Report - albom.rozblog.com/

Report Overview

Visited public
2025-05-30 08:47:29
Tags
URL
albom.rozblog.com/
Finishing URL
albom.rozblog.com/
IP / ASN
79.127.127.68
#43754 Asiatech Data Transmission company
Title
سایت تفریحی کمپین ::: Campin.Ir

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
up.tools.campin.ir	unknown	unknown	No data	No data	420 B	0 B	0.0.0.0
rozup.ir	399364	unknown	2012-10-26	2025-05-18	1.2 kB	433 kB	79.127.127.67
3ali3.com	unknown	2010-10-11	2012-11-15	2024-11-05	419 B	0 B	0.0.0.0
www.rozblog.com	unknown	2009-12-07	2012-07-05	2025-05-26	4.1 kB	77 kB	79.127.127.68
albom.rozblog.com	unknown	unknown	No data	No data	8.3 kB	364 kB	79.127.127.68
up.campin.ir	unknown	unknown	2015-08-06	2016-04-28	13 kB	0 B	0.0.0.0
rozblog.com	202745	2009-12-07	2012-05-23	2025-05-18	1.7 kB	3.6 kB	79.127.127.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed
2025-05-30	medium	campin.ir	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	albom.rozblog.com/	Eval	350 B	2023-09-03	2025-06-14
Pretty URL albom.rozblog.com/ IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by eval Embedded in HTML false Observations First Seen2023-09-03 23:51 Last Seen2025-06-14 16:47 Times Seen648 Hash 22a2214d6bc75c7ca9f8a1b59281d3c9 7460ebe76697609ad95a026a1a3bbe35651a0986 ac7a643ea85d7458d8e394b68122cfe131679e59c4b746990515ba19294833a0 Loading...

	albom.rozblog.com/	Eval	684 B	2024-07-05	2025-06-14
Pretty URL albom.rozblog.com/ IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by eval Embedded in HTML false Observations First Seen2024-07-05 06:35 Last Seen2025-06-14 16:47 Times Seen93 Hash adda90a1ec2ad44862c1bf03ef149447 01c283dfbde9ea42c0125abf6645bc78fcbbc091 aad90e46b64cc7d2c6ef9ff48543b90b48ddb89f4a5ef8df8b0c7150f66275a5 Loading...

	albom.rozblog.com/	Eval	339 B	2023-11-06	2025-06-14
Pretty URL albom.rozblog.com/ IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by eval Embedded in HTML false Observations First Seen2023-11-06 03:28 Last Seen2025-06-14 16:47 Times Seen535 Hash a89c17fe41f8c30cded2b40d908b4046 b2c0c22975ec2c2ccd36cbd55f7fe7dbc6fd53f3 76589eaae47466b16f06ac5b6442d9534917f538b4fdce9dfd5bae0f3b1ad5a8 Loading...

	albom.rozblog.com/temp/default/script.js	ScriptElement	1.2 kB	2023-03-07	2025-06-14
Pretty URL albom.rozblog.com/temp/default/script.js IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09 Last Seen2025-06-14 16:47 Times Seen624 Hash 0f79a0db21adf42d6692070342a13c8e bf3349841b9b81f0cb9b6694cbc5b4ebb8fe714a c73a5c5ae7ea0f3c2f22e53038af6a95f5ceaa91abb56a7ac80f61c14745f359 Loading...

	albom.rozblog.com/	ScriptElement	170 B	2023-03-07	2025-06-14
Pretty URL albom.rozblog.com/ IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:09 Last Seen2025-06-14 16:47 Times Seen647 Hash 901522f6c503734d3712767bb0770854 2a7760a7ee836382383dcc7902b479bd6b6facf9 1d3301f7680c4bc2b289ed57a0c583ffd1a5585f9445f655a25917eb26947902 Loading...

	albom.rozblog.com/code/popup	ScriptElement	3.2 kB	2025-05-30	2025-05-30
Pretty URL albom.rozblog.com/code/popup IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-30 08:47 Last Seen2025-05-30 08:47 Times Seen1 Hash 2d77dfe4ca6c2dac778ddcef48ec2dd0 6609c98796378bad8620c2fad0bd1304dec330c1 57b58e7b2977fde3362387be4c48d05b73f34a622d0863ccbbf705234df82497 Loading...

	albom.rozblog.com/	ScriptElement	71 B	2024-08-02	2025-06-14
Pretty URL albom.rozblog.com/ IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-02 10:10 Last Seen2025-06-14 16:47 Times Seen78 Hash dab04c8631f41a7502729de26ef01283 35fc5e7a7e8563ac8ade34359e936a4068035899 7aba0ff8a112646941014dcb7e9c113e7df3d3370b2b1ef099c8f16348729c75 Loading...

	albom.rozblog.com/	Eval	142 B	2023-03-07	2025-06-14
Pretty URL albom.rozblog.com/ IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 12:09 Last Seen2025-06-14 16:47 Times Seen684 Hash 379686aa20f7045d96c393363f6d117e 7b948699c1ec200169dc9c470be04809b5da42d2 818d91b37b1e996c8afdfd05018b5780ff2be46b14430eaf5a166463bfe2f0c3 Loading...

	albom.rozblog.com/js/site.js?24.22	ScriptElement	74 kB	2025-05-30	2025-06-12
Pretty URL albom.rozblog.com/js/site.js?24.22 IP 79.127.127.68 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-30 08:47 Last Seen2025-06-12 07:38 Times Seen9 Hash e56a4c52838e03df656c48792b2a57cb 00de597702a932e67a004acc721d76e0eb8bbc99 2dd67fba4cadc0c42067bd90622e44f3b79fdf6da2277178a782fc5e040110c7 Loading...

HTTP Transactions (59)

URL IP Response Size

GET www.rozblog.com/theme/ads/style_ads.css

79.127.127.68

200 OK

2.1 kB

URL GET
www.rozblog.com/theme/ads/style_ads.css
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://www.rozblog.com/theme/ads/banner.html
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
ASCII text
Size
2.1 kB (2133 bytes)
Hash
692c3a98b1967065e9adad2c348e9d08
b9558f78445af0ceb359403fc8e67ed995f3f5a7
42f4dc74e88e0c6e8e4f16e13ae40a013004a3bfa842d6210dc3dcc6ebef0e26

HTTP Headers

GET /theme/ads/style_ads.css HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.rozblog.com/theme/ads/banner.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sun, 29 Jun 2025 08:47:08 GMT
content-type: text/css
last-modified: Tue, 09 Jul 2024 13:12:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 720
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
access-control-allow-origin: *

GET albom.rozblog.com/theme/rozblog_v4/favi1.ico

79.127.127.68

200 OK

1.2 kB

URL GET
albom.rozblog.com/theme/rozblog_v4/favi1.ico
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
129e0e4681906fae60ea32d066a7b4c5
33c024415db44baa3aba0f13df1399d9b81ac9e6
0a14eb14e53df8201b78084ab9a276a1f4ca01e55a20c3b8b0b6f3b660ee3ff0

HTTP Headers

GET /theme/rozblog_v4/favi1.ico HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551; c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; c_t=743186839708c4aa36854083004670413825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sat, 30 May 2026 08:47:09 GMT
content-type: image/x-icon
last-modified: Tue, 18 Nov 2014 15:12:07 GMT
accept-ranges: bytes
content-length: 1150
date: Fri, 30 May 2025 08:47:09 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

GET albom.rozblog.com/temp/tarahi/styles.css

79.127.127.68

200 OK

23 kB

URL GET
albom.rozblog.com/temp/tarahi/styles.css
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
ASCII text, with CRLF line terminators
Size
23 kB (23039 bytes)
Hash
d52d78ef23e2ca640b2d9cdc8be85be2
ad6dab470d0c15dd48d0b782caf43c613af70e49
02e3d17280c575aa44146c87a52c86e1b62c0e95ee0cb5632e67369192eb35c6

HTTP Headers

GET /temp/tarahi/styles.css HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sun, 29 Jun 2025 08:47:08 GMT
content-type: text/css
last-modified: Sat, 26 Apr 2025 17:17:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 5510
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
access-control-allow-origin: *

GET up.campin.ir/view/1246430/%DA%AF%D9%84%D9%88%D8%B1%DB%8C%D8%A7_%D9%87%D8%A7%D8%B1%D8%AF%DB%8C_%D9%88_%D9%87%D9%85%D8%B3%D8%B1%D8%B4_%D8%AF%D8%B1_%D8%A8%D8%B1%D9%86%D8%A7%D9%85%D9%87_%D8%AE%D9%88%D8%B4%D8%A7_%D8%B4%DB%8C%D8%B1%D8%A7%D8%B2_3.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1246430/%DA%AF%D9%84%D9%88%D8%B1%DB%8C%D8%A7_%D9%87%D8%A7%D8%B1%D8%AF%DB%8C_%D9%88_%D9%87%D9%85%D8%B3%D8%B1%D8%B4_%D8%AF%D8%B1_%D8%A8%D8%B1%D9%86%D8%A7%D9%85%D9%87_%D8%AE%D9%88%D8%B4%D8%A7_%D8%B4%DB%8C%D8%B1%D8%A7%D8%B2_3.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1246430/%DA%AF%D9%84%D9%88%D8%B1%DB%8C%D8%A7_%D9%87%D8%A7%D8%B1%D8%AF%DB%8C_%D9%88_%D9%87%D9%85%D8%B3%D8%B1%D8%B4_%D8%AF%D8%B1_%D8%A8%D8%B1%D9%86%D8%A7%D9%85%D9%87_%D8%AE%D9%88%D8%B4%D8%A7_%D8%B4%DB%8C%D8%B1%D8%A7%D8%B2_3.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/up/albom/Pictures/15/%D8%B3%D8%B1%DB%8C%D8%A7%D9%84%20%DA%A9%D8%B1%D9%87%20%D8%A7%DB%8C%20%D8%A7%D9%82%D8%A7%DB%8C%20%D8%AF%DA%A9%D8%AA%D8%B11.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/up/albom/Pictures/15/%D8%B3%D8%B1%DB%8C%D8%A7%D9%84%20%DA%A9%D8%B1%D9%87%20%D8%A7%DB%8C%20%D8%A7%D9%82%D8%A7%DB%8C%20%D8%AF%DA%A9%D8%AA%D8%B11.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /up/albom/Pictures/15/%D8%B3%D8%B1%DB%8C%D8%A7%D9%84%20%DA%A9%D8%B1%D9%87%20%D8%A7%DB%8C%20%D8%A7%D9%82%D8%A7%DB%8C%20%D8%AF%DA%A9%D8%AA%D8%B11.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.rozblog.com/temp/rang/like.png

79.127.127.68

200 OK

2.3 kB

URL GET
www.rozblog.com/temp/rang/like.png
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
PNG image data, 22 x 42, 8-bit/color RGBA, non-interlaced
Size
2.3 kB (2272 bytes)
Hash
dd370ffbcd679da0d5c8547f34c6e2fb
6df3b9ec0e82b1a6ef41bc83041d2b2e16200077
2f14531974b17d9fd89de532694faf69ed7aa61b04ea990108b138d772ba96f7

HTTP Headers

GET /temp/rang/like.png HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sat, 30 May 2026 08:47:08 GMT
content-type: image/png
last-modified: Sat, 14 Feb 2015 11:52:19 GMT
accept-ranges: bytes
content-length: 2272
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

GET up.campin.ir/view/1247270/4115201_436.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1247270/4115201_436.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1247270/4115201_436.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET albom.rozblog.com/temp/tarahi/fonts/yekanregular.woff

79.127.127.68

200 OK

22 kB

URL GET
albom.rozblog.com/temp/tarahi/fonts/yekanregular.woff
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
Web Open Font Format, CFF, length 21500, version 2.0
Size
22 kB (21500 bytes)
Hash
05727d32400b2008acbf7fc49251ede0
b6c1a82539a2531eb1aad7d1cf05554d5a999154
da78e001fab6f5d7b1c68e17d00fb1595c9b10085d6769a86aeb6a39dc7e43d6

HTTP Headers

GET /temp/tarahi/fonts/yekanregular.woff HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/temp/tarahi/styles.css
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551; c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; c_t=743186839708c4aa36854083004670413825
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sun, 01 Jun 2025 08:47:08 GMT
content-type: font/woff
last-modified: Thu, 26 Feb 2015 19:00:25 GMT
etag: "53fc-54ef6d49-80b982f1d7ce7ee2;;;"
accept-ranges: bytes
content-length: 21500
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
access-control-allow-origin: *

GET rozblog.com/temp/music3/MTForumBlock_row.png

79.127.127.68

301 Moved Permanently

155 B

URL GET
rozblog.com/temp/music3/MTForumBlock_row.png
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type

Size
155 B (155 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /temp/music3/MTForumBlock_row.png HTTP/1.1
Host: rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
content-type: text/html
content-length: 707
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
location: https://www.rozblog.com/temp/music3/MTForumBlock_row.png
strict-transport-security: max-age=0;
vary: User-Agent

GET albom.rozblog.com/weblog/file/loading/88.gif

79.127.127.68

200 OK

6.0 kB

URL GET
albom.rozblog.com/weblog/file/loading/88.gif
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
GIF image data, version 89a, 50 x 50
Size
6.0 kB (5972 bytes)
Hash
093445ee241c72e6dca01dc570c230dc
32adb71ec06b5d29ec62c5511328d5970228b86d
d40495f2a0e830c47fe4cd50574c68e206292f63545a0684516db0cd8716ee0e

HTTP Headers

GET /weblog/file/loading/88.gif HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sat, 30 May 2026 08:47:08 GMT
content-type: image/gif
last-modified: Thu, 02 Feb 2012 21:52:24 GMT
accept-ranges: bytes
content-length: 5972
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

GET albom.rozblog.com/include/captcha/cap9.php

79.127.127.68

200 OK

2.4 kB

URL GET
albom.rozblog.com/include/captcha/cap9.php
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
PNG image data, 100 x 30, 8-bit/color RGB, non-interlaced
Size
2.4 kB (2441 bytes)
Hash
eab867eaa1a71d8edd17c26cf48e153a
8752adc99a47f0121c048c812aacf6f6f1540a39
9cf1869405fa0c46765126a9c8f60126563a6b150055883a5c56bec62d2898db

HTTP Headers

GET /include/captcha/cap9.php HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: image/png
content-length: 2441
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

GET www.rozblog.com/temp/music3/MTForumBlock_row_over.png

79.127.127.68

200 OK

139 B

URL GET
www.rozblog.com/temp/music3/MTForumBlock_row_over.png
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
PNG image data, 1 x 18, 8-bit/color RGB, non-interlaced
Size
139 B (139 bytes)
Hash
1fd885e3d0a8fc062470706ae84ea56b
f0e6c850b1794c523ca16bf087054cb843daf6fa
e0dc411ff39139fd39b2cf6d027ab2d56fbd3b51bacc0935e1ae284e65c64e40

HTTP Headers

GET /temp/music3/MTForumBlock_row_over.png HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sat, 30 May 2026 08:47:08 GMT
content-type: image/png
last-modified: Sun, 03 Jul 2011 21:44:44 GMT
accept-ranges: bytes
content-length: 139
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

GET up.campin.ir/up/albom/Pictures/17/%D8%B9%DA%A9%D8%B3%20%D9%88%20%D8%A8%DB%8C%D9%88%DA%AF%D8%B1%D8%A7%D9%81%DB%8C%20%D8%A8%D9%87%D8%A7%D8%B1%D9%87%20%D8%A7%D9%81%D8%B4%D8%A7%D8%B1%DB%8C.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/up/albom/Pictures/17/%D8%B9%DA%A9%D8%B3%20%D9%88%20%D8%A8%DB%8C%D9%88%DA%AF%D8%B1%D8%A7%D9%81%DB%8C%20%D8%A8%D9%87%D8%A7%D8%B1%D9%87%20%D8%A7%D9%81%D8%B4%D8%A7%D8%B1%DB%8C.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /up/albom/Pictures/17/%D8%B9%DA%A9%D8%B3%20%D9%88%20%D8%A8%DB%8C%D9%88%DA%AF%D8%B1%D8%A7%D9%81%DB%8C%20%D8%A8%D9%87%D8%A7%D8%B1%D9%87%20%D8%A7%D9%81%D8%B4%D8%A7%D8%B1%DB%8C.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.tools.campin.ir/view/1090288/248730_914.jpg

0.0.0.0

0 B

URL GET
up.tools.campin.ir/view/1090288/248730_914.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1090288/248730_914.jpg HTTP/1.1
Host: up.tools.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/view/1247405/hozoor%20obama%20dar%20masjed%201.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1247405/hozoor%20obama%20dar%20masjed%201.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1247405/hozoor%20obama%20dar%20masjed%201.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET albom.rozblog.com/temp/tarahi/fonts/fontawesome-webfont.woff?v=4.2.0

79.127.127.68

200 OK

66 kB

URL GET
albom.rozblog.com/temp/tarahi/fonts/fontawesome-webfont.woff?v=4.2.0
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
Web Open Font Format, TrueType, length 65452, version 1.0
Size
66 kB (65452 bytes)
Hash
d95d6f5d5ab7cfefd09651800b69bd54
7d65e0227d0d7cdc1718119cd2a7dce0638f151c
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

HTTP Headers

GET /temp/tarahi/fonts/fontawesome-webfont.woff?v=4.2.0 HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/temp/tarahi/styles.css
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551; c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; c_t=743186839708c4aa36854083004670413825
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sun, 01 Jun 2025 08:47:08 GMT
content-type: font/woff
last-modified: Thu, 26 Feb 2015 19:00:20 GMT
etag: "ffac-54ef6d44-11fea27943efc11b;;;"
accept-ranges: bytes
content-length: 65452
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
access-control-allow-origin: *

GET up.campin.ir/up/albom/Pictures/19/%D8%A7%D8%B2%D9%85%D9%88%D9%86.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/up/albom/Pictures/19/%D8%A7%D8%B2%D9%85%D9%88%D9%86.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /up/albom/Pictures/19/%D8%A7%D8%B2%D9%85%D9%88%D9%86.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/view/1022220/www.campin.ir_barfi_love19.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1022220/www.campin.ir_barfi_love19.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1022220/www.campin.ir_barfi_love19.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET albom.rozblog.com/user/albom.jpg

79.127.127.68

200 OK

3.9 kB

URL GET
albom.rozblog.com/user/albom.jpg
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75", baseline, precision 8, 150x150, components 3
Size
3.9 kB (3915 bytes)
Hash
42a2fd48a1f126b0baa2831f0b2e0a2b
a9a96230a5c9eda4afb52fa0aab65155a082d6f2
df483e32106ee1761eda6087b58e2538c0fb8beead2b54673cdffbac4eeffa86

HTTP Headers

GET /user/albom.jpg HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sat, 30 May 2026 08:47:08 GMT
content-type: image/jpeg
last-modified: Sat, 30 May 2015 13:22:16 GMT
accept-ranges: bytes
content-length: 3915
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

GET up.campin.ir/view/1249917/mohammad-reza-golzar1-campin.ir.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1249917/mohammad-reza-golzar1-campin.ir.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1249917/mohammad-reza-golzar1-campin.ir.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/view/1249926/fu1773.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1249926/fu1773.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1249926/fu1773.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/view/1246412/sosha%20makani%201.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1246412/sosha%20makani%201.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1246412/sosha%20makani%201.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/view/1049121/Atseh5.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1049121/Atseh5.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1049121/Atseh5.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/view/998516/arbaein94.JPG.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/998516/arbaein94.JPG.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/998516/arbaein94.JPG.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET albom.rozblog.com/temp/site.css?38.2

79.127.127.68

200 OK

73 kB

URL GET
albom.rozblog.com/temp/site.css?38.2
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
Unicode text, UTF-8 text, with very long lines (7735)
Size
73 kB (73351 bytes)
Hash
f85e2413cc544c5fecccb76b39d6ad2a
5df2a4f7daee56d62e1616861857406eda9de573
1d237543785e7a94e29aaf63bf20d8bb62439be47db75aec79a9273f0a4d2cba

HTTP Headers

GET /temp/site.css?38.2 HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sun, 29 Jun 2025 08:47:08 GMT
content-type: text/css
last-modified: Sat, 24 May 2025 16:32:13 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 16349
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

GET albom.rozblog.com/temp/pro/ads_468.jpg

79.127.127.68

200 OK

6.3 kB

URL GET
albom.rozblog.com/temp/pro/ads_468.jpg
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
JPEG image data, JFIF standard 1.00, resolution (DPI), density 96x96, segment length 16, comment: "LEAD Technologies Inc. V1.01", baseline, precision 8, 468x60, components 3
Size
6.3 kB (6286 bytes)
Hash
db8cac5e50e0f1be65a3ec0756ea6612
3053609e1039ab6d0d0be6adefeaf7ba7a243cf6
8f10f1e719bda34ecfc3af6b50f8273e9c9676d10612eff12aad2382d458ef1d

HTTP Headers

GET /temp/pro/ads_468.jpg HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sat, 30 May 2026 08:47:08 GMT
content-type: image/jpeg
last-modified: Fri, 20 Feb 2015 09:52:01 GMT
accept-ranges: bytes
content-length: 6286
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

GET www.rozblog.com/theme/ads/banner.html

79.127.127.68

200 OK

1.2 kB

URL GET
www.rozblog.com/theme/ads/banner.html
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
1.2 kB (1166 bytes)
Hash
0377aa42bd9e5ae1f2f2ddcb3ea29535
bf289dd5d859564f1e39f5a688da73cb4e449ee2
10bffb52c4cf3d40076d6130313040979d065ac405fdb398de59495707ff6122

HTTP Headers

GET /theme/ads/banner.html HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=172800
expires: Sun, 01 Jun 2025 08:47:08 GMT
content-type: text/html
last-modified: Tue, 09 Jul 2024 13:12:26 GMT
etag: "48e-668d373a-e09a3ebd605f281b;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 487
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

GET up.campin.ir/up/albom/Pictures/24/%D9%86%D8%AA%DB%8C%D8%AC%D9%87-%D9%85%D8%B3%D8%A7%D8%A8%D9%82%D9%87-%D8%AE%D9%86%D8%AF%D9%88%D8%A7%D9%86%D9%87-%D8%AA%D8%A7-%D8%A7%D9%84%D8%A7%D9%86-%D8%AE%D9%86%D8%AF%D8%A7%D9%86%D9%86%D8%AF%D9%87-%D8%A8%D8%B1%D8%AA%D8%B1-%D8%AC%D8%AF%D9%88%D9%84-%D9%85%D8%B3%D8%A7%D8%A8%D9%82%D9%87-%D8%AF%D9%87%D9%86%D8%AF%DA%AF%D8%A7%D9%86-%D8%AE%D9%86%D8%AF%D9%88%D8%A7%D9%86%D9%87i.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/up/albom/Pictures/24/%D9%86%D8%AA%DB%8C%D8%AC%D9%87-%D9%85%D8%B3%D8%A7%D8%A8%D9%82%D9%87-%D8%AE%D9%86%D8%AF%D9%88%D8%A7%D9%86%D9%87-%D8%AA%D8%A7-%D8%A7%D9%84%D8%A7%D9%86-%D8%AE%D9%86%D8%AF%D8%A7%D9%86%D9%86%D8%AF%D9%87-%D8%A8%D8%B1%D8%AA%D8%B1-%D8%AC%D8%AF%D9%88%D9%84-%D9%85%D8%B3%D8%A7%D8%A8%D9%82%D9%87-%D8%AF%D9%87%D9%86%D8%AF%DA%AF%D8%A7%D9%86-%D8%AE%D9%86%D8%AF%D9%88%D8%A7%D9%86%D9%87i.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /up/albom/Pictures/24/%D9%86%D8%AA%DB%8C%D8%AC%D9%87-%D9%85%D8%B3%D8%A7%D8%A8%D9%82%D9%87-%D8%AE%D9%86%D8%AF%D9%88%D8%A7%D9%86%D9%87-%D8%AA%D8%A7-%D8%A7%D9%84%D8%A7%D9%86-%D8%AE%D9%86%D8%AF%D8%A7%D9%86%D9%86%D8%AF%D9%87-%D8%A8%D8%B1%D8%AA%D8%B1-%D8%AC%D8%AF%D9%88%D9%84-%D9%85%D8%B3%D8%A7%D8%A8%D9%82%D9%87-%D8%AF%D9%87%D9%86%D8%AF%DA%AF%D8%A7%D9%86-%D8%AE%D9%86%D8%AF%D9%88%D8%A7%D9%86%D9%87i.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/up/albom/Pictures/15/%D8%A7%D9%81%D8%B1%D8%A7%D8%AF%20%D8%A8%D8%B1%D8%AA%D8%B1%20%DA%A9%D9%86%DA%A9%D9%88%D8%B1%20%D8%B3%D8%B1%D8%A7%D8%B3%D8%B1%DB%8C%2094.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/up/albom/Pictures/15/%D8%A7%D9%81%D8%B1%D8%A7%D8%AF%20%D8%A8%D8%B1%D8%AA%D8%B1%20%DA%A9%D9%86%DA%A9%D9%88%D8%B1%20%D8%B3%D8%B1%D8%A7%D8%B3%D8%B1%DB%8C%2094.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /up/albom/Pictures/15/%D8%A7%D9%81%D8%B1%D8%A7%D8%AF%20%D8%A8%D8%B1%D8%AA%D8%B1%20%DA%A9%D9%86%DA%A9%D9%88%D8%B1%20%D8%B3%D8%B1%D8%A7%D8%B3%D8%B1%DB%8C%2094.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/up/albom/Pictures/13/151301247dbe4d4388829d467d1703c5.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/up/albom/Pictures/13/151301247dbe4d4388829d467d1703c5.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /up/albom/Pictures/13/151301247dbe4d4388829d467d1703c5.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET rozblog.com/temp/music3/MTForumBlock_row_over.png

79.127.127.68

301 Moved Permanently

139 B

URL GET
rozblog.com/temp/music3/MTForumBlock_row_over.png
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type

Size
139 B (139 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /temp/music3/MTForumBlock_row_over.png HTTP/1.1
Host: rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
content-type: text/html
content-length: 707
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
location: https://www.rozblog.com/temp/music3/MTForumBlock_row_over.png
strict-transport-security: max-age=0;
vary: User-Agent

GET rozblog.com/temp/rang/like.png

79.127.127.68

301 Moved Permanently

2.3 kB

URL GET
rozblog.com/temp/rang/like.png
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type

Size
2.3 kB (2272 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /temp/rang/like.png HTTP/1.1
Host: rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
content-type: text/html
content-length: 707
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
location: https://www.rozblog.com/temp/rang/like.png
strict-transport-security: max-age=0;
vary: User-Agent

GET www.rozblog.com/theme/ads/arrow-left.png

79.127.127.68

200 OK

4.2 kB

URL GET
www.rozblog.com/theme/ads/arrow-left.png
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://www.rozblog.com/theme/ads/banner.html
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
4.2 kB (4167 bytes)
Hash
46391ce1d25fa254f516224c73a046c7
95329d21a757541712e4b80a9bec8956e9b73225
786bf14fc49d5da14aa7da62d92e119c4e9c652430a071fdb77ccaf2949e640d

HTTP Headers

GET /theme/ads/arrow-left.png HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.rozblog.com/theme/ads/banner.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sat, 30 May 2026 08:47:08 GMT
content-type: image/png
last-modified: Tue, 09 Jul 2024 11:20:37 GMT
accept-ranges: bytes
content-length: 4167
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

GET rozup.ir/up/albom/Pictures/1/%D8%B9%DA%A9%D8%B3%20%D8%B9%D8%A7%D8%B4%D9%82%D8%A7%D9%86%D9%87%20%D8%AC%D8%AF%DB%8C%D8%AF%2094.jpg

79.127.127.67

200 OK

37 kB

URL GET
rozup.ir/up/albom/Pictures/1/%D8%B9%DA%A9%D8%B3%20%D8%B9%D8%A7%D8%B4%D9%82%D8%A7%D9%86%D9%87%20%D8%AC%D8%AF%DB%8C%D8%AF%2094.jpg
IP
79.127.127.67:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozup.ir
Fingerprint40:CE:43:BF:0B:9C:3C:70:E4:24:8D:4F:09:CF:6A:0B:E6:40:37:E0
ValiditySat, 24 May 2025 19:36:09 GMT - Fri, 22 Aug 2025 19:36:08 GMT

File type
JPEG image data, baseline, precision 8, 640x480, components 3
Size
37 kB (37265 bytes)
Hash
826c5db0da823368e0ffdf40ed0ee687
44b3cf4c52a9c29f05bf83c6e5f76da5ea936c3b
a54fae0ca290aa5940a517a266c7f38077580de11be182680532e12dc9b95c4b

HTTP Headers

GET /up/albom/Pictures/1/%D8%B9%DA%A9%D8%B3%20%D8%B9%D8%A7%D8%B4%D9%82%D8%A7%D9%86%D9%87%20%D8%AC%D8%AF%DB%8C%D8%AF%2094.jpg HTTP/1.1
Host: rozup.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Fri, 30 May 2025 08:47:08 GMT
Content-Type: image/jpeg
Content-Length: 37265
Last-Modified: Mon, 09 Mar 2015 09:50:57 GMT
Connection: keep-alive
ETag: "54fd6d01-9191"
Accept-Ranges: bytes

GET www.rozblog.com/theme/ads/Vazir.woff

79.127.127.68

200 OK

54 kB

URL GET
www.rozblog.com/theme/ads/Vazir.woff
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://www.rozblog.com/theme/ads/banner.html
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
Web Open Font Format, TrueType, length 54004, version 0.0
Size
54 kB (54004 bytes)
Hash
abdaaf2e791f4416323efffec0a85b49
a9a3ee5482b64dd5792a0845e576806c79354118
2bcfbc8d9cbea056d3c0a8e511a28ef7461748230cec56b40ac0952058725adb

HTTP Headers

GET /theme/ads/Vazir.woff HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.rozblog.com/theme/ads/style_ads.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sun, 01 Jun 2025 08:47:09 GMT
content-type: font/woff
last-modified: Tue, 09 Jul 2024 11:20:37 GMT
etag: "d2f4-668d1d05-beec0b8c8b94f6c8;;;"
accept-ranges: bytes
content-length: 54004
date: Fri, 30 May 2025 08:47:09 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
access-control-allow-origin: *

GET up.campin.ir/view/1178304/pa3.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1178304/pa3.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1178304/pa3.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.rozblog.com/temp/nuke/FBarrow.gif

79.127.127.68

200 OK

59 B

URL GET
www.rozblog.com/temp/nuke/FBarrow.gif
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
GIF image data, version 89a, 9 x 9
Size
59 B (59 bytes)
Hash
08f58683f752ec50ab890d4162cf9a03
2a0e3923b77ab35c273bf5307fc980f4d4de42fe
d8359b38e288d654bf46c6c01ea58f896a998390f848ca99eb4015900f1cdb42

HTTP Headers

GET /temp/nuke/FBarrow.gif HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://albom.rozblog.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sat, 30 May 2026 08:47:08 GMT
content-type: image/gif
last-modified: Sat, 26 Nov 2011 12:58:49 GMT
accept-ranges: bytes
content-length: 59
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

GET up.campin.ir/up/albom/Pictures/5/www.campin.ir.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/up/albom/Pictures/5/www.campin.ir.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /up/albom/Pictures/5/www.campin.ir.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/view/1246076/khandedar-campin.ir-10.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1246076/khandedar-campin.ir-10.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1246076/khandedar-campin.ir-10.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/up/albom/Pictures/25/image398366.jpg7_.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/up/albom/Pictures/25/image398366.jpg7_.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /up/albom/Pictures/25/image398366.jpg7_.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/view/1246400/konkoor.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1246400/konkoor.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1246400/konkoor.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/view/1241537/campin.ir-mohsen-tanabande-3385.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1241537/campin.ir-mohsen-tanabande-3385.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1241537/campin.ir-mohsen-tanabande-3385.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/up/albom/Pictures/4/%D8%AF%D8%A7%D9%86%D9%84%D9%88%D8%AF%20%D8%A8%D8%B1%D9%86%D8%A7%D9%85%D9%87%20%D8%AE%D9%86%D8%AF%D9%88%D8%A7%D9%86%D9%87%2094.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/up/albom/Pictures/4/%D8%AF%D8%A7%D9%86%D9%84%D9%88%D8%AF%20%D8%A8%D8%B1%D9%86%D8%A7%D9%85%D9%87%20%D8%AE%D9%86%D8%AF%D9%88%D8%A7%D9%86%D9%87%2094.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /up/albom/Pictures/4/%D8%AF%D8%A7%D9%86%D9%84%D9%88%D8%AF%20%D8%A8%D8%B1%D9%86%D8%A7%D9%85%D9%87%20%D8%AE%D9%86%D8%AF%D9%88%D8%A7%D9%86%D9%87%2094.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/up/albom/Pictures/21/%DA%A9%D8%AF%D9%87%D8%A7%DB%8C%20%D9%BE%DB%8C%D8%B4%D9%88%D8%A7%D8%B2%20%D8%A2%D9%84%D8%A8%D9%88%D9%85%20%D8%A7%D8%B3%D9%85%D8%B4%20%D8%B9%D8%B4%D9%82%D9%87%20%D9%BE%D8%A7%D8%B4%D8%A7%DB%8C%DB%8C.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/up/albom/Pictures/21/%DA%A9%D8%AF%D9%87%D8%A7%DB%8C%20%D9%BE%DB%8C%D8%B4%D9%88%D8%A7%D8%B2%20%D8%A2%D9%84%D8%A8%D9%88%D9%85%20%D8%A7%D8%B3%D9%85%D8%B4%20%D8%B9%D8%B4%D9%82%D9%87%20%D9%BE%D8%A7%D8%B4%D8%A7%DB%8C%DB%8C.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /up/albom/Pictures/21/%DA%A9%D8%AF%D9%87%D8%A7%DB%8C%20%D9%BE%DB%8C%D8%B4%D9%88%D8%A7%D8%B2%20%D8%A2%D9%84%D8%A8%D9%88%D9%85%20%D8%A7%D8%B3%D9%85%D8%B4%20%D8%B9%D8%B4%D9%82%D9%87%20%D9%BE%D8%A7%D8%B4%D8%A7%DB%8C%DB%8C.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET rozup.ir/up/lorpatough/wp-content/photo/instagram/2/%D8%B9%DA%A9%D8%B3%20%D9%86%D9%88%D8%B4%D8%AA%D9%87%20%D8%B9%D8%A7%D8%B4%D9%82%D8%A7%D9%86%D9%87%20%D8%A7%DB%8C%D9%86%D8%B3%D8%AA%D8%A7%DA%AF%D8%B1%D8%A7%D9%852.png

79.127.127.67

200 OK

395 kB

URL GET
rozup.ir/up/lorpatough/wp-content/photo/instagram/2/%D8%B9%DA%A9%D8%B3%20%D9%86%D9%88%D8%B4%D8%AA%D9%87%20%D8%B9%D8%A7%D8%B4%D9%82%D8%A7%D9%86%D9%87%20%D8%A7%DB%8C%D9%86%D8%B3%D8%AA%D8%A7%DA%AF%D8%B1%D8%A7%D9%852.png
IP
79.127.127.67:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozup.ir
Fingerprint40:CE:43:BF:0B:9C:3C:70:E4:24:8D:4F:09:CF:6A:0B:E6:40:37:E0
ValiditySat, 24 May 2025 19:36:09 GMT - Fri, 22 Aug 2025 19:36:08 GMT

File type
PNG image data, 560 x 529, 8-bit/color RGBA, non-interlaced
Size
395 kB (395375 bytes)
Hash
2602d11e766bc13afb1e91bba600d15b
a368fb2aefb86333d0a14473409871dbe2912413
5ebdc42896a4a8e045c2ffcc0e2174f09015d2b9c584ca47c70d939d95c03bbb

HTTP Headers

GET /up/lorpatough/wp-content/photo/instagram/2/%D8%B9%DA%A9%D8%B3%20%D9%86%D9%88%D8%B4%D8%AA%D9%87%20%D8%B9%D8%A7%D8%B4%D9%82%D8%A7%D9%86%D9%87%20%D8%A7%DB%8C%D9%86%D8%B3%D8%AA%D8%A7%DA%AF%D8%B1%D8%A7%D9%852.png HTTP/1.1
Host: rozup.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Fri, 30 May 2025 08:47:08 GMT
Content-Type: image/png
Content-Length: 395375
Last-Modified: Fri, 20 Feb 2015 18:42:22 GMT
Connection: keep-alive
ETag: "54e7800e-6086f"
Accept-Ranges: bytes

GET albom.rozblog.com/temp/tarahi/fonts/wdtv.woff

79.127.127.68

200 OK

15 kB

URL GET
albom.rozblog.com/temp/tarahi/fonts/wdtv.woff
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
Web Open Font Format, TrueType, length 14648, version 1.0
Size
15 kB (14648 bytes)
Hash
259c4490256daceb6a5f275cee137627
5c0eae14870f1ec6527aa64f3f675cb9063034ee
bd4bdb99aa4a1cf56a05d7a913dce42b23b4cb021148b0a0f22d836105d98fc5

HTTP Headers

GET /temp/tarahi/fonts/wdtv.woff HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/temp/tarahi/styles.css
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551; c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; c_t=743186839708c4aa36854083004670413825
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sun, 01 Jun 2025 08:47:08 GMT
content-type: font/woff
last-modified: Thu, 26 Feb 2015 19:00:22 GMT
etag: "3938-54ef6d46-daf654b8921ad10f;;;"
accept-ranges: bytes
content-length: 14648
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent
access-control-allow-origin: *

GET 3ali3.com/wp-content/uploads/2013/07/je-1.jpg

0.0.0.0

0 B

URL GET
3ali3.com/wp-content/uploads/2013/07/je-1.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/uploads/2013/07/je-1.jpg HTTP/1.1
Host: 3ali3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/view/968332/atseh-4.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/968332/atseh-4.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/968332/atseh-4.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET up.campin.ir/view/1070786/mazyar-fallahi-bi-gharar.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1070786/mazyar-fallahi-bi-gharar.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1070786/mazyar-fallahi-bi-gharar.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET albom.rozblog.com/

79.127.127.68

200 OK

62 kB

URL User Request GET
albom.rozblog.com/
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1436), with CRLF, LF line terminators
Size
62 kB (61960 bytes)
Hash
1f78202f11fc52e02f13a6237693f787
7a82c460dc222cb21fc13716a877a085d23acc90
655d8781f2dcbb34944816c426ae6ab88733f1c4700d2103d1359e8113da0e78

HTTP Headers

GET / HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-language: fa
set-cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; path=/; secure
id_guest=8308801551; expires=Sun, 29 Jun 2025 08:47:07 GMT; Max-Age=2592000; path=/; secure
content-type: text/html; charset=utf-8
vary: Accept-Encoding,User-Agent
content-encoding: gzip
date: Fri, 30 May 2025 08:47:07 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

GET albom.rozblog.com/images/refresh2.svg

79.127.127.68

200 OK

276 B

URL GET
albom.rozblog.com/images/refresh2.svg
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
SVG Scalable Vector Graphics image
Size
276 B (276 bytes)
Hash
7082e86e2a3c9646fa1aa922b8e3a2d6
7f704127e872b5b94b8e2dd7959e2d5c9b9379a8
d1254b0bb9112500f8f39e1130f0a6c8dca1037d416e7f7d6524894b31b06b00

HTTP Headers

GET /images/refresh2.svg HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Fri, 06 Jun 2025 08:47:08 GMT
content-type: image/svg+xml
last-modified: Wed, 28 Apr 2021 22:57:34 GMT
etag: "114-6089e85e-9f2e18d89b796b95;;;"
accept-ranges: bytes
content-length: 276
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

GET up.campin.ir/up/albom/Pictures/5/164269642.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/up/albom/Pictures/5/164269642.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /up/albom/Pictures/5/164269642.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.rozblog.com/temp/music3/MTForumBlock_row.png

79.127.127.68

200 OK

155 B

URL GET
www.rozblog.com/temp/music3/MTForumBlock_row.png
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
PNG image data, 1 x 18, 8-bit/color RGB, non-interlaced
Size
155 B (155 bytes)
Hash
3ae7d651d73f3b247f9737655c53e08e
476c9a585906552a1054a74f88de640142ce40f5
d5496cde5cf105a1cf8c8fe59e0efefba5859a4fbff07a4701ec4f4a7c6e5ac5

HTTP Headers

GET /temp/music3/MTForumBlock_row.png HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sat, 30 May 2026 08:47:08 GMT
content-type: image/png
last-modified: Sun, 03 Jul 2011 21:45:04 GMT
accept-ranges: bytes
content-length: 155
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

GET albom.rozblog.com/js/site.js?24.22

79.127.127.68

200 OK

74 kB

URL GET
albom.rozblog.com/js/site.js?24.22
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (2911)
Size
74 kB (73521 bytes)
Hash
e56a4c52838e03df656c48792b2a57cb
00de597702a932e67a004acc721d76e0eb8bbc99
2dd67fba4cadc0c42067bd90622e44f3b79fdf6da2277178a782fc5e040110c7

HTTP Headers

GET /js/site.js?24.22 HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Fri, 06 Jun 2025 08:47:08 GMT
content-type: application/javascript
last-modified: Sun, 25 May 2025 17:35:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 16332
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
access-control-allow-origin: *

GET rozblog.com/temp/nuke/FBarrow.gif

79.127.127.68

301 Moved Permanently

59 B

URL GET
rozblog.com/temp/nuke/FBarrow.gif
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type

Size
59 B (59 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /temp/nuke/FBarrow.gif HTTP/1.1
Host: rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
content-type: text/html
content-length: 707
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
location: https://www.rozblog.com/temp/nuke/FBarrow.gif
strict-transport-security: max-age=0;
vary: User-Agent

GET up.campin.ir/view/1244802/Cast-campin.ir-17.jpg

0.0.0.0

0 B

URL GET
up.campin.ir/view/1244802/Cast-campin.ir-17.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://albom.rozblog.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /view/1244802/Cast-campin.ir-17.jpg HTTP/1.1
Host: up.campin.ir
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET www.rozblog.com/theme/ads/ecommerce.png

79.127.127.68

200 OK

9.7 kB

URL GET
www.rozblog.com/theme/ads/ecommerce.png
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://www.rozblog.com/theme/ads/banner.html
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
9.7 kB (9747 bytes)
Hash
31ce9ee51ccddf63254006e1393ee127
00af5daa90da5823a622626fe4354ed2bd174237
b618833a26e46f5eb75306ff53b14894f75030eb2b996f17273fe4ebe9038d80

HTTP Headers

GET /theme/ads/ecommerce.png HTTP/1.1
Host: www.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.rozblog.com/theme/ads/banner.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Sat, 30 May 2026 08:47:08 GMT
content-type: image/png
last-modified: Tue, 09 Jul 2024 11:20:37 GMT
accept-ranges: bytes
content-length: 9747
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
vary: User-Agent

GET albom.rozblog.com/temp/default/script.js

79.127.127.68

200 OK

1.2 kB

URL GET
albom.rozblog.com/temp/default/script.js
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
ASCII text
Size
1.2 kB (1197 bytes)
Hash
0f79a0db21adf42d6692070342a13c8e
bf3349841b9b81f0cb9b6694cbc5b4ebb8fe714a
c73a5c5ae7ea0f3c2f22e53038af6a95f5ceaa91abb56a7ac80f61c14745f359

HTTP Headers

GET /temp/default/script.js HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=31536000, no-transform
expires: Fri, 06 Jun 2025 08:47:08 GMT
content-type: application/javascript
last-modified: Wed, 18 Jul 2018 10:51:39 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 231
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;
access-control-allow-origin: *

GET albom.rozblog.com/code/popup

79.127.127.68

200 OK

3.2 kB

URL GET
albom.rozblog.com/code/popup
IP
79.127.127.68:443
ASN
#43754 Asiatech Data Transmission company

Requested by
https://albom.rozblog.com/
Certificate
IssuerLet's Encrypt
Subjectrozblog.com
Fingerprint53:42:3C:97:0D:22:8D:8C:D4:E7:B1:F9:09:CE:E1:70:1B:F8:2F:83
ValiditySun, 18 May 2025 09:12:06 GMT - Sat, 16 Aug 2025 09:12:05 GMT

File type
ASCII text, with CRLF line terminators
Size
3.2 kB (3210 bytes)
Hash
2d77dfe4ca6c2dac778ddcef48ec2dd0
6609c98796378bad8620c2fad0bd1304dec330c1
57b58e7b2977fde3362387be4c48d05b73f34a622d0863ccbbf705234df82497

HTTP Headers

GET /code/popup HTTP/1.1
Host: albom.rozblog.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://albom.rozblog.com/
Cookie: PHPSESSID=514d98e464fd36e722cc94c7089bcd22; id_guest=8308801551
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-language: fa
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 30 May 2025 08:47:08 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0,pre-check=0
pragma: no-cache
set-cookie: c_ref=9ab68fd6d6d09f35ca12c9a76bf3c880; expires=Sat, 31 May 2025 08:47:08 GMT; Max-Age=86400; path=/; secure
c_t=743186839708c4aa36854083004670413825; expires=Sat, 31 May 2025 08:47:08 GMT; Max-Age=86400; path=/; secure
vary: Accept-Encoding,User-Agent
content-length: 1187
content-encoding: gzip
date: Fri, 30 May 2025 08:47:08 GMT
server: LiteSpeed
strict-transport-security: max-age=0;

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (59)

URL GET

IP

ASN

Requested by