accesssinnvccommpooo222.duckdns.org Open in urlscan Pro
18.212.216.72 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://accesssinnvccommpooo222.duckdns.org/dgdjhf/a923f86a83a58d0f41a8865b9c74d43e/login.php?cmd=login_submit&id=894210b198470b5f8242240365...
Submission: On January 22 via automatic, source openphish (January 22nd 2022, 1:26:12 am UTC) — Scanned from DE

Summary HTTP 40 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 40 HTTP transactions. The main IP is 18.212.216.72, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is accesssinnvccommpooo222.duckdns.org.

This is the only time accesssinnvccommpooo222.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discover (Financial)

Domain & IP information

	IP Address	AS Autonomous System
30	18.212.216.72 18.212.216.72	14618 (AMAZON-AES) (AMAZON-AES)
1	192.229.133.221 192.229.133.221	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.89.24.94 104.89.24.94	16625 (AKAMAI-AS) (AKAMAI-AS)
40	6

30 18.212.216.72 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-212-216-72.compute-1.amazonaws.com

accesssinnvccommpooo222.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.229.133.221 (United States)

ASN15133 (EDGECAST, US)

www.w3schools.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.89.24.94 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-24-94.deploy.static.akamaitechnologies.com

www.discover.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	duckdns.org accesssinnvccommpooo222.duckdns.org	604 KB
3	discover.com www.discover.com — Cisco Umbrella Rank: 23469	101 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 227	82 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	1 KB
1	w3schools.com www.w3schools.com — Cisco Umbrella Rank: 18938	5 KB
0	bazaarvoice.com Failed discovercard.ugc.bazaarvoice.com Failed
40	6

	Domain	Requested by
30	accesssinnvccommpooo222.duckdns.org	accesssinnvccommpooo222.duckdns.org
3	www.discover.com	accesssinnvccommpooo222.duckdns.org www.discover.com
2	cdnjs.cloudflare.com	accesssinnvccommpooo222.duckdns.org cdnjs.cloudflare.com
1	fonts.googleapis.com	accesssinnvccommpooo222.duckdns.org
1	www.w3schools.com	accesssinnvccommpooo222.duckdns.org
0	discovercard.ugc.bazaarvoice.com Failed	accesssinnvccommpooo222.duckdns.org
40	6

This site contains no links.

Subject Issuer	Validity	Valid
*.w3schools.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-27` - `2022-05-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
www.discover.com DigiCert SHA2 Extended Validation Server CA	`2021-09-27` - `2022-09-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://accesssinnvccommpooo222.duckdns.org/dgdjhf/a923f86a83a58d0f41a8865b9c74d43e/login.php?cmd=login_submit&id=894210b198470b5f8242240365a2be85894210b198470b5f8242240365a2be85&session=894210b198470b5f8242240365a2be85894210b198470b5f8242240365a2be85
Frame ID: F29DB8F64DD2524CEA881D215E1E6DCD
Requests: 40 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Credit Cards, Banking, Personal, Home Equity and Student Loans | Discover

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

40
Requests

18 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

794 kB
Transfer

1098 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

40 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login.php Show response
accesssinnvccommpooo222.duckdns.org/dgdjhf/a923f86a83a58d0f41a8865b9c74d43e/ 39 KB
9 KB 194ms
97ms Document
text/html 18.212.216.72
AMAZON-AES

General

Source	Level	URL Text
network	error	URL: http://discovercard.ugc.bazaarvoice.com/static/8500redes/bvapi.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/global/public/scripts/signal_tms.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: http://accesssinnvccommpooo222.duckdns.org/dgdjhf/a923f86a83a58d0f41a8865b9c74d43e/login.php?cmd=login_submit&id=894210b198470b5f8242240365a2be85894210b198470b5f8242240365a2be85&session=894210b198470b5f8242240365a2be85894210b198470b5f8242240365a2be85 Message: Access to font at 'https://www.discover.com/global/public/fonts/MetaWebPro-Normal.woff' from origin 'http://accesssinnvccommpooo222.duckdns.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.discover.com/global/public/fonts/MetaWebPro-Normal.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://accesssinnvccommpooo222.duckdns.org/dgdjhf/a923f86a83a58d0f41a8865b9c74d43e/login.php?cmd=login_submit&id=894210b198470b5f8242240365a2be85894210b198470b5f8242240365a2be85&session=894210b198470b5f8242240365a2be85894210b198470b5f8242240365a2be85 Message: Access to font at 'https://www.discover.com/global/public/fonts/MetaWebPro-Bold.woff' from origin 'http://accesssinnvccommpooo222.duckdns.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.discover.com/global/public/fonts/MetaWebPro-Bold.woff Message: Failed to load resource: net::ERR_FAILED
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/global/libs/scripts/libs.min.js?ver=9737d8d4ef Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/global/public/scripts/thirdparty.min.js?ver=419d444177 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/global/public/scripts/common.min.js?rel=0a3bf8daba Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/global/public/scripts/omu.min.js?ver=ac33cbba77 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/applications/custom/scripts/custom-tag.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/applications/homepage/scripts/homepage.min.js?rel=b15a5af268 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/global/public/scripts/signal_tms.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/global/libs/scripts/libs.min.js?ver=9737d8d4ef Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/global/public/scripts/thirdparty.min.js?ver=419d444177 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/global/public/scripts/common.min.js?rel=0a3bf8daba Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/global/public/scripts/omu.min.js?ver=ac33cbba77 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/applications/custom/scripts/custom-tag.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://accesssinnvccommpooo222.duckdns.org/applications/homepage/scripts/homepage.min.js?rel=b15a5af268 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

accesssinnvccommpooo222.duckdns.org Open in urlscan Pro 18.212.216.72 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

40 Requests

18 %HTTPS

40 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

794 kBTransfer

1098 kBSize

0 Cookies

0 Outgoing links

Redirected requests

40 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

accesssinnvccommpooo222.duckdns.org Open in urlscan Pro
18.212.216.72 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

40
Requests

18 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

794 kB
Transfer

1098 kB
Size

0
Cookies

40 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!