urlscan.io logo urlscan.io
SecurityTrails logo

iranianthreatactors.com Open in urlscan Pro
2606:4700:20::681a:315  Public Scan

Go To Rescan Add Verdict Report
URL: https://iranianthreatactors.com/amir-maghfareti
Submission Tags: 0xscam
Submission: On October 28 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 2606:4700:20::681a:315, located in United States and belongs to CLOUDFLARENET, US. The main domain is iranianthreatactors.com.
TLS certificate: Issued by WE1 on October 10th 2024. Valid for: 3 months.
This is the only time iranianthreatactors.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
6 3
Domain Requested by
1 list.iranianthreatactors.com
1 imagedelivery.net iranianthreatactors.com
1 iranianthreatactors.com iranianthreatactors.com
0 static.cloudflareinsights.com Failed iranianthreatactors.com
6 4

This site contains links to these domains. Also see Links.

Domain
twitter.com
wa.me
t.me
narimangharib.com
Subject Issuer Validity Valid
iranianthreatactors.com
WE1		 2024-10-10 -
2025-01-08		 3 months crt.sh
imagedelivery.net
WE1		 2024-10-26 -
2025-01-25		 3 months crt.sh
list.iranianthreatactors.com
WE1		 2024-10-24 -
2025-01-22		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://iranianthreatactors.com/amir-maghfareti
Frame ID: 4DFF54FE377A5F8737DA59AEB6120E20
Requests: 5 HTTP requests in this frame

Frame: https://iranianthreatactors.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Frame ID: 37B8B361DDA22BB1E6C58DA1BFD5827C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

AMIR MAGHFARETI - Iranian Cyber Threat Actor

Page Statistics

6
Requests

50 %
HTTPS

100 %
IPv6

3
Domains

4
Subdomains

3
IPs

1
Countries

71 kB
Transfer

95 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request amir-maghfareti
iranianthreatactors.com/ 		18 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://iranianthreatactors.com/amir-maghfareti
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c88e27a559ac3fdc371032d44f76eff0c8d3ccc35332a774a62916ef305652b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https: data:; style-src 'unsafe-inline'; script-src 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
*
cf-ray
8d98bddc8af335f7-FRA
content-encoding
br
content-security-policy
default-src 'self'; img-src 'self' https: data:; style-src 'unsafe-inline'; script-src 'unsafe-inline';
content-type
text/html;charset=UTF-8
date
Mon, 28 Oct 2024 06:06:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy
camera=(), microphone=(), geolocation=()
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6RYMxv781nePeLyTkyV0ZfybKczhl0UaANNdbsBM9VvV2BihucBWo0rU1JdcAcI77iIbE1B2yxiI4RFLnAaZjfS4%2BhmwRTsqFKNZup6NtZpjK7uE9BZg0gL2oTuVcsCKISsZ2ASVbDexf5KPWdqZ5LMW9eqm"}],"group":"cf-nel","max_age":604800}
server
cloudflare
speculation-rules
"/cdn-cgi/speculation"
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
speculation
iranianthreatactors.com/cdn-cgi/ 		0
0
public
imagedelivery.net/I5Xcgj4aY9ZZcFnle7iTAw/3e8912fe-9b62-4db3-e617-54dad3495700/ 		62 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/I5Xcgj4aY9ZZcFnle7iTAw/3e8912fe-9b62-4db3-e617-54dad3495700/public
Requested by
Host: iranianthreatactors.com
URL: https://iranianthreatactors.com/amir-maghfareti
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:224 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
696ad7e01e99721744d47382bea0bdcec2387dc89ba26a87e46b25f805126a39
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://iranianthreatactors.com/

Response headers

cf-cache-status
HIT
etag
"cfrxYvy8w8-vYthuT4_-QKc63Xfb7C9F9CBQfA5-d8DQ"
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Mon, 28 Oct 2024 06:06:45 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-images
internal=ok/- q=0 n=21+616 c=45+451 v=2024.10.4 l=63725 f=false
cf-ray
8d98bddd9b608f3e-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
63725
server
cloudflare
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		0
0
main.js
iranianthreatactors.com/cdn-cgi/challenge-platform/scripts/jsd/ Frame 37B8 		0
0
favicon.ico
list.iranianthreatactors.com/ 		15 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://list.iranianthreatactors.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92d6cded1259d363d38291379ef70677c207c6021586b0091105042e478dde15
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://iranianthreatactors.com/

Response headers

cache-control
public, max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
MISS
etag
W/"13fb960fb2bd73ce07aa6f7b249cea29"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OhkLLWWAPMobNAEIGZrz536hsxAlfQIyAcZPiEEr91ICiko44pRd5iKd54NhVhSTp9yOam8bvl3EL2SQpxMogv0JP4kbA%2BuimFp%2BFKFynLdcLcRPN5vz8H3gEpJm12F5Yibr3u2bP0jSieia%2FMQQPdQebYgw5ZPUqdm8"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d98bdde9a5b5d4c-FRA
access-control-allow-origin
*
date
Mon, 28 Oct 2024 06:06:45 GMT
content-type
image/vnd.microsoft.icon
vary
Accept-Encoding
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
iranianthreatactors.com
URL
https://iranianthreatactors.com/cdn-cgi/speculation
Domain
static.cloudflareinsights.com
URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Domain
iranianthreatactors.com
URL
https://iranianthreatactors.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| toggleNightMode function| applyNightModePreference function| highlightSuspect function| checkCookieConsent function| acceptCookies

0 Cookies

4 Console Messages

Source Level URL
Text
security error URL: https://iranianthreatactors.com/amir-maghfareti
Message:
Refused to load the script 'https://iranianthreatactors.com/cdn-cgi/speculation' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline'".
other warning URL: https://iranianthreatactors.com/amir-maghfareti
Message:
Load failed or canceled (net::ERR_ABORTED) for rule set requested from "https://iranianthreatactors.com/cdn-cgi/speculation" found in Speculation-Rules header.
security error URL: https://iranianthreatactors.com/amir-maghfareti
Message:
Refused to load the script 'https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error
Message:
Refused to load the script 'https://iranianthreatactors.com/cdn-cgi/challenge-platform/scripts/jsd/main.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; img-src 'self' https: data:; style-src 'unsafe-inline'; script-src 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block