touchread-42023209.dr9.ir Open in urlscan Pro
176.9.248.116 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087
Submission: On September 25 via automatic, source openphish (September 25th 2020, 1:42:22 am UTC)

Summary HTTP 14 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 176.9.248.116, located in Germany and belongs to HETZNER-AS, DE. The main domain is touchread-42023209.dr9.ir.
TLS certificate: Issued by *.dr9.ir on September 21st 2020. Valid for: a year.

This is the only time touchread-42023209.dr9.ir was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address		AS Autonomous System
12	176.9.248.116 176.9.248.116		24940 (HETZNER-AS) (HETZNER-AS)
14	2

12 176.9.248.116 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.116.248.9.176.clients.your-server.de

touchread-42023209.dr9.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	dr9.ir touchread-42023209.dr9.ir	799 KB
0	Failed function sub() { [native code] }. Failed
14	2

	Domain	Requested by
12	touchread-42023209.dr9.ir	touchread-42023209.dr9.ir
0	static.xx.localhost Failed	touchread-42023209.dr9.ir
14	2

This site contains links to these domains. Also see Links.

Domain
m.localhost

Subject Issuer	Validity	Valid
.dr9.ir .dr9.ir	`2020-09-21` - `2021-09-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087
Frame ID: 431868719D1DE8797F2024D939C1A7A2
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

14
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

799 kB
Transfer

796 kB
Size

0
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://m.localhost/click.php?redir_url=http%3A%2F%2Fitunes.apple.com%2Fapp%2Ffacebook%2Fid284882215%3Freferrer_params%255Blink_source%255D%3Dfb_app_banner&app_id=6628568379&cref=mb&no_fw=1&refid=8
Title: Dear Facebook user, In order to confirm that you are the owner of the account, you need to login before viewing the next page.

Search URL Search Domain Scan URL

URL: https://m.localhost/?refsrc=https%3A%2F%2Fwww.localhost%2F&_rdr
Title: HIDESHOW

Search URL Search Domain Scan URL

URL: https://m.localhost/recover/initiate/?c=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&r&cuid&ars=facebook_login&lwv=100&refid=8
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://m.localhost/help/?refid=8
Title: Help Center

Search URL Search Domain Scan URL

URL: https://m.localhost/a/language.php?l=fr_FR&lref=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&gfid=AQAfz1GsSdITzdlh&refid=8
Title: Français (France)

Search URL Search Domain Scan URL

URL: https://m.localhost/a/language.php?l=pt_BR&lref=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&gfid=AQB4Pu7UbdyQ3zpF&refid=8
Title: Português (Brasil)

Search URL Search Domain Scan URL

URL: https://m.localhost/a/language.php?l=it_IT&lref=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&gfid=AQB0WOe6C7aDibME&refid=8
Title: Italiano

Search URL Search Domain Scan URL

URL: https://m.localhost/a/language.php?l=es_LA&lref=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&gfid=AQAKqJ0vZCJqEqvL&refid=8
Title: Español

Search URL Search Domain Scan URL

URL: https://m.localhost/a/language.php?l=zh_CN&lref=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&gfid=AQC0u6DsZuvcGn-D&refid=8
Title: -(S)

Search URL Search Domain Scan URL

URL: https://m.localhost/a/language.php?l=de_DE&lref=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&gfid=AQCHkms1QZd-ub9k&refid=8
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://m.localhost/language.php?n=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&refid=8
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/g7ALbzcD4QX.png HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=326331565 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=683612812 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=471563604 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=263451846 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=447001506 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=465413301 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=805048728 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=577233616 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=347729310 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=918540890 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=507754148 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=72479445 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=696828826 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=371324223 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=536819201 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=439365372 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=430026394 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=347415748 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=711824899 HTTP 302
https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=974204417

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request view-signin.php Show response touchread-42023209.dr9.ir/	64 KB 64 KB	121ms 36ms	Document text/html	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `b2d53198aa6b172f9ffc9d06f479df2093ca6e8c15300341c7d2f59eed05e929` Request headers Host touchread-42023209.dr9.ir Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:06 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	1lAJOLtLdeb.css touchread-42023209.dr9.ir/assets/	70 KB 70 KB	36ms 35ms	Stylesheet text/css	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-42023209.dr9.ir/assets/1lAJOLtLdeb.css Requested by Host: touchread-42023209.dr9.ir URL: https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `141fbafd624b7cf0bd48743b37592085bb0a3826ccee840b5b4240c7efe292ae` Request headers Referer https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:06 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 71825
GET H/1.1	200 OK	gz9zi6TXAAz.css touchread-42023209.dr9.ir/assets/	14 KB 15 KB	90ms 35ms	Stylesheet text/css	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-42023209.dr9.ir/assets/gz9zi6TXAAz.css Requested by Host: touchread-42023209.dr9.ir URL: https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `df63f47eea20a36b131b335b27c292eca8f68ed6e0078790f8e12f5087013716` Request headers Referer https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:06 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 14808
GET H/1.1	200 OK	B05Ffn_U4pr.js.download Show response touchread-42023209.dr9.ir/assets/	424 KB 425 KB	105ms 35ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-42023209.dr9.ir/assets/B05Ffn_U4pr.js.download Requested by Host: touchread-42023209.dr9.ir URL: https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `e36e4ba87f29b3548b1fae26869a880441d3067016f270c0b1b31a50df24b142` Request headers Referer https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:06 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 434649
GET H/1.1	200 OK	lNkwgIElMeK.js.download Show response touchread-42023209.dr9.ir/assets/	26 KB 27 KB	36ms 35ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-42023209.dr9.ir/assets/lNkwgIElMeK.js.download Requested by Host: touchread-42023209.dr9.ir URL: https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `dbe69249539258b5412f3b8c189acc547932b6950522a1bfb3cde2ea47a62ac7` Request headers Referer https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:06 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 26984
GET H/1.1	200 OK	GX-TmQaLZwt.js.download Show response touchread-42023209.dr9.ir/assets/	6 KB 6 KB	35ms 35ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-42023209.dr9.ir/assets/GX-TmQaLZwt.js.download Requested by Host: touchread-42023209.dr9.ir URL: https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `97c2f776cd3271f9bdcfdab535cb451eb98787a518ca042fdb4538ef7c4a5bce` Request headers Referer https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:06 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 6276
GET H/1.1	200 OK	wpBRVxT0Efr.js.download Show response touchread-42023209.dr9.ir/assets/	40 KB 40 KB	35ms 35ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-42023209.dr9.ir/assets/wpBRVxT0Efr.js.download Requested by Host: touchread-42023209.dr9.ir URL: https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `a24ab5896536e8c46b1ff26e7e43d700de010825f84415162649788ad57514cb` Request headers Referer https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:06 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 40700
GET H/1.1	200 OK	5O6-v-7lVAj.js.download Show response touchread-42023209.dr9.ir/assets/	60 KB 60 KB	36ms 35ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-42023209.dr9.ir/assets/5O6-v-7lVAj.js.download Requested by Host: touchread-42023209.dr9.ir URL: https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `e3afa496540d31309ea2841f0acb66264aebabd78e8baf33cb585b313b49115b` Request headers Referer https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:06 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 61195
GET H/1.1	200 OK	KrnilTrdi-c.js.download Show response touchread-42023209.dr9.ir/assets/	84 KB 84 KB	37ms 36ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-42023209.dr9.ir/assets/KrnilTrdi-c.js.download Requested by Host: touchread-42023209.dr9.ir URL: https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `268d28844cd23d57be145f1ddcff35f80ed10cd54ed71d48e4936d1dbd80b950` Request headers Referer https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:06 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 85666
GET H/1.1	200 OK	lpanLWBpNMl.js.download Show response touchread-42023209.dr9.ir/assets/	7 KB 7 KB	36ms 35ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-42023209.dr9.ir/assets/lpanLWBpNMl.js.download Requested by Host: touchread-42023209.dr9.ir URL: https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `18471ab4efff7eb054f91a6792c4d7af64e8621bbeeb2e2a70d0e9f467e64f17` Request headers Referer https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:06 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7069
GET H/1.1	200 OK	logo.png touchread-42023209.dr9.ir/assets/	809 B 1 KB	52ms 35ms	Image image/png	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://touchread-42023209.dr9.ir/assets/logo.png Requested by Host: touchread-42023209.dr9.ir URL: https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `e0ff2e0f45b6ac64540fe750795196238188e4e3a5ae9138318dd555b23a2eae` Request headers Referer https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:06 GMT Last-Modified Wed, 01 Feb 2017 16:26:32 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 809
GET H/1.1	200 OK	hsts-pixel.gif touchread-42023209.dr9.ir/assets/	43 B 283 B	72ms 35ms	Image image/gif	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://touchread-42023209.dr9.ir/assets/hsts-pixel.gif Requested by Host: touchread-42023209.dr9.ir URL: https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87` Request headers Referer https://touchread-42023209.dr9.ir/view-signin.php?facebook_com=&mUniqueID=93676087 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:06 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 43
GET		pSbzxdA_VVZ.png static.xx.localhost/rsrc.php/v3/yT/r/	0 0

GET		view-signin.php touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/ Redirect Chain https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/g7ALbzcD4QX.png https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=326331565 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=683612812 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=471563604 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=263451846 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=447001506 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=465413301 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=805048728 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=577233616 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=347729310 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=918540890 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=507754148 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=72479445 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=696828826 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=371324223 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=536819201 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=439365372 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=430026394 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=347415748 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=711824899 https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=974204417	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: static.xx.localhost
URL: https://static.xx.localhost/rsrc.php/v3/yT/r/pSbzxdA_VVZ.png

Domain: touchread-42023209.dr9.ir
URL: https://touchread-42023209.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=974204417

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

static.xx.localhost
touchread-42023209.dr9.ir
static.xx.localhost
touchread-42023209.dr9.ir
176.9.248.116
141fbafd624b7cf0bd48743b37592085bb0a3826ccee840b5b4240c7efe292ae
18471ab4efff7eb054f91a6792c4d7af64e8621bbeeb2e2a70d0e9f467e64f17
268d28844cd23d57be145f1ddcff35f80ed10cd54ed71d48e4936d1dbd80b950
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
97c2f776cd3271f9bdcfdab535cb451eb98787a518ca042fdb4538ef7c4a5bce
a24ab5896536e8c46b1ff26e7e43d700de010825f84415162649788ad57514cb
b2d53198aa6b172f9ffc9d06f479df2093ca6e8c15300341c7d2f59eed05e929
dbe69249539258b5412f3b8c189acc547932b6950522a1bfb3cde2ea47a62ac7
df63f47eea20a36b131b335b27c292eca8f68ed6e0078790f8e12f5087013716
e0ff2e0f45b6ac64540fe750795196238188e4e3a5ae9138318dd555b23a2eae
e36e4ba87f29b3548b1fae26869a880441d3067016f270c0b1b31a50df24b142
e3afa496540d31309ea2841f0acb66264aebabd78e8baf33cb585b313b49115b

touchread-42023209.dr9.ir Open in urlscan Pro 176.9.248.116 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

799 kBTransfer

796 kBSize

0 Cookies

11 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

0 Cookies

Indicators

touchread-42023209.dr9.ir Open in urlscan Pro
176.9.248.116 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

799 kB
Transfer

796 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!