bamach.ir Open in urlscan Pro
162.55.242.139 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html
Submission: On September 01 via manual (September 1st 2022, 4:11:28 am UTC) from AU — Scanned from AU

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 19 HTTP transactions. The main IP is 162.55.242.139, located in Germany and belongs to HETZNER-AS, DE. The main domain is bamach.ir.
TLS certificate: Issued by R3 on August 8th 2022. Valid for: 3 months.

This is the only time bamach.ir was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Kiwibank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
19	162.55.242.139 162.55.242.139		24940 (HETZNER-AS) (HETZNER-AS)
19	1

19 162.55.242.139 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: mars.kongserver.com

bamach.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	bamach.ir bamach.ir	516 KB
19	1

	Domain	Requested by
19	bamach.ir	bamach.ir
19	1

This site contains no links.

Subject Issuer	Validity	Valid
bamach.ir R3	`2022-08-08` - `2022-11-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html
Frame ID: D6742B4ACC07FD92B598BFD130D1A44C
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login - Kiwibank Internet Banking

Detected technologies

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+name="__VIEWSTATE

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

516 kB
Transfer

664 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/	10 KB 4 KB	1871ms 405ms	Document text/html	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / Resource Hash `2799ed28dd707629f95514307aa58f4a5d07a2457c57b8869fe672182ca075b2` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000 content-encoding br content-length 4067 content-type text/html date Thu, 01 Sep 2022 04:11:19 GMT last-modified Sun, 10 Jul 2022 19:19:10 GMT vary Accept-Encoding
GET H2	404	ruxitagentjs_ICA2Vfgjqru_10243220606153550.js bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/	0 0	818ms 817ms	Script text/html	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/ruxitagentjs_ICA2Vfgjqru_10243220606153550.js Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / PHP/7.4.30 Resource Hash Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:20 GMT content-encoding br x-powered-by PHP/7.4.30 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://bamach.ir/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	css.css bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/	169 KB 33 KB	408ms 407ms	Stylesheet text/css	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / Resource Hash `980d323f8496fdf7a4c786c815cc1d29754faa08df717661fea659f35e5c378a` Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:20 GMT content-encoding br last-modified Sun, 10 Jul 2022 18:56:00 GMT vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 33656 expires Thu, 08 Sep 2022 04:11:20 GMT
GET H2	200	js Show response bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/	382 KB 382 KB	819ms 818ms	Script text/plain	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/js?v=yysZUf6xwHHbJbIxEvnS9svQUodCn-Un0IGAuzbCsQw1 Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / Resource Hash `9d04ee2940506448a76d77d9ed9d8c2014f881c0cd4b1c60dd5dd9239e0c4d7b` Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:20 GMT last-modified Sun, 10 Jul 2022 18:57:12 GMT accept-ranges bytes content-length 391411
GET H2	200	logo.png bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/	3 KB 3 KB	408ms 407ms	Image image/png	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/logo.png Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / Resource Hash `47f3a82c0fd4785efa18ca15b38c8db31c8a795debcf1da8e40d6e18a3a9f342` Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:22 GMT cache-control public, max-age=604800 last-modified Thu, 28 Apr 2022 08:55:56 GMT accept-ranges bytes content-type image/png content-length 2987 expires Thu, 08 Sep 2022 04:11:22 GMT
GET H2	404	ScriptResource.axd bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/	0 0	809ms 809ms	Script text/html	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/ScriptResource.axd?d=3xF-5tm2busLnaj-Gn7p2MlgJSg3qBoHkjJ40p2ZE4rZmOWj4nnoNElmN9rvY8EGKbdwHlD4t0X2jcexR4BejN6O4aDIRwUymtJhY-34sTAS_PSxvwWeKbuSqftsfEgR0ADUl8Cgjcf-coj56RxgBE7lRgfd6WEDgWy0A0-PM4vRMFl3cuWfYcXn_Ar9hLnJURpLHutnSWVeB8nd8gvZbBm6TxQey1Z9gPqIAvPuHiioqgNSGqRlb9UH0cJ4sQ9ux-KbplxenxvOgOlMxEfD30kpKykh-BZxrBo0jxturgGww8yHnrwR0zVPNaWNeFjasJ2Uw6i1fEgjDwLmy99LyKdXGSStRFFeqHh21-8oEWPEIAFdKifABNTc2OW-LAYDkcTWtKgifQ3UznejUid8zDfYEWUpS8apHi6lSLfm1oaGrVuGtIqjnLeG8EzZXB6138PTlpnNOCf6iapDPn6jgB3iZdUSAQr0xAgGRMYYd6ceQTvzaNxSRZbpm0k-J3wuwB5s77ZDwgnzqZPkMNP12imZf2Nd6y1SxNmPez-b7e6nMQXyaqZG9fq-KakL6p7g4QB90joOIXaXVwieRyNgpI7i4lEoqoOUdeWCh_p7bi2lUdvCYWixk5CI_Rc3-W9PnRgZW7YY1hJtrCkkZwVH0JdWvi_9l3kvWEW_m1XhcuCIRfvEwnzq2WuQzTZR4sbSBN_4Lpl_OejTV6hCO3-iIHhANIoFjjf4IodqbV6CYa4H4wBNNgwFt6ouo9ITw3pqLz_PKxtCLLvpK4QpsTsMt4aQEbWrD3oSf2G2SEh4kYI1 Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / PHP/7.4.30 Resource Hash Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:21 GMT content-encoding br x-powered-by PHP/7.4.30 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://bamach.ir/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	icon_ms_error.gif bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/images/	1 KB 1 KB	410ms 407ms	Image image/gif	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/images/icon_ms_error.gif Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / Resource Hash `a9abd4099befa1bd1fbe1d91fc80824e6ad8310880b2ff31bb0e1de32354b7c6` Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:22 GMT cache-control public, max-age=604800 last-modified Tue, 25 May 2021 23:14:48 GMT accept-ranges bytes content-type image/gif content-length 1290 expires Thu, 08 Sep 2022 04:11:22 GMT
GET H2	404	image.js bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/	0 0	806ms 806ms	Script text/html	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/image.js Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / PHP/7.4.30 Resource Hash Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:21 GMT content-encoding br x-powered-by PHP/7.4.30 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://bamach.ir/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	fraudwatch-logo-266.png bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/images/	5 KB 5 KB	412ms 410ms	Image image/png	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/images/fraudwatch-logo-266.png Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / Resource Hash `ee3bf2d2a5d05593b1ecafe7016f418c354811023d5827a2930e1fc61b8fc818` Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:22 GMT cache-control public, max-age=604800 last-modified Tue, 25 May 2021 23:14:48 GMT accept-ranges bytes content-type image/png content-length 5476 expires Thu, 08 Sep 2022 04:11:22 GMT
GET H2	404	Em5PAUY bamach.ir/dg-qz/fvWG/m4eZ/UJ/yBhEQ/c3YaSrfL/XgtkODEzAw/BA9z/	0 0	407ms 406ms	Script text/html	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://bamach.ir/dg-qz/fvWG/m4eZ/UJ/yBhEQ/c3YaSrfL/XgtkODEzAw/BA9z/Em5PAUY Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / PHP/7.4.30 Resource Hash Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:22 GMT content-encoding br x-powered-by PHP/7.4.30 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://bamach.ir/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	print.css bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/css/	1 KB 596 B	413ms 412ms	Stylesheet text/css	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/css/print.css Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / Resource Hash `26cddcc92ab70832e9f9452bacc3f36a110b24ef573967921da05d4eb7a82c4f` Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:22 GMT content-encoding br last-modified Thu, 28 Apr 2022 08:55:56 GMT vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 540 expires Thu, 08 Sep 2022 04:11:22 GMT
GET H2	200	index.html Show response bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/	10 KB 4 KB	413ms 411ms	Script text/html	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / Resource Hash `2799ed28dd707629f95514307aa58f4a5d07a2457c57b8869fe672182ca075b2` Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:22 GMT content-encoding br last-modified Sun, 10 Jul 2022 19:19:10 GMT accept-ranges bytes content-length 4067 vary Accept-Encoding content-type text/html
GET H2	200	media.css bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/css/	1 KB 481 B	413ms 412ms	Stylesheet text/css	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/css/media.css Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / Resource Hash `11acca568c42cc3abec4cf4e12b3f5eab4dc7193ccdeec53561c159df088fb9f` Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:22 GMT content-encoding br last-modified Thu, 28 Apr 2022 08:55:56 GMT vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 448 expires Thu, 08 Sep 2022 04:11:22 GMT
GET H2	404	bg-block-header-light.png bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/	20 KB 20 KB	410ms 410ms	Image text/html	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/bg-block-header-light.png Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / PHP/7.4.30 Resource Hash `90c7e8a3b201a7f112790694c827aed5b81a4e08ffdfb45565c222d6e2ed80d6` Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:22 GMT content-encoding br x-powered-by PHP/7.4.30 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://bamach.ir/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	bg-padlock-sprite.png bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/	20 KB 20 KB	408ms 406ms	Image text/html	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/bg-padlock-sprite.png Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / PHP/7.4.30 Resource Hash `abbcd0a21370cbb8bd7d9290e20aa1c5aa0955302ae1aba3a8f749d8bb8038fd` Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:22 GMT content-encoding br x-powered-by PHP/7.4.30 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://bamach.ir/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	button-bg-round.png bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/	20 KB 20 KB	774ms 772ms	Image text/html	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/button-bg-round.png?nocache=1 Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / PHP/7.4.30 Resource Hash `abbcd0a21370cbb8bd7d9290e20aa1c5aa0955302ae1aba3a8f749d8bb8038fd` Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:23 GMT content-encoding br x-powered-by PHP/7.4.30 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://bamach.ir/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	arrow-blue-sm-right.gif bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/	20 KB 20 KB	774ms 773ms	Image text/html	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/arrow-blue-sm-right.gif Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / PHP/7.4.30 Resource Hash `abbcd0a21370cbb8bd7d9290e20aa1c5aa0955302ae1aba3a8f749d8bb8038fd` Request headers accept-language en-AU,en;q=0.9 Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:23 GMT content-encoding br x-powered-by PHP/7.4.30 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://bamach.ir/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	geograph-medium.woff2 bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/fonts/kiwibank/	0 0	407ms 407ms	Font text/html	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/fonts/kiwibank/geograph-medium.woff2 Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / PHP/7.4.30 Resource Hash Request headers Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 Origin https://bamach.ir accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:22 GMT content-encoding br x-powered-by PHP/7.4.30 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://bamach.ir/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	geograph-regular.woff2 bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/fonts/kiwibank/	0 0	754ms 753ms	Font text/html	162.55.242.139 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/fonts/kiwibank/geograph-regular.woff2 Requested by Host: bamach.ir URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.55.242.139 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mars.kongserver.com Software / PHP/7.4.30 Resource Hash Request headers Referer https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/bundling/css.css?v=YyyKQqtEQiTzjdDFrydOkJiO5J_aGuYeUAPZdLtGx2k1 Origin https://bamach.ir accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36 Response headers date Thu, 01 Sep 2022 04:11:23 GMT content-encoding br x-powered-by PHP/7.4.30 x-litespeed-cache hit vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://bamach.ir/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Kiwibank (Banking)

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/ruxitagentjs_ICA2Vfgjqru_10243220606153550.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/ScriptResource.axd?d=3xF-5tm2busLnaj-Gn7p2MlgJSg3qBoHkjJ40p2ZE4rZmOWj4nnoNElmN9rvY8EGKbdwHlD4t0X2jcexR4BejN6O4aDIRwUymtJhY-34sTAS_PSxvwWeKbuSqftsfEgR0ADUl8Cgjcf-coj56RxgBE7lRgfd6WEDgWy0A0-PM4vRMFl3cuWfYcXn_Ar9hLnJURpLHutnSWVeB8nd8gvZbBm6TxQey1Z9gPqIAvPuHiioqgNSGqRlb9UH0cJ4sQ9ux-KbplxenxvOgOlMxEfD30kpKykh-BZxrBo0jxturgGww8yHnrwR0zVPNaWNeFjasJ2Uw6i1fEgjDwLmy99LyKdXGSStRFFeqHh21-8oEWPEIAFdKifABNTc2OW-LAYDkcTWtKgifQ3UznejUid8zDfYEWUpS8apHi6lSLfm1oaGrVuGtIqjnLeG8EzZXB6138PTlpnNOCf6iapDPn6jgB3iZdUSAQr0xAgGRMYYd6ceQTvzaNxSRZbpm0k-J3wuwB5s77ZDwgnzqZPkMNP12imZf2Nd6y1SxNmPez-b7e6nMQXyaqZG9fq-KakL6p7g4QB90joOIXaXVwieRyNgpI7i4lEoqoOUdeWCh_p7bi2lUdvCYWixk5CI_Rc3-W9PnRgZW7YY1hJtrCkkZwVH0JdWvi_9l3kvWEW_m1XhcuCIRfvEwnzq2WuQzTZR4sbSBN_4Lpl_OejTV6hCO3-iIHhANIoFjjf4IodqbV6CYa4H4wBNNgwFt6ouo9ITw3pqLz_PKxtCLLvpK4QpsTsMt4aQEbWrD3oSf2G2SEh4kYI1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/image.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bamach.ir/dg-qz/fvWG/m4eZ/UJ/yBhEQ/c3YaSrfL/XgtkODEzAw/BA9z/Em5PAUY Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/bg-block-header-light.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/bg-padlock-sprite.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/fonts/kiwibank/geograph-medium.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/fonts/kiwibank/geograph-regular.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/button-bg-round.png?nocache=1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bamach.ir/souch/login/IR%20revenue/NEW%20KIWI/new/images/arrow-blue-sm-right.gif Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bamach.ir
162.55.242.139
11acca568c42cc3abec4cf4e12b3f5eab4dc7193ccdeec53561c159df088fb9f
26cddcc92ab70832e9f9452bacc3f36a110b24ef573967921da05d4eb7a82c4f
2799ed28dd707629f95514307aa58f4a5d07a2457c57b8869fe672182ca075b2
47f3a82c0fd4785efa18ca15b38c8db31c8a795debcf1da8e40d6e18a3a9f342
90c7e8a3b201a7f112790694c827aed5b81a4e08ffdfb45565c222d6e2ed80d6
980d323f8496fdf7a4c786c815cc1d29754faa08df717661fea659f35e5c378a
9d04ee2940506448a76d77d9ed9d8c2014f881c0cd4b1c60dd5dd9239e0c4d7b
a9abd4099befa1bd1fbe1d91fc80824e6ad8310880b2ff31bb0e1de32354b7c6
abbcd0a21370cbb8bd7d9290e20aa1c5aa0955302ae1aba3a8f749d8bb8038fd
ee3bf2d2a5d05593b1ecafe7016f418c354811023d5827a2930e1fc61b8fc818

bamach.ir Open in urlscan Pro 162.55.242.139 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

516 kBTransfer

664 kBSize

0 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

48 JavaScript Global Variables

0 Cookies

10 Console Messages

Indicators

bamach.ir Open in urlscan Pro
162.55.242.139 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

516 kB
Transfer

664 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!