URL: https://textcaptcha.ir/
Submission Tags: phishingrod
Submission: On December 12 via api from DE — Scanned from DE

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 2606:4700:3033::6815:26d1, located in United States and belongs to CLOUDFLARENET, US. The main domain is textcaptcha.ir.
TLS certificate: Issued by E1 on December 12th 2022. Valid for: 3 months.
This is the only time textcaptcha.ir was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 2606:4700:303... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
7 2
Apex Domain
Subdomains
Transfer
5 textcaptcha.ir
textcaptcha.ir
101 KB
2 google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 281
17 KB
7 2
Domain Requested by
5 textcaptcha.ir textcaptcha.ir
2 ssl.google-analytics.com textcaptcha.ir
7 2

This site contains links to these domains. Also see Links.

Domain
fa.wikipedia.org
jnaqsh.com
Subject Issuer Validity Valid
textcaptcha.ir
E1
2022-12-12 -
2023-03-12
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-11-07 -
2023-01-30
3 months crt.sh

This page contains 1 frames:

Primary Page: https://textcaptcha.ir/
Frame ID: 988FD597980AEC7161EFC6B35923270F
Requests: 7 HTTP requests in this frame

Screenshot

Page Title

کپچای متنی | صفحه اصلی

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

7
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

118 kB
Transfer

312 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
textcaptcha.ir/
8 KB
4 KB
Document
General
Full URL
https://textcaptcha.ir/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:26d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Phusion Passenger 4.0.37
Resource Hash
4b17e36dc7c73c0f463d3b1778bfa1909b6fb07a9a8e135a45c3ad0365bbee6b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=0, private, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7787cdfbece3cafd-DUS
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 12 Dec 2022 16:23:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M21pk1BHX4B9Ns1%2BCG7c6SHSI0giSzZ7LH80TVfxWAHwLQ1uKC0vsIQxmVZgPWcvo8ZHWMONfrmacc0qtYJZaBTXXgwm3PdBCD7NNpsEdfcdPvyN1j2psomyvP5KRyfGKmwBQ43kJQXjy6ED2A%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
status
200 OK
vary
Accept-Encoding
x-powered-by
Phusion Passenger 4.0.37
x-rack-cache
miss
x-request-id
7d10fa90c4cc0b934dddfa1bc840c455
x-runtime
0.007591
x-ua-compatible
IE=Edge,chrome=1
application-406823f0434fe29006396c8eb7dfa0ca.css
textcaptcha.ir/assets/
109 KB
20 KB
Stylesheet
General
Full URL
https://textcaptcha.ir/assets/application-406823f0434fe29006396c8eb7dfa0ca.css
Requested by
Host: textcaptcha.ir
URL: https://textcaptcha.ir/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:26d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
442313968972ade240a775906728f6c7ae3739f413bc553c228941287028b05b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://textcaptcha.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 16:23:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 26 Jul 2022 15:52:47 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6VulPvvVYMZeo%2Bpl2tSTcxfxhFh9Nip9PQpedzLHOgQt1qYzgvpn9W1Po5V%2BkwVAvGDZXXyeeaBL6cQCA7mccxfTMsdunupIZnXCgfZ8LBCncsw1bNRK5vXC6KKbOQIzENjaK6eK4xxkDsc1jQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=315360000
cf-ray
7787cdfd1fabcafd-DUS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
farsi_textcaptcha_logo-12b33568311fef60b4629b8416bd1c16.png
textcaptcha.ir/assets/
4 KB
4 KB
Image
General
Full URL
https://textcaptcha.ir/assets/farsi_textcaptcha_logo-12b33568311fef60b4629b8416bd1c16.png
Requested by
Host: textcaptcha.ir
URL: https://textcaptcha.ir/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:26d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
478d2021a01bbe2943ce5a72ca3735730ffd23f71cf40751e433beb63acf93f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://textcaptcha.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 16:23:27 GMT
cf-cache-status
MISS
last-modified
Mon, 12 Dec 2022 16:23:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PT4%2Bd63swysk5uvUZZrEqaIVVyDNlhcit%2BUszWsXkuJZQ7vGvSzH02LngSYv1n3bka9%2BUlchnmsuw2q3NNkWtULZUPxgTGfAK91T10k%2BZiwDa5EZlwY047Ng36DzUtdMgpZuWoIrpVsNQkk26w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
7787cdfd1fadcafd-DUS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4059
expires
Thu, 31 Dec 2037 23:55:55 GMT
application-38f04fb9c619fb1531e89afb7b010f6f.js
textcaptcha.ir/assets/
116 KB
43 KB
Script
General
Full URL
https://textcaptcha.ir/assets/application-38f04fb9c619fb1531e89afb7b010f6f.js
Requested by
Host: textcaptcha.ir
URL: https://textcaptcha.ir/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:26d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a3e9047eb15a0df25351897d2f18d2fff21a2f147694f78984be0441f47b391

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://textcaptcha.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 16:23:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 08 Dec 2022 13:27:39 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNldDtSMiajXd5UsXeKfG05qtGH29Cnltm0IyapLr9L9qTRdEvmALWF%2FtATUzG9F%2FLgfaVaO4yrIxHP8eJb2QGz6%2FLIPk6JGZuQ%2FpsZe3EqYEZ%2Fzs16G8J1c4aOwrQLMXCEx09gIsikwlAZKrA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
public, max-age=315360000
cf-ray
7787cdfd4827cafd-DUS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
ga.js
ssl.google-analytics.com/
45 KB
17 KB
Script
General
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: textcaptcha.ir
URL: https://textcaptcha.ir/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://textcaptcha.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 12 Dec 2022 15:51:02 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
1945
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17168
expires
Mon, 12 Dec 2022 17:51:02 GMT
IranianSans.woff
textcaptcha.ir/assets/
30 KB
30 KB
Font
General
Full URL
https://textcaptcha.ir/assets/IranianSans.woff
Requested by
Host: textcaptcha.ir
URL: https://textcaptcha.ir/assets/application-406823f0434fe29006396c8eb7dfa0ca.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:26d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1603955ff0cbc400883f34ca1e61806ff0d371ab8496f91361b0ae849e5470a

Request headers

Referer
https://textcaptcha.ir/assets/application-406823f0434fe29006396c8eb7dfa0ca.css
Origin
https://textcaptcha.ir
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 16:23:27 GMT
cf-cache-status
HIT
last-modified
Sun, 11 Dec 2022 13:19:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OL1jiiLN%2BgsUJHbEcy%2BfS1NL8HEXBChQxNDz3pDtX6mz7prTp8Aui3hV30PssMVJloOA9%2BZrxCSdq8bjhs1bhdeuSdrFcwFVox5l6t%2Bfkp%2FGC9xBHoSip00FCRWJ6kehVVbgTaWjg%2BWyb%2F5lGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
7787cdfe1ce90e3d-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
30636
expires
Thu, 31 Dec 2037 23:55:55 GMT
__utm.gif
ssl.google-analytics.com/r/
35 B
54 B
Image
General
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=289695551&utmhn=textcaptcha.ir&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%DA%A9%D9%BE%DA%86%D8%A7%DB%8C%20%D9%85%D8%AA%D9%86%DB%8C%20%7C%20%D8%B5%D9%81%D8%AD%D9%87%20%D8%A7%D8%B5%D9%84%DB%8C&utmhid=112732077&utmr=-&utmp=%2F&utmht=1670862207708&utmac=UA-35290892-6&utmcc=__utma%3D239262086.1777788354.1670862208.1670862208.1670862208.1%3B%2B__utmz%3D239262086.1670862208.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=144022739&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: textcaptcha.ir
URL: https://textcaptcha.ir/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://textcaptcha.ir/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 12 Dec 2022 16:23:27 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| _gaq object| _gat object| gaGlobal object| q function| $ function| jQuery function| NestedFormEvents object| nestedFormEvents boolean| PR_SHOULD_USE_CONTINUATION function| prettyPrintOne function| prettyPrint object| PR

6 Cookies

Domain/Path Name / Value
textcaptcha.ir/ Name: _farsi_textcaptcha_session
Value: BAh7B0kiD3Nlc3Npb25faWQGOgZFVEkiJTYzYmE2YzQzNzhkODk3NDdhYTk0NDc3MmVkYzM1NTA0BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMWsyZkMwUTBWS1d4bXV2YUxKMUFZVisyT2RuNE0rZy91bVRxVjFTTmFFMms9BjsARg%3D%3D--d02f0ca8e961f4246237e2125b9c6a2977d6f4aa
.textcaptcha.ir/ Name: __utma
Value: 239262086.1777788354.1670862208.1670862208.1670862208.1
.textcaptcha.ir/ Name: __utmc
Value: 239262086
.textcaptcha.ir/ Name: __utmz
Value: 239262086.1670862208.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.textcaptcha.ir/ Name: __utmt
Value: 1
.textcaptcha.ir/ Name: __utmb
Value: 239262086.1.10.1670862208