Report - rooty.persiangig.com/other/lim.exe

Report Overview

Visitedpublic

2025-02-07 07:00:06

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rooty.persiangig.com	unknown	2004-09-15	2013-07-30	2025-02-07	1.2 kB	7.6 kB	51.195.19.98
cen.persiangig.com	unknown	2004-09-15	2017-01-29	2025-02-04	1.1 kB	1.6 kB	51.195.19.97
www.persiangig.com	unknown	2004-09-15	2012-06-20	2025-02-04	380 B	415 B	23.137.200.93
v.persiangig.com	unknown	2004-09-15	2014-02-26	2025-02-07	1.8 kB	14 kB	51.195.19.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-07 06:59:36	medium	Client IP	51.195.19.98	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	rooty.persiangig.com/other/lim.exe/dl	ScriptElement	0 B	0001-01-01	2025-08-02
URL rooty.persiangig.com/other/lim.exe/dl IP / ASN 51.195.19.98 #16276 OVH SAS Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-02 Times Seen 5605985 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	rooty.persiangig.com/other/lim.exe/dl	ScriptElement	0 B	0001-01-01	2025-08-02
URL rooty.persiangig.com/other/lim.exe/dl IP / ASN 51.195.19.98 #16276 OVH SAS Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-02 Times Seen 5605985 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	rooty.persiangig.com/other/lim.exe/sandbox%20eval%20code		147 B	2023-04-11	2025-08-02
URL rooty.persiangig.com/other/lim.exe/sandbox%20eval%20code IP / ASN 0.0.0.0 #0 Introduced by Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-02 Times Seen 419699 Size 147 B (147 bytes) MD5 92b651082ce234f66bb544e678befda3 SHA1 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 SHA256 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Format Code Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-08-02
URL www.google-analytics.com/analytics.js IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-02 Times Seen 418960 Size 4.7 kB (4691 bytes) MD5 f24128d0c9cba7be2916c693427a3483 SHA1 1b6397d496ea896ebc2018b01b995cee4f166029 SHA256 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Format Code Loading...

HTTP Transactions (12)

URL IP Response Size

GET rooty.persiangig.com/other/lim.exe

51.195.19.98

302 Found

228 B

URL

rooty.persiangig.com/other/lim.exe

IP / ASN

51.195.19.98

#16276 OVH SAS

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2025-02-07

Last Seen2025-02-07

Times Seen1

Size228 B (228 bytes)

MD50e69740c9999c003653b7263876d7300

SHA184acd47364f67f7a0ffcb17b9dc8a939d6c0d012

SHA2567a2f11d143cd0506067398b60e47fb616657e06cddc975467d18cdb370fbc767

Detections

Analyzer	Verdict	Alert
suricata	medium	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

HTTP Headers

GET /other/lim.exe HTTP/1.1
Host: rooty.persiangig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 07 Feb 2025 06:59:32 GMT
Server: Apache/2.2.8 (Unix)
Location: http://rooty.persiangig.com/other/lim.exe/dl
Cache-Control: max-age=172800
Expires: Sun, 09 Feb 2025 06:59:32 GMT
Content-Length: 228
Connection: close
Content-Type: text/html; charset=iso-8859-1

GET rooty.persiangig.com/other/lim.exe/dl

51.195.19.98

200 OK

6.7 kB

URL

rooty.persiangig.com/other/lim.exe/dl

IP / ASN

51.195.19.98

#16276 OVH SAS

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (314)

First Seen2025-02-07

Last Seen2025-02-07

Times Seen1

Size6.7 kB (6732 bytes)

MD519a47647ac32f3a406d139dcdfc73c91

SHA13ae1ea8c15ceb724531ab0814f0f8f3074d8ea02

SHA2567010dfc691a86644959e8fcab448c509b7eda36fc454cf0281e46c37095c4da0

HTTP Headers

GET /other/lim.exe/dl HTTP/1.1
Host: rooty.persiangig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 07 Feb 2025 06:59:32 GMT
Server: Microsoft-IIS/7.5
Vary: Host
X-Powered-By: PHP/5.3.6
Content-Length: 6732
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=172800
Expires: Sun, 09 Feb 2025 06:59:32 GMT
Content-Control: private
Connection: close

GET cen.persiangig.com/dl2/style.css

51.195.19.97

302 Found

305 B

URL

cen.persiangig.com/dl2/style.css

IP / ASN

51.195.19.97

#16276 OVH SAS

Requested byhttp://rooty.persiangig.com/other/lim.exe/dl

Resource Info

File typeHTML document, ASCII text

First Seen2023-04-06

Last Seen2025-02-07

Times Seen19

Size305 B (305 bytes)

MD5b88bd002bef6c7ac89e69793ce352877

SHA11f352b99e119bcd7759663e8badd6632e992ccb9

SHA256d2ca272dfe519b6ef92263be337869a7c46c9e08ddd59e9b439619b650487dd8

HTTP Headers

GET /dl2/style.css HTTP/1.1
Host: cen.persiangig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rooty.persiangig.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 07 Feb 2025 06:59:32 GMT
Server: Apache/2.2.15 (CentOS)
Location: http://v.persiangig.com/dl2/style.css
Content-Length: 305
Connection: close
Content-Type: text/html; charset=iso-8859-1

GET cen.persiangig.com/dl2/images/logo.gif

51.195.19.97

302 Found

311 B

URL

cen.persiangig.com/dl2/images/logo.gif

IP / ASN

51.195.19.97

#16276 OVH SAS

Requested byhttp://rooty.persiangig.com/other/lim.exe/dl

Resource Info

File typeHTML document, ASCII text

First Seen2023-05-05

Last Seen2025-02-07

Times Seen19

Size311 B (311 bytes)

MD5eca1db81aed4d9f098961cbc01716fa7

SHA18d763c1ec16ff6e2033e540cfb5b5a785fdab44c

SHA2564cfaea6d0257883ec8b068852036de01b3ae8efd900cad3c71ef8839533d75ba

HTTP Headers

GET /dl2/images/logo.gif HTTP/1.1
Host: cen.persiangig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rooty.persiangig.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 07 Feb 2025 06:59:32 GMT
Server: Apache/2.2.15 (CentOS)
Location: http://v.persiangig.com/dl2/images/logo.gif
Content-Length: 311
Connection: close
Content-Type: text/html; charset=iso-8859-1

GET www.persiangig.com/static-content/banners/vps.jpg

23.137.200.93

301 Moved Permanently

185 B

URL

www.persiangig.com/static-content/banners/vps.jpg

IP / ASN

23.137.200.93

#16276 OVH SAS

Requested byhttp://rooty.persiangig.com/other/lim.exe/dl

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2023-04-05

Last Seen2025-02-27

Times Seen704

Size185 B (185 bytes)

MD5a107aba61c93cdf7882a9c6750a4b8fc

SHA18b9bea8c8373e3f0386e14134443c1873e3cf219

SHA25669758c97903bb258a8ccdea130baf19bb258861c475667b5320454d143bcbd3a

HTTP Headers

GET /static-content/banners/vps.jpg HTTP/1.1
Host: www.persiangig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rooty.persiangig.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.1
Date: Fri, 07 Feb 2025 06:59:36 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://www.persiangig.com/static-content/banners/vps.jpg

GET v.persiangig.com/dl2/style.css

51.195.19.97

200 OK

4.4 kB

URL

v.persiangig.com/dl2/style.css

IP / ASN

51.195.19.97

#16276 OVH SAS

Requested byhttp://rooty.persiangig.com/other/lim.exe/dl

Resource Info

File typeASCII text, with CRLF line terminators

First Seen2023-04-06

Last Seen2025-02-07

Times Seen19

Size4.4 kB (4437 bytes)

MD5c4dfe428a9e055bf56d974f0656193db

SHA19f480f912114d1447b43477f2aabe9b21547b01d

SHA256bba7e082aa5817f3c1a8e17bd359eb5a993d10d2999d173f01a4aa32829a2b3a

HTTP Headers

GET /dl2/style.css HTTP/1.1
Host: v.persiangig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rooty.persiangig.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 07 Feb 2025 06:59:32 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 26 Aug 2013 01:52:53 GMT
ETag: "8f1a7-1155-4e4d003af6740"
Accept-Ranges: bytes
Content-Length: 4437
Connection: close
Content-Type: text/css

GET v.persiangig.com/dl2/images/logo.gif

51.195.19.97

200 OK

7.3 kB

URL

v.persiangig.com/dl2/images/logo.gif

IP / ASN

51.195.19.97

#16276 OVH SAS

Requested byhttp://rooty.persiangig.com/other/lim.exe/dl

Resource Info

File typeGIF image data, version 89a, 240 x 116

First Seen2023-05-05

Last Seen2025-02-07

Times Seen19

Size7.3 kB (7290 bytes)

MD59e9fbd32c0e3bc03080c275bb476553d

SHA1eb206e52b830298362d8de520271d44f36544322

SHA25645e6515e85d9f1ef75fa4b9c922a1c14da32d1236ffb6c20b944cb36150f8718

HTTP Headers

GET /dl2/images/logo.gif HTTP/1.1
Host: v.persiangig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rooty.persiangig.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 07 Feb 2025 06:59:32 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 19 Aug 2013 01:52:30 GMT
ETag: "8f1ad-1c7a-4e443316cd380"
Accept-Ranges: bytes
Content-Length: 7290
Connection: close
Content-Type: image/gif

GET cen.persiangig.com/images/arrow.png

51.195.19.97

302 Found

308 B

URL

cen.persiangig.com/images/arrow.png

IP / ASN

51.195.19.97

#16276 OVH SAS

Requested byhttp://rooty.persiangig.com/other/lim.exe/dl

Resource Info

File typeHTML document, ASCII text

First Seen2023-05-05

Last Seen2025-02-07

Times Seen18

Size308 B (308 bytes)

MD51dced53ef84ac6d1bf4c77228432960b

SHA1de29930f1a3612815e8f3a61838f744785cc9db9

SHA256e87a53be73cb4fe53ff59aea834876d5b3e963f6de025c2c5fb17bf8eadc032f

HTTP Headers

GET /images/arrow.png HTTP/1.1
Host: cen.persiangig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rooty.persiangig.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 07 Feb 2025 06:59:32 GMT
Server: Apache/2.2.15 (CentOS)
Location: http://v.persiangig.com/images/arrow.png
Content-Length: 308
Connection: close
Content-Type: text/html; charset=iso-8859-1

GET v.persiangig.com/dl2/images/top-bg.gif

51.195.19.97

200 OK

135 B

URL

v.persiangig.com/dl2/images/top-bg.gif

IP / ASN

51.195.19.97

#16276 OVH SAS

Requested byhttp://rooty.persiangig.com/other/lim.exe/dl

Resource Info

File typeGIF image data, version 89a, 1 x 90

First Seen2023-05-05

Last Seen2025-02-07

Times Seen19

Size135 B (135 bytes)

MD52fe37b2c1ff82a2cb8ccf035996f2efd

SHA15422780e72a78d0b3037e2653c62c39da08a309d

SHA2568ee707f82d1566db98014903c101197220822d76d4fbc7506a0dce6303e168e3

HTTP Headers

GET /dl2/images/top-bg.gif HTTP/1.1
Host: v.persiangig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://v.persiangig.com/dl2/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 07 Feb 2025 06:59:32 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 19 Aug 2013 01:52:30 GMT
ETag: "8f1b0-87-4e443316cd380"
Accept-Ranges: bytes
Content-Length: 135
Connection: close
Content-Type: image/gif

GET v.persiangig.com/dl2/images/logo-tiny.gif

51.195.19.97

200 OK

274 B

URL

v.persiangig.com/dl2/images/logo-tiny.gif

IP / ASN

51.195.19.97

#16276 OVH SAS

Requested byhttp://rooty.persiangig.com/other/lim.exe/dl

Resource Info

File typeGIF image data, version 89a, 27 x 27

First Seen2023-05-05

Last Seen2025-02-07

Times Seen19

Size274 B (274 bytes)

MD55b78566f7a1ca271ff1a630b33d00be2

SHA14707a4efff1f43f93f9c6ea7ab3a4b4a251ef257

SHA2568eb64e827864b0e954b26c878812dae91571c15325f62cabc3b616beea6a8c23

HTTP Headers

GET /dl2/images/logo-tiny.gif HTTP/1.1
Host: v.persiangig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://v.persiangig.com/dl2/style.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 07 Feb 2025 06:59:32 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 19 Aug 2013 01:52:30 GMT
ETag: "8f1ac-112-4e443316cd380"
Accept-Ranges: bytes
Content-Length: 274
Connection: close
Content-Type: image/gif

GET v.persiangig.com/images/arrow.png

51.195.19.97

200 OK

276 B

URL

v.persiangig.com/images/arrow.png

IP / ASN

51.195.19.97

#16276 OVH SAS

Requested byhttp://rooty.persiangig.com/other/lim.exe/dl

Resource Info

File typePNG image data, 27 x 18, 8-bit/color RGBA, non-interlaced

First Seen2023-05-05

Last Seen2025-02-07

Times Seen18

Size276 B (276 bytes)

MD5fa541c850fc634db1f98fe9f6ecb082d

SHA11711f5e0364376260d8f23dc69cc8c326186bc9a

SHA256025230cd4635d333a28ed87ebbe4988a65d540390860f7ba6ac51952ac70c85e

HTTP Headers

GET /images/arrow.png HTTP/1.1
Host: v.persiangig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://rooty.persiangig.com/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 07 Feb 2025 06:59:32 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 05 Aug 2014 02:20:21 GMT
ETag: "8f2e8-114-4ffd87f52e340"
Accept-Ranges: bytes
Content-Length: 276
Connection: close
Content-Type: image/png

GET rooty.persiangig.com/favicon.ico

0.0.0.0

0 B

URL

rooty.persiangig.com/favicon.ico

IP / ASN

0.0.0.0

Requested byhttp://rooty.persiangig.com/other/lim.exe/dl

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605985

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rooty.persiangig.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://rooty.persiangig.com/other/lim.exe/dl
Pragma: no-cache
Cache-Control: no-cache