ariyamazand.ir Open in urlscan Pro
217.144.105.174 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://evolguard.com/
Effective URL:
https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862
Submission: On October 04 via api (October 4th 2023, 10:33:29 pm UTC) from JP — Scanned from JP

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 217.144.105.174, located in Iran, Islamic Republic Of and belongs to NETMIHAN, IR. The main domain is ariyamazand.ir.
TLS certificate: Issued by R3 on September 25th 2023. Valid for: 3 months.

This is the only time ariyamazand.ir was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	66.96.147.104 66.96.147.104	29873 (BIZLAND-SD) (BIZLAND-SD)
3 8	217.144.105.174 217.144.105.174	204213 (NETMIHAN) (NETMIHAN)
9	3

1 66.96.147.104 (United States)

ASN29873 (BIZLAND-SD, US)
PTR: 104.147.96.66.static.eigbox.net

evolguard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 217.144.105.174 (Iran, Islamic Republic Of) 3 redirects

ASN204213 (NETMIHAN, IR)
PTR: maildc1590563715.mihandns.com

ariyamazand.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	ariyamazand.ir 3 redirects ariyamazand.ir	104 KB
1	evolguard.com evolguard.com	265 B
9	2

	Domain	Requested by
8	ariyamazand.ir	3 redirects ariyamazand.ir
1	evolguard.com
9	2

This site contains no links.

Subject Issuer	Validity	Valid
*.evolguard.com R3	`2023-08-12` - `2023-11-10`	3 months	crt.sh
ariyamazand.ir R3	`2023-09-25` - `2023-12-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862
Frame ID: 2019E98A1FACBF64962A9F487FDA8EA4
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

herzlich willkommen

Page URL History Show full URLs

https://evolguard.com/ Page URL
https://ariyamazand.ir/old HTTP 301
https://ariyamazand.ir/old/ HTTP 302
https://ariyamazand.ir/old/F004f19441/index.php?valid=true&id=70606235 HTTP 302
https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

9
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

103 kB
Transfer

310 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://evolguard.com/ Page URL
https://ariyamazand.ir/old HTTP 301
https://ariyamazand.ir/old/ HTTP 302
https://ariyamazand.ir/old/F004f19441/index.php?valid=true&id=70606235 HTTP 302
https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response evolguard.com/	73 B 265 B	884ms 225ms	Document text/html	66.96.147.104 BIZLAND-SD
General Check archive.org Show headers Download Go to Full URL https://evolguard.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 66.96.147.104 , United States, ASN29873 (BIZLAND-SD, US), Reverse DNS 104.147.96.66.static.eigbox.net Software Apache/2 / PHP/7.4.10 Resource Hash `caef3de801f3c4919ecd3c3f4d794219172533385d9ff5620e184d3c799e4681` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers Age 0 Connection keep-alive Content-Length 73 Content-Type text/html; charset=UTF-8 Date Wed, 04 Oct 2023 22:33:23 GMT Server Apache/2 X-Powered-By PHP/7.4.10
GET H2	200	Primary Request 00951124a.php Show response ariyamazand.ir/old/F004f19441/ Redirect Chain https://ariyamazand.ir/old https://ariyamazand.ir/old/ https://ariyamazand.ir/old/F004f19441/index.php?valid=true&id=70606235 https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862	3 KB 2 KB	284ms 283ms	Document text/html	217.144.105.174 NETMIHAN
General Check archive.org Show headers Download Go to Full URL https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 217.144.105.174 , Iran, Islamic Republic Of, ASN204213 (NETMIHAN, IR), Reverse DNS maildc1590563715.mihandns.com Software nginx / Resource Hash `75a1f09a98cfcdefa2ca821be434c69a26b08cbef0f6a51c3ef697afe699c72a` Request headers Referer https://evolguard.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-store, no-cache, must-revalidate content-encoding br content-length 1145 content-type text/html; charset-UTF-8;charset=UTF-8 date Wed, 04 Oct 2023 22:33:28 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx vary Accept-Encoding x-turbo-charged-by LiteSpeed Redirect headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-cache, no-store, must-revalidate, max-age=0 content-encoding br content-length 242 content-type text/html; charset-UTF-8;charset=UTF-8 date Wed, 04 Oct 2023 22:33:27 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location ./00951124a.php?web=succes&local=_&id=69401862 pragma no-cache server nginx vary Accept-Encoding x-turbo-charged-by LiteSpeed
GET H3	200	style.css ariyamazand.ir/old/F004f19441/layout/css/	208 KB 67 KB	340ms 339ms	Stylesheet text/css	217.144.105.174 NETMIHAN
General Check archive.org Show headers Download Go to Full URL https://ariyamazand.ir/old/F004f19441/layout/css/style.css Requested by Host: ariyamazand.ir URL: https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862 Protocol H3 Security QUIC, , AES_128_GCM Server 217.144.105.174 , Iran, Islamic Republic Of, ASN204213 (NETMIHAN, IR), Reverse DNS maildc1590563715.mihandns.com Software LiteSpeed / Resource Hash `4f8f4fd45d94287ee659e98b6351916a02a5cbf388a53a31fa0219e06a7d03b0` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Wed, 04 Oct 2023 22:33:28 GMT content-encoding br last-modified Wed, 04 Oct 2023 15:17:34 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 68395 expires Wed, 11 Oct 2023 22:33:28 GMT
GET H3	200	style.js Show response ariyamazand.ir/old/F004f19441/layout/js/	96 KB 33 KB	796ms 794ms	Script application/javascript	217.144.105.174 NETMIHAN
General Check archive.org Show headers Download Go to Full URL https://ariyamazand.ir/old/F004f19441/layout/js/style.js Requested by Host: ariyamazand.ir URL: https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862 Protocol H3 Security QUIC, , AES_128_GCM Server 217.144.105.174 , Iran, Islamic Republic Of, ASN204213 (NETMIHAN, IR), Reverse DNS maildc1590563715.mihandns.com Software LiteSpeed / Resource Hash `b56dd0f5e443608e46b42696f86fe376190c1688f2586cf5345b0b43f2973a5c` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Wed, 04 Oct 2023 22:33:28 GMT content-encoding br last-modified Wed, 04 Oct 2023 15:17:34 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 33589 expires Wed, 11 Oct 2023 22:33:28 GMT
GET H3	200	lg.svg ariyamazand.ir/old/F004f19441/layout/img/	2 KB 751 B	338ms 337ms	Image image/svg+xml	217.144.105.174 NETMIHAN
General Check archive.org Show headers Download Go to Show image Full URL https://ariyamazand.ir/old/F004f19441/layout/img/lg.svg Requested by Host: ariyamazand.ir URL: https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862 Protocol H3 Security QUIC, , AES_128_GCM Server 217.144.105.174 , Iran, Islamic Republic Of, ASN204213 (NETMIHAN, IR), Reverse DNS maildc1590563715.mihandns.com Software LiteSpeed / Resource Hash `aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1` Request headers accept-language jp-JP,jp;q=0.9 Referer https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Wed, 04 Oct 2023 22:33:29 GMT content-encoding br last-modified Wed, 04 Oct 2023 15:17:34 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 accept-ranges bytes content-length 669 expires Wed, 11 Oct 2023 22:33:29 GMT
GET H3	200	pak.png ariyamazand.ir/old/F004f19441/layout/img/	878 B 898 B	338ms 337ms	Image image/png	217.144.105.174 NETMIHAN
General Check archive.org Show headers Download Go to Show image Full URL https://ariyamazand.ir/old/F004f19441/layout/img/pak.png Requested by Host: ariyamazand.ir URL: https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862 Protocol H3 Security QUIC, , AES_128_GCM Server 217.144.105.174 , Iran, Islamic Republic Of, ASN204213 (NETMIHAN, IR), Reverse DNS maildc1590563715.mihandns.com Software LiteSpeed / Resource Hash Request headers accept-language jp-JP,jp;q=0.9 Referer https://ariyamazand.ir/old/F004f19441/00951124a.php?web=succes&local=_&id=69401862 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36 Response headers date Wed, 04 Oct 2023 22:33:29 GMT last-modified Wed, 04 Oct 2023 15:17:34 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 878 expires Wed, 11 Oct 2023 22:33:29 GMT
GET		ta3.svg ariyamazand.ir/old/F004f19441/layout/img/	0 0

GET		pub.jpg ariyamazand.ir/old/F004f19441/layout/img/	0 0

GET		pubr.gif ariyamazand.ir/old/F004f19441/layout/img/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ariyamazand.ir
URL: https://ariyamazand.ir/old/F004f19441/layout/img/ta3.svg

Domain: ariyamazand.ir
URL: https://ariyamazand.ir/old/F004f19441/layout/img/pub.jpg

Domain: ariyamazand.ir
URL: https://ariyamazand.ir/old/F004f19441/layout/img/pubr.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ariyamazand.ir/	1969-12-31 23:59:59	Name: PHPSESSID Value: lfb7an5ivb7npqitfspm6a90fs

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ariyamazand.ir
evolguard.com
ariyamazand.ir
217.144.105.174
66.96.147.104
4f8f4fd45d94287ee659e98b6351916a02a5cbf388a53a31fa0219e06a7d03b0
75a1f09a98cfcdefa2ca821be434c69a26b08cbef0f6a51c3ef697afe699c72a
aeed178a287002e32c4a7767dc24b3c732a812cdd42017835055e42db4d2eae1
b56dd0f5e443608e46b42696f86fe376190c1688f2586cf5345b0b43f2973a5c
caef3de801f3c4919ecd3c3f4d794219172533385d9ff5620e184d3c799e4681

ariyamazand.ir Open in urlscan Pro 217.144.105.174 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

67 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

103 kBTransfer

310 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

Indicators

ariyamazand.ir Open in urlscan Pro
217.144.105.174 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

103 kB
Transfer

310 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!