lnahwe.duckdns.org
Open in
urlscan Pro
210.16.100.46
Malicious Activity!
Public Scan
Effective URL: http://lnahwe.duckdns.org/goddy/GodaddyAuto/Godaddy356/workspace/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid...
Submission: On February 11 via manual from US
Summary
This is the only time lnahwe.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: GoDaddy (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 210.16.100.46 210.16.100.46 | 40676 (AS40676) (AS40676 - Psychz Networks) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
5 | 2.20.21.198 2.20.21.198 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 104.111.233.125 104.111.233.125 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
15 | 5 |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-20-21-198.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-233-125.deploy.static.akamaitechnologies.com
gui.godaddy.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
duckdns.org
1 redirects
lnahwe.duckdns.org |
221 KB |
5 |
wsimg.com
img1.wsimg.com |
179 KB |
1 |
godaddy.com
gui.godaddy.com |
1 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
25 KB |
15 | 4 |
Domain | Requested by | |
---|---|---|
9 | lnahwe.duckdns.org |
1 redirects
lnahwe.duckdns.org
img1.wsimg.com |
5 | img1.wsimg.com |
lnahwe.duckdns.org
|
1 | gui.godaddy.com |
img1.wsimg.com
|
1 | www.googletagmanager.com |
lnahwe.duckdns.org
|
15 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.godaddy.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.google-analytics.com Google Internet Authority G3 |
2019-01-23 - 2019-04-17 |
3 months | crt.sh |
*.wsimg.com Starfield Secure Certificate Authority - G2 |
2018-09-25 - 2020-09-25 |
2 years | crt.sh |
*.godaddy.com Go Daddy Secure Certificate Authority - G2 |
2018-07-31 - 2020-07-31 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://lnahwe.duckdns.org/goddy/GodaddyAuto/Godaddy356/workspace/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=office@hemswortharchitecture.com
Frame ID: B69D683B8B283C3E6D30F68C1ED83B62
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://lnahwe.duckdns.org/goddy/GodaddyAuto/Godaddy356/index.php?userid=office%40hemswortharchitecture...
HTTP 302
http://lnahwe.duckdns.org/goddy/GodaddyAuto/Godaddy356/workspace/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_P... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- env /^google_tag_manager$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://lnahwe.duckdns.org/goddy/GodaddyAuto/Godaddy356/index.php?userid=office%40hemswortharchitecture.com
HTTP 302
http://lnahwe.duckdns.org/goddy/GodaddyAuto/Godaddy356/workspace/index.php?l=_JeHFUq_VJOXK0QWHtoGYDw_Product-UserID&userid=office@hemswortharchitecture.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.php
lnahwe.duckdns.org/goddy/GodaddyAuto/Godaddy356/workspace/ Redirect Chain
|
219 KB 220 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
75 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-pass.png
img1.wsimg.com/auth/v1/static/359/img/ |
300 B 300 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uxcore.en.min.js.download
lnahwe.duckdns.org/goddy/GodaddyAuto/Godaddy356/workspace/Sign%20In_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
languageheader.min.js.download
lnahwe.duckdns.org/goddy/GodaddyAuto/Godaddy356/workspace/Sign%20In_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uxfont.woff2
lnahwe.duckdns.org/goddy/GodaddyAuto/Godaddy356/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Boing-Bold.woff2
img1.wsimg.com/ux/fonts/1.4/woff2/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uxfont.woff
lnahwe.duckdns.org/goddy/GodaddyAuto/Godaddy356/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Boing-Bold.woff
img1.wsimg.com/ux/fonts/1.4/woff/ |
34 KB 35 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uxfont.ttf
lnahwe.duckdns.org/goddy/GodaddyAuto/Godaddy356/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uxcore.en.min.js
img1.wsimg.com/ux/1.3.46-brand/js/ |
448 KB 138 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
languageheader.min.js
img1.wsimg.com/ux/eldorado/1.5.105/js/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
includemarket
gui.godaddy.com/pcjson/support/ |
620 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
lnahwe.duckdns.org/v1/js/src/ |
335 B 535 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form.js
lnahwe.duckdns.org/v1/js/src/ |
334 B 534 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: GoDaddy (Online)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| google_tag_manager object| _gaDataLayer object| ux object| Globals object| translate_dict object| uxel function| require object| openit function| $ function| jQuery function| _ object| jQuery18307440936344248918 undefined| jQuery18307440936344248918_15499046318060 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
gui.godaddy.com
img1.wsimg.com
lnahwe.duckdns.org
www.googletagmanager.com
104.111.233.125
2.20.21.198
210.16.100.46
2a00:1450:4001:81a::2008
02bb3a4e3dc0682ff8d9d500cba553de419ef2b73f3ef588896130146429910e
316798ddb9d835066f727ac3af8969a5ca00adfe3b0042c0d8076bc5ab05567e
3d469a389722521b619bb310a7d0eac2990c2f8777e74eb042e740b52ae3a4d5
3f969c5d4666381c1855e62aea5280caaa2e053bc73b0b2cf29cababe96c6f85
4a88db8385e229451b5f441fde11a858f5e1c03390a48272937df1de1b2e239d
4ab4b80dd1c5c1220ad1543693c2176089e9c4a096dc3919d582d3e159661560
5450052ba3ccddfd985b06ead95c5abbd4a3a7f19e3060862ab3a79d7e563cde
76f75a84131a8300b2ab542f73a3a4ce4048395fe9015974e33e49ab1f6c1b67
8cdc865f528e0af92dd7d42a2a0e4b9f1310960017febc221a70e47e53dd27ca
8e37396d17aa941902c9229c7f73939f75ae069b7111b47231b1cf000e5bd12e