www.hamrahannoorshabakeh.com Open in urlscan Pro
164.138.19.1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.hamrahannoorshabakeh.com/Office%20%20Documents/truelogin/
Submission: On March 11 via api (March 11th 2021, 2:18:16 pm UTC) from US

Summary HTTP 39 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 39 HTTP transactions. The main IP is 164.138.19.1, located in Tehran, Iran, Islamic Republic Of and belongs to RAV-NET-01, IR. The main domain is www.hamrahannoorshabakeh.com.

This is the only time www.hamrahannoorshabakeh.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
33	164.138.19.1 164.138.19.1	59431 (RAV-NET-01) (RAV-NET-01)
3	2a02:26f0:710... 2a02:26f0:7100:482::35c1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY)
1	2620:1ec:29::19 2620:1ec:29::19	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
39	6

33 164.138.19.1 (Tehran, Iran, Islamic Republic Of)

ASN59431 (RAV-NET-01, IR)
PTR: linux20.sgnetway.net

www.hamrahannoorshabakeh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:7100:482::35c1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

secure.aadcdn.microsoftonline-p.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:29::19 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	hamrahannoorshabakeh.com www.hamrahannoorshabakeh.com	2 MB
3	microsoftonline-p.com secure.aadcdn.microsoftonline-p.com	6 KB
1	jquery.com code.jquery.com	30 KB
1	msauth.net aadcdn.msauth.net	1 KB
1	imgur.com i.imgur.com	15 KB
39	5

	Domain	Requested by
33	www.hamrahannoorshabakeh.com	www.hamrahannoorshabakeh.com
3	secure.aadcdn.microsoftonline-p.com	www.hamrahannoorshabakeh.com
1	code.jquery.com	www.hamrahannoorshabakeh.com
1	aadcdn.msauth.net	www.hamrahannoorshabakeh.com
1	i.imgur.com	www.hamrahannoorshabakeh.com
39	5

This site contains links to these domains. Also see Links.

Domain
login.microsoftonline.com
login.live.com
www.microsoft.com
privacy.microsoft.com

Subject Issuer	Validity	Valid
secure.aadcdn.microsoftonline-p.com Microsoft RSA TLS CA 01	`2020-12-22` - `2021-12-22`	a year	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2020-01-15` - `2022-03-16`	2 years	crt.sh
aadcdn.msauth.net DigiCert SHA2 Secure Server CA	`2021-01-07` - `2022-01-06`	a year	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://www.hamrahannoorshabakeh.com/Office%20%20Documents/truelogin/
Frame ID: 15F794BE43BDD05FECBAB6267A4A7382
Requests: 8 HTTP requests in this frame

Frame: http://www.hamrahannoorshabakeh.com/Office%20%20Documents/truelogin/Sign%20in%20to%20your%20account_files/prefetch(1).html
Frame ID: 1CFF0C560B280285FA5C7BEA482111AE
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

39
Requests

15 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

4
Countries

2561 kB
Transfer

2609 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://login.microsoftonline.com/common/reprocess?ctx=rQIIAXWRO2_TUACFc_MwLSCoWGDswARy4nfiiA4hcZ2E2A6O3dZeItfx48bP2DeE5BewIHVg6oiEkCompgqE2DtVgglWBlQJCXVAjKQ_gOVMR5-OzvegRFbJ5n2GZlirfsjjvMXROMOTBG4xFIfTLM3RFEFOWILO7lzfQu--Tj7_edR9-ePG4OLyy6cTcNdHKM2btdpisagmrgttp2onUe0UgHMAfgJwXKw4Ma6PToo5R3N1muGoxppG8STL81VJU31F1BlppSNpakIZEoRMSauB5jHS9CmSRJ2StUlk7JuhFOmMMTVYRbMXSkdHZsePlDZBmOIuHOzvhvKaoYh7vjQNlsZKWMmRTn4r3lZac-RTV5FkcOVcFjfdJIvGaZKj49JboKRO3Ju0kzh2bFS9qjkxgraFYBIPsyR1MgSdfKc1U-XelOxanDmSGS8Yj4LnASFEROIqoc8m6p5gisFyZgxmPWt2yPYzlTOIpZaKMJuyFg_DgfvE16h2iFBg0l6wtDNZ2A_GJs6SndZAsqgof0an-MFjXqWEnt1osKY59zx3tpwPrfB9CVvfGiXxWenWelQMJ9tplrgwdM7L4KJ8kyg1NzawLXCvsF34WwavK2tbvwz3o2RG4hv--6j06rRwVqk9hKHHBhRNacOJwB9IklKPPFX1uSHZ7_aZrsApi5xvEMOY2WGa5BEGjjDsNwZeXCt82Pyf6381
Title: Can’t access your account?

Search URL Search Domain Scan URL

URL: https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2&state=rQIIAXWSvW_TUBTF4yQNbUFQISQYOzCBnDw_fySO6FBa10mJ7eDYbe0lch1_vPgzzmtD8hewIHVgyoiEkCompgqE2DtVgqmsDKgSEuqAGHHZu9zlnvPT1Tn3UYmqUs2HDM2wVn2fJ3mLo0mGpwBpMZAjaZbmaAioAQvo7O7yCn7_bfDlz5PWqx83OxeXXz_PiaV-iA6dqp1Ex8R9H-N03KzVJpNJNXFdZP9f1E4I4owgfhLEvLjgxKTeOy6OOZqr0wwHGzkZ8hTL81VJU31F1BlppmNpaCIZASBDadbRPEYaPseSqENZG0TGrhlKkc4YQ4NVNHuibOrY3PQjZQMAU9xCnd2tUM4ZirjjS8NgasyEmRzp1HnxjrJ-gH14NZIMzZzL4pKbZFE_TcZ4XnpHKKkTtwcbSRw7Nq5eyZwYI9vCKIm7WZI6GUbOeG19pMrtIdWyOLMnM17Q7wUvAiBEIHGV0GcTdUcwxWA6MjqjtjXaZ7czlTPAVEtFlA1Zi0dhx33ma3AjxDgwaS-Y2pks7AZ9k2SpzfWOZMFofEin5N5TXoVC2240WNM88Dx3ND3oWuGHUiWPNUri09Lt_KgYDVbTLHFR6JyViYvyLVBqLi5WVogHhdXC3zLxZiFv7pfhfpLMSHzLf--VXp8UThdqj1HosQGkodYdCPyeJCn1yFNVn-tS261tpiVwymTMN0A3ZtaYJnVUIY4qld-V4ssbhY9L13V9vnwv_5cGCXgSsquAb1K5tW7-Aw2&estsfed=1&uaid=64d4ac74f6bf483c8de40b4ceaf2d3bd&signup=1&lw=1&fl=easi2&fci=4345a7b9-9a63-4910-a426-35363201d503&mkt=en-US
Title: Create one!

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-US/servicesagreement/
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Privacy & cookies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.hamrahannoorshabakeh.com/Office%20%20Documents/truelogin/ 206 KB
207 KB 329ms
206ms Document
text/html 164.138.19.1
RAV-NET-01

General

Source	Level	URL Text
console-api	log	URL: http://www.hamrahannoorshabakeh.com/wp-includes/js/jquery/jquery-migrate.min.js(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	warning	URL: http://www.hamrahannoorshabakeh.com/wp-includes/js/jquery/jquery.min.js(Line 2) Message: jQuery.Deferred exception: Cannot read property 'getItem' of null TypeError: Cannot read property 'getItem' of null at Object.woocommerce (http://www.hamrahannoorshabakeh.com/wp-content/plugins/codevz-plus/assets/js/codevzplus.js:927:32) at Object.init (http://www.hamrahannoorshabakeh.com/wp-content/plugins/codevz-plus/assets/js/codevzplus.js:70:9) at HTMLDocument.<anonymous> (http://www.hamrahannoorshabakeh.com/wp-content/plugins/codevz-plus/assets/js/codevzplus.js:2037:14) at e (http://www.hamrahannoorshabakeh.com/wp-includes/js/jquery/jquery.min.js:2:30005) at t (http://www.hamrahannoorshabakeh.com/wp-includes/js/jquery/jquery.min.js:2:30307) undefined

www.hamrahannoorshabakeh.com Open in urlscan Pro 164.138.19.1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

39 Requests

15 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

6 IPs

4 Countries

2561 kBTransfer

2609 kBSize

0 Cookies

4 Outgoing links

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.hamrahannoorshabakeh.com Open in urlscan Pro
164.138.19.1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

15 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

4
Countries

2561 kB
Transfer

2609 kB
Size

0
Cookies

39 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!