It's a CDN, not an IP router. CDNs usually terminate TCP+TLS as close to the client as possible. This used to be done right at the edge - within the NIC for a long time, but CPUs have been more than capable for the last decade+
Few guesses:
1) CDN connects to backend server over TLS, using the national I.R. Iran root CA
2) CDN connects to backend server over HTTP
3) Backend server is running a nationally blessed Linux OS
For 1 & 2, the National Information Network would be implementing this DigiNotar style but they already own the root keys. For #3, the backend does so itself. These are the people who p0wned DigiNotar after all.
I really want to know what's on the webpage for the iframe.