Report - www.spiderman4.r98.ir/cat/72/taknet98ir.html

Report Overview

Submitted URL
www.spiderman4.r98.ir/cat/72/taknet98ir.html
IP
79.127.127.68
ASN
#43754 Asiatech Data Transmission company
Submitted
2022-11-25 09:00:26
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
44

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
spiderman4.r98.ir	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	437 kB	79.127.127.68
www.rozblog.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	94 kB	79.127.127.68
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.236.232.139
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	443 B	164 kB	142.250.74.163
www.spiderman4.r98.ir	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375 B	1.0 kB	79.127.127.68
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.8 kB	142.250.74.3
s4.histats.com	12782	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	718 B	182 B	158.69.248.123
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	367 B	1.2 kB	142.250.74.164
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
s10.histats.com	15211	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	278 B	4.9 kB	46.105.201.240
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	49 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-25	medium	www.spiderman4.r98.ir/cat/72/taknet98ir.html	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html	Malware
2022-11-25	medium	spiderman4.r98.ir/theme/panel_v5/assets/vendors/popper.js/dist/umd/popper.min.js	Malware
2022-11-25	medium	spiderman4.r98.ir/theme/panel_v5/assets/izitoast/iziToast.min.js?96141	Malware
2022-11-25	medium	spiderman4.r98.ir/theme/rozblog_v5/assets/css/style.css?5	Malware
2022-11-25	medium	spiderman4.r98.ir/theme/banned.jpeg	Malware
2022-11-25	medium	spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/IRANSans-Light-web.woff2	Malware
2022-11-25	medium	spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/web_Yekan.woff	Malware
2022-11-25	medium	spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/IRANSans-Medium-web.woff2	Malware
2022-11-25	medium	spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/IRANSans-UltraLight-web.woff2	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html?action=pm	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html?action=confirmuser	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html?action=confirmpost	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html?action=zobaledan	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html?action=comment	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html?action=comment_no	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html?action=ban_user	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html?action=admin_user	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html?action=zobaledan	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html?action=confirm_link	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html?action=new_comment_no	Malware
2022-11-25	medium	spiderman4.r98.ir/cat/72/taknet98ir.html?action=new_comment	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	www.rozblog.com/theme/rozblog_v5/assets/js/bootstrap.min.js	49 kB	2023-03-07	2024-04-25
Pretty URL www.rozblog.com/theme/rozblog_v5/assets/js/bootstrap.min.js IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-25 14:40:03 Times Seen136819 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	www.rozblog.com/theme/rozblog_v5/assets/js/jquery-3.5.1.min.js	90 kB	2023-03-07	2024-04-25
Pretty URL www.rozblog.com/theme/rozblog_v5/assets/js/jquery-3.5.1.min.js IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-25 14:34:39 Times Seen139123 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	www.rozblog.com/theme/rozblog_v5/assets/js/customize.js	601 B	2023-03-11	2023-12-08
Pretty URL www.rozblog.com/theme/rozblog_v5/assets/js/customize.js IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:22:03 Last Seen2023-12-08 02:25:07 Times Seen14 Hash fe55786bfa1084100ee6f6c77da69fab 7e41788c20b44977e38992fea04266de285ab28d 8557e755ffcb632807cebd9481dd15b5a15d481833317c8148660f69b28ee0c3 Loading...

	spiderman4.r98.ir/cat/72/taknet98ir.html	189 B	2023-03-11	2023-12-08
Pretty URL spiderman4.r98.ir/cat/72/taknet98ir.html IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:22:03 Last Seen2023-12-08 02:25:07 Times Seen8 Hash 98c1acf0a32fc95a738660cbaff2f08b ad1d46a069943dd1ac0718c21319174bc26b0d6e c79c302b63ec3a8352f3865bfe2b5184871091e595ca166f515e66ce703422fd Loading...

	s10.histats.com/js15.js	11 kB	2023-03-07	2023-05-05
Pretty URL s10.histats.com/js15.js IP 46.105.201.240 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:16 Last Seen2023-05-05 01:26:37 Times Seen825 Hash 4beb0b1c8bbca69316e6eadcd83b1bf0 602491c5f60960bf4ba7c3d2e600681a06ffcaa1 429e7004f3f8fbe42cacb984c36a9cda33efdacc100a276b12e82c6ab78bf7ec Loading...

	spiderman4.r98.ir/theme/panel_v5/assets/izitoast/iziToast.min.js?96141	22 kB	2023-03-11	2023-12-08
Pretty URL spiderman4.r98.ir/theme/panel_v5/assets/izitoast/iziToast.min.js?96141 IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:22:03 Last Seen2023-12-08 02:25:07 Times Seen15 Hash 5f56e8dba6999937bc00fe5f5901df2e e74744890a4580f451be5cfcd556cac1552e917b 84ce072ae20fd3c306834c82d0c208ea447f12ef35e36222486a78e2f828f4df Loading...

	www.rozblog.com/theme/rozblog_v5/assets/js/owl.carousel.min.js	44 kB	2023-03-07	2024-04-25
Pretty URL www.rozblog.com/theme/rozblog_v5/assets/js/owl.carousel.min.js IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:37 Last Seen2024-04-25 13:15:30 Times Seen19912 Hash f416f9031fef25ae25ba9756e3eb6978 e2a600e433df72b4cfde93d7880e3114917a3cbe a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d Loading...

	www.rozblog.com/usercp.js?10	9.9 kB	2023-03-11	2023-05-24
Pretty URL www.rozblog.com/usercp.js?10 IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:22:03 Last Seen2023-05-24 07:16:40 Times Seen12 Hash ec629944b421892d37a2c434218b2f19 f8e3b09de9f81e2af6f5c926dae2a882a8467b03 44697d463828a8295d2764d0b12850b53d15e9c2fd436d52530e80a36834141c Loading...

	spiderman4.r98.ir/cat/72/taknet98ir.html	715 B	2023-03-11	2023-05-24
Pretty URL spiderman4.r98.ir/cat/72/taknet98ir.html IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:22:03 Last Seen2023-05-24 07:16:39 Times Seen7 Hash 4e2321e337f4e76f521d58f2f01e8b52 f9d71659ed895af3bfa249e5db79ebbf79ec5965 af460ffe13ec8ba96493065ea72db9c1a910a11d1ed2fab0b18311dd2e29e6a8 Loading...

	spiderman4.r98.ir/cat/72/taknet98ir.html	122 B	2023-03-07	2024-04-21
Pretty URL spiderman4.r98.ir/cat/72/taknet98ir.html IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:16 Last Seen2024-04-21 15:57:54 Times Seen1273 Hash c223bd9538ff1ccb1ce685e37a6bcc23 24f363d1fcf7c39aace733c8d8b9dd5bd07a782b 39e4857113f0cbf16f6a5b3e717fac0bc245f23a4110f0aac521b4e78890fb35 Loading...

	spiderman4.r98.ir/cat/72/taknet98ir.html	80 B	2023-03-11	2023-05-24
Pretty URL spiderman4.r98.ir/cat/72/taknet98ir.html IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:22:03 Last Seen2023-05-24 07:16:40 Times Seen7 Hash 865f1061b556e611f86c838090166ac9 99130e379f5e7f7159451bfde89b58a13273e883 61bf867ff1924d18a1b0f7883d8087f13e88e06df0d4a49203878f73508f895b Loading...

	s4.histats.com/stats/0.php?1680739&@f16&@g1&@h1&@i1&@j1669366816262&@k0&@l1&@mspiderman4%20-%20%D8%B3%D8%A7%DB%8C%D8%AA%20%D9%85%D9%88%D8%B1%D8%AF%20%D9%86%D8%B8%D8%B1%20%D9%85%D8%B3%D8%AF%D9%88%D8%AF%20%D8%A7%D8%B3%D8%AA&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-131542837&@b3:1669366816&@b4:js15.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fspiderman4.r98.ir%2Fcat%2F72%2Ftaknet98ir.html&@w	50 B	2023-03-09	2023-04-14
Pretty URL s4.histats.com/stats/0.php?1680739&@f16&@g1&@h1&@i1&@j1669366816262&@k0&@l1&@mspiderman4%20-%20%D8%B3%D8%A7%DB%8C%D8%AA%20%D9%85%D9%88%D8%B1%D8%AF%20%D9%86%D8%B8%D8%B1%20%D9%85%D8%B3%D8%AF%D9%88%D8%AF%20%D8%A7%D8%B3%D8%AA&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-131542837&@b3:1669366816&@b4:js15.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fspiderman4.r98.ir%2Fcat%2F72%2Ftaknet98ir.html&@w IP 158.69.248.123 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 14:42:12 Last Seen2023-04-14 22:56:22 Times Seen3 Hash 2f70e8439bffcdfc066044862a836e6d 78a76e9ab10d448501af710d76f5dccc48ae6d42 21bb9c9d6ff68df6b569fde8c587740db3adbae245d7c2e4e77c1f1c645ac4fc Loading...

	www.google.com/recaptcha/api.js	850 B	2023-03-08	2023-03-17
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash a6d9f11246866ef6247a51ae9116cf53 1ba0ec4e57dd5d3845edb729fea44e6f709c7aca 60eac53947f6a289ca775891e56b3a4a1084cb8763fe2bf4220b759a58761f1d Loading...

	spiderman4.r98.ir/theme/panel_v5/assets/vendors/popper.js/dist/umd/popper.min.js	19 kB	2023-03-07	2024-04-25
Pretty URL spiderman4.r98.ir/theme/panel_v5/assets/vendors/popper.js/dist/umd/popper.min.js IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-25 12:28:35 Times Seen111510 Hash 70d3fda195602fe8b75e0097eed74dde c3b977aa4b8dfb69d651e07015031d385ded964b a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Loading...

	www.rozblog.com/js/3.js	6.0 kB	2023-03-11	2023-05-24
Pretty URL www.rozblog.com/js/3.js IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:22:02 Last Seen2023-05-24 07:16:40 Times Seen6 Hash d5a691b6e6dde516277b8860e8c654c9 cc4c6f9b231a2b34a40972ce612877d76fee1a3e a655e073b76b2366c7f3471b81c8f2e1dc6ba0524997f8b9f8e89d4d9fc90259 Loading...

	www.rozblog.com/theme/rozblog_v4/jquery.cycle.all.js	59 kB	2023-03-11	2023-12-08
Pretty URL www.rozblog.com/theme/rozblog_v4/jquery.cycle.all.js IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:22:03 Last Seen2023-12-08 02:25:07 Times Seen15 Hash 7ebf4e4cf94e51faa4a5ba2cbecf31f7 8f3fccb6f6fc47819d5ec7a4344f40755e712782 731fd6e64d1f115d42e7cb4e7414914ead9526a5c67ea4e64df265b9c4f0dcbf Loading...

	www.rozblog.com/theme/rozblog_v4/chili-1.7.pack.js	7.0 kB	2023-03-11	2023-12-08
Pretty URL www.rozblog.com/theme/rozblog_v4/chili-1.7.pack.js IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:22:03 Last Seen2023-12-08 02:25:07 Times Seen14 Hash 08816eb3d137d30af9d8db338af58923 ff3940241058d60705674e7c43c330e7768f729a 778d435cc2223df02d1eca9741ca48a0f876f20b926d0a9aa52b7387e2c50b18 Loading...

	spiderman4.r98.ir/cat/72/taknet98ir.html	774 B	2023-03-11	2023-03-11
Pretty URL spiderman4.r98.ir/cat/72/taknet98ir.html IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 11:22:03 Last Seen2023-03-11 19:43:49 Times Seen1 Hash 8994f6891bb4a477135fd74c25adf043 f4fc4a5f2abaf5f427b83da5666d292f661ac8b1 4bc0de6be3a007b92abb703e75cc1b4b449caf7be7d99765a58de8f3aeb12f2b Loading...

	www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js	409 kB	2023-03-08	2023-03-17
Pretty URL www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js IP 142.250.74.163 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash b2507198388fcc94ca9e94ed4c5561c5 8853fc86f1c616bd20a73e3e24442036fd90fd2f 02c7565a86d6d3a80295b85161d78fc88d8c79a0e314c0c7777570237a365ed0 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 80aa02e242724f1447015a2f7140aa46	7.2 kB	2023-03-10	2024-01-23
Pretty Observations First Seen2023-03-10 16:19:07 Last Seen2024-01-23 03:40:06 Times Seen10 Hash 80aa02e242724f1447015a2f7140aa46 ebe8f68533a9f7c4fa66c9161a4140abf10591f3 ee60fe707e29b0a47a646d5e63e5492b29344f87533a31a06833112309a708a6 Loading...

		Size	First Seen	Last Seen
	#1 Write - 0e316d7c410e49762db961aadbd8019f	75 B	2023-03-11	2023-05-24
Pretty Observations First Seen2023-03-11 11:22:03 Last Seen2023-05-24 07:16:40 Times Seen7 Hash 0e316d7c410e49762db961aadbd8019f db12d89433b3f9256f31ff8729c015420f2c8ac3 505ee37791e1e597f6ba233295cf3b5396870e67d1b9f2782fefbb278de4e6e2 Loading...

	#2 Write - ab27cb408bb51c47b8e625f03db610a7	77 B	2023-03-07	2024-04-25
Pretty Observations First Seen2023-03-07 01:07:16 Last Seen2024-04-25 04:34:40 Times Seen1395 Hash ab27cb408bb51c47b8e625f03db610a7 3979411bfd2a5ba32a11b5300c9bcc782a4b7947 aa5040129e29d9fd5521128308150fb0db3e301800f50798324c13f9fc4d3b73 Loading...

	#3 Write - 94bb3f9f287be336b9b4d38e17048fb7	60 B	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 19:43:49 Last Seen2023-03-11 19:43:49 Times Seen1 Hash 94bb3f9f287be336b9b4d38e17048fb7 b81028e71eb9f44aabede7724beea91579cf5ac8 599cf38111bb131ff72d41b3813a53e10d79fdd00809eb681e07f5f015f89740 Loading...

HTTP Transactions (67)

URL IP Response Size

www.spiderman4.r98.ir/cat/72/taknet98ir.html

79.127.127.68

301 Moved Permanently

707 B

URL HTTP/1.1
www.spiderman4.r98.ir/cat/72/taknet98ir.html
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html HTTP/1.1
Host: www.spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Fri, 25 Nov 2022 09:00:15 GMT
server: LiteSpeed
location: http://spiderman4.r98.ir/cat/72/taknet98ir.html
strict-transport-security: max-age=0;
vary: User-Agent

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13027
Expires: Fri, 25 Nov 2022 12:37:22 GMT
Date: Fri, 25 Nov 2022 09:00:15 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2781
Cache-Control: max-age=94637
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:00:15 GMT
Etag: "637f47ef-1d7"
Expires: Sat, 26 Nov 2022 11:17:32 GMT
Last-Modified: Thu, 24 Nov 2022 10:31:11 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8c63b226725ca6e92e3ef586ac19e603
d21ae42a1927501e5293ff3564f52b49f6b0decc
141ac47acc3800e5d35a82012fa4b044277abad3a95dc24415f66fb72c972ae6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "141AC47ACC3800E5D35A82012FA4B044277ABAD3A95DC24415F66FB72C972AE6"
Last-Modified: Wed, 23 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4559
Expires: Fri, 25 Nov 2022 10:16:14 GMT
Date: Fri, 25 Nov 2022 09:00:15 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 08:19:04 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2471
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: r0qlkpGmie8YJuecRxRiYlPsv8nD1P0+cJ0WPI4hut8UPlsVTXSAUxCjU0rdhFJTcznErKh0r+M=
x-amz-request-id: 6V6PK5DC5HXEA39C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 08:43:46 GMT
age: 989
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 09:00:15 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

spiderman4.r98.ir/cat/72/taknet98ir.html

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
set-cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; path=/
sdf444ddddddddds=1; expires=Sat, 26-Nov-2022 09:00:15 GMT; Max-Age=86400; path=/
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:15 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
76544babbcf6515110bd81aaee8e7e63
043497692868c67ac84cdfe70d0a484517abd1c2
a19d5958d683662375a2469d1d7e551188469b967eb6f2bae2d5e43dac51a4f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:00:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api.js

142.250.74.164

200 OK

553 B

URL HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (850), with no line terminators
Size
553 B (553 bytes)
Hash
1309ff133720d219cc98090d66a051ed
b96fc5a893e42be16d687d7abdecdb13d348a019
358683c66634ea5ee3021c93111d8621d583880bcbbfadf3ec2ff87a15ea1038

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://spiderman4.r98.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Fri, 25 Nov 2022 09:00:16 GMT
date: Fri, 25 Nov 2022 09:00:16 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 553
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 08:11:11 GMT
cache-control: public,max-age=3600
age: 2945
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

spiderman4.r98.ir/theme/rozblog_v5/assets/css/bootstrap.css

79.127.127.68

200 OK

28 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/rozblog_v5/assets/css/bootstrap.css
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
ASCII text, with very long lines (540)
Size
28 kB (27466 bytes)
Hash
27f45b2e4c080a601963b593d8b4a46e
c42c7e6cedd63cc68b035aba506fabff96659647
9baf39b27f7199e3eaba5ad9fb7d5c030fb50022d0f2b897fd8bb773704805aa

HTTP Headers

GET /theme/rozblog_v5/assets/css/bootstrap.css HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sun, 25 Dec 2022 09:00:16 GMT
content-type: text/css
last-modified: Sat, 22 Jan 2022 15:15:57 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 27466
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/theme/panel_v5/assets/vendors/popper.js/dist/umd/popper.min.js

79.127.127.68

200 OK

7.4 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/panel_v5/assets/vendors/popper.js/dist/umd/popper.min.js
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
ASCII text, with very long lines (19015)
Size
7.4 kB (7425 bytes)
Hash
02472c6de271c7bdd689acb2a1544fe3
e2723c45ad29355d4f2f2d88922029c741f4c3d4
a0d9a01f3524566e5662271caaf4e5062aacae2cb59f9ba9bfd82c3f9d8467de

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /theme/panel_v5/assets/vendors/popper.js/dist/umd/popper.min.js HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Fri, 02 Dec 2022 09:00:16 GMT
content-type: application/javascript
last-modified: Fri, 12 Mar 2021 02:54:39 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 7425
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

www.rozblog.com/theme/rozblog_v4/chili-1.7.pack.js

79.127.127.68

200 OK

3.9 kB

URL HTTP/1.1
www.rozblog.com/theme/rozblog_v4/chili-1.7.pack.js
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
exported SGML document, ASCII text, with very long lines (7007), with no line terminators
Size
3.9 kB (3926 bytes)
Hash
a155a6e297ca06f8f663f5a97755f384
0559dd7378a5ee5096e0a738f742d9cf1837900a
d87cffbd47e98e96e922a766f5de7038801d26e0f70a54b5479909065247425b

HTTP Headers

GET /theme/rozblog_v4/chili-1.7.pack.js HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Fri, 02 Dec 2022 09:00:16 GMT
content-type: application/javascript
last-modified: Thu, 20 Mar 2014 11:01:17 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 3926
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
65992aeb8efb9a0b8fd59687090733fe
526a2afccc93d32849185d153fafe44b72797df9
b6677984b6c3602d7b62df776158c09a3e57eec4c0edbddafb0624200715f10e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:00:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

spiderman4.r98.ir/theme/panel_v5/assets/izitoast/iziToast.min.js?96141

79.127.127.68

200 OK

6.5 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/panel_v5/assets/izitoast/iziToast.min.js?96141
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
Unicode text, UTF-8 text, with very long lines (1137)
Size
6.5 kB (6476 bytes)
Hash
f62bd834ff40d0bcbf55ccdf69b34214
2009693e35d54303b17d6ae046a0b7fa6ade1329
794b96670fd65d061b7858c28fee2e074a661fc2cd8d9037a2d8d4afd4518c7a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /theme/panel_v5/assets/izitoast/iziToast.min.js?96141 HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Fri, 02 Dec 2022 09:00:16 GMT
content-type: application/javascript
last-modified: Mon, 19 Apr 2021 18:39:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 6476
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/theme/rozblog_v5/assets/css/style.css?5

79.127.127.68

200 OK

13 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/rozblog_v5/assets/css/style.css?5
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
Unicode text, UTF-8 text, with very long lines (402)
Size
13 kB (12565 bytes)
Hash
39e88a17ddc09ba37699b68765267237
9cef3ef135103f04a011c4254b36443c7fe9f274
7d29e28b7d7667dbd56d367338661112e416409b1be378425987111e3ca063a2

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /theme/rozblog_v5/assets/css/style.css?5 HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sun, 25 Dec 2022 09:00:16 GMT
content-type: text/css
last-modified: Mon, 14 Mar 2022 12:00:10 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 12565
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

www.rozblog.com/theme/rozblog_v5/assets/js/bootstrap.min.js

79.127.127.68

200 OK

16 kB

URL HTTP/1.1
www.rozblog.com/theme/rozblog_v5/assets/js/bootstrap.min.js
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
ASCII text, with very long lines (48664)
Size
16 kB (15451 bytes)
Hash
20961bf217f1968a7b90d4b48345bdcd
5bfc767da66eb77113ec72939d5507b906fdbc91
89f65709807f59a050d6eb8ccea163c69952fec1953c2360c63436b5bab58c9c

HTTP Headers

GET /theme/rozblog_v5/assets/js/bootstrap.min.js HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Fri, 02 Dec 2022 09:00:16 GMT
content-type: application/javascript
last-modified: Thu, 23 Dec 2021 07:18:48 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 15451
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

www.rozblog.com/theme/rozblog_v5/assets/js/customize.js

79.127.127.68

200 OK

225 B

URL HTTP/1.1
www.rozblog.com/theme/rozblog_v5/assets/js/customize.js
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
ASCII text
Size
225 B (225 bytes)
Hash
a60c890500ec9e8221ac6dce25d2b3e1
9bea0acc3d9a968682cc7b532ef416027d5f44b5
8d081ff3edd89875e9150a70463d9beeddff52d3fc8b499268ed61a6ab88d724

HTTP Headers

GET /theme/rozblog_v5/assets/js/customize.js HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Fri, 02 Dec 2022 09:00:16 GMT
content-type: application/javascript
last-modified: Fri, 15 Jun 2018 03:03:01 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 225
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

www.rozblog.com/js/3.js

79.127.127.68

200 OK

2.2 kB

URL HTTP/1.1
www.rozblog.com/js/3.js
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
Unicode text, UTF-8 (with BOM) text
Size
2.2 kB (2163 bytes)
Hash
5c416e61711427cc71319d7b21324e30
919d28ca8ed66f1163d67ece3c3e5dadea3ec305
0b37807490358e87a3dfec580638e6a7b491f5598f872b67f1b22d339970ac23

HTTP Headers

GET /js/3.js HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Fri, 02 Dec 2022 09:00:16 GMT
content-type: application/javascript
last-modified: Thu, 28 Oct 2021 10:34:56 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 2163
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

www.rozblog.com/theme/rozblog_v4/jquery.cycle.all.js

79.127.127.68

200 OK

17 kB

URL HTTP/1.1
www.rozblog.com/theme/rozblog_v4/jquery.cycle.all.js
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
ASCII text
Size
17 kB (16744 bytes)
Hash
f7d48faab76bd4d6cd6fc8c8b5276743
f23ed2781ef2838bbf57767668ef72fc571b79fc
2879834e027c088c635721a350f58c4d8e32b5bbd343769bcb35d261c35324ca

HTTP Headers

GET /theme/rozblog_v4/jquery.cycle.all.js HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Fri, 02 Dec 2022 09:00:16 GMT
content-type: application/javascript
last-modified: Thu, 20 Mar 2014 11:01:19 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 16744
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

www.rozblog.com/theme/rozblog_v5/assets/js/owl.carousel.min.js

79.127.127.68

200 OK

13 kB

URL HTTP/1.1
www.rozblog.com/theme/rozblog_v5/assets/js/owl.carousel.min.js
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
ASCII text, with very long lines (31997)
Size
13 kB (13414 bytes)
Hash
3f241b12788b385d80518a36979e0fba
c3de474cff0f3b9a350a922a4a676f668acbcdfe
5051bf5c475a0c88bd16a391c50318eb0510ea5521ea71796214562a0f68164d

HTTP Headers

GET /theme/rozblog_v5/assets/js/owl.carousel.min.js HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Fri, 02 Dec 2022 09:00:16 GMT
content-type: application/javascript
last-modified: Tue, 15 Mar 2022 12:29:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 13414
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5057
Cache-Control: max-age=91850
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:00:16 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:31:06 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

spiderman4.r98.ir/theme/rozblog_v5/assets/images/En.png

79.127.127.68

200 OK

13 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/rozblog_v5/assets/images/En.png
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
PNG image data, 130 x 130, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (12928 bytes)
Hash
906efdd0d038a7d8079c8e0494014a27
69a4dcf2bde3bab6fe9982257f2a893bd958c69a
273969a886b1e0e31f161971ef946019f0ca683f0d41afcd301cec26f8a7209d

HTTP Headers

GET /theme/rozblog_v5/assets/images/En.png HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sat, 25 Nov 2023 09:00:16 GMT
content-type: image/png
last-modified: Thu, 14 Jan 2021 17:31:45 GMT
accept-ranges: bytes
content-length: 12928
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

spiderman4.r98.ir/theme/rozblog_v5/assets/images/logo1.png

79.127.127.68

200 OK

7.8 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/rozblog_v5/assets/images/logo1.png
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
PNG image data, 130 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
7.8 kB (7761 bytes)
Hash
7eb16de105a16ee33c49e5df38ba37b7
b9ef3d5d38a98d6c4d6dfccc7d34cc5c747f2e2e
6f435c95b836aee19f661ed3320ab6d1285670de170826e9bca7eef2335c21c7

HTTP Headers

GET /theme/rozblog_v5/assets/images/logo1.png HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sat, 25 Nov 2023 09:00:16 GMT
content-type: image/png
last-modified: Sat, 25 Sep 2021 17:40:53 GMT
accept-ranges: bytes
content-length: 7761
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

www.rozblog.com/theme/rozblog_v5/assets/js/jquery-3.5.1.min.js

79.127.127.68

200 OK

35 kB

URL HTTP/1.1
www.rozblog.com/theme/rozblog_v5/assets/js/jquery-3.5.1.min.js
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
ASCII text, with very long lines (65451)
Size
35 kB (34811 bytes)
Hash
e6286f059a051e65fbb65e1edd026c5e
348e936ba0b7beb4618212cc74496fb78e152932
db9d15ce2e0a2ed2bb34d70d223482bc8088bce7035fa3ffe9fc75e2cd5bae3f

HTTP Headers

GET /theme/rozblog_v5/assets/js/jquery-3.5.1.min.js HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Fri, 02 Dec 2022 09:00:16 GMT
content-type: application/javascript
last-modified: Sun, 24 Jan 2021 20:45:05 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 34811
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/theme/banned.jpeg

79.127.127.68

200 OK

1.6 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/banned.jpeg
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 120x120, components 3\012- data
Size
1.6 kB (1635 bytes)
Hash
94fdc8fdc15224191bfa339f84128584
2b454e1320e46d04af689eed03d7a6ef260e2fbc
4ea71e0814f246332c7fcbd6556a84c852343c73e64984ec433b8fdf9dee64d6

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /theme/banned.jpeg HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sat, 25 Nov 2023 09:00:16 GMT
content-type: image/jpeg
last-modified: Wed, 11 Jan 2012 23:22:48 GMT
accept-ranges: bytes
content-length: 1635
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

www.rozblog.com/usercp.js?10

79.127.127.68

200 OK

2.3 kB

URL HTTP/1.1
www.rozblog.com/usercp.js?10
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
Unicode text, UTF-8 text
Size
2.3 kB (2252 bytes)
Hash
3345caca650e2f6013034cb8452a88f7
40f3014dff2fd5b61c8a073707a21c27a005196c
a340cecbce449ac986ea8e6c6868a13a6ad1151898ebfb405853c62ee4a14d46

HTTP Headers

GET /usercp.js?10 HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Fri, 02 Dec 2022 09:00:16 GMT
content-type: application/javascript
last-modified: Mon, 31 Jan 2022 03:31:28 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 2252
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/IRANSans-Light-web.woff2

79.127.127.68

200 OK

33 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/IRANSans-Light-web.woff2
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
Web Open Font Format (Version 2), TrueType, length 32748, version 3.0\012- data
Size
33 kB (32748 bytes)
Hash
deecd7b9e79a829f0addc7b477f78d66
de1dc71b022c536c8b5a9c033a3a379232fc7416
80eca765a7f123d944488102a14d1e9b8ece313ec8d0af525e96363ae857c585

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /theme/rozblog_v5/assets/fonts/IRANSans-Light-web.woff2 HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://spiderman4.r98.ir/theme/rozblog_v5/assets/css/style.css?5
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sun, 27 Nov 2022 09:00:16 GMT
content-type: font/woff2
last-modified: Fri, 15 Jun 2018 03:02:55 GMT
etag: "7fec-5b232c5f-774bafa6422dd57;;;"
accept-ranges: bytes
content-length: 32748
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

spiderman4.r98.ir/theme/rozblog_v5/assets/images/top-ribbon.png

79.127.127.68

200 OK

31 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/rozblog_v5/assets/images/top-ribbon.png
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
PNG image data, 1600 x 2, 8-bit/color RGBA, non-interlaced\012- data
Size
31 kB (31124 bytes)
Hash
bf8061c8e46378d2cafeb4f83294a598
4c42efa285da52ff750f1214e9a14f72175bcf22
68512e37d7aab7038dc1a365c0b83182f6cd778c93a2a2b2bd467b0434371c07

HTTP Headers

GET /theme/rozblog_v5/assets/images/top-ribbon.png HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/theme/rozblog_v5/assets/css/style.css?5
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sat, 25 Nov 2023 09:00:16 GMT
content-type: image/png
last-modified: Sat, 25 Sep 2021 17:40:53 GMT
accept-ranges: bytes
content-length: 31124
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

spiderman4.r98.ir/images/rozblog-banner-468x150.gif

79.127.127.68

200 OK

113 kB

URL HTTP/1.1
spiderman4.r98.ir/images/rozblog-banner-468x150.gif
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
GIF image data, version 89a, 468 x 150\012- data
Size
113 kB (113287 bytes)
Hash
93ed7f95cd6e2c4e7f655afa5e30632b
7c60e1974b0aa305e1186def6be95d3beba81e6e
bd3969c606e95bba7b46f676bc0fbf7f9f02eb262e25e37b54754b849eee7af7

HTTP Headers

GET /images/rozblog-banner-468x150.gif HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sat, 25 Nov 2023 09:00:16 GMT
content-type: image/gif
last-modified: Sun, 31 Jan 2021 22:05:27 GMT
accept-ranges: bytes
content-length: 113287
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/parsianweb.ttf?3gj4r1

79.127.127.68

200 OK

10 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/parsianweb.ttf?3gj4r1
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, parsianweb \012- data
Size
10 kB (10012 bytes)
Hash
37acd65ca52e264c870c06e607f1bea7
df0e23b4d94af34e77f491ede3c3d1c964872152
fbb27069ff299ce4cdef889c0d0fc23985e9afae132c7052e25378cbb12e8966

HTTP Headers

GET /theme/rozblog_v5/assets/fonts/parsianweb.ttf?3gj4r1 HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/theme/rozblog_v5/assets/css/style.css?5
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=172800
expires: Sun, 27 Nov 2022 09:00:16 GMT
content-type: font/ttf
last-modified: Fri, 15 Jun 2018 03:02:58 GMT
etag: "271c-5b232c62-d02bddeb60281ab7;;;"
accept-ranges: bytes
content-length: 10012
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/web_Yekan.woff

79.127.127.68

200 OK

28 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/web_Yekan.woff
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
Web Open Font Format, TrueType, length 27516, version 0.0\012- data
Size
28 kB (27516 bytes)
Hash
6a8165b77213542fc1542b9f0f9d9d51
0cf5455eaaa43e967e13c4baaf22d7dd95c337d8
dd41efff5afebad2f72d1301367dd6502371c8711bedca4b817664e5ee561a9d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /theme/rozblog_v5/assets/fonts/web_Yekan.woff HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://spiderman4.r98.ir/theme/rozblog_v5/assets/css/style.css?5
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sun, 27 Nov 2022 09:00:16 GMT
content-type: font/woff
last-modified: Fri, 15 Jun 2018 03:02:59 GMT
etag: "6b7c-5b232c63-aad0e45e10709287;;;"
accept-ranges: bytes
content-length: 27516
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/IRANSans-Medium-web.woff2

79.127.127.68

200 OK

32 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/IRANSans-Medium-web.woff2
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
Web Open Font Format (Version 2), TrueType, length 31692, version 3.0\012- data
Size
32 kB (31692 bytes)
Hash
068aff9626a6808a412979cd68987229
d9a09a1b2361983e28db2263fd601c6a235b101d
83f2088182a1c38208b59ea971a02dac54f9f0e82af6d4ba938532456f88e51a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /theme/rozblog_v5/assets/fonts/IRANSans-Medium-web.woff2 HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://spiderman4.r98.ir/theme/rozblog_v5/assets/css/style.css?5
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sun, 27 Nov 2022 09:00:16 GMT
content-type: font/woff2
last-modified: Fri, 15 Jun 2018 03:02:56 GMT
etag: "7bcc-5b232c60-e6070db3ce5950c7;;;"
accept-ranges: bytes
content-length: 31692
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

spiderman4.r98.ir/theme/rozblog_v4/respon.css

79.127.127.68

200 OK

2.5 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/rozblog_v4/respon.css
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
ASCII text
Size
2.5 kB (2471 bytes)
Hash
07fa6561972bc6488539e9b9237d829f
79fdf8974156097e4f1d3d31fa3cc8583c3a2a3e
7b01306430c0b42272fa7a97ceb9396ef58d22107bfc5d44a0132f54f3d0cf24

HTTP Headers

GET /theme/rozblog_v4/respon.css HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sun, 25 Dec 2022 09:00:16 GMT
content-type: text/css
last-modified: Wed, 24 Sep 2014 15:00:24 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 2471
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/IRANSans-UltraLight-web.woff2

79.127.127.68

200 OK

32 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/rozblog_v5/assets/fonts/IRANSans-UltraLight-web.woff2
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
Web Open Font Format (Version 2), TrueType, length 32488, version 3.0\012- data
Size
32 kB (32488 bytes)
Hash
7b3c6059e6ffb34e09973a4d56f64ab8
2256a9b53a9ed8d7fb040ef3c240948ccc3474b2
ce6679c79c3e9cdf8d32ff4eb94ddf954c76203f8e5f70c6bb43ff9f870a2b7e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /theme/rozblog_v5/assets/fonts/IRANSans-UltraLight-web.woff2 HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://spiderman4.r98.ir/theme/rozblog_v5/assets/css/style.css?5
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sun, 27 Nov 2022 09:00:16 GMT
content-type: font/woff2
last-modified: Fri, 15 Jun 2018 03:02:57 GMT
etag: "7ee8-5b232c61-84772a926671316c;;;"
accept-ranges: bytes
content-length: 32488
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

push.services.mozilla.com/

44.236.232.139

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.236.232.139:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NBynb0FVFHFFPZNV0tEC9A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gklOBa6mKawRM3lhnsLsUUPieSo=

spiderman4.r98.ir/theme/rozblog_v5/assets/images/sprite.png

79.127.127.68

200 OK

8.9 kB

URL HTTP/1.1
spiderman4.r98.ir/theme/rozblog_v5/assets/images/sprite.png
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
PNG image data, 184 x 189, 8-bit/color RGBA, non-interlaced\012- data
Size
8.9 kB (8890 bytes)
Hash
c3251e01ae481b8185740d9a9158294c
da888694c320440e7beafeb201e093c47807e5e8
0c692ad52996e613ae0b2a446b8bbc7bda98d3e70a86ba7d69f32ab7e9ddda9a

HTTP Headers

GET /theme/rozblog_v5/assets/images/sprite.png HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/theme/rozblog_v5/assets/css/style.css?5
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sat, 25 Nov 2023 09:00:16 GMT
content-type: image/png
last-modified: Sat, 25 Sep 2021 17:40:53 GMT
accept-ranges: bytes
content-length: 8890
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

s10.histats.com/js15.js

46.105.201.240

200 OK

4.4 kB

URL HTTP/1.1
s10.histats.com/js15.js
IP
46.105.201.240:0
ASN
#16276 OVH SAS

File type
HTML document, ASCII text, with very long lines (11088), with no line terminators
Size
4.4 kB (4405 bytes)
Hash
688a4c6f6b98b3bfb618172e90695341
432a0d43c31e466673d13308db9e1ba5e519619c
becf42e9318b096cf691c11947c601c75b0b5ba2a6421fd2e676f62c646c17c5

HTTP Headers

GET /js15.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/

HTTP/1.1 200 OK
date: Fri, 25 Nov 2022 08:55:03 GMT
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 180683319
etag: W/"980881274"
content-type: application/javascript; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4405
x-iplb-request-id: 5B5A2A9A:12D7_2E69C9F0:0050_63808420_70112:2201
x-iplb-instance: 42476

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
87de3dd2c7dce12b01a337d1554a222a
30e0bd68bbb78995aa8a0686ac02848fd5a7a699
533c21806ef66401ea5faeeb37366a33f19f0e9052b4fb06f22981ec73b21a59

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:00:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js

142.250.74.163

200 OK

163 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (730)
Size
163 kB (162976 bytes)
Hash
79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6

HTTP Headers

GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://spiderman4.r98.ir
Connection: keep-alive
Referer: http://spiderman4.r98.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 08:12:22 GMT
expires: Sat, 25 Nov 2023 08:12:22 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 2874
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.rozblog.com/theme/rozblog_v4/favi1.ico

79.127.127.68

200 OK

1.2 kB

URL HTTP/1.1
www.rozblog.com/theme/rozblog_v4/favi1.ico
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
129e0e4681906fae60ea32d066a7b4c5
33c024415db44baa3aba0f13df1399d9b81ac9e6
0a14eb14e53df8201b78084ab9a276a1f4ca01e55a20c3b8b0b6f3b660ee3ff0

HTTP Headers

GET /theme/rozblog_v4/favi1.ico HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000, no-transform
expires: Sat, 25 Nov 2023 09:00:16 GMT
content-type: image/x-icon
last-modified: Tue, 18 Nov 2014 15:12:07 GMT
accept-ranges: bytes
content-length: 1150
date: Fri, 25 Nov 2022 09:00:16 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
87de3dd2c7dce12b01a337d1554a222a
30e0bd68bbb78995aa8a0686ac02848fd5a7a699
533c21806ef66401ea5faeeb37366a33f19f0e9052b4fb06f22981ec73b21a59

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 09:00:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e4187a43946d8ea5337bb1347757b7a6
05dd65dd513f85c93974052ac7fa227aaf250fe4
495169482368a285ec3b8581b00365be1dd6c011d0278437bc55be18a6231adf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "495169482368A285EC3B8581B00365BE1DD6C011D0278437BC55BE18A6231ADF"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18242
Expires: Fri, 25 Nov 2022 14:04:19 GMT
Date: Fri, 25 Nov 2022 09:00:17 GMT
Connection: keep-alive

s4.histats.com/stats/0.php?1680739&@f16&@g1&@h1&@i1&@j1669366816262&@k0&@l1&@mspiderman4%20-%20%D8%B3%D8%A7%DB%8C%D8%AA%20%D9%85%D9%88%D8%B1%D8%AF%20%D9%86%D8%B8%D8%B1%20%D9%85%D8%B3%D8%AF%D9%88%D8%AF%20%D8%A7%D8%B3%D8%AA&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-131542837&@b3:1669366816&@b4:js15.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fspiderman4.r98.ir%2Fcat%2F72%2Ftaknet98ir.html&@w

158.69.248.123

200 OK

50 B

URL HTTP/1.1
s4.histats.com/stats/0.php?1680739&@f16&@g1&@h1&@i1&@j1669366816262&@k0&@l1&@mspiderman4%20-%20%D8%B3%D8%A7%DB%8C%D8%AA%20%D9%85%D9%88%D8%B1%D8%AF%20%D9%86%D8%B8%D8%B1%20%D9%85%D8%B3%D8%AF%D9%88%D8%AF%20%D8%A7%D8%B3%D8%AA&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-131542837&@b3:1669366816&@b4:js15.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fspiderman4.r98.ir%2Fcat%2F72%2Ftaknet98ir.html&@w
IP
158.69.248.123:0
ASN
#16276 OVH SAS

File type
ASCII text, with no line terminators
Size
50 B (50 bytes)
Hash
2f70e8439bffcdfc066044862a836e6d
78a76e9ab10d448501af710d76f5dccc48ae6d42
21bb9c9d6ff68df6b569fde8c587740db3adbae245d7c2e4e77c1f1c645ac4fc

HTTP Headers

GET /stats/0.php?1680739&@f16&@g1&@h1&@i1&@j1669366816262&@k0&@l1&@mspiderman4%20-%20%D8%B3%D8%A7%DB%8C%D8%AA%20%D9%85%D9%88%D8%B1%D8%AF%20%D9%86%D8%B8%D8%B1%20%D9%85%D8%B3%D8%AF%D9%88%D8%AF%20%D8%A7%D8%B3%D8%AA&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:-131542837&@b3:1669366816&@b4:js15.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fspiderman4.r98.ir%2Fcat%2F72%2Ftaknet98ir.html&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://spiderman4.r98.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 09:00:17 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 50
Connection: close

spiderman4.r98.ir/cat/72/taknet98ir.html?action=pm

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html?action=pm
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html?action=pm HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1; HstCfa1680739=1669366816262; HstCla1680739=1669366816262; HstCmu1680739=1669366816262; HstPn1680739=1; HstPt1680739=1; HstCnv1680739=1; HstCns1680739=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:17 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/cat/72/taknet98ir.html?action=confirmuser

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html?action=confirmuser
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html?action=confirmuser HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1; HstCfa1680739=1669366816262; HstCla1680739=1669366816262; HstCmu1680739=1669366816262; HstPn1680739=1; HstPt1680739=1; HstCnv1680739=1; HstCns1680739=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:17 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/cat/72/taknet98ir.html?action=confirmpost

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html?action=confirmpost
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html?action=confirmpost HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1; HstCfa1680739=1669366816262; HstCla1680739=1669366816262; HstCmu1680739=1669366816262; HstPn1680739=1; HstPt1680739=1; HstCnv1680739=1; HstCns1680739=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:17 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/cat/72/taknet98ir.html?action=zobaledan

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html?action=zobaledan
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html?action=zobaledan HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1; HstCfa1680739=1669366816262; HstCla1680739=1669366816262; HstCmu1680739=1669366816262; HstPn1680739=1; HstPt1680739=1; HstCnv1680739=1; HstCns1680739=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:17 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/cat/72/taknet98ir.html?action=comment

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html?action=comment
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html?action=comment HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1; HstCfa1680739=1669366816262; HstCla1680739=1669366816262; HstCmu1680739=1669366816262; HstPn1680739=1; HstPt1680739=1; HstCnv1680739=1; HstCns1680739=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:17 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/cat/72/taknet98ir.html?action=comment_no

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html?action=comment_no
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html?action=comment_no HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1; HstCfa1680739=1669366816262; HstCla1680739=1669366816262; HstCmu1680739=1669366816262; HstPn1680739=1; HstPt1680739=1; HstCnv1680739=1; HstCns1680739=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:17 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/cat/72/taknet98ir.html?action=ban_user

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html?action=ban_user
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html?action=ban_user HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1; HstCfa1680739=1669366816262; HstCla1680739=1669366816262; HstCmu1680739=1669366816262; HstPn1680739=1; HstPt1680739=1; HstCnv1680739=1; HstCns1680739=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:17 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/cat/72/taknet98ir.html?action=admin_user

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html?action=admin_user
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html?action=admin_user HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1; HstCfa1680739=1669366816262; HstCla1680739=1669366816262; HstCmu1680739=1669366816262; HstPn1680739=1; HstPt1680739=1; HstCnv1680739=1; HstCns1680739=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:17 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3546
Expires: Fri, 25 Nov 2022 09:59:24 GMT
Date: Fri, 25 Nov 2022 09:00:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3546
Expires: Fri, 25 Nov 2022 09:59:24 GMT
Date: Fri, 25 Nov 2022 09:00:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3546
Expires: Fri, 25 Nov 2022 09:59:24 GMT
Date: Fri, 25 Nov 2022 09:00:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3546
Expires: Fri, 25 Nov 2022 09:59:24 GMT
Date: Fri, 25 Nov 2022 09:00:18 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8917 bytes)
Hash
5863138af1ddbba34a7856242a7b3a06
2eba66ff6539388c48562503e8d11ff0e060350a
d1543e1b803a07095148b743925eebbbf21f566a2df9b785a1a9d48c5604496c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8917
x-amzn-requestid: 10f3b269-9437-476d-ae4f-a0ac3fb78491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8wEIwoAMF8uA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-4cfeecf4553b26381ed11875;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 6ibPrCdDNQqWzxiVYDsl87yUfTP8sUmu22GbhBdDHJruil0qxbw7Fw==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:00 GMT
etag: "2eba66ff6539388c48562503e8d11ff0e060350a"
content-type: image/jpeg
age: 41118
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96a33fb5-b971-4386-a670-7dcbbf52b051.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.4 kB (2351 bytes)
Hash
66d06d3cac1784e4ce6c8c89c300f10a
41ef94d198bbf98185eb332a3b6934c3c26c3afc
55312d1b43447e4f77d8e9e52451bb63a9868ba8122c9e16e0a20479d34367e3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96a33fb5-b971-4386-a670-7dcbbf52b051.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2351
x-amzn-requestid: 141bbf99-5d78-4b9c-a537-491718aee68a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b43YGE_SoAMFlbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6379d29a-00017cd344caea2b6408aeb3;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 07:09:14 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 1-8WM-7tNqakPDW9-K0GVbOKdotndEXj2QeJzw3cJol-g9TT5IVyOQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 28fdf6e146f70e7372911f118404fb20.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 16:45:53 GMT
age: 58465
etag: "41ef94d198bbf98185eb332a3b6934c3c26c3afc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25123759-9d71-477d-9857-9cc07cc12173.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6891 bytes)
Hash
92171fa8fbc051aefeb8ceb6072848de
377775b7c7b085efa6dd653d285ba3a52af6a549
537c4d5cc3ef2e60c3d0171ac31c1dba4ab2ff340108015787a9dd20dc76b7ed

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25123759-9d71-477d-9857-9cc07cc12173.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6891
x-amzn-requestid: 6da0ae90-c3cc-4e9c-9a0e-3c72b4eb7605
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b7m2NGsvoAMF_fQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637aeb5a-1ed2badf0e84d40e6a052f7a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 03:07:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OTpJ5Qu_Ttq5se4SrZIAEiNVm6mqrrUq_0TmMJ4vldeuzMuCSxxUtA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 06:37:47 GMT
age: 8551
etag: "377775b7c7b085efa6dd653d285ba3a52af6a549"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31c66612-f3a0-4e62-8b93-c9f774ffc236.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6130 bytes)
Hash
ba7b9c131ab7e5998f25b069ba3860a0
0214fc0deecb1115766802f42cfd256e3c479490
717aa23c687ccebc1b5ebbfd88d0e4fe181fef038d308231842b2b1969f3976b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31c66612-f3a0-4e62-8b93-c9f774ffc236.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6130
x-amzn-requestid: 0ab34b27-2c6b-4a37-87ad-6fa56a265453
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8wF7KIAMFjlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-4a3d24f93ceb37d37a5ce1ee;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SHmcFNiZ97RU02VeLiHLjFynYiSuaQP8T_XKG2UaAigWXG5sYhdVLQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:35:01 GMT
etag: "0214fc0deecb1115766802f42cfd256e3c479490"
content-type: image/jpeg
age: 41117
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8089 bytes)
Hash
c8f6118fc03f31862ff68fef8a2b9a7f
318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73
cdd4d44f05cc524d7f2b1d6d792ecd8a9a933e52ecb7685a7d7ea786a510ef39

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a474c96-6cd7-4e42-a54a-02217768182e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8089
x-amzn-requestid: f4b5f150-a5dc-40bf-93b9-394c294a51cb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEmkRFSnIAMF5vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e8481-74454bee1a1ec6d506f3d75b;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 20:37:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ZVv8iTGCYV-IiBJ6KwNSG1ZWSEwClaQopUejSqZq0S1wd782lRoyKA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:59:49 GMT
age: 36029
etag: "318c5d7acd0d36c816b09fcf1b7dc4bfb5ec7e73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd87485db-f230-4024-987f-6b9ea6098576.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10356 bytes)
Hash
05a92b9f554600c920e8b772eb16ee75
7f29e0e2de89f7a88ff0bf2a720365032ef11cc1
4b51a70a0ee6fe0d723880ea70fee25c15bff671d8a484bbb2a3c9962303c735

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd87485db-f230-4024-987f-6b9ea6098576.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10356
x-amzn-requestid: 8450975f-bcb2-4b59-b0ef-42e43d1bb16a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM-cGKIIAMFo7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8ec2-7f95154e3177c6e30a925244;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _dHgUlzLnOsFrI73NzPGn0VJ2NvJqRew6bHzlD6_n2zwHPfQ-8kIvA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 03:16:29 GMT
age: 20629
etag: "7f29e0e2de89f7a88ff0bf2a720365032ef11cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

spiderman4.r98.ir/cat/72/taknet98ir.html?action=zobaledan

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html?action=zobaledan
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html?action=zobaledan HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1; HstCfa1680739=1669366816262; HstCla1680739=1669366816262; HstCmu1680739=1669366816262; HstPn1680739=1; HstPt1680739=1; HstCnv1680739=1; HstCns1680739=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:18 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/cat/72/taknet98ir.html?action=confirm_link

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html?action=confirm_link
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html?action=confirm_link HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1; HstCfa1680739=1669366816262; HstCla1680739=1669366816262; HstCmu1680739=1669366816262; HstPn1680739=1; HstPt1680739=1; HstCnv1680739=1; HstCns1680739=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:18 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/cat/72/taknet98ir.html?action=new_comment_no

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html?action=new_comment_no
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html?action=new_comment_no HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1; HstCfa1680739=1669366816262; HstCla1680739=1669366816262; HstCmu1680739=1669366816262; HstPn1680739=1; HstPt1680739=1; HstCnv1680739=1; HstCns1680739=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:18 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

spiderman4.r98.ir/cat/72/taknet98ir.html?action=new_comment

79.127.127.68

200 OK

4.5 kB

URL HTTP/1.1
spiderman4.r98.ir/cat/72/taknet98ir.html?action=new_comment
IP
79.127.127.68:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (371)
Size
4.5 kB (4455 bytes)
Hash
a5055c37ec1c731cb8e837d5e120b206
55cfe07aa81293426d993ca23576d55e8f1994ee
786dc8963f68b13ae99ec414129147326672c47adf6907d991b82b3a91321d5b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /cat/72/taknet98ir.html?action=new_comment HTTP/1.1
Host: spiderman4.r98.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://spiderman4.r98.ir/cat/72/taknet98ir.html
Cookie: PHPSESSID=27c1b437dadd48dfcf0967223758b276; sdf444ddddddddds=1; HstCfa1680739=1669366816262; HstCla1680739=1669366816262; HstCmu1680739=1669366816262; HstPn1680739=1; HstPt1680739=1; HstCnv1680739=1; HstCns1680739=1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-length: 4455
content-encoding: gzip
date: Fri, 25 Nov 2022 09:00:18 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations