touchread-20830026.dr9.ir Open in urlscan Pro
176.9.248.116 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193
Submission: On September 25 via automatic, source openphish (September 25th 2020, 1:42:27 am UTC)

Summary HTTP 14 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 176.9.248.116, located in Germany and belongs to HETZNER-AS, DE. The main domain is touchread-20830026.dr9.ir.
TLS certificate: Issued by *.dr9.ir on September 21st 2020. Valid for: a year.

This is the only time touchread-20830026.dr9.ir was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address		AS Autonomous System
12	176.9.248.116 176.9.248.116		24940 (HETZNER-AS) (HETZNER-AS)
14	2

12 176.9.248.116 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.116.248.9.176.clients.your-server.de

touchread-20830026.dr9.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	dr9.ir touchread-20830026.dr9.ir	799 KB
0	Failed function sub() { [native code] }. Failed
14	2

	Domain	Requested by
12	touchread-20830026.dr9.ir	touchread-20830026.dr9.ir
0	static.xx.localhost Failed	touchread-20830026.dr9.ir
14	2

This site contains links to these domains. Also see Links.

Domain
m.localhost

Subject Issuer	Validity	Valid
.dr9.ir .dr9.ir	`2020-09-21` - `2021-09-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193
Frame ID: A66DB0DB2B6A116D0D2553143BC1B6EE
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

14
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

799 kB
Transfer

796 kB
Size

0
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://m.localhost/click.php?redir_url=http%3A%2F%2Fitunes.apple.com%2Fapp%2Ffacebook%2Fid284882215%3Freferrer_params%255Blink_source%255D%3Dfb_app_banner&app_id=6628568379&cref=mb&no_fw=1&refid=8
Title: Dear Facebook user, In order to confirm that you are the owner of the account, you need to login before viewing the next page.

Search URL Search Domain Scan URL

URL: https://m.localhost/?refsrc=https%3A%2F%2Fwww.localhost%2F&_rdr
Title: HIDESHOW

Search URL Search Domain Scan URL

URL: https://m.localhost/recover/initiate/?c=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&r&cuid&ars=facebook_login&lwv=100&refid=8
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://m.localhost/help/?refid=8
Title: Help Center

Search URL Search Domain Scan URL

URL: https://m.localhost/a/language.php?l=fr_FR&lref=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&gfid=AQAfz1GsSdITzdlh&refid=8
Title: Français (France)

Search URL Search Domain Scan URL

URL: https://m.localhost/a/language.php?l=pt_BR&lref=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&gfid=AQB4Pu7UbdyQ3zpF&refid=8
Title: Português (Brasil)

Search URL Search Domain Scan URL

URL: https://m.localhost/a/language.php?l=it_IT&lref=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&gfid=AQB0WOe6C7aDibME&refid=8
Title: Italiano

Search URL Search Domain Scan URL

URL: https://m.localhost/a/language.php?l=es_LA&lref=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&gfid=AQAKqJ0vZCJqEqvL&refid=8
Title: Español

Search URL Search Domain Scan URL

URL: https://m.localhost/a/language.php?l=zh_CN&lref=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&gfid=AQC0u6DsZuvcGn-D&refid=8
Title: -(S)

Search URL Search Domain Scan URL

URL: https://m.localhost/a/language.php?l=de_DE&lref=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&gfid=AQCHkms1QZd-ub9k&refid=8
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://m.localhost/language.php?n=https%3A%2F%2Fm.localhost%2F%3Frefsrc%3Dhttps%253A%252F%252Fwww.localhost%252F&refid=8
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/g7ALbzcD4QX.png HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=707816384 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=208828939 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=861066021 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=347951079 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=901483159 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=676997149 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=697500532 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=481434268 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=753274720 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=207653509 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=501638744 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=572187608 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=87980631 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=174514303 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=864047888 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=949477023 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=970050451 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=612114669 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=85536875 HTTP 302
https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=67958452

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request view-signin.php Show response touchread-20830026.dr9.ir/	64 KB 64 KB	36ms 12ms	Document text/html	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `b2d53198aa6b172f9ffc9d06f479df2093ca6e8c15300341c7d2f59eed05e929` Request headers Host touchread-20830026.dr9.ir Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:11 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	1lAJOLtLdeb.css touchread-20830026.dr9.ir/assets/	70 KB 70 KB	13ms 12ms	Stylesheet text/css	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-20830026.dr9.ir/assets/1lAJOLtLdeb.css Requested by Host: touchread-20830026.dr9.ir URL: https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `141fbafd624b7cf0bd48743b37592085bb0a3826ccee840b5b4240c7efe292ae` Request headers Referer https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:11 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 71825
GET H/1.1	200 OK	gz9zi6TXAAz.css touchread-20830026.dr9.ir/assets/	14 KB 15 KB	29ms 11ms	Stylesheet text/css	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-20830026.dr9.ir/assets/gz9zi6TXAAz.css Requested by Host: touchread-20830026.dr9.ir URL: https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `df63f47eea20a36b131b335b27c292eca8f68ed6e0078790f8e12f5087013716` Request headers Referer https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:11 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 14808
GET H/1.1	200 OK	B05Ffn_U4pr.js.download Show response touchread-20830026.dr9.ir/assets/	424 KB 425 KB	33ms 11ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-20830026.dr9.ir/assets/B05Ffn_U4pr.js.download Requested by Host: touchread-20830026.dr9.ir URL: https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `e36e4ba87f29b3548b1fae26869a880441d3067016f270c0b1b31a50df24b142` Request headers Referer https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:11 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 434649
GET H/1.1	200 OK	lNkwgIElMeK.js.download Show response touchread-20830026.dr9.ir/assets/	26 KB 27 KB	12ms 11ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-20830026.dr9.ir/assets/lNkwgIElMeK.js.download Requested by Host: touchread-20830026.dr9.ir URL: https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `dbe69249539258b5412f3b8c189acc547932b6950522a1bfb3cde2ea47a62ac7` Request headers Referer https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:11 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 26984
GET H/1.1	200 OK	GX-TmQaLZwt.js.download Show response touchread-20830026.dr9.ir/assets/	6 KB 6 KB	12ms 11ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-20830026.dr9.ir/assets/GX-TmQaLZwt.js.download Requested by Host: touchread-20830026.dr9.ir URL: https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `97c2f776cd3271f9bdcfdab535cb451eb98787a518ca042fdb4538ef7c4a5bce` Request headers Referer https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:11 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 6276
GET H/1.1	200 OK	wpBRVxT0Efr.js.download Show response touchread-20830026.dr9.ir/assets/	40 KB 40 KB	12ms 12ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-20830026.dr9.ir/assets/wpBRVxT0Efr.js.download Requested by Host: touchread-20830026.dr9.ir URL: https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `a24ab5896536e8c46b1ff26e7e43d700de010825f84415162649788ad57514cb` Request headers Referer https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:11 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 40700
GET H/1.1	200 OK	5O6-v-7lVAj.js.download Show response touchread-20830026.dr9.ir/assets/	60 KB 60 KB	11ms 11ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-20830026.dr9.ir/assets/5O6-v-7lVAj.js.download Requested by Host: touchread-20830026.dr9.ir URL: https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `e3afa496540d31309ea2841f0acb66264aebabd78e8baf33cb585b313b49115b` Request headers Referer https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:11 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 61195
GET H/1.1	200 OK	KrnilTrdi-c.js.download Show response touchread-20830026.dr9.ir/assets/	84 KB 84 KB	11ms 11ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-20830026.dr9.ir/assets/KrnilTrdi-c.js.download Requested by Host: touchread-20830026.dr9.ir URL: https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `268d28844cd23d57be145f1ddcff35f80ed10cd54ed71d48e4936d1dbd80b950` Request headers Referer https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:11 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 85666
GET H/1.1	200 OK	lpanLWBpNMl.js.download Show response touchread-20830026.dr9.ir/assets/	7 KB 7 KB	12ms 11ms	Script application/javascript	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://touchread-20830026.dr9.ir/assets/lpanLWBpNMl.js.download Requested by Host: touchread-20830026.dr9.ir URL: https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `18471ab4efff7eb054f91a6792c4d7af64e8621bbeeb2e2a70d0e9f467e64f17` Request headers Referer https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:11 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 7069
GET H/1.1	200 OK	logo.png touchread-20830026.dr9.ir/assets/	809 B 1 KB	12ms 12ms	Image image/png	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://touchread-20830026.dr9.ir/assets/logo.png Requested by Host: touchread-20830026.dr9.ir URL: https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `e0ff2e0f45b6ac64540fe750795196238188e4e3a5ae9138318dd555b23a2eae` Request headers Referer https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:11 GMT Last-Modified Wed, 01 Feb 2017 16:26:32 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 809
GET H/1.1	200 OK	hsts-pixel.gif touchread-20830026.dr9.ir/assets/	43 B 284 B	11ms 11ms	Image image/gif	176.9.248.116 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://touchread-20830026.dr9.ir/assets/hsts-pixel.gif Requested by Host: touchread-20830026.dr9.ir URL: https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 176.9.248.116 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.116.248.9.176.clients.your-server.de Software Apache / Resource Hash `548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87` Request headers Referer https://touchread-20830026.dr9.ir/view-signin.php?facebook_com=&mUniqueID=752407193 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 25 Sep 2020 01:42:11 GMT Last-Modified Fri, 01 Mar 2019 15:10:42 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 43
GET		pSbzxdA_VVZ.png static.xx.localhost/rsrc.php/v3/yT/r/	0 0

GET		view-signin.php touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/ Redirect Chain https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/g7ALbzcD4QX.png https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=707816384 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=208828939 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=861066021 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=347951079 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=901483159 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=676997149 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=697500532 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=481434268 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=753274720 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=207653509 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=501638744 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=572187608 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=87980631 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=174514303 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=864047888 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=949477023 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=970050451 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=612114669 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=85536875 https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=67958452	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: static.xx.localhost
URL: https://static.xx.localhost/rsrc.php/v3/yT/r/pSbzxdA_VVZ.png

Domain: touchread-20830026.dr9.ir
URL: https://touchread-20830026.dr9.ir/rsrc.php/v3/yV/r/view-signin.php?facebook.com&mUniqueID=67958452

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

static.xx.localhost
touchread-20830026.dr9.ir
static.xx.localhost
touchread-20830026.dr9.ir
176.9.248.116
141fbafd624b7cf0bd48743b37592085bb0a3826ccee840b5b4240c7efe292ae
18471ab4efff7eb054f91a6792c4d7af64e8621bbeeb2e2a70d0e9f467e64f17
268d28844cd23d57be145f1ddcff35f80ed10cd54ed71d48e4936d1dbd80b950
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
97c2f776cd3271f9bdcfdab535cb451eb98787a518ca042fdb4538ef7c4a5bce
a24ab5896536e8c46b1ff26e7e43d700de010825f84415162649788ad57514cb
b2d53198aa6b172f9ffc9d06f479df2093ca6e8c15300341c7d2f59eed05e929
dbe69249539258b5412f3b8c189acc547932b6950522a1bfb3cde2ea47a62ac7
df63f47eea20a36b131b335b27c292eca8f68ed6e0078790f8e12f5087013716
e0ff2e0f45b6ac64540fe750795196238188e4e3a5ae9138318dd555b23a2eae
e36e4ba87f29b3548b1fae26869a880441d3067016f270c0b1b31a50df24b142
e3afa496540d31309ea2841f0acb66264aebabd78e8baf33cb585b313b49115b

touchread-20830026.dr9.ir Open in urlscan Pro 176.9.248.116 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

799 kBTransfer

796 kBSize

0 Cookies

11 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

0 Cookies

Indicators

touchread-20830026.dr9.ir Open in urlscan Pro
176.9.248.116 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

799 kB
Transfer

796 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!