plex.ir Open in urlscan Pro
66.49.211.245 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://plex.ir/work/offset/index.php
Submission: On February 08 via automatic, source phishtank (February 8th 2017, 10:04:32 pm UTC)

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 66.49.211.245, located in Mississauga, Canada and belongs to CANACA-210 - Canaca-com Inc., CA. The main domain is plex.ir.

This is the only time plex.ir was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address		AS Autonomous System
10	66.49.211.245 66.49.211.245		33139 (CANACA-210) (CANACA-210 - Canaca-com Inc.)
10	1

10 66.49.211.245 (Mississauga, Canada)

ASN33139 (CANACA-210 - Canaca-com Inc., CA)
PTR: rslrs1-server.com

plex.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	plex.ir plex.ir	124 KB
10	1

	Domain	Requested by
10	plex.ir	plex.ir
10	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://plex.ir/work/offset/index.php
Frame ID: 18619.1
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

124 kB
Transfer

124 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.php Show response plex.ir/work/offset/	4 KB 4 KB	241ms 134ms	Document text/html	66.49.211.245 Canaca-com Inc.
General Check archive.org Show headers Download Go to Full URL http://plex.ir/work/offset/index.php Protocol HTTP/1.1 Server 66.49.211.245 Mississauga, Canada, ASN33139 (CANACA-210 - Canaca-com Inc., CA), Reverse DNS rslrs1-server.com Software Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash `00949de5c8d8cad94d87c52173c414467a5af6ee14adb8c8bf731b815058c626` Request headers Accept-Encoding gzip, deflate, sdch Upgrade-Insecure-Requests 1 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Connection keep-alive Pragma no-cache Host plex.ir Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Wed, 08 Feb 2017 22:04:24 GMT Server Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Connection close Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	Yeeeee.png plex.ir/work/offset/index_files/	12 KB 12 KB	215ms 107ms	Image image/png	66.49.211.245 Canaca-com Inc.
General Check archive.org Show headers Download Go to Show image Full URL http://plex.ir/work/offset/index_files/Yeeeee.png Requested by Host: plex.ir URL: http://plex.ir/work/offset/index.php Protocol HTTP/1.1 Server 66.49.211.245 Mississauga, Canada, ASN33139 (CANACA-210 - Canaca-com Inc., CA), Reverse DNS rslrs1-server.com Software Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash `aae9427772915e3e3de52143e13ac146a51fb544d5de5b2588914c47052aea4e` Request headers Accept image/webp,image/,/;q=0.8 Connection* keep-alive Cache-Control no-cache Pragma no-cache Accept-Encoding gzip, deflate, sdch User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Referer http://plex.ir/work/offset/index.php Host plex.ir Accept-Language en-US,en;q=0.8 Referer http://plex.ir/work/offset/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Connection close Accept-Ranges bytes Content-Length 12138 Date Wed, 08 Feb 2017 22:04:24 GMT Last-Modified Wed, 13 Jan 2016 16:09:32 GMT Server Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 ETag "300528240-2f6a-52939653e2700" Content-Type image/png
GET H/1.1	200 OK	jawel.jpg plex.ir/work/offset/index_files/	56 KB 56 KB	214ms 107ms	Image image/jpeg	66.49.211.245 Canaca-com Inc.
General Check archive.org Show headers Download Go to Show image Full URL http://plex.ir/work/offset/index_files/jawel.jpg Requested by Host: plex.ir URL: http://plex.ir/work/offset/index.php Protocol HTTP/1.1 Server 66.49.211.245 Mississauga, Canada, ASN33139 (CANACA-210 - Canaca-com Inc., CA), Reverse DNS rslrs1-server.com Software Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash `dc94aaf96d63f181bd1770b5cadc724e3df64981a386f1529e48396982a75737` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Referer http://plex.ir/work/offset/index.php Connection keep-alive Cache-Control no-cache Host plex.ir Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://plex.ir/work/offset/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Connection close Accept-Ranges bytes Content-Length 57750 Date Wed, 08 Feb 2017 22:04:24 GMT Last-Modified Mon, 30 Nov 2015 08:23:30 GMT Server Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 ETag "300528090-e196-525bdc18f6480" Content-Type image/jpeg
GET H/1.1	200 OK	Y001.jpg plex.ir/work/offset/index_files/	4 KB 4 KB	218ms 111ms	Image image/jpeg	66.49.211.245 Canaca-com Inc.
General Check archive.org Show headers Download Go to Show image Full URL http://plex.ir/work/offset/index_files/Y001.jpg Requested by Host: plex.ir URL: http://plex.ir/work/offset/index.php Protocol HTTP/1.1 Server 66.49.211.245 Mississauga, Canada, ASN33139 (CANACA-210 - Canaca-com Inc., CA), Reverse DNS rslrs1-server.com Software Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash `28059df789e89e3305a324661ef47ea3a6ab446829c24936b1569278a0b10ed7` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Pragma no-cache Accept-Encoding gzip, deflate, sdch Host plex.ir Accept-Language en-US,en;q=0.8 Accept image/webp,image/,/;q=0.8 Referer* http://plex.ir/work/offset/index.php Connection keep-alive Cache-Control no-cache Referer http://plex.ir/work/offset/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Content-Type image/jpeg Connection close Accept-Ranges bytes Content-Length 3701 Date Wed, 08 Feb 2017 22:04:24 GMT Last-Modified Mon, 02 Nov 2015 07:42:20 GMT Server Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 ETag "30052808e-e75-52389eac7af00"
GET H/1.1	200 OK	G001.jpg plex.ir/work/offset/index_files/	6 KB 6 KB	218ms 111ms	Image image/jpeg	66.49.211.245 Canaca-com Inc.
General Check archive.org Show headers Download Go to Show image Full URL http://plex.ir/work/offset/index_files/G001.jpg Requested by Host: plex.ir URL: http://plex.ir/work/offset/index.php Protocol HTTP/1.1 Server 66.49.211.245 Mississauga, Canada, ASN33139 (CANACA-210 - Canaca-com Inc., CA), Reverse DNS rslrs1-server.com Software Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash `1f10de94a38fbaba99f61a9fe881edab7836c1acc16823efbcd0b2ba5bb0a662` Request headers Host plex.ir Accept-Language en-US,en;q=0.8 Referer http://plex.ir/work/offset/index.php Connection keep-alive Cache-Control no-cache Pragma no-cache Accept-Encoding gzip, deflate, sdch User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://plex.ir/work/offset/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers ETag "30052808b-1628-5238ac085b380" Content-Type image/jpeg Connection close Accept-Ranges bytes Content-Length 5672 Date Wed, 08 Feb 2017 22:04:24 GMT Last-Modified Mon, 02 Nov 2015 08:42:06 GMT Server Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
GET H/1.1	200 OK	H001.jpg plex.ir/work/offset/index_files/	5 KB 5 KB	433ms 113ms	Image image/jpeg	66.49.211.245 Canaca-com Inc.
General Check archive.org Show headers Download Go to Show image Full URL http://plex.ir/work/offset/index_files/H001.jpg Requested by Host: plex.ir URL: http://plex.ir/work/offset/index.php Protocol HTTP/1.1 Server 66.49.211.245 Mississauga, Canada, ASN33139 (CANACA-210 - Canaca-com Inc., CA), Reverse DNS rslrs1-server.com Software Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash `1907f5bdf42b7e1836323d73a6f21bc49d60344a93e87b94132c267256d56dc1` Request headers Accept-Encoding gzip, deflate, sdch Host plex.ir Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://plex.ir/work/offset/index.php Cache-Control no-cache Pragma no-cache Connection keep-alive Referer http://plex.ir/work/offset/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Connection close Accept-Ranges bytes Content-Length 5051 Date Wed, 08 Feb 2017 22:04:25 GMT Last-Modified Mon, 02 Nov 2015 07:42:38 GMT Server Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 ETag "300528094-13bb-52389ebda5780" Content-Type image/jpeg
GET H/1.1	200 OK	A001.jpg plex.ir/work/offset/index_files/	4 KB 4 KB	433ms 110ms	Image image/jpeg	66.49.211.245 Canaca-com Inc.
General Check archive.org Show headers Download Go to Show image Full URL http://plex.ir/work/offset/index_files/A001.jpg Requested by Host: plex.ir URL: http://plex.ir/work/offset/index.php Protocol HTTP/1.1 Server 66.49.211.245 Mississauga, Canada, ASN33139 (CANACA-210 - Canaca-com Inc., CA), Reverse DNS rslrs1-server.com Software Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash `60693fd8ecf9a0b9ce9d352b0ec96b550e67696f8f9fc549c1fc1bc1bc823291` Request headers Accept image/webp,image/,/;q=0.8 User-Agent* Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept-Encoding gzip, deflate, sdch Host plex.ir Accept-Language en-US,en;q=0.8 Referer http://plex.ir/work/offset/index.php Connection keep-alive Cache-Control no-cache Pragma no-cache Referer http://plex.ir/work/offset/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Accept-Ranges bytes Content-Length 4001 Date Wed, 08 Feb 2017 22:04:25 GMT Last-Modified Mon, 07 Dec 2015 02:08:50 GMT Server Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 ETag "300528095-fa1-5264556897080" Content-Type image/jpeg Connection close
GET H/1.1	200 OK	O001.jpg plex.ir/work/offset/index_files/	2 KB 2 KB	214ms 111ms	Image image/jpeg	66.49.211.245 Canaca-com Inc.
General Check archive.org Show headers Download Go to Show image Full URL http://plex.ir/work/offset/index_files/O001.jpg Requested by Host: plex.ir URL: http://plex.ir/work/offset/index.php Protocol HTTP/1.1 Server 66.49.211.245 Mississauga, Canada, ASN33139 (CANACA-210 - Canaca-com Inc., CA), Reverse DNS rslrs1-server.com Software Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash `3e543cce18b7844ac9dedf6e30d988dca45b543208a870f775c7fe16fd796a9b` Request headers Accept-Encoding gzip, deflate, sdch Host plex.ir Accept image/webp,image/,/;q=0.8 Pragma* no-cache Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Referer http://plex.ir/work/offset/index.php Connection keep-alive Cache-Control no-cache Referer http://plex.ir/work/offset/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Accept-Ranges bytes Content-Length 1693 Date Wed, 08 Feb 2017 22:04:24 GMT Last-Modified Thu, 19 Nov 2015 12:20:02 GMT Server Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 ETag "30052808c-69d-524e3c7370080" Content-Type image/jpeg Connection close
GET H/1.1	200 OK	logo_strip_2x.png plex.ir/work/offset/index_files/	10 KB 10 KB	213ms 110ms	Image image/png	66.49.211.245 Canaca-com Inc.
General Check archive.org Show headers Download Go to Show image Full URL http://plex.ir/work/offset/index_files/logo_strip_2x.png Requested by Host: plex.ir URL: http://plex.ir/work/offset/index.php Protocol HTTP/1.1 Server 66.49.211.245 Mississauga, Canada, ASN33139 (CANACA-210 - Canaca-com Inc., CA), Reverse DNS rslrs1-server.com Software Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash `b2d3305551055e5d28aea38f218ee6ff6006afb8c80cc4f206a206bcb758df7c` Request headers Cache-Control no-cache Pragma no-cache Accept-Encoding gzip, deflate, sdch Host plex.ir Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Connection* keep-alive Referer http://plex.ir/work/offset/index.php Referer http://plex.ir/work/offset/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Wed, 08 Feb 2017 22:04:24 GMT Last-Modified Thu, 08 Oct 2015 16:24:04 GMT Server Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 ETag "300528096-2839-5219a4a9c7100" Content-Type image/png Connection close Accept-Ranges bytes Content-Length 10297
GET H/1.1	200 OK	favicon.ico plex.ir/work/offset/index_files/	22 KB 22 KB	214ms 107ms	Other image/x-icon	66.49.211.245 Canaca-com Inc.
General Check archive.org Show headers Download Go to Full URL http://plex.ir/work/offset/index_files/favicon.ico Protocol HTTP/1.1 Server 66.49.211.245 Mississauga, Canada, ASN33139 (CANACA-210 - Canaca-com Inc., CA), Reverse DNS rslrs1-server.com Software Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / Resource Hash `16601a88b0f4b2721da6f77fa4aaa485d737108ec88131c024257f3c3a26b979` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Connection* keep-alive Cache-Control no-cache Pragma no-cache Host plex.ir Accept-Language en-US,en;q=0.8 Referer http://plex.ir/work/offset/index.php Accept-Encoding gzip, deflate, sdch Referer http://plex.ir/work/offset/index.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers ETag "300528093-59bd-522f858680880" Content-Type image/x-icon Connection close Accept-Ranges bytes Content-Length 22973 Date Wed, 08 Feb 2017 22:04:25 GMT Last-Modified Mon, 26 Oct 2015 02:01:54 GMT Server Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

plex.ir
66.49.211.245
00949de5c8d8cad94d87c52173c414467a5af6ee14adb8c8bf731b815058c626
16601a88b0f4b2721da6f77fa4aaa485d737108ec88131c024257f3c3a26b979
1907f5bdf42b7e1836323d73a6f21bc49d60344a93e87b94132c267256d56dc1
1f10de94a38fbaba99f61a9fe881edab7836c1acc16823efbcd0b2ba5bb0a662
28059df789e89e3305a324661ef47ea3a6ab446829c24936b1569278a0b10ed7
3e543cce18b7844ac9dedf6e30d988dca45b543208a870f775c7fe16fd796a9b
60693fd8ecf9a0b9ce9d352b0ec96b550e67696f8f9fc549c1fc1bc1bc823291
aae9427772915e3e3de52143e13ac146a51fb544d5de5b2588914c47052aea4e
b2d3305551055e5d28aea38f218ee6ff6006afb8c80cc4f206a206bcb758df7c
dc94aaf96d63f181bd1770b5cadc724e3df64981a386f1529e48396982a75737

plex.ir Open in urlscan Pro 66.49.211.245 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

10 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

124 kBTransfer

124 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

plex.ir Open in urlscan Pro
66.49.211.245 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

124 kB
Transfer

124 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!