Sponsored by

m.fb-reattend-wvjpqzsota.bostan-city.ir
185.55.227.78  Malicious Activity!

Go To Report
URL: http://m.fb-reattend-wvjpqzsota.bostan-city.ir/
Tags: phishing malicious
Submission: On January 14 via api from HK
 Behaviour IoCs
Similar DOM Content API

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 3 HTTP transactions.
The main IP is 185.55.227.78, located in Iran, Islamic Republic Of and belongs to SERVERPARS, IR. The main domain is m.fb-reattend-wvjpqzsota.bostan-city.ir.
The main domain was scanned 3 times on urlscan.io Show Scans 3

Verdict: Malicious (Score: 100/100) Show Details

  • urlscan - Score: 100
    phishing
    Phishing against Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
2 185.55.227.78 201999 (SERVERPARS)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
3 2
Domain
Subdomains		 Transfer
2 bostan-city.ir
17 KB
1 bootstrapcdn.com
20 KB
3 2
Domain Requested by
2 m.fb-reattend-wvjpqzsota.bostan-city.ir m.fb-reattend-wvjpqzsota.bostan-city.ir
1 maxcdn.bootstrapcdn.com m.fb-reattend-wvjpqzsota.bostan-city.ir
3 2

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2019-09-14 -
2020-10-13		 a year

Screenshot
Live screenshot
Full Image

Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Web
Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
818 B
744 B 		Document
General
Check archive.org
Download Go to
Full URL
http://m.fb-reattend-wvjpqzsota.bostan-city.ir/
Protocol
HTTP/1.1
Server
185.55.227.78 , Iran, Islamic Republic Of, ASN201999 (SERVERPARS, IR),
Reverse DNS
irs4.dnswebhost.com
Software
LiteSpeed /
Resource Hash
91b7fc46561fd3afb1132287e406fa0c5009a9b82af55743ced1f73584f007f0

Request headers

Host
m.fb-reattend-wvjpqzsota.bostan-city.ir
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Content-Length
537
Content-Encoding
gzip
Vary
Accept-Encoding
Date
Tue, 14 Jan 2020 16:57:05 GMT
Server
LiteSpeed
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Requested by
Host: m.fb-reattend-wvjpqzsota.bostan-city.ir
URL: http://m.fb-reattend-wvjpqzsota.bostan-city.ir/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
/
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
http://m.fb-reattend-wvjpqzsota.bostan-city.ir/
Origin
http://m.fb-reattend-wvjpqzsota.bostan-city.ir

Response headers

date
Tue, 14 Jan 2020 16:57:04 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:34:07 GMT
access-control-allow-origin
*
etag
"1544639647"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
19740
logo.png
16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://m.fb-reattend-wvjpqzsota.bostan-city.ir/logo.png
Requested by
Host: m.fb-reattend-wvjpqzsota.bostan-city.ir
URL: http://m.fb-reattend-wvjpqzsota.bostan-city.ir/
Protocol
HTTP/1.1
Server
185.55.227.78 , Iran, Islamic Republic Of, ASN201999 (SERVERPARS, IR),
Reverse DNS
irs4.dnswebhost.com
Software
LiteSpeed /
Resource Hash
7df647be0675552935e31b7fc9facdbe3185c5fa96bba1c0a51a9d74961f3d9c

Request headers

Referer
http://m.fb-reattend-wvjpqzsota.bostan-city.ir/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Tue, 14 Jan 2020 16:57:05 GMT
Last-Modified
Sat, 10 Jun 2017 08:05:04 GMT
Server
LiteSpeed
Content-Type
image/png
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
16069
Expires
Tue, 21 Jan 2020 16:57:05 GMT

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan - Score: 100

Categories:
phishing

Tags:
phishing

Phishing against: Facebook (Social Network)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies