Report - kdlfu.ir/wpadmin/yy.php

Report Overview

Submitted URL
kdlfu.ir/wpadmin/yy.php
IP
193.141.65.151
ASN
#61173 Green Web Samaneh Novin PJSC
Submitted
2024-05-10 01:21:38
Access
public
Website Title
اتحادیه شرکت های تعاونی کشاورزی گاوداران و دامداران صنعتی خراسان رضوی | برگه پیدا نشد.
Final URL
kdlfu.ir/wpadmin/yy.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
92

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
kdlfu.ir	unknown	unknown	2018-02-02	2023-06-04	21 kB	4.2 MB	193.141.65.151
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	398 B	9.4 kB	142.250.74.132
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-10	466 B	205 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-09	medium	kdlfu.ir/wpadmin/yy.php	Credit Mutuel

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed
2024-05-10	medium	kdlfu.ir	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	kdlfu.ir/wpadmin/yy.php	429 B	2024-05-10	2024-05-10
Pretty URL kdlfu.ir/wpadmin/yy.php IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 03:21:45 Last Seen2024-05-10 03:21:45 Times Seen1 Hash f817dcfd64737cfe58e40f6660d58adf b6e6fe26f1c37af00c3a0aba713e81bbe4930f68 b2e77cdca09e1e523c56756c8eb1d47e8a0f9713bb35134bdb33313260a30c86 Loading...

	kdlfu.ir/wpadmin/yy.php	399 B	2024-05-10	2024-05-10
Pretty URL kdlfu.ir/wpadmin/yy.php IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 03:21:45 Last Seen2024-05-10 03:21:45 Times Seen1 Hash 58bb973d446bcd4cedbc040871c83028 523e35dffdee55b3b6b47de2231dd287f02f01b0 00156214823e4a4c3965fb50e1284d3bb5576333100384e5fb38d8b141560c63 Loading...

	kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.bootstrap.js	37 kB	2023-03-07	2024-05-18
Pretty URL kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.bootstrap.js IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:19 Last Seen2024-05-18 19:30:25 Times Seen302 Hash 0116cec0b3cdbd8609da2c35cde9ab9d 2b3cc6f56c977102897157fd3944a69619df4024 1d8b0735db1ab07c22daa4a02386d16970765869d1ac5defad1c12a66bca4bf5 Loading...

	kdlfu.ir/wpadmin/yy.php	0 B	2023-03-07	2024-05-20
Pretty URL kdlfu.ir/wpadmin/yy.php IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 16:53:39 Times Seen37882502 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js	514 kB	2024-05-08	2024-05-18
Pretty URL www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 00:24:03 Last Seen2024-05-18 18:17:53 Times Seen7131 Hash add520996e437bff5d081315da187fbf 2e489fe16f3712bf36df00b03a8a5af8fa8d4b42 922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4 Loading...

	kdlfu.ir/wp-content/plugins/wp-rocket/inc/front/js/lazyload.1.0.2.min.js	4.7 kB	2023-05-02	2024-05-10
Pretty URL kdlfu.ir/wp-content/plugins/wp-rocket/inc/front/js/lazyload.1.0.2.min.js IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-02 21:26:00 Last Seen2024-05-10 03:21:45 Times Seen7 Hash 6299d3f189724599383d00101f454c16 62e5f94dc8326496a781348d61b787886ef42d55 5bd9d31013360bcdf8708081f06a2c3721950325e5f5681363e90cf2c7f318a4 Loading...

	kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.js	84 kB	2023-03-07	2024-05-10
Pretty URL kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.js IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:45:10 Last Seen2024-05-10 03:21:46 Times Seen19 Hash 8ba16617a46a5eeee6b3914efc959d07 785f554fb74c79dc79b8b86c074a005f8f08a7e1 0aaa319d618b9978789c75bab3616aa464839f3e901f9deeaa089501f23154d0 Loading...

	www.google.com/recaptcha/api.js	850 B	2024-05-08	2024-05-16
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 09:18:54 Last Seen2024-05-16 15:55:12 Times Seen1760 Hash cc9da74bc51547f7da14aea584e7bd4e cb70339c904703d3a88777889e63b867a04ab2d1 9d640e16608a79d4f95372f1dd9c1edf1322993b6f0d6ec224ff0f01d2053d64 Loading...

	kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.cubeportfolio.js	55 kB	2023-03-08	2024-05-10
Pretty URL kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.cubeportfolio.js IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:48:30 Last Seen2024-05-10 03:21:46 Times Seen3 Hash 09a05d6d10e12df7f38db2fbddced501 2c9653bff166adb6cda69a76a5d912e63f7fe358 119e6d6254fef960b144990df35c5b0d8249bac63951d4cbd8385c69b6735f82 Loading...

	kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.sticky.js	4.8 kB	2024-05-10	2024-05-10
Pretty URL kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.sticky.js IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 03:21:45 Last Seen2024-05-10 03:21:45 Times Seen1 Hash 333a70bbbd88e83bafa2fbf91e481ab0 78ddbb2c1134400f21a052ab2dd9047f2df134e1 d7a906178b9306f22a431860e16a2b9684450d96ff77dfcbb71bcd2734e9c56b Loading...

	kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.persianumber.js	1.4 kB	2024-05-10	2024-05-10
Pretty URL kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.persianumber.js IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 03:21:45 Last Seen2024-05-10 03:21:45 Times Seen1 Hash c0a963ff3800ee82ac30cb46122d0985 35c3de9b8a82bd9482cf188c64bbb931abb1f324 29b7ac6084ebf4988df66a3271c23a79c07bc76534557a4fe95cfd5a06ffb8cd Loading...

	kdlfu.ir/wp-includes/js/jquery/jquery.js?ver=1.12.4	97 kB	2023-03-07	2024-05-20
Pretty URL kdlfu.ir/wp-includes/js/jquery/jquery.js?ver=1.12.4 IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:45 Last Seen2024-05-20 10:35:32 Times Seen10389 Hash dc5ba5044fccc0297be7b262ce669a7c f137ff98ae379e35b0702967d3b6866a0a40e3be cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3 Loading...

	kdlfu.ir/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1	10 kB	2023-03-07	2024-05-20
Pretty URL kdlfu.ir/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:37 Last Seen2024-05-20 16:05:39 Times Seen38124 Hash 7121994eec5320fbe6586463bf9651c2 90532aff6d4121954254cdf04994d834f7ec169b 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d Loading...

	kdlfu.ir/wp-includes/js/wp-embed.min.js	1.4 kB	2023-05-17	2024-05-19
Pretty URL kdlfu.ir/wp-includes/js/wp-embed.min.js IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-17 06:40:01 Last Seen2024-05-19 12:13:37 Times Seen1569 Hash d5d85ee759b972a53a93a8fb686d48c3 d7de52a232e702a3b8caea5fe2e3d7b2d0851159 c23627dccb22a7fff7141f0ffe282891eb02fb87d8a4a636ad08d7429e7e2103 Loading...

	kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.wow.js	8.2 kB	2023-03-07	2024-05-20
Pretty URL kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.wow.js IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:38 Last Seen2024-05-20 00:53:16 Times Seen2127 Hash a26a117ff59c944bbb654bf506f69786 237c90127c99e91347536835096276b0add6d018 cfa1739ee346d63a3d3cfdff8c18cbe8fdedbcb32d4b0895028c193ce828e7a5 Loading...

	kdlfu.ir/wp-content/plugins/advanced-access-manager/media/js/aam-login.js	3.5 kB	2023-03-07	2024-05-10
Pretty URL kdlfu.ir/wp-content/plugins/advanced-access-manager/media/js/aam-login.js IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:21:28 Last Seen2024-05-10 03:21:46 Times Seen42 Hash 3d5d73ba024140da8c724eda489f6280 197feb7a2851580e4fe00386357a56f26b7f10ed 8d47edc4f49cea126c90dbf5763fb1e455c43cf450a20064d18ea7f9ff8586cd Loading...

	kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.main.js?ver=1	1.6 kB	2024-05-10	2024-05-10
Pretty URL kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.main.js?ver=1 IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 03:21:46 Last Seen2024-05-10 03:21:46 Times Seen1 Hash 6b73b84224e7f82872c287c08a22477d 04d0cc508b6f7527f81012b1d596b3c34a573915 88e90c62330c1d26c6e6cbe266f6dcd531806e12075cb0cdc105c762e5c51868 Loading...

	kdlfu.ir/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.9	14 kB	2023-03-07	2024-05-17
Pretty URL kdlfu.ir/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.9 IP 193.141.65.151 ASN #61173 Green Web Samaneh Novin PJSC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-05-17 18:13:27 Times Seen518 Hash 760f1701aad76d6a4548ce5c39dc4992 223ebe0dc172040e5cbbf0f73e03982b5d7858d4 f7db88a5dd4feb92dafbf5b17b516ddb78cfe69daff23ed72453a6a561b367f1 Loading...

HTTP Transactions (47)

URL IP Response Size

kdlfu.ir/wpadmin/yy.php

193.141.65.151

301 Moved Permanently

162 B

URL User Request GET HTTP/1.1
kdlfu.ir/wpadmin/yy.php
IP
193.141.65.151:80
ASN
#61173 Green Web Samaneh Novin PJSC

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Credit Mutuel
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wpadmin/yy.php HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 10 May 2024 01:21:05 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://kdlfu.ir/wpadmin/yy.php

kdlfu.ir/wp-content/themes/kdlfu.ir/images/telegram.png

193.141.65.151

200 OK

4.4 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/images/telegram.png
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
PNG image data, 50 x 50, 8-bit/color RGBA, interlaced
Size
4.4 kB (4387 bytes)
Hash
426e0aff145f3cb416c248e20af78bd7
0bcc06de1a4a2e103049a232604a25d36daa5369
944dcebbf186dee8ec715cc3b66233fdbdf97e71702d1fec733a84091b4e73a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/images/telegram.png HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/png
content-length: 4387
last-modified: Tue, 17 Jan 2017 16:45:12 GMT
etag: "587e4a18-1123"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/images/instgram.png

193.141.65.151

200 OK

10 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/images/instgram.png
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Size
10 kB (10126 bytes)
Hash
7f8c1f552cd0a8f2c17d92ebddb36665
4fa8f5dc0c6fed7e96c933b3d08107c702349cae
12a7f9b001f12cb3a25a3f9be6a66cb533bc9695838ad80410ed22aa7818d626

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/images/instgram.png HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/png
content-length: 10126
last-modified: Tue, 17 Jan 2017 16:43:41 GMT
etag: "587e49bd-278e"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/images/logo.png

193.141.65.151

200 OK

6.5 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/images/logo.png
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
PNG image data, 90 x 57, 8-bit/color RGBA, non-interlaced
Size
6.5 kB (6542 bytes)
Hash
3f8c0ee691062b44765c5112929e9239
63d84cc38c262fa828693a536b47759d664d564e
34a393c96ae238799e360d1fa242c749ca52fe7d4e0ba950ec83512ff65d2c30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/images/logo.png HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/png
content-length: 6542
last-modified: Mon, 29 Aug 2016 12:38:54 GMT
etag: "57c42cde-198e"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/images/404.jpg

193.141.65.151

200 OK

51 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/images/404.jpg
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=386, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=580], baseline, precision 8, 580x386, components 3
Size
51 kB (50664 bytes)
Hash
8149c76e628df3ec2196df72d7562ae7
e0464b6f454b0b8ef8a55aceccb55e881b0f6c28
b33cd416e0edf24e354b5eeeca2cb8600a5aa3b9e33ba38c3a1c57ae9b865127

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/images/404.jpg HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/jpeg
content-length: 50664
last-modified: Mon, 29 Aug 2016 12:56:46 GMT
etag: "57c4310e-c5e8"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js

142.250.74.132

200 OK

8.9 kB

URL GET HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

File type
gzip compressed data
Size
8.9 kB (8889 bytes)
Hash
2090cc793b0b59985bb753972c415fd3
979805a5fbef5d997931936e32e9fd70a0df53db
8063fd09b59db752ee9b6f8d980801737ced1cb7ac5c624d7fa8c45933871b8d

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Fri, 10 May 2024 01:21:12 GMT
date: Fri, 10 May 2024 01:21:12 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.9

193.141.65.151

200 OK

7.8 kB

URL GET HTTP/2
kdlfu.ir/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.9
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
gzip compressed data, max speed, from Unix
Size
7.8 kB (7844 bytes)
Hash
a9db78bdcbf0a95d2c16b371bf934ba0
c29b326d9a3abbf82256c75f0d833aa005a8acb2
293bec357966f9fcb5fd44af36cb3a370bf72823ce3354a812ecfccbeded1460

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.9 HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: application/javascript
last-modified: Sun, 01 Oct 2017 10:01:50 GMT
vary: Accept-Encoding
etag: W/"59d0bd0e-3654"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.bootstrap.js

193.141.65.151

200 OK

17 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.bootstrap.js
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
gzip compressed data, max speed, from Unix
Size
17 kB (17391 bytes)
Hash
b6fd46707068f490825db4c0e098c3e6
0b806f82f4308f51a1ef392ed623462786346065
8650dd86db23e804df5e3549a10746f7530e2c4faf16f26e0d054c01a2f7d0de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/js/jquery.bootstrap.js HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: application/javascript
last-modified: Mon, 15 Aug 2016 13:29:40 GMT
vary: Accept-Encoding
etag: W/"57b1c3c4-8f52"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/uploads/2018/01/photo_2018-01-17_12-39-09-min.jpg

193.141.65.151

200 OK

105 kB

URL GET HTTP/2
kdlfu.ir/wp-content/uploads/2018/01/photo_2018-01-17_12-39-09-min.jpg
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x960, components 3
Size
105 kB (105389 bytes)
Hash
35ebe876756b01a40ffc8d6789add3f8
8b3b172ae893844830c31c74edba946e634fc389
9e821c3ba7ba840f32ecf0514ab5e380370283685cf0b7da6eeba6e0b2bf3121

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/01/photo_2018-01-17_12-39-09-min.jpg HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/jpeg
content-length: 105389
last-modified: Thu, 18 Jan 2018 05:11:10 GMT
etag: "5a602c6e-19bad"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/fonts/WebYekan.woff

193.141.65.151

200 OK

22 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/fonts/WebYekan.woff
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
Web Open Font Format, CFF, length 21500, version 2.0
Size
22 kB (21500 bytes)
Hash
05727d32400b2008acbf7fc49251ede0
b6c1a82539a2531eb1aad7d1cf05554d5a999154
da78e001fab6f5d7b1c68e17d00fb1595c9b10085d6769a86aeb6a39dc7e43d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/fonts/WebYekan.woff HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wp-content/themes/kdlfu.ir/style.css?ver=3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: font/woff
content-length: 21500
last-modified: Sun, 14 Aug 2016 12:33:06 GMT
etag: "57b06502-53fc"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/fonts/fontawesome-webfont.woff2?v=4.5.0

193.141.65.151

200 OK

72 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/fonts/fontawesome-webfont.woff2?v=4.5.0
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
Web Open Font Format (Version 2), TrueType, length 71896, version 4.393
Size
72 kB (71896 bytes)
Hash
e6cf7c6ec7c2d6f670ae9d762604cb0b
97e438cc545714309882fbceadbf344fcaddcec5
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.awesome.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: font/woff2
content-length: 71896
last-modified: Sun, 14 Aug 2016 12:33:02 GMT
etag: "57b064fe-118d8"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/uploads/2016/08/backgroung-img1-min-1.jpg

193.141.65.151

200 OK

45 kB

URL GET HTTP/2
kdlfu.ir/wp-content/uploads/2016/08/backgroung-img1-min-1.jpg
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1366x550, components 3
Size
45 kB (45275 bytes)
Hash
087b91993410990794d469e96e63526b
2208847575387a02953f637d51c02b4ca7176ef3
d4ed49e09f4e440c634e2ed543c94e53fec80b797fb7169f287227fb70e05baf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2016/08/backgroung-img1-min-1.jpg HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/jpeg
content-length: 45275
last-modified: Mon, 29 Aug 2016 12:40:09 GMT
etag: "57c42d29-b0db"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/uploads/2018/01/photo_2018-01-17_12-39-12-min.jpg

193.141.65.151

200 OK

107 kB

URL GET HTTP/2
kdlfu.ir/wp-content/uploads/2018/01/photo_2018-01-17_12-39-12-min.jpg
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x960, components 3
Size
107 kB (107036 bytes)
Hash
081a5bc757344bf7e0047cd965a98c72
e38dea295a007fc50d48cea6369e34a0bb170d93
086c27f7ca2e4c7f27bc9b1a4ea28f031e8c3a4d417c873ef70b93d1e8ad582c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/01/photo_2018-01-17_12-39-12-min.jpg HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/jpeg
content-length: 107036
last-modified: Thu, 18 Jan 2018 05:11:55 GMT
etag: "5a602c9b-1a21c"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/uploads/2018/01/photo_2018-01-17_12-39-16-min.jpg

193.141.65.151

200 OK

106 kB

URL GET HTTP/2
kdlfu.ir/wp-content/uploads/2018/01/photo_2018-01-17_12-39-16-min.jpg
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x960, components 3
Size
106 kB (105849 bytes)
Hash
bcf8f577e3303adafd4af09f1dbcf77c
097dcae71d554847ad5ba367a4ede3e5a9f3dc78
06ce2ee40485dc43e7ab7fe31da3a7a4391e7ea539b37ea676c27efa582f7de9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/01/photo_2018-01-17_12-39-16-min.jpg HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/jpeg
content-length: 105849
last-modified: Thu, 18 Jan 2018 05:12:10 GMT
etag: "5a602caa-19d79"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/uploads/2018/08/P_20180711_210245.jpg

193.141.65.151

200 OK

416 kB

URL GET HTTP/2
kdlfu.ir/wp-content/uploads/2018/08/P_20180711_210245.jpg
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=9, datetime=2018:07:11 21:02:45, GPS-Data, model=P024, resolutionunit=2, yresolution=147, xresolution=155, manufacturer=asus], baseline, precision 8, 2560x1440, components 3
Size
416 kB (416399 bytes)
Hash
770399ed37adb07686cb53c1dc8f868a
ee0e9b63560814a968d3fb034b199af5dfb5e60f
113f8c1df831feaf253e1135656bab9acf2e3b84762baaecf5498033518e1cdb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/08/P_20180711_210245.jpg HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/jpeg
content-length: 416399
last-modified: Sun, 05 Aug 2018 06:24:32 GMT
etag: "5b669820-65a8f"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/uploads/2018/08/P_20180713_184005.jpg

193.141.65.151

200 OK

453 kB

URL GET HTTP/2
kdlfu.ir/wp-content/uploads/2018/08/P_20180713_184005.jpg
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=9, datetime=2018:07:13 18:40:05, GPS-Data, model=P024, resolutionunit=2, yresolution=147, xresolution=155, manufacturer=asus], baseline, precision 8, 2560x1440, components 3
Size
453 kB (452604 bytes)
Hash
d0b51ddd10e1cfed7e14e1dae3afbb86
587129e8e77de0515db92a5014aff68ebe60d420
2cf1ba6fefc5f639af7f832c1ed96bbb6e90056d3a99876a7ca562a7297db57b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/08/P_20180713_184005.jpg HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/jpeg
content-length: 452604
last-modified: Sun, 05 Aug 2018 06:24:54 GMT
etag: "5b669836-6e7fc"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/uploads/2018/08/P_20180713_220852.jpg

193.141.65.151

200 OK

468 kB

URL GET HTTP/2
kdlfu.ir/wp-content/uploads/2018/08/P_20180713_220852.jpg
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=9, datetime=2018:07:13 22:08:52, GPS-Data, model=P024, resolutionunit=2, yresolution=147, xresolution=155, manufacturer=asus], baseline, precision 8, 2560x1440, components 3
Size
468 kB (468490 bytes)
Hash
0d67a6a05cf9b9a839b01f7cbf1f861e
afc60eafca67b594faa2ca2d22de723c07cf951b
b2eab35ca6f90083d590a4f1d96a9e33292747b5bef5b75df3de024adda7fe09

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/08/P_20180713_220852.jpg HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/jpeg
content-length: 468490
last-modified: Sun, 05 Aug 2018 06:25:08 GMT
etag: "5b669844-7260a"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/uploads/2018/08/P_20180711_210307.jpg

193.141.65.151

200 OK

572 kB

URL GET HTTP/2
kdlfu.ir/wp-content/uploads/2018/08/P_20180711_210307.jpg
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=9, datetime=2018:07:11 21:03:07, GPS-Data, model=P024, resolutionunit=2, yresolution=147, xresolution=155, manufacturer=asus], baseline, precision 8, 2560x1440, components 3
Size
572 kB (572318 bytes)
Hash
f2b06fdaa6fa3df459fd408e6237f357
d9ff57605929e7691c6c3d0d76522abb602e106d
910043909c6dd9d9bce94e423bedd79f543a8aab48a064f53d80eb8e233035d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/08/P_20180711_210307.jpg HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/jpeg
content-length: 572318
last-modified: Sun, 05 Aug 2018 06:24:39 GMT
etag: "5b669827-8bb9e"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/uploads/2018/08/P_20180714_214515.jpg

193.141.65.151

200 OK

544 kB

URL GET HTTP/2
kdlfu.ir/wp-content/uploads/2018/08/P_20180714_214515.jpg
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=9, datetime=2018:07:14 21:45:14, GPS-Data, model=P024, resolutionunit=2, yresolution=147, xresolution=155, manufacturer=asus], baseline, precision 8, 2560x1440, components 3
Size
544 kB (544025 bytes)
Hash
8a3786b587fab2ba8c0bba993b380bd0
25139b4f4f825bd968b97dee565ba00ea5465956
6fc89d72d67087c6f86d90969ca8962820fa204bdc2583fa597588bbb33df73b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/08/P_20180714_214515.jpg HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/jpeg
content-length: 544025
last-modified: Sun, 05 Aug 2018 06:25:19 GMT
etag: "5b66984f-84d19"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/uploads/2018/08/P_20180712_202324.jpg

193.141.65.151

200 OK

530 kB

URL GET HTTP/2
kdlfu.ir/wp-content/uploads/2018/08/P_20180712_202324.jpg
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=9, datetime=2018:07:12 20:23:24, GPS-Data, model=P024, resolutionunit=2, yresolution=147, xresolution=155, manufacturer=asus], baseline, precision 8, 2560x1440, components 3
Size
530 kB (530232 bytes)
Hash
3b1016dd68775909ed116605e8afa7ea
dcd807c49a9f6260d994fa988ec2f3c67c668961
e26fd0d2f6bd729b2aa819477ae3544e4c997ef059c5607b7a1da035ea0ef5b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/uploads/2018/08/P_20180712_202324.jpg HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: image/jpeg
content-length: 530232
last-modified: Sun, 05 Aug 2018 06:24:47 GMT
etag: "5b66982f-81738"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
accept-ranges: bytes
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.cubeportfolio.js

193.141.65.151

200 OK

16 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.cubeportfolio.js
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JavaScript source, ASCII text, with very long lines (55343), with no line terminators
Size
16 kB (16029 bytes)
Hash
09a05d6d10e12df7f38db2fbddced501
2c9653bff166adb6cda69a76a5d912e63f7fe358
119e6d6254fef960b144990df35c5b0d8249bac63951d4cbd8385c69b6735f82

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/js/jquery.cubeportfolio.js HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: application/javascript
last-modified: Mon, 15 Aug 2016 13:29:25 GMT
vary: Accept-Encoding
etag: W/"57b1c3b5-d82f"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js

142.250.74.35

200 OK

204 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
JavaScript source, ASCII text, with very long lines (632)
Size
204 kB (204445 bytes)
Hash
add520996e437bff5d081315da187fbf
2e489fe16f3712bf36df00b03a8a5af8fa8d4b42
922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4

HTTP Headers

GET /recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kdlfu.ir
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 204445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 16:12:34 GMT
expires: Tue, 06 May 2025 16:12:34 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 05 May 2024 20:00:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 292119
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.bootstrap.css

193.141.65.151

200 OK

30 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.bootstrap.css
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
gzip compressed data, max speed, from Unix
Size
30 kB (30461 bytes)
Hash
338011483542c7b1ea4cf060e15f17dc
1e0962195363190d8d7cfea4e64b4624d25d960b
bebd0bec27627fe5f65198ee7ebfc79b1d68f9eea1136f29a3bfdb22201df0a2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/css/style.bootstrap.css HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Wed, 31 Aug 2016 11:22:21 GMT
vary: Accept-Encoding
etag: W/"57c6bded-1c383"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.shortcodes.css

193.141.65.151

200 OK

10 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.shortcodes.css
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
gzip compressed data, max speed, from Unix
Size
10 kB (10041 bytes)
Hash
5bfcd1ff60fcff7bfdf89585c5340f6a
68ecacfe290b0da0c2b7ca8a8ef33cdeade60178
45cb69494e216022054859dac429f263a4d117aa143fe19a27e6b3d7b428ac57

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/css/style.shortcodes.css HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Wed, 31 Aug 2016 11:24:37 GMT
vary: Accept-Encoding
etag: W/"57c6be75-6009"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.main.js?ver=1

193.141.65.151

200 OK

1.6 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.main.js?ver=1
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JavaScript source, ASCII text, with very long lines (1613), with no line terminators
Size
1.6 kB (1552 bytes)
Hash
517cd13c3b68aaafd34fc7698a09aea8
21d7e918dbd49edbc6ab924b997e35c52b5e9380
f8ea9a9ebd64ac4fb16323c73c30a8bb96405a4af83bb88613c28d648755a6f2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/js/jquery.main.js?ver=1 HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: application/javascript
last-modified: Thu, 13 Apr 2017 06:41:24 GMT
vary: Accept-Encoding
etag: W/"58ef1d94-610"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-includes/js/wp-embed.min.js

193.141.65.151

200 OK

1.4 kB

URL GET HTTP/2
kdlfu.ir/wp-includes/js/wp-embed.min.js
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with very long lines (1481), with no line terminators
Size
1.4 kB (1438 bytes)
Hash
f0094220dd55ecd9e7d0987c2f3bd2f1
9e7734d3e9be89e9d04cc3c585641810fca7f118
f149c73e5752d71f14a9ee8faedeecdfef4714ba1284c38a131a154df034572c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/wp-embed.min.js HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: application/javascript
last-modified: Tue, 04 Jul 2023 10:13:20 GMT
vary: Accept-Encoding
etag: W/"64a3f0c0-59e"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/css/form.css

193.141.65.151

200 OK

58 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/css/form.css
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with very long lines (57599), with no line terminators
Size
58 kB (57599 bytes)
Hash
aecc30e93e190baf3e6331c9f2581a74
f09fc4d1d67f2b383bf4b50bc5a8a7afe9b4030b
b51422390d730f2fe5365427fe069dc9ba45f4d99b6c94492296bb0e4c1eee26

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/css/form.css HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Wed, 31 Aug 2016 11:25:47 GMT
vary: Accept-Encoding
etag: W/"57c6bebb-e0ff"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/style.css?ver=3

193.141.65.151

200 OK

7.7 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/style.css?ver=3
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with very long lines (7917), with no line terminators
Size
7.7 kB (7715 bytes)
Hash
83a283d9e2f0dd186cedcb621dc36a62
c9c89aa7dfecb8841847d429f9dc6b1e3ad3690f
313dc40fb3681baadf18cb730d776922e11895914d2e27f40531feb6d6a25f61

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/style.css?ver=3 HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Thu, 16 Nov 2017 14:19:20 GMT
vary: Accept-Encoding
etag: W/"5a0d9e68-1e23"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.css

193.141.65.151

200 OK

32 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.css
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with very long lines (32093), with no line terminators
Size
32 kB (32093 bytes)
Hash
2eb001468da707b716aa9ccc28b3b177
3c237cf9e0956b08065ef2b9d82dddb960f62b1a
85b59b79633c76d6c07d6016d0c630f3621198b9fecf26668e54c5c56bd0469e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/css/style.css HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Wed, 31 Aug 2016 11:24:01 GMT
vary: Accept-Encoding
etag: W/"57c6be51-7d5d"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.responsive.css

193.141.65.151

200 OK

3.2 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.responsive.css
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with very long lines (3515), with no line terminators
Size
3.2 kB (3171 bytes)
Hash
2b28258eadf1c2d48f6837512b963c3c
f51a8a95c735468896899265d4ad312ea791c6d9
396b19a5597b88c36f11577a8a4640e5cee8dc4b25723408f3afdb744a75f565

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/css/style.responsive.css HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Sun, 14 Aug 2016 12:32:48 GMT
vary: Accept-Encoding
etag: W/"57b064f0-c63"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.animate.css

193.141.65.151

200 OK

56 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.animate.css
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with very long lines (55646), with no line terminators
Size
56 kB (55646 bytes)
Hash
d2a1dac64a18e3e5cbe82f44a625640c
31ba93b7af6adcc65c33f0bc6727cec9e164cbf9
93cab1de7cfe3536fd376298d47e630a86e2599e9b274f6b157721327609fbe2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/css/style.animate.css HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Wed, 17 Aug 2016 05:46:22 GMT
vary: Accept-Encoding
etag: W/"57b3fa2e-d95e"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.9

193.141.65.151

200 OK

1.6 kB

URL GET HTTP/2
kdlfu.ir/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.9
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with very long lines (1766), with no line terminators
Size
1.6 kB (1606 bytes)
Hash
bc1c5f9ccd08776554665756a88699ee
af79bc6c756c8c82c0e5fffb85389083ff03aa22
09e1cdc643953c2209988bb2e394b1d40150e6cae93581b418664acdc4eb4ea9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.9 HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Sun, 01 Oct 2017 10:01:50 GMT
vary: Accept-Encoding
etag: W/"59d0bd0e-646"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/plugins/contact-form-7/includes/css/styles-rtl.css?ver=4.9

193.141.65.151

200 OK

177 B

URL GET HTTP/2
kdlfu.ir/wp-content/plugins/contact-form-7/includes/css/styles-rtl.css?ver=4.9
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with no line terminators
Size
177 B (177 bytes)
Hash
cf354d9fb05ce27aa863d41a5586f61d
48424541a0348cb0c532816174bae44066207864
3afea38e86073ac7290f699ac7b149157d404ef3ed7e12c716f6d981ec75ce04

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles-rtl.css?ver=4.9 HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Sun, 01 Oct 2017 10:01:50 GMT
vary: Accept-Encoding
etag: W/"59d0bd0e-b1"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

193.141.65.151

200 OK

10 kB

URL GET HTTP/2
kdlfu.ir/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JavaScript source, ASCII text, with very long lines (9959)
Size
10 kB (10056 bytes)
Hash
7121994eec5320fbe6586463bf9651c2
90532aff6d4121954254cdf04994d834f7ec169b
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: application/javascript
last-modified: Mon, 15 Aug 2016 09:35:33 GMT
vary: Accept-Encoding
etag: W/"57b18ce5-2748"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.js

193.141.65.151

200 OK

84 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.js
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
84 kB (84234 bytes)
Hash
8ba16617a46a5eeee6b3914efc959d07
785f554fb74c79dc79b8b86c074a005f8f08a7e1
0aaa319d618b9978789c75bab3616aa464839f3e901f9deeaa089501f23154d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/js/jquery.js HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: application/javascript
last-modified: Mon, 15 Aug 2016 13:30:04 GMT
vary: Accept-Encoding
etag: W/"57b1c3dc-1490a"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/plugins/advanced-access-manager/media/js/aam-login.js

193.141.65.151

200 OK

3.5 kB

URL GET HTTP/2
kdlfu.ir/wp-content/plugins/advanced-access-manager/media/js/aam-login.js
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JavaScript source, ASCII text, with very long lines (3612), with no line terminators
Size
3.5 kB (3532 bytes)
Hash
3f9d9814eec1b6d2017760c23f01e9d8
b3d08d6a87c98e358a500171116bb78eb3e789a0
f98e1c6bf10064b9df770e2e88cde4edddcf7da90e891ee037e3cbabe8757dc8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/advanced-access-manager/media/js/aam-login.js HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: application/javascript
last-modified: Sun, 10 Feb 2019 16:59:35 GMT
vary: Accept-Encoding
etag: W/"5c605877-dcc"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-includes/js/jquery/jquery.js?ver=1.12.4

193.141.65.151

200 OK

97 kB

URL GET HTTP/2
kdlfu.ir/wp-includes/js/jquery/jquery.js?ver=1.12.4
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JavaScript source, ASCII text, with very long lines (31997)
Size
97 kB (96874 bytes)
Hash
dc5ba5044fccc0297be7b262ce669a7c
f137ff98ae379e35b0702967d3b6866a0a40e3be
cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: application/javascript
last-modified: Thu, 05 Sep 2019 02:02:51 GMT
vary: Accept-Encoding
etag: W/"5d706ccb-17a6a"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.persianumber.js

193.141.65.151

200 OK

1.4 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.persianumber.js
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JavaScript source, ASCII text, with very long lines (1497), with no line terminators
Size
1.4 kB (1434 bytes)
Hash
349a42d70b0840f3b9239df16ee91f13
96db70d353d5de57113d268be07580cf33243719
abff9cdd48a2da365502e301d73ebaba5aa1aba0ad4c6dcb600d547595125061

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/js/jquery.persianumber.js HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: application/javascript
last-modified: Sun, 14 Aug 2016 12:33:18 GMT
vary: Accept-Encoding
etag: W/"57b0650e-59a"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/favicon.ico

193.141.65.151

200 OK

0 B

URL GET HTTP/2
kdlfu.ir/favicon.ico
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:07 GMT
content-type: image/vnd.microsoft.icon
content-length: 0
vary: User-Agent
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/plugins/wp-rocket/inc/front/js/lazyload.1.0.2.min.js

193.141.65.151

200 OK

4.7 kB

URL GET HTTP/2
kdlfu.ir/wp-content/plugins/wp-rocket/inc/front/js/lazyload.1.0.2.min.js
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JavaScript source, ASCII text, with very long lines (4774), with no line terminators
Size
4.7 kB (4681 bytes)
Hash
375bad8eca7aafae1003a902054ab60c
a4bb199c997bc952782f9a8149a03b2d34ae5378
c7e32d0e5264013d2ad95113ad927c0b6d9ca6a708a6899073af1385e9fc2d28

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/plugins/wp-rocket/inc/front/js/lazyload.1.0.2.min.js HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:07 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2016 05:02:29 GMT
vary: Accept-Encoding
etag: W/"57eca065-1249"
expires: Sun, 09 Jun 2024 01:21:07 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.default.css?ver=2

193.141.65.151

200 OK

117 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.default.css?ver=2
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with very long lines (359)
Size
117 kB (116958 bytes)
Hash
b47b3faccf8bb0bfbfb0b1849e9725fd
6606db5a5855139c531384f113f554ab913b6d9e
9305ce483bf55b869f420c26d32e1be670f1864ed06ea9715d1c4659e4305cda

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/css/style.default.css?ver=2 HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Mon, 13 Feb 2017 09:20:09 GMT
vary: Accept-Encoding
etag: W/"58a17a49-1c8de"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.wow.js

193.141.65.151

200 OK

8.2 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.wow.js
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JavaScript source, ASCII text, with very long lines (8282), with no line terminators
Size
8.2 kB (8182 bytes)
Hash
9cf122a7fb817d7a3a5cdf708035ece5
732b635ebdec57f092ce2a54ad1c6184df817e78
dd540d8e4618c4aff959fe190129354fee86e9d19dfbe3d37cc3beb41f56dd76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/js/jquery.wow.js HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: application/javascript
last-modified: Wed, 17 Aug 2016 05:52:15 GMT
vary: Accept-Encoding
etag: W/"57b3fb8f-1ff6"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.font.css

193.141.65.151

200 OK

5.9 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.font.css
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with very long lines (6176), with no line terminators
Size
5.9 kB (5868 bytes)
Hash
b3512eb8e529ec407b410c3c6aaa29ba
9c9c573e7bd6481082d0ffe49ac1c31121dee98e
035fcc3fc09937493b032854b2d11656fe177fdad1d4a12120ab7f8cadab79f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/css/style.font.css HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Wed, 31 Aug 2016 11:24:14 GMT
vary: Accept-Encoding
etag: W/"57c6be5e-16ec"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.portfolio.css

193.141.65.151

200 OK

74 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.portfolio.css
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
74 kB (74226 bytes)
Hash
00247cc2ae6c7dac18b0d2b3167107c3
d50891163b23490440034929abd6ad907c5a4dfa
988b61d772179e0b1beb1be5729e91b1a27e9a31a6caef37cdb7ff7b5e0bc729

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/css/style.portfolio.css HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Mon, 15 Aug 2016 12:42:24 GMT
vary: Accept-Encoding
etag: W/"57b1b8b0-121f2"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.sticky.js

193.141.65.151

200 OK

4.8 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/js/jquery.sticky.js
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
JavaScript source, ASCII text, with very long lines (4785), with no line terminators
Size
4.8 kB (4757 bytes)
Hash
0a493e17a651334fc1973538267d9dc8
04917a4733004521cde92ae9225289a48401f42a
308a630a679274addf70e52aa76eb8bb603a19bf09377fdb99e3e26884778c82

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/js/jquery.sticky.js HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: application/javascript
last-modified: Mon, 15 Aug 2016 13:22:23 GMT
vary: Accept-Encoding
etag: W/"57b1c20f-1295"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.awesome.css

193.141.65.151

200 OK

27 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.awesome.css
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with very long lines (27279), with no line terminators
Size
27 kB (27279 bytes)
Hash
1013d3d9daa9a6dfca3f80af48fab7e8
0e675b1c8c490ecd109934fc79ee51dca37943a5
9b661de6d87337f9393cfe2c06a1af02bfb8a4e1d91f5470229c99b17dff2eb7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/css/style.awesome.css HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Wed, 31 Aug 2016 11:21:47 GMT
vary: Accept-Encoding
etag: W/"57c6bdcb-6a8f"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.yamm.css

193.141.65.151

200 OK

11 kB

URL GET HTTP/2
kdlfu.ir/wp-content/themes/kdlfu.ir/css/style.yamm.css
IP
193.141.65.151:443
ASN
#61173 Green Web Samaneh Novin PJSC

Requested by
https://kdlfu.ir/wpadmin/yy.php
Certificate
IssuerLet's Encrypt
Subjectkdlfu.ir
FingerprintFF:B8:E4:0D:2F:D3:3E:76:85:30:4A:DC:41:9C:8C:93:14:E3:79:6E
ValidityWed, 13 Mar 2024 19:53:46 GMT - Tue, 11 Jun 2024 19:53:45 GMT

File type
ASCII text, with very long lines (9604)
Size
11 kB (11373 bytes)
Hash
a074c324c6e42db6672b41647c93c7d3
f1d2819d4b05c4990512db776a53d60ee5f35975
b17c99b90b16df947a234b1fa99aca9e192ffc9d212c3e2b0bd9ba70225a6a85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wp-content/themes/kdlfu.ir/css/style.yamm.css HTTP/1.1
Host: kdlfu.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kdlfu.ir/wpadmin/yy.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 01:21:06 GMT
content-type: text/css
last-modified: Sat, 15 Oct 2016 08:59:54 GMT
vary: Accept-Encoding
etag: W/"5801f00a-2c6d"
expires: Sun, 09 Jun 2024 01:21:06 GMT
cache-control: max-age=2592000, public, no-transform
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML