rahiaft.ir Open in urlscan Pro
91.239.55.216 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tinyurl.im/Q8u4P
Effective URL:
http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html
Submission: On March 20 via manual (March 20th 2018, 1:54:52 pm UTC) from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 14 HTTP transactions. The main IP is 91.239.55.216, located in Iran, Islamic Republic Of and belongs to SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR. The main domain is rahiaft.ir.

This is the only time rahiaft.ir was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.219.248.81 104.219.248.81	22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap)
14	91.239.55.216 91.239.55.216	59589 (SAMANSYST...) (SAMANSYSTEMPARDAZKISHCOMPANYLTD)
14	1

1 104.219.248.81 (Los Angeles, United States) 1 redirects

ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: server142-1.web-hosting.com

tinyurl.im	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 91.239.55.216 (Iran, Islamic Republic Of)

ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR)

rahiaft.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	rahiaft.ir rahiaft.ir	162 KB
1	tinyurl.im 1 redirects tinyurl.im	591 B
14	2

	Domain	Requested by
14	rahiaft.ir	rahiaft.ir
1	tinyurl.im	1 redirects
14	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 3 frames:

Primary Page: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html
Frame ID: 179C82BCA6EB047A849FCB2970D09329
Requests: 3 HTTP requests in this frame

Frame: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html
Frame ID: 3C37C9482916DB1C3F5E20D8FE06F6C
Requests: 8 HTTP requests in this frame

Frame: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US.html
Frame ID: DB0914C6370D82AD316BC7F1EA5530EE
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://tinyurl.im/Q8u4P HTTP 301
http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /.*Varnish/i

Page Statistics

14
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

162 kB
Transfer

448 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tinyurl.im/Q8u4P HTTP 301
http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Verification_Set-up.html Show response rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/ Redirect Chain https://tinyurl.im/Q8u4P http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html	6 KB 2 KB	418ms 198ms	Document text/html	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `4da5760cd9c320eaa086fb6a2fe84f1cdae4ab20a1c1109a35e7d3ac31d3b18d` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Connection keep-alive User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:26 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 10 ETag W/"1764-567d5f9de12b0" Vary Accept-Encoding X-Cache HIT from Backend Content-Type text/html Transfer-Encoding chunked X-Varnish 3319612 4171408 Connection keep-alive Content-Encoding gzip Redirect headers Pragma no-cache Date Tue, 20 Mar 2018 13:54:38 GMT Content-Encoding gzip Server Apache X-Powered-By PHP/5.4.45 Vary Accept-Encoding Content-Type text/html Location http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Transfer-Encoding chunked Set-Cookie PHPSESSID=i3co7f3qgqn925hsj6if1vue97; path=/ short_Q8u4P=1; expires=Tue, 20-Mar-2018 14:24:38 GMT; path=/; httponly Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	R3WinLive1033.css rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/	25 KB 5 KB	207ms 207ms	Stylesheet text/css	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/R3WinLive1033.css Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `f90a5583d32bfb95b3667da7d6e4e2192b482a99a49f11f612fb18a8dcb0d629` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/css,/;q=0.1 Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html Connection keep-alive Cache-Control no-cache Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:26 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 0 ETag W/"6305-567d5f9de2638" Vary Accept-Encoding X-Cache HIT from Backend Content-Type text/css Transfer-Encoding chunked X-Varnish 4171434 Connection keep-alive Content-Encoding gzip
GET H/1.1	404 Not Found	controls.png rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/hig/img/	289 B 289 B	404ms 203ms	Image text/html	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Show image Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/hig/img/controls.png Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `a3847f5c1639622b89ac3ca48bab404a6ea5e84af1e7db0a783e14e22fe25590` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/R3WinLive1033.css Connection keep-alive Cache-Control no-cache Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/R3WinLive1033.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:27 GMT Via 1.1 varnish-v4 Server nginx/1.12.2 Age 0 X-Varnish 4171440 Connection keep-alive Content-Type text/html; charset=iso-8859-1 Content-Length 289
GET H/1.1	200 OK	EN-US1.html Show response rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/ Frame 3C37	2 KB 1 KB	214ms 213ms	Document text/html	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `a5e83ba42c839efb9f7c725b3148172cfad05bcff846bda457b80e15ced9d8ea` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html Connection keep-alive Cache-Control no-cache Upgrade-Insecure-Requests 1 Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:27 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 0 ETag W/"803-567d5f9de1698" Vary Accept-Encoding X-Cache HIT from Backend Content-Type text/html Transfer-Encoding chunked X-Varnish 4171437 Connection keep-alive Content-Encoding gzip
GET H/1.1	200 OK	style.css rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/ Frame 3C37	6 KB 2 KB	205ms 204ms	Stylesheet text/css	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/style.css Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `d54419ea535786304292eab15c8cd83dd727045e52c05c76324f9ddbfc0f9b2c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/css,/;q=0.1 Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Connection keep-alive Cache-Control no-cache Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:27 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 0 ETag W/"1657-567d5f9de2250" Vary Accept-Encoding X-Cache HIT from Backend Content-Type text/css Transfer-Encoding chunked X-Varnish 3319620 Connection keep-alive Content-Encoding gzip
GET H/1.1	200 OK	mbox.html Show response rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/ Frame 3C37	66 KB 15 KB	393ms 208ms	Script text/html	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/mbox.html Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `7d84bf023dfc822fbd7ccbb9163f275c37e1ebb8494bc8ff410263e61b871463` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Connection keep-alive Cache-Control no-cache Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:27 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 0 ETag W/"10795-567d5f9de1e68" Vary Accept-Encoding X-Cache HIT from Backend Content-Type text/html Transfer-Encoding chunked X-Varnish 4171446 Connection keep-alive Content-Encoding gzip
GET H/1.1	200 OK	event.html Show response rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/ Frame 3C37	66 KB 14 KB	411ms 206ms	Script text/html	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/event.html Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `119dbe7c3ef8081e614cccf553828e7f6bc1df6146c72f2b42c6b3134785d184` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Connection keep-alive Cache-Control no-cache Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:27 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 0 ETag W/"10793-567d5f9de1e68" Vary Accept-Encoding X-Cache HIT from Backend Content-Type text/html Transfer-Encoding chunked X-Varnish 4171449 Connection keep-alive Content-Encoding gzip
GET H/1.1	200 OK	Outlook_SISU%2520Refresh_Categories.jpg rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/ Frame 3C37	73 KB 71 KB	209ms 209ms	Image image/jpeg	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Show image Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/Outlook_SISU%2520Refresh_Categories.jpg Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `fbd15fefe70696585f957abcde5f8f9fc1025c92f4ae9fe7e6ad34aa9c68eb21` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Connection keep-alive Cache-Control no-cache Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:28 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 0 ETag W/"1235f-567d5f9de2250" Vary Accept-Encoding X-Cache HIT from Backend Content-Type image/jpeg Transfer-Encoding chunked X-Varnish 3053273 Connection keep-alive Content-Encoding gzip
GET H/1.1	200 OK	style_win8.css rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/ Frame 3C37	2 KB 786 B	375ms 208ms	Stylesheet text/css	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/style_win8.css Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `1201c9e70331fab3bfeaae83d453b392f35eeccc008f0674c30b74492e9b1fa0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/css,/;q=0.1 Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Connection keep-alive Cache-Control no-cache Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:27 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 0 ETag W/"656-567d5f9de2638" Vary Accept-Encoding X-Cache HIT from Backend Content-Type text/css Transfer-Encoding chunked X-Varnish 3319623 Connection keep-alive Content-Encoding gzip
GET H/1.1	200 OK	bk-coretag.html Show response rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/ Frame 3C37	66 KB 15 KB	205ms 204ms	Script text/html	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/bk-coretag.html Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `51e0fdb138d1deb4c7b20a929ff05e26487cced2e85ef7ac7138b887eefd742a` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Connection keep-alive Cache-Control no-cache Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:28 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 0 ETag W/"1079b-567d5f9de1a80" Vary Accept-Encoding X-Cache HIT from Backend Content-Type text/html Transfer-Encoding chunked X-Varnish 3319632 Connection keep-alive Content-Encoding gzip
GET H/1.1	200 OK	standard.html Show response rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/ Frame 3C37	66 KB 15 KB	204ms 204ms	Script text/html	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1_data/standard.html Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `e8f40330c15556bc3cd121bba06960a4182b74269a5a650b30ee60e6217aba8e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept / Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html Connection keep-alive Cache-Control no-cache Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US1.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:28 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 0 ETag W/"10796-567d5f9de2250" Vary Accept-Encoding X-Cache HIT from Backend Content-Type text/html Transfer-Encoding chunked X-Varnish 1958783 Connection keep-alive Content-Encoding gzip
GET H/1.1	200 OK	EN-US.html Show response rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/ Frame DB09	650 B 969 B	409ms 205ms	Document text/html	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US.html Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `42190c0863d79ee7a569267423afbb609c45ac02bfba9fc2f3110bbaf35f0da5` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html Connection keep-alive Cache-Control no-cache Upgrade-Insecure-Requests 1 Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification_Set-up.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:27 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 0 ETag "28a-567d5f9de1698" X-Cache HIT from Backend X-Varnish 3319617 Connection keep-alive Accept-Ranges bytes Content-Type text/html Content-Length 650
GET H/1.1	200 OK	header.html rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US_data/ Frame DB09	66 KB 14 KB	221ms 206ms	Stylesheet text/html	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US_data/header.html Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `3a3341d29b62fa529142bb8d0e83f75550a921d4ffaf49f7cb82d13eeb62a0e0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/css,/;q=0.1 Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US.html Connection keep-alive Cache-Control no-cache Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:27 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 0 ETag W/"10798-567d5f9de1698" Vary Accept-Encoding X-Cache HIT from Backend Content-Type text/html Transfer-Encoding chunked X-Varnish 3319626 Connection keep-alive Content-Encoding gzip
GET H/1.1	200 OK	logo_mail.png rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US_data/ Frame DB09	5 KB 5 KB	207ms 207ms	Image image/png	91.239.55.216 SAMANSYSTEMPARDAZ...
General Check archive.org Show headers Download Go to Show image Full URL http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US_data/logo_mail.png Requested by Host: rahiaft.ir URL: http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US.html Protocol HTTP/1.1 Server 91.239.55.216 , Iran, Islamic Republic Of, ASN59589 (SAMANSYSTEMPARDAZKISHCOMPANYLTD, IR), Reverse DNS Software nginx/1.12.2 / Resource Hash `6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host rahiaft.ir User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US.html Connection keep-alive Cache-Control no-cache Referer http://rahiaft.ir/actions/CB_BEATS_UPLOAD_DIR/File/Hotmail-New/Verification%20Set-up_files/EN-US.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 20 Mar 2018 13:41:28 GMT Via 1.1 varnish-v4 Last-Modified Tue, 20 Mar 2018 11:00:01 GMT Server nginx/1.12.2 Age 0 ETag W/"13f0-567d5f9de1698" Vary Accept-Encoding X-Cache HIT from Backend Content-Type image/png Transfer-Encoding chunked X-Varnish 4171452 Connection keep-alive Content-Encoding gzip

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| MM_findObj function| MM_validateForm

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

rahiaft.ir
tinyurl.im
104.219.248.81
91.239.55.216
119dbe7c3ef8081e614cccf553828e7f6bc1df6146c72f2b42c6b3134785d184
1201c9e70331fab3bfeaae83d453b392f35eeccc008f0674c30b74492e9b1fa0
3a3341d29b62fa529142bb8d0e83f75550a921d4ffaf49f7cb82d13eeb62a0e0
42190c0863d79ee7a569267423afbb609c45ac02bfba9fc2f3110bbaf35f0da5
4da5760cd9c320eaa086fb6a2fe84f1cdae4ab20a1c1109a35e7d3ac31d3b18d
51e0fdb138d1deb4c7b20a929ff05e26487cced2e85ef7ac7138b887eefd742a
6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b
7d84bf023dfc822fbd7ccbb9163f275c37e1ebb8494bc8ff410263e61b871463
a3847f5c1639622b89ac3ca48bab404a6ea5e84af1e7db0a783e14e22fe25590
a5e83ba42c839efb9f7c725b3148172cfad05bcff846bda457b80e15ced9d8ea
d54419ea535786304292eab15c8cd83dd727045e52c05c76324f9ddbfc0f9b2c
e8f40330c15556bc3cd121bba06960a4182b74269a5a650b30ee60e6217aba8e
f90a5583d32bfb95b3667da7d6e4e2192b482a99a49f11f612fb18a8dcb0d629
fbd15fefe70696585f957abcde5f8f9fc1025c92f4ae9fe7e6ad34aa9c68eb21

rahiaft.ir Open in urlscan Pro 91.239.55.216 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

162 kBTransfer

448 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

rahiaft.ir Open in urlscan Pro
91.239.55.216 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

162 kB
Transfer

448 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!