cKxDXshtxehIvuHjdk6snOKnBGNM3qpOcIzOAO8CJWm IP 46.173.214.32 ASN #47196 Garant-Park-Internet LLC Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 09:55 Times Seen5434762 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	blackshelter.org/tw9ZIwYM9BY5A6iRcUJQxDBX5PMf7GL4-DBJejgkisyv	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL blackshelter.org/tw9ZIwYM9BY5A6iRcUJQxDBX5PMf7GL4-DBJejgkisyv IP 46.173.214.32 ASN #47196 Garant-Park-Internet LLC Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 09:55 Times Seen5434762 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.xscript.ir/	ScriptElement	76 B	2025-03-19	2025-03-19
Pretty URL www.xscript.ir/ IP 185.18.212.71 ASN #48715 Sefroyek Pardaz Engineering PJSC Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-19 12:28 Last Seen2025-03-19 16:27 Times Seen2 Hash dbf23a2955ab80f16d4e680c549e01bf d90f25c2af4c673f486ee206df48191ef2d38ac6 9f1297d422a9b8b8bbba9494876f53ad66fdac197b9d8d436f401da22b5d1842 Loading...

	www.xscript.ir/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1	ScriptElement	14 kB	2023-03-07	2025-07-15
Pretty URL www.xscript.ir/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1 IP 185.18.212.71 ASN #48715 Sefroyek Pardaz Engineering PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-15 04:11 Times Seen2636 Hash 1534f06aa2b1b721a45372f8238e2461 86f7e7b926e1a88209d171b56dadbccc2c96f578 b7e17926b30342edecee8b3a93029ac51462e2b479277d8e077ba57173eb1900 Loading...

	groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox IP 46.173.214.32 ASN #47196 Garant-Park-Internet LLC Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 09:55 Times Seen5434762 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.xscript.ir/	ScriptElement	51 B	2025-03-19	2025-03-19
Pretty URL www.xscript.ir/ IP 185.18.212.71 ASN #48715 Sefroyek Pardaz Engineering PJSC Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-19 12:28 Last Seen2025-03-19 16:27 Times Seen2 Hash 16b20f300389a8b0fe6b96ab8a751df5 58ba6c27f566a98b81705d98de35cc77c5ebf2c0 83883928e844c6541f14199fc48c554f70187b4436c0ab19fb74c318133e3385 Loading...

	www.xscript.ir/	ScriptElement	167 B	2025-03-19	2025-03-19
Pretty URL www.xscript.ir/ IP 185.18.212.71 ASN #48715 Sefroyek Pardaz Engineering PJSC Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-19 12:28 Last Seen2025-03-19 16:27 Times Seen2 Hash a6c50bf90bc45867fddeaa7f5f279731 2174c798df9f8e72f887a9712435e49c2661cc01 ed15387a5706e134913691fd7d849880f447b527ea2c83e43802e8a3bc2c5988 Loading...

	www.xscript.ir/wp-content/themes/download-ronakweb/js/organictabs.jquery.js	ScriptElement	1.1 kB	2025-03-19	2025-03-19
Pretty URL www.xscript.ir/wp-content/themes/download-ronakweb/js/organictabs.jquery.js IP 185.18.212.71 ASN #48715 Sefroyek Pardaz Engineering PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-19 12:28 Last Seen2025-03-19 16:27 Times Seen2 Hash 3f1de8bc3f82a531e40b5ef87b152871 966a446edcf74f3c6e157e380b8d53dfc34d53d3 3f4dd87f8a154586037077bd277da08c1bb6a0d4df19e0fc62836243e3e8e468 Loading...

	groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox IP 46.173.214.32 ASN #47196 Garant-Park-Internet LLC Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 09:55 Times Seen5434762 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox IP 46.173.214.32 ASN #47196 Garant-Park-Internet LLC Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 09:55 Times Seen5434762 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox	ScriptElement	0 B	0001-01-01	2025-07-16
Pretty URL groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox IP 46.173.214.32 ASN #47196 Garant-Park-Internet LLC Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 09:55 Times Seen5434762 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (44)

URL IP Response Size

GET www.xscript.ir/wp-content/plugins/contact-form-7/includes/css/styles-rtl.css?ver=5.1.1

185.18.212.71

200 OK

177 B

URL GET
www.xscript.ir/wp-content/plugins/contact-form-7/includes/css/styles-rtl.css?ver=5.1.1
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
ASCII text, with no line terminators
Size
177 B (177 bytes)
Hash
cf354d9fb05ce27aa863d41a5586f61d
48424541a0348cb0c532816174bae44066207864
3afea38e86073ac7290f699ac7b149157d404ef3ed7e12c716f6d981ec75ce04

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles-rtl.css?ver=5.1.1 HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: text/css
last-modified: Sun, 10 Feb 2019 21:33:59 GMT
accept-ranges: bytes
content-length: 177
date: Wed, 19 Mar 2025 16:26:10 GMT

GET groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox

46.173.214.32

200 OK

0 B

URL GET
groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox
IP
46.173.214.32:443
ASN
#47196 Garant-Park-Internet LLC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectgroundrats.org
FingerprintBA:AB:CA:13:CD:6F:FE:3F:CC:64:CB:0D:C9:9C:58:08:AE:8A:5F:A2
ValidityMon, 17 Mar 2025 16:41:08 GMT - Sun, 15 Jun 2025 16:41:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox HTTP/1.1
Host: groundrats.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Mar 2025 16:26:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 19 Mar 2025 16:26:36 GMT
Pragma: no-cache
Set-Cookie: _subid=1sjos4f36c53;Expires=Saturday, 19-Apr-2025 16:26:36 GMT;Max-Age=2678400;Path=/
0c9c8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwMFwiOjE3NDI0MDE1OTYsXCI2NlwiOjE3NDI0MDE1OTZ9LFwiY2FtcGFpZ25zXCI6e1wiN1wiOjE3NDI0MDE1OTYsXCIyM1wiOjE3NDI0MDE1OTZ9LFwidGltZVwiOjE3NDI0MDE1OTZ9In0.NoZ45NS_2TEyCdTZsGoV3_75nyohd2_bFOzNy59CC2w;Expires=Saturday, 08-Jun-2080 08:53:12 GMT;Max-Age=1742660796;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

GET groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox

46.173.214.32

200 OK

0 B

URL GET
groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox
IP
46.173.214.32:443
ASN
#47196 Garant-Park-Internet LLC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectgroundrats.org
FingerprintBA:AB:CA:13:CD:6F:FE:3F:CC:64:CB:0D:C9:9C:58:08:AE:8A:5F:A2
ValidityMon, 17 Mar 2025 16:41:08 GMT - Sun, 15 Jun 2025 16:41:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox HTTP/1.1
Host: groundrats.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Mar 2025 16:26:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 19 Mar 2025 16:26:36 GMT
Pragma: no-cache
Set-Cookie: _subid=1sjos4f36c4r;Expires=Saturday, 19-Apr-2025 16:26:36 GMT;Max-Age=2678400;Path=/
0c9c8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwMFwiOjE3NDI0MDE1OTYsXCI2NlwiOjE3NDI0MDE1OTZ9LFwiY2FtcGFpZ25zXCI6e1wiN1wiOjE3NDI0MDE1OTYsXCIyM1wiOjE3NDI0MDE1OTZ9LFwidGltZVwiOjE3NDI0MDE1OTZ9In0.NoZ45NS_2TEyCdTZsGoV3_75nyohd2_bFOzNy59CC2w;Expires=Saturday, 08-Jun-2080 08:53:12 GMT;Max-Age=1742660796;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

GET www.xscript.ir/wp-content/themes/download-ronakweb/style.css

185.18.212.71

200 OK

38 kB

URL GET
www.xscript.ir/wp-content/themes/download-ronakweb/style.css
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type

Size
38 kB (37954 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/themes/download-ronakweb/style.css HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: text/css
last-modified: Sat, 13 Oct 2018 08:52:53 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6617
date: Wed, 19 Mar 2025 16:26:10 GMT

GET www.xscript.ir/wp-content/plugins/wordpress-popular-posts/public/js/wpp-4.2.0.min.js?ver=4.2.2

185.18.212.71

200 OK

2.8 kB

URL GET
www.xscript.ir/wp-content/plugins/wordpress-popular-posts/public/js/wpp-4.2.0.min.js?ver=4.2.2
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
JavaScript source, ASCII text, with very long lines (2879), with no line terminators
Size
2.8 kB (2791 bytes)
Hash
172c744cbbd3ed3bf26c619134525f4d
be846dde3255a75508842f10bb5f3bdffc0332b3
0593ef1f375e4d78ff3d4c0f84a6e5e54e3c098d07c167ba470609da672a6607

HTTP Headers

GET /wp-content/plugins/wordpress-popular-posts/public/js/wpp-4.2.0.min.js?ver=4.2.2 HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript
last-modified: Sat, 14 Dec 2024 17:11:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 761
date: Wed, 19 Mar 2025 16:26:10 GMT

GET cdn.triboon.net/media/reportage_images/066b0b3e-9649-4c15-a850-c9278b3d326f.jpg

185.166.104.3

200 OK

119 kB

URL GET
cdn.triboon.net/media/reportage_images/066b0b3e-9649-4c15-a850-c9278b3d326f.jpg
IP
185.166.104.3:443
ASN
#202319 Avaye Hamrahe Houshmande Hezardastan PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjecttriboon.net
FingerprintA1:AE:26:C4:9C:06:2D:C2:E5:2B:81:06:0D:18:AD:E1:03:5F:FA:89
ValidityThu, 13 Mar 2025 05:27:05 GMT - Wed, 11 Jun 2025 05:27:04 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75", baseline, precision 8, 1024x576, components 3
Size
119 kB (118927 bytes)
Hash
52ef7566f3147060352271a50b96c888
edac32004830fc816ebbbeef43c7f570439e9717
254e5b33669f643d0be9473acb3333cd2e574c2fcf83e061b49d1b7d0d7cfaa7

HTTP Headers

GET /media/reportage_images/066b0b3e-9649-4c15-a850-c9278b3d326f.jpg HTTP/1.1
Host: cdn.triboon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Mar 2025 16:26:35 GMT
content-type: image/jpeg
content-length: 118927
last-modified: Wed, 18 Dec 2024 22:42:22 GMT
x-rgw-object-type: Normal
etag: "52ef7566f3147060352271a50b96c888"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-max-age: 1728000
cache-control: max-age=31536000
x-cache-status: MISS
x-zrk-us: 200
strict-transport-security: max-age=31536000
server: Sotoon CDN
x-zrk-cs: HIT
x-zrk-sn: 3001
accept-ranges: bytes, bytes
X-Firefox-Spdy: h2

GET groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox

46.173.214.32

200 OK

0 B

URL GET
groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox
IP
46.173.214.32:443
ASN
#47196 Garant-Park-Internet LLC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectgroundrats.org
FingerprintBA:AB:CA:13:CD:6F:FE:3F:CC:64:CB:0D:C9:9C:58:08:AE:8A:5F:A2
ValidityMon, 17 Mar 2025 16:41:08 GMT - Sun, 15 Jun 2025 16:41:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox HTTP/1.1
Host: groundrats.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Mar 2025 16:26:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 19 Mar 2025 16:26:36 GMT
Pragma: no-cache
Set-Cookie: _subid=1sjos4f36c4v;Expires=Saturday, 19-Apr-2025 16:26:36 GMT;Max-Age=2678400;Path=/
0c9c8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwMFwiOjE3NDI0MDE1OTYsXCI2NlwiOjE3NDI0MDE1OTZ9LFwiY2FtcGFpZ25zXCI6e1wiN1wiOjE3NDI0MDE1OTYsXCIyM1wiOjE3NDI0MDE1OTZ9LFwidGltZVwiOjE3NDI0MDE1OTZ9In0.NoZ45NS_2TEyCdTZsGoV3_75nyohd2_bFOzNy59CC2w;Expires=Saturday, 08-Jun-2080 08:53:12 GMT;Max-Age=1742660796;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

GET www.xscript.ir/wp-content/plugins/wordpress-popular-posts/public/css/wpp.css?ver=4.2.2

185.18.212.71

200 OK

1.2 kB

URL GET
www.xscript.ir/wp-content/plugins/wordpress-popular-posts/public/css/wpp.css?ver=4.2.2
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
ASCII text, with very long lines (1495), with no line terminators
Size
1.2 kB (1217 bytes)
Hash
ceac6e2dc8d86781ed64fd4a7203315d
6510d57580aa3e17e8edc366838377a287dd7755
672e582170a8c835bba4e893ad2529dc7e4f75b46d169c92973759166a416801

HTTP Headers

GET /wp-content/plugins/wordpress-popular-posts/public/css/wpp.css?ver=4.2.2 HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: text/css
last-modified: Sun, 10 Feb 2019 21:34:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 473
date: Wed, 19 Mar 2025 16:26:10 GMT

GET packedbrick.com/IB4zUEmTzFv831zG2HSjRlSntuq8fJ6Q0-JaBCv4v6g

46.173.214.32

200 OK

0 B

URL GET
packedbrick.com/IB4zUEmTzFv831zG2HSjRlSntuq8fJ6Q0-JaBCv4v6g
IP
46.173.214.32:443
ASN
#47196 Garant-Park-Internet LLC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectpackedbrick.com
Fingerprint74:AF:79:9A:15:81:2E:7C:CA:4B:FC:CE:8B:7F:B8:83:6D:09:63:6F
ValidityMon, 17 Mar 2025 16:16:52 GMT - Sun, 15 Jun 2025 16:16:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /IB4zUEmTzFv831zG2HSjRlSntuq8fJ6Q0-JaBCv4v6g HTTP/1.1
Host: packedbrick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Mar 2025 16:26:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 19 Mar 2025 16:26:35 GMT
Pragma: no-cache
Set-Cookie: _subid=1sjos4f36c3k;Expires=Saturday, 19-Apr-2025 16:26:35 GMT;Max-Age=2678400;Path=/
0c9c8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIwXCI6MTc0MjQwMTU5NSxcIjY2XCI6MTc0MjQwMTU5NX0sXCJjYW1wYWlnbnNcIjp7XCIxN1wiOjE3NDI0MDE1OTUsXCIyM1wiOjE3NDI0MDE1OTV9LFwidGltZVwiOjE3NDI0MDE1OTV9In0.GcnfbSls-6LqdjpV7qgq-GUVE3vJWVdarPEjfe4S3xY;Expires=Saturday, 08-Jun-2080 08:53:10 GMT;Max-Age=1742660795;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

GET groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox

46.173.214.32

200 OK

0 B

URL GET
groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox
IP
46.173.214.32:443
ASN
#47196 Garant-Park-Internet LLC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectgroundrats.org
FingerprintBA:AB:CA:13:CD:6F:FE:3F:CC:64:CB:0D:C9:9C:58:08:AE:8A:5F:A2
ValidityMon, 17 Mar 2025 16:41:08 GMT - Sun, 15 Jun 2025 16:41:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox HTTP/1.1
Host: groundrats.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Mar 2025 16:26:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 19 Mar 2025 16:26:36 GMT
Pragma: no-cache
Set-Cookie: _subid=1sjos4f36c5c;Expires=Saturday, 19-Apr-2025 16:26:36 GMT;Max-Age=2678400;Path=/
0c9c8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwMFwiOjE3NDI0MDE1OTYsXCI2NlwiOjE3NDI0MDE1OTZ9LFwiY2FtcGFpZ25zXCI6e1wiN1wiOjE3NDI0MDE1OTYsXCIyM1wiOjE3NDI0MDE1OTZ9LFwidGltZVwiOjE3NDI0MDE1OTZ9In0.NoZ45NS_2TEyCdTZsGoV3_75nyohd2_bFOzNy59CC2w;Expires=Saturday, 08-Jun-2080 08:53:12 GMT;Max-Age=1742660796;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

GET www.xscript.ir/wp-content/themes/download-ronakweb/images/search-icon.png

185.18.212.71

200 OK

448 B

URL GET
www.xscript.ir/wp-content/themes/download-ronakweb/images/search-icon.png
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
448 B (448 bytes)
Hash
60bf00cde65737074d276c41064fae52
82704a676cfe165744722e215fbf11db14f55752
0882e20c35c31689617c858f0c5b8b41191303da510b5675f5eb3976c588d991

HTTP Headers

GET /wp-content/themes/download-ronakweb/images/search-icon.png HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/wp-content/themes/download-ronakweb/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:11 GMT
content-type: image/png
last-modified: Tue, 13 Oct 2015 09:25:26 GMT
accept-ranges: bytes
content-length: 448
date: Wed, 19 Mar 2025 16:26:11 GMT

GET www.xscript.ir/wp-content/themes/download-ronakweb/fonts/fontawesome-webfont.woff?v=4.4.0

185.18.212.71

200 OK

81 kB

URL GET
www.xscript.ir/wp-content/themes/download-ronakweb/fonts/fontawesome-webfont.woff?v=4.4.0
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
Web Open Font Format, TrueType, length 81284, version 1.0
Size
81 kB (81284 bytes)
Hash
dfb02f8f6d0cedc009ee5887cc68f1f3
507970402e328b2baeb05bde73bf9ded4e2c3a2d
a7c7e4930090e038a280fd61d88f0dc03dad4aeaedbd8c9be3dd9aa4c3b6f8d1

HTTP Headers

GET /wp-content/themes/download-ronakweb/fonts/fontawesome-webfont.woff?v=4.4.0 HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/wp-content/themes/download-ronakweb/font-awesome.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:11 GMT
content-type: font/woff
last-modified: Tue, 13 Oct 2015 09:25:26 GMT
accept-ranges: bytes
content-length: 81284
date: Wed, 19 Mar 2025 16:26:11 GMT

GET rednosehorse.com/UAcBfRjO2gnlBsXxFJ9movpnBUaqO5vU-iz9AeVEbOE

46.173.214.32

200 OK

0 B

URL GET
rednosehorse.com/UAcBfRjO2gnlBsXxFJ9movpnBUaqO5vU-iz9AeVEbOE
IP
46.173.214.32:443
ASN
#47196 Garant-Park-Internet LLC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectrednosehorse.com
Fingerprint3C:FF:D6:1A:C6:AB:9F:17:B8:69:28:92:FC:19:91:31:40:93:14:40
ValidityMon, 17 Mar 2025 16:49:44 GMT - Sun, 15 Jun 2025 16:49:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /UAcBfRjO2gnlBsXxFJ9movpnBUaqO5vU-iz9AeVEbOE HTTP/1.1
Host: rednosehorse.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Mar 2025 16:26:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 19 Mar 2025 16:26:35 GMT
Pragma: no-cache
Set-Cookie: _subid=1sjos4f36c49;Expires=Saturday, 19-Apr-2025 16:26:35 GMT;Max-Age=2678400;Path=/
0c9c8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwMVwiOjE3NDI0MDE1OTUsXCI2NlwiOjE3NDI0MDE1OTV9LFwiY2FtcGFpZ25zXCI6e1wiOFwiOjE3NDI0MDE1OTUsXCIyM1wiOjE3NDI0MDE1OTV9LFwidGltZVwiOjE3NDI0MDE1OTV9In0.Az2MQ8u7VeAci2LlbY8kyp1sSj53Ue8ziHGK5x9HSfs;Expires=Saturday, 08-Jun-2080 08:53:10 GMT;Max-Age=1742660795;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

GET www.xscript.ir/wp-content/uploads/f852-468-60.gif

185.18.212.71

200 OK

15 kB

URL GET
www.xscript.ir/wp-content/uploads/f852-468-60.gif
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
GIF image data, version 89a, 468 x 60
Size
15 kB (15064 bytes)
Hash
ed8f5b29260ea7c8c8081ae0fa0e0b9c
60a8318393586cd3b46515477bd1554a99e608bb
8ac6c28bd8fb69f8dd431b9b11efa843f3a495d68ded112a56639aa72c671535

HTTP Headers

GET /wp-content/uploads/f852-468-60.gif HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: image/gif
last-modified: Wed, 05 Mar 2025 07:44:02 GMT
accept-ranges: bytes
content-length: 15064
date: Wed, 19 Mar 2025 16:26:10 GMT

GET www.xscript.ir/wp-content/uploads/Untitled-1-1.gif

185.18.212.71

200 OK

34 kB

URL GET
www.xscript.ir/wp-content/uploads/Untitled-1-1.gif
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
GIF image data, version 89a, 468 x 68
Size
34 kB (34405 bytes)
Hash
50d33bcc65f05991aee777d285962bb4
7841faf85724ac74b30fc181bb50bc479f68d9b8
24b394dfcb283a434add8959410e7413108521b608a7faf31c9709899fe57f36

HTTP Headers

GET /wp-content/uploads/Untitled-1-1.gif HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: image/gif
last-modified: Wed, 11 Dec 2019 10:37:59 GMT
accept-ranges: bytes
content-length: 34405
date: Wed, 19 Mar 2025 16:26:10 GMT

GET www.xscript.ir/wp-content/uploads/image1-3.jpg

185.18.212.71

200 OK

165 kB

URL GET
www.xscript.ir/wp-content/uploads/image1-3.jpg
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1200x660, components 3
Size
165 kB (164826 bytes)
Hash
645fa3d11b3083d905f842780df5d539
253b3f13b4a2408b3243847310259d78f5cec77f
5b4c2989954860ed955392240adfc4c323985108871eac5420a0416e8b73c633

HTTP Headers

GET /wp-content/uploads/image1-3.jpg HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: image/jpeg
last-modified: Wed, 21 Feb 2024 06:25:09 GMT
accept-ranges: bytes
content-length: 164826
date: Wed, 19 Mar 2025 16:26:10 GMT

GET www.xscript.ir/wp-content/themes/download-ronakweb/fonts/reza-kianoosh-ronakweb.woff

185.18.212.71

200 OK

20 kB

URL GET
www.xscript.ir/wp-content/themes/download-ronakweb/fonts/reza-kianoosh-ronakweb.woff
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
Web Open Font Format, TrueType, length 19700, version 4.1
Size
20 kB (19700 bytes)
Hash
ee7d818972d4a92450292e22495e21de
ddc1f508f759251ed1acf263da24797c90e14ff3
f3bd3f85235cd746da743be625d8be276d6604e3c9b1dd98a4116e4dad17799b

HTTP Headers

GET /wp-content/themes/download-ronakweb/fonts/reza-kianoosh-ronakweb.woff HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/wp-content/themes/download-ronakweb/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:11 GMT
content-type: font/woff
last-modified: Tue, 13 Oct 2015 09:25:26 GMT
accept-ranges: bytes
content-length: 19700
date: Wed, 19 Mar 2025 16:26:11 GMT

GET www.gstatic.com/recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/recaptcha__fa.js

142.250.178.99

200 OK

565 kB

URL GET
www.gstatic.com/recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/recaptcha__fa.js
IP
142.250.178.99:443
ASN
#15169 GOOGLE

Requested by
https://www.xscript.ir/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint63:D6:50:6F:98:C5:59:D1:5A:FF:9D:8D:C3:C1:04:A1:B9:1A:3E:6B
ValidityMon, 10 Mar 2025 08:37:01 GMT - Mon, 02 Jun 2025 08:37:00 GMT

File type

Size
565 kB (565303 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /recaptcha/releases/J79K9xgfxwT6Syzx-UyWdD89/recaptcha__fa.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.xscript.ir
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
timing-allow-origin: *
content-length: 224815
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 18 Mar 2025 02:11:00 GMT
expires: Wed, 18 Mar 2026 02:11:00 GMT
cache-control: public, max-age=31536000
age: 137736
last-modified: Mon, 10 Mar 2025 16:03:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET blessedwirrow.org/qlZvFjfnSJFACbQAFa8YG

46.173.214.32

200 OK

0 B

URL GET
blessedwirrow.org/qlZvFjfnSJFACbQAFa8YG
IP
46.173.214.32:443
ASN
#47196 Garant-Park-Internet LLC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectblessedwirrow.org
Fingerprint49:1C:2B:6A:CE:ED:D1:32:57:B3:87:09:A2:34:A6:1C:62:98:C3:DC
ValidityMon, 17 Mar 2025 17:02:28 GMT - Sun, 15 Jun 2025 17:02:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /qlZvFjfnSJFACbQAFa8YG HTTP/1.1
Host: blessedwirrow.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Mar 2025 16:26:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 19 Mar 2025 16:26:35 GMT
Pragma: no-cache
Set-Cookie: _subid=1sjos4f36c3e;Expires=Saturday, 19-Apr-2025 16:26:35 GMT;Max-Age=2678400;Path=/
0c9c8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwNVwiOjE3NDI0MDE1OTUsXCI2NlwiOjE3NDI0MDE1OTV9LFwiY2FtcGFpZ25zXCI6e1wiMTJcIjoxNzQyNDAxNTk1LFwiMjNcIjoxNzQyNDAxNTk1fSxcInRpbWVcIjoxNzQyNDAxNTk1fSJ9.31TnkpH0oxNM8MZZcroTY4MoKx20o0mMF1_B0PkUfZI;Expires=Saturday, 08-Jun-2080 08:53:10 GMT;Max-Age=1742660795;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

GET cdn.triboon.net/media/reportage_images/4e4f2435-9100-44f2-8d93-98d235c5ac92.jpg

185.166.104.3

200 OK

59 kB

URL GET
cdn.triboon.net/media/reportage_images/4e4f2435-9100-44f2-8d93-98d235c5ac92.jpg
IP
185.166.104.3:443
ASN
#202319 Avaye Hamrahe Houshmande Hezardastan PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjecttriboon.net
FingerprintA1:AE:26:C4:9C:06:2D:C2:E5:2B:81:06:0D:18:AD:E1:03:5F:FA:89
ValidityThu, 13 Mar 2025 05:27:05 GMT - Wed, 11 Jun 2025 05:27:04 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x557, components 3
Size
59 kB (58597 bytes)
Hash
01353ae1d27e9ceebc5d932777e3fb84
a73470cf89e03202d3ff4b5b167ecf4a1169f83f
d7b771c8c5ab8cf54510dea11dea6a06865278152b724c5d555560c975145960

HTTP Headers

GET /media/reportage_images/4e4f2435-9100-44f2-8d93-98d235c5ac92.jpg HTTP/1.1
Host: cdn.triboon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Mar 2025 16:26:35 GMT
content-type: image/jpeg
content-length: 58597
last-modified: Wed, 26 Feb 2025 08:03:59 GMT
x-rgw-object-type: Normal
etag: "01353ae1d27e9ceebc5d932777e3fb84"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-max-age: 1728000
cache-control: max-age=86400, max-age=31536000
x-cache-status: MISS
x-zrk-us: 200
strict-transport-security: max-age=31536000
server: Sotoon CDN
x-zrk-cs: HIT
x-zrk-sn: 3001
accept-ranges: bytes, bytes
X-Firefox-Spdy: h2

GET www.xscript.ir/wp-content/uploads/3-10.jpg

185.18.212.71

200 OK

61 kB

URL GET
www.xscript.ir/wp-content/uploads/3-10.jpg
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5 Windows, datetime=2020:04:15 02:00:55], baseline, precision 8, 120x240, components 3
Size
61 kB (60791 bytes)
Hash
c1f0ecee666fbd375cc33620dd14d912
dd57194bbc46faa957e345b10a391fb039194296
4c8ab9157e5b74048671c2e16b47846029155f50b0e849a3d441d6a43542d1f4

HTTP Headers

GET /wp-content/uploads/3-10.jpg HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: image/jpeg
last-modified: Tue, 14 Apr 2020 21:38:21 GMT
accept-ranges: bytes
content-length: 60791
date: Wed, 19 Mar 2025 16:26:10 GMT

GET cdn.triboon.net/media/reportage_images/ea90c051-b699-4304-80c4-7cc1f651b967.png

185.166.104.3

200 OK

57 kB

URL GET
cdn.triboon.net/media/reportage_images/ea90c051-b699-4304-80c4-7cc1f651b967.png
IP
185.166.104.3:443
ASN
#202319 Avaye Hamrahe Houshmande Hezardastan PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjecttriboon.net
FingerprintA1:AE:26:C4:9C:06:2D:C2:E5:2B:81:06:0D:18:AD:E1:03:5F:FA:89
ValidityThu, 13 Mar 2025 05:27:05 GMT - Wed, 11 Jun 2025 05:27:04 GMT

File type
PNG image data, 800 x 440, 8-bit/color RGBA, non-interlaced
Size
57 kB (57114 bytes)
Hash
2c9bd85a5fca54bf421a9e791f5552b5
7e0bc3f7d78447d3da12f32e4c5bdb6ffdf89e70
96445c4d69924fb4a9b96756c457c4fdbcc2e7d96f48063f8f58108ff63f6e82

HTTP Headers

GET /media/reportage_images/ea90c051-b699-4304-80c4-7cc1f651b967.png HTTP/1.1
Host: cdn.triboon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Mar 2025 16:26:35 GMT
content-type: image/png
content-length: 57114
last-modified: Sun, 29 Dec 2024 14:54:12 GMT
x-rgw-object-type: Normal
etag: "2c9bd85a5fca54bf421a9e791f5552b5"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-max-age: 1728000
cache-control: max-age=86400, max-age=31536000
x-cache-status: MISS
x-zrk-us: 200
strict-transport-security: max-age=31536000
server: Sotoon CDN
x-zrk-cs: HIT
x-zrk-sn: 3001
accept-ranges: bytes, bytes
X-Firefox-Spdy: h2

GET www.xscript.ir/wp-content/uploads/up.20script.gif

185.18.212.71

200 OK

48 kB

URL GET
www.xscript.ir/wp-content/uploads/up.20script.gif
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
GIF image data, version 89a, 120 x 240
Size
48 kB (47660 bytes)
Hash
e27126562f39a403e9fd9ab76014020c
0ad4ac4b116b447546add94d442aa669b205a47f
3d5ac83e1bc8a6879238e56a4fe52e2b1882f705de1dbcbd16b0384c43c5c0b7

HTTP Headers

GET /wp-content/uploads/up.20script.gif HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: image/gif
last-modified: Thu, 13 Jul 2023 15:56:43 GMT
accept-ranges: bytes
content-length: 47660
date: Wed, 19 Mar 2025 16:26:10 GMT

GET www.xscript.ir/wp-content/uploads/xscript-5.png

185.18.212.71

200 OK

1.8 kB

URL GET
www.xscript.ir/wp-content/uploads/xscript-5.png
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
PNG image data, 262 x 104, 8-bit colormap, non-interlaced
Size
1.8 kB (1833 bytes)
Hash
7eae01ec3f5fcd3ad479b53f7753a5f7
1c04a890e4c5a239dfcc4a334739638217714931
23f41574097815693eaaf5e00c7ab4b2cefbb05e5bbc794e0dab95a47dd86b21

HTTP Headers

GET /wp-content/uploads/xscript-5.png HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: image/png
last-modified: Wed, 17 Feb 2016 03:44:39 GMT
accept-ranges: bytes
content-length: 1833
date: Wed, 19 Mar 2025 16:26:10 GMT

GET groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox

46.173.214.32

200 OK

0 B

URL GET
groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox
IP
46.173.214.32:443
ASN
#47196 Garant-Park-Internet LLC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectgroundrats.org
FingerprintBA:AB:CA:13:CD:6F:FE:3F:CC:64:CB:0D:C9:9C:58:08:AE:8A:5F:A2
ValidityMon, 17 Mar 2025 16:41:08 GMT - Sun, 15 Jun 2025 16:41:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox HTTP/1.1
Host: groundrats.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Mar 2025 16:26:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 19 Mar 2025 16:26:36 GMT
Pragma: no-cache
Set-Cookie: _subid=1sjos4f36c4p;Expires=Saturday, 19-Apr-2025 16:26:36 GMT;Max-Age=2678400;Path=/
0c9c8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwMFwiOjE3NDI0MDE1OTYsXCI2NlwiOjE3NDI0MDE1OTZ9LFwiY2FtcGFpZ25zXCI6e1wiN1wiOjE3NDI0MDE1OTYsXCIyM1wiOjE3NDI0MDE1OTZ9LFwidGltZVwiOjE3NDI0MDE1OTZ9In0.NoZ45NS_2TEyCdTZsGoV3_75nyohd2_bFOzNy59CC2w;Expires=Saturday, 08-Jun-2080 08:53:12 GMT;Max-Age=1742660796;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

GET www.xscript.ir/wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.6.2

185.18.212.71

200 OK

112 kB

URL GET
www.xscript.ir/wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.6.2
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type

Size
112 kB (112254 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.6.2 HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: text/css
last-modified: Fri, 01 Nov 2024 17:55:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 13878
date: Wed, 19 Mar 2025 16:26:10 GMT

GET www.xscript.ir/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1

185.18.212.71

200 OK

1.6 kB

URL GET
www.xscript.ir/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
ASCII text, with very long lines (1791), with no line terminators
Size
1.6 kB (1636 bytes)
Hash
74b85249d1b12f852b252452622aaa85
438e83e62dbd8a1bae74ae9dca6765bc7ee93289
70f4e76005db17138e0ded1cfd4c5135bd72b6d76d801d16e6013e0c372a7a96

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1 HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: text/css
last-modified: Sun, 10 Feb 2019 22:59:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 548
date: Wed, 19 Mar 2025 16:26:10 GMT

GET www.xscript.ir/wp-content/themes/download-ronakweb/js/organictabs.jquery.js

185.18.212.71

200 OK

1.1 kB

URL GET
www.xscript.ir/wp-content/themes/download-ronakweb/js/organictabs.jquery.js
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
JavaScript source, ASCII text, with very long lines (1183), with no line terminators
Size
1.1 kB (1138 bytes)
Hash
59a5be8f03dfa68254cb0d0e8e115864
87b907ff3326569d913541dbd23251027b68326e
ff3ea8516c447f074ec56a5c018c6f5c8d4680a57d7bf106f38785532317a36e

HTTP Headers

GET /wp-content/themes/download-ronakweb/js/organictabs.jquery.js HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript
last-modified: Tue, 13 Oct 2015 09:25:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 444
date: Wed, 19 Mar 2025 16:26:10 GMT

GET www.xscript.ir/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1

185.18.212.71

200 OK

14 kB

URL GET
www.xscript.ir/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
JavaScript source, ASCII text
Size
14 kB (14440 bytes)
Hash
1534f06aa2b1b721a45372f8238e2461
86f7e7b926e1a88209d171b56dadbccc2c96f578
b7e17926b30342edecee8b3a93029ac51462e2b479277d8e077ba57173eb1900

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1 HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript
last-modified: Sun, 10 Feb 2019 21:33:59 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3752
date: Wed, 19 Mar 2025 16:26:10 GMT

GET groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox

46.173.214.32

200 OK

0 B

URL GET
groundrats.org/tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox
IP
46.173.214.32:443
ASN
#47196 Garant-Park-Internet LLC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectgroundrats.org
FingerprintBA:AB:CA:13:CD:6F:FE:3F:CC:64:CB:0D:C9:9C:58:08:AE:8A:5F:A2
ValidityMon, 17 Mar 2025 16:41:08 GMT - Sun, 15 Jun 2025 16:41:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tHHGGEDyAn6ygUcHwex98R1YlpAOQ9zvV2t6wfY5Sox HTTP/1.1
Host: groundrats.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Mar 2025 16:26:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 19 Mar 2025 16:26:36 GMT
Pragma: no-cache
Set-Cookie: _subid=1sjos4f36c4t;Expires=Saturday, 19-Apr-2025 16:26:36 GMT;Max-Age=2678400;Path=/
0c9c8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwMFwiOjE3NDI0MDE1OTYsXCI2NlwiOjE3NDI0MDE1OTZ9LFwiY2FtcGFpZ25zXCI6e1wiN1wiOjE3NDI0MDE1OTYsXCIyM1wiOjE3NDI0MDE1OTZ9LFwidGltZVwiOjE3NDI0MDE1OTZ9In0.NoZ45NS_2TEyCdTZsGoV3_75nyohd2_bFOzNy59CC2w;Expires=Saturday, 08-Jun-2080 08:53:12 GMT;Max-Age=1742660796;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

GET www.xscript.ir/wp-content/themes/download-ronakweb/images/icon.png

185.18.212.71

200 OK

354 B

URL GET
www.xscript.ir/wp-content/themes/download-ronakweb/images/icon.png
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
PNG image data, 24 x 24, 8-bit colormap, non-interlaced
Size
354 B (354 bytes)
Hash
9d50b990f35a4e550fdfd378540049fa
3d0f45d30e7e9efd309ee56ec614ce622ed1d8d6
c9f14c65883a1686aa1f4a9c2c9d4846b72549e28dc2a78d8f6bd8793f26bc37

HTTP Headers

GET /wp-content/themes/download-ronakweb/images/icon.png HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:12 GMT
content-type: image/png
last-modified: Tue, 13 Oct 2015 09:25:26 GMT
accept-ranges: bytes
content-length: 354
date: Wed, 19 Mar 2025 16:26:12 GMT

GET www.xscript.ir/wp-content/themes/download-ronakweb/js/jquery-ronakweb.js?ver=1.11.1

185.18.212.71

200 OK

149 kB

URL GET
www.xscript.ir/wp-content/themes/download-ronakweb/js/jquery-ronakweb.js?ver=1.11.1
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
JavaScript source, ASCII text, with very long lines (2408)
Size
149 kB (149366 bytes)
Hash
7c7657287c79bbc68db9734f1db542b8
ec3e8d744fa65a8daabb704939aaeb31f712656e
6c82c413c824d6e39062aa3e29825179ae6cfc4f48bc6a14deb3fe6d4b7be415

HTTP Headers

GET /wp-content/themes/download-ronakweb/js/jquery-ronakweb.js?ver=1.11.1 HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript
last-modified: Tue, 13 Oct 2015 09:25:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 41000
date: Wed, 19 Mar 2025 16:26:10 GMT

GET apiexplorerzone.com/cKxDXshtxehIvuHjdk6snOKnBGNM3qpOcIzOAO8CJWm

46.173.214.32

200 OK

0 B

URL GET
apiexplorerzone.com/cKxDXshtxehIvuHjdk6snOKnBGNM3qpOcIzOAO8CJWm
IP
46.173.214.32:443
ASN
#47196 Garant-Park-Internet LLC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectapiexplorerzone.com
FingerprintA8:A8:41:6D:9D:06:FB:B9:9F:EA:B1:E5:F4:1D:9E:79:C9:66:C6:37
ValidityMon, 17 Mar 2025 16:53:01 GMT - Sun, 15 Jun 2025 16:53:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cKxDXshtxehIvuHjdk6snOKnBGNM3qpOcIzOAO8CJWm HTTP/1.1
Host: apiexplorerzone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Mar 2025 16:26:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 19 Mar 2025 16:26:35 GMT
Pragma: no-cache
Set-Cookie: _subid=1sjos4f36c4b;Expires=Saturday, 19-Apr-2025 16:26:35 GMT;Max-Age=2678400;Path=/
0c9c8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjEwM1wiOjE3NDI0MDE1OTUsXCI2NlwiOjE3NDI0MDE1OTV9LFwiY2FtcGFpZ25zXCI6e1wiMTBcIjoxNzQyNDAxNTk1LFwiMjNcIjoxNzQyNDAxNTk1fSxcInRpbWVcIjoxNzQyNDAxNTk1fSJ9.G11Q5ENRgKZYnSYI6Blhaodcsd9CoLI96zeg-FMZwRo;Expires=Saturday, 08-Jun-2080 08:53:10 GMT;Max-Age=1742660795;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

GET blackshelter.org/tw9ZIwYM9BY5A6iRcUJQxDBX5PMf7GL4-DBJejgkisyv

46.173.214.32

200 OK

0 B

URL GET
blackshelter.org/tw9ZIwYM9BY5A6iRcUJQxDBX5PMf7GL4-DBJejgkisyv
IP
46.173.214.32:443
ASN
#47196 Garant-Park-Internet LLC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectblackshelter.org
FingerprintE1:46:66:A3:35:F9:12:C9:5A:98:86:21:D8:B5:DD:31:C6:3A:18:29
ValidityMon, 17 Mar 2025 16:29:40 GMT - Sun, 15 Jun 2025 16:29:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tw9ZIwYM9BY5A6iRcUJQxDBX5PMf7GL4-DBJejgkisyv HTTP/1.1
Host: blackshelter.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Mar 2025 16:26:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 19 Mar 2025 16:26:35 GMT
Pragma: no-cache
Set-Cookie: _subid=1sjos4f36c47;Expires=Saturday, 19-Apr-2025 16:26:35 GMT;Max-Age=2678400;Path=/
0c9c8=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjk4XCI6MTc0MjQwMTU5NSxcIjY2XCI6MTc0MjQwMTU5NX0sXCJjYW1wYWlnbnNcIjp7XCI1XCI6MTc0MjQwMTU5NSxcIjIzXCI6MTc0MjQwMTU5NX0sXCJ0aW1lXCI6MTc0MjQwMTU5NX0ifQ.rg5cP59OeC4-6C4dugVZa5vtNZ1QawAohzeqiFeDxcY;Expires=Saturday, 08-Jun-2080 08:53:10 GMT;Max-Age=1742660795;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

GET www.google.com/recaptcha/api.js?hl=fa_IR

142.250.74.68

200 OK

911 B

URL GET
www.google.com/recaptcha/api.js?hl=fa_IR
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://www.xscript.ir/
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint2F:CC:05:C5:14:C4:CD:A4:26:05:31:F9:67:40:7C:D3:39:74:34:0C
ValidityMon, 10 Mar 2025 08:37:46 GMT - Mon, 02 Jun 2025 08:37:45 GMT

File type
JavaScript source, ASCII text, with very long lines (911), with no line terminators
Size
911 B (911 bytes)
Hash
c90ab0c6e1672bc73aec434097c83004
488e79b8e51cbcc888ccb40f60cad9b64f89bfc0
35837a60499660af6a2c66bd8a41e81ab8a7643a48778deccf891557ffede08c

HTTP Headers

GET /recaptcha/api.js?hl=fa_IR HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Wed, 19 Mar 2025 16:26:34 GMT
date: Wed, 19 Mar 2025 16:26:34 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET cdn.triboon.net/media/reportage_images/13f361aa-b427-476c-a824-96123b1d1d2d.jpg

185.166.104.3

200 OK

29 kB

URL GET
cdn.triboon.net/media/reportage_images/13f361aa-b427-476c-a824-96123b1d1d2d.jpg
IP
185.166.104.3:443
ASN
#202319 Avaye Hamrahe Houshmande Hezardastan PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjecttriboon.net
FingerprintA1:AE:26:C4:9C:06:2D:C2:E5:2B:81:06:0D:18:AD:E1:03:5F:FA:89
ValidityThu, 13 Mar 2025 05:27:05 GMT - Wed, 11 Jun 2025 05:27:04 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1140x640, components 3
Size
29 kB (28989 bytes)
Hash
1bc2c5023823f7cdf81def10d85fdd34
43ae7d480770f1e85259b686ce4fcbd6d64d75a6
18911508030fc23144734fb6774a157be1db31d8dee6920f3124223454167ca7

HTTP Headers

GET /media/reportage_images/13f361aa-b427-476c-a824-96123b1d1d2d.jpg HTTP/1.1
Host: cdn.triboon.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 19 Mar 2025 16:26:35 GMT
content-type: image/jpeg
content-length: 28989
last-modified: Thu, 04 Apr 2024 12:12:26 GMT
x-rgw-object-type: Normal
etag: "1bc2c5023823f7cdf81def10d85fdd34"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-max-age: 1728000
cache-control: max-age=86400, max-age=31536000
x-cache-status: MISS
x-zrk-us: 200
strict-transport-security: max-age=31536000
server: Sotoon CDN
x-zrk-cs: HIT
x-zrk-sn: 3001
accept-ranges: bytes, bytes
X-Firefox-Spdy: h2

GET www.xscript.ir/wp-content/themes/download-ronakweb/js/jquery.slicknav.js

185.18.212.71

200 OK

6.9 kB

URL GET
www.xscript.ir/wp-content/themes/download-ronakweb/js/jquery.slicknav.js
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (6971), with no line terminators
Size
6.9 kB (6910 bytes)
Hash
c6c13e8e2d4fb9563249643f4d8bffd1
803040c5d23b20c8e9e23a533b7fc6929d67fe74
e9939af8063285ed6c6aa59f2791c06f1e05d120c79d78476cb50cd4fd0e63c9

HTTP Headers

GET /wp-content/themes/download-ronakweb/js/jquery.slicknav.js HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript
last-modified: Wed, 14 Oct 2015 03:27:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1831
date: Wed, 19 Mar 2025 16:26:10 GMT

GET www.xscript.ir/

185.18.212.71

200 OK

94 kB

URL User Request GET
www.xscript.ir/
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type

Size
94 kB (94105 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
set-cookie: wordpress_sec_030c7d0e9b30d0d531dbbb15eb619898=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/wp-content/plugins; secure; HttpOnly
wordpress_sec_030c7d0e9b30d0d531dbbb15eb619898=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/wp-admin; secure; HttpOnly
wordpress_logged_in_030c7d0e9b30d0d531dbbb15eb619898=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
content-type: text/html; charset=UTF-8
link: <https://www.xscript.ir/wp-json/>; rel="https://api.w.org/"
etag: "396476-1742401569;br"
x-litespeed-cache: miss
content-length: 19202
content-encoding: br
vary: Accept-Encoding
date: Wed, 19 Mar 2025 16:26:09 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET www.xscript.ir/wp-content/themes/download-ronakweb/font-awesome.css

185.18.212.71

200 OK

26 kB

URL GET
www.xscript.ir/wp-content/themes/download-ronakweb/font-awesome.css
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
ASCII text, with very long lines (26464), with no line terminators
Size
26 kB (26464 bytes)
Hash
ab68bcd66e2419f5e53d150b12348349
66f0322bc780942ff90b0c1521820e3160f3f8e8
fc6a0130b7809ddf26007e708d0476e6ebfa9d2fa45be7acdeeb96eba8dbf612

HTTP Headers

GET /wp-content/themes/download-ronakweb/font-awesome.css HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: text/css
last-modified: Tue, 13 Oct 2015 09:25:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5620
date: Wed, 19 Mar 2025 16:26:10 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

GET www.xscript.ir/wp-content/uploads/239b7aea-1465-4527-803d-269eb3f93048.png

185.18.212.71

200 OK

523 kB

URL GET
www.xscript.ir/wp-content/uploads/239b7aea-1465-4527-803d-269eb3f93048.png
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
PNG image data, 600 x 450, 8-bit/color RGBA, non-interlaced
Size
523 kB (523149 bytes)
Hash
8e35bbf7b0420312b7c7e84aefc8ae04
15687a192915b888635861201163b5bf5432f298
15dcba58d392512b9a5147d448eb9371bdaab91dd6cfd645cdb2a4b1658f292c

HTTP Headers

GET /wp-content/uploads/239b7aea-1465-4527-803d-269eb3f93048.png HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: image/png
last-modified: Sat, 04 May 2024 07:55:35 GMT
accept-ranges: bytes
content-length: 523149
date: Wed, 19 Mar 2025 16:26:10 GMT

GET www.xscript.ir/wp-content/uploads/chgb_452.gif

185.18.212.71

200 OK

52 kB

URL GET
www.xscript.ir/wp-content/uploads/chgb_452.gif
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
GIF image data, version 89a, 120 x 240
Size
52 kB (52344 bytes)
Hash
4106affb298257bb15c85dd392e5724a
51e6f9a28e363ca765d2131bb11f709f0626bae0
e230d7e43bd6957bca96cd04e8e2409ca8ef7fa8be63840d2cdc76762d56ee7c

HTTP Headers

GET /wp-content/uploads/chgb_452.gif HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Wed, 26 Mar 2025 16:26:10 GMT
content-type: image/gif
last-modified: Sat, 09 May 2020 11:41:02 GMT
accept-ranges: bytes
content-length: 52344
date: Wed, 19 Mar 2025 16:26:10 GMT

GET www.xscript.ir/wp-content/themes/download-ronakweb/js/modernizr.min.js

185.18.212.71

200 OK

15 kB

URL GET
www.xscript.ir/wp-content/themes/download-ronakweb/js/modernizr.min.js
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
JavaScript source, ASCII text, with very long lines (14756), with no line terminators
Size
15 kB (14756 bytes)
Hash
1c5182657024e9a13ec0b5dc5da6e8d8
75257c2701399aef2933dc4a51bb67c42eda7bad
6d77e62deaa43cca81560bf11cd5ccd8d3583bd4936ed1ea2d639d13d3e5c4c0

HTTP Headers

GET /wp-content/themes/download-ronakweb/js/modernizr.min.js HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript
last-modified: Wed, 14 Oct 2015 03:27:13 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5708
date: Wed, 19 Mar 2025 16:26:10 GMT

GET www.xscript.ir/wp-includes/js/wp-emoji-release.min.js?ver=6.6.2

185.18.212.71

200 OK

19 kB

URL GET
www.xscript.ir/wp-includes/js/wp-emoji-release.min.js?ver=6.6.2
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type
JavaScript source, ASCII text, with very long lines (15752)
Size
19 kB (18726 bytes)
Hash
b976b651932bfd25b9ddb5b7693d88a7
7fcb7cb5c11227f9213b1e08a07d0212209e1432
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.6.2 HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/javascript
last-modified: Fri, 01 Nov 2024 17:55:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4676
date: Wed, 19 Mar 2025 16:26:11 GMT

GET www.xscript.ir/page/2

185.18.212.71

200 OK

90 kB

URL GET
www.xscript.ir/page/2
IP
185.18.212.71:443
ASN
#48715 Sefroyek Pardaz Engineering PJSC

Requested by
https://www.xscript.ir/
Certificate
IssuerLet's Encrypt
Subjectxscript.ir
Fingerprint67:87:FF:88:51:33:B6:37:8F:B4:39:16:CA:1F:17:12:07:72:81:22
ValidityWed, 26 Feb 2025 07:16:50 GMT - Tue, 27 May 2025 07:16:49 GMT

File type

Size
90 kB (89706 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /page/2 HTTP/1.1
Host: www.xscript.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://www.xscript.ir/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
set-cookie: wordpress_sec_030c7d0e9b30d0d531dbbb15eb619898=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/wp-content/plugins; secure; HttpOnly
wordpress_sec_030c7d0e9b30d0d531dbbb15eb619898=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/wp-admin; secure; HttpOnly
wordpress_logged_in_030c7d0e9b30d0d531dbbb15eb619898=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
content-type: text/html; charset=UTF-8
link: <https://www.xscript.ir/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache-control: public,max-age=604800
x-litespeed-tag: 89f_HTTP.200,89f_home,89f_URL.b81b473420adbda2e0168f6fb5b92b6c,89f_F,89f_
etag: "396477-1742401572;br"
x-litespeed-cache: miss
content-encoding: br
vary: Accept-Encoding
date: Wed, 19 Mar 2025 16:26:12 GMT

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML