ghvghcfgcg.duckdns.org
Open in
urlscan Pro
54.180.143.88
Malicious Activity!
Public Scan
Submission: On May 25 via automatic, source openphish
Summary
This is the only time ghvghcfgcg.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yahoo (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 54.180.143.88 54.180.143.88 | 16509 (AMAZON-02) (AMAZON-02) | |
8 | 2a00:1288:f03... 2a00:1288:f03d:1fa::4000 | 10310 (YAHOO-1) (YAHOO-1) | |
1 2 | 104.111.214.103 104.111.214.103 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 2a00:1288:110... 2a00:1288:110:c204::b000 | 34010 (YAHOO-IRD) (YAHOO-IRD) | |
11 | 5 |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-180-143-88.ap-northeast-2.compute.amazonaws.com
ghvghcfgcg.duckdns.org |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-214-103.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
yimg.com
s.yimg.com |
110 KB |
2 |
yahoo.com
fc.yahoo.com geo.yahoo.com |
7 KB |
2 |
scorecardresearch.com
1 redirects
sb.scorecardresearch.com |
1 KB |
1 |
duckdns.org
ghvghcfgcg.duckdns.org |
375 KB |
11 | 4 |
Domain | Requested by | |
---|---|---|
7 | s.yimg.com |
ghvghcfgcg.duckdns.org
fc.yahoo.com s.yimg.com |
2 | sb.scorecardresearch.com |
1 redirects
ghvghcfgcg.duckdns.org
|
1 | geo.yahoo.com | |
1 | fc.yahoo.com |
ghvghcfgcg.duckdns.org
|
1 | ghvghcfgcg.duckdns.org | |
11 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
ca.yahoo.com |
policies.oath.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.yahoo.com DigiCert SHA2 High Assurance Server CA |
2020-05-19 - 2020-07-03 |
a month | crt.sh |
*.scorecardresearch.com Sectigo RSA Organization Validation Secure Server CA |
2019-12-16 - 2020-12-25 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
http://ghvghcfgcg.duckdns.org/yahoo/
Frame ID: C574439D7AF03E048862C32AE565638A
Requests: 10 HTTP requests in this frame
Frame:
https://s.yimg.com/rq/darla/3-25-1/html/r-csc.html
Frame ID: D1FB51A4AB3E8D658E1C854D3BAFEEF7
Requests: 1 HTTP requests in this frame
Frame:
https://s.yimg.com/rq/darla/3-25-1/html/r-sf.html
Frame ID: 7AA72F2C2E167C988FB401BD5B13ED16
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
Windows Server (Operating Systems) Expand
Detected patterns
- headers server /Win32|Win64/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=794308018&ns_c=UTF-8&ns__t=1577184261195&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1 HTTP 302
- https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=794308018&ns_c=UTF-8&ns__t=1577184261195&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
ghvghcfgcg.duckdns.org/yahoo/ |
375 KB 375 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
s.yimg.com/rz/p/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png
s.yimg.com/rz/p/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rapid-3.53.3.js
s.yimg.com/wm/mbr/js/ |
46 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
p2
sb.scorecardresearch.com/ Redirect Chain
|
43 B 406 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
client.php
fc.yahoo.com/sdarla/php/ |
11 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.js
s.yimg.com/rq/darla/ |
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
g-r-min.js
s.yimg.com/rq/darla/3-25-1/js/ |
202 KB 86 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r-csc.html
s.yimg.com/rq/darla/3-25-1/html/ Frame D1FB |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r-sf.html
s.yimg.com/rq/darla/3-25-1/html/ Frame 7AA7 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
p
geo.yahoo.com/ |
43 B 715 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yahoo (Online)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate number| pageStartTime object| I13N_config string| mKeyPrefix object| COUNTRY_CODES_MAP object| mbrConfig object| darlaConfig string| bucket string| currentURL boolean| isASDK string| comscoreBeaconUrl undefined| rapidInstance object| DARLA_CONFIG object| DARLA object| $sf undefined| $yac boolean| sf_auto_1-25-4-2020 undefined| Y object| _Y0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fc.yahoo.com
geo.yahoo.com
ghvghcfgcg.duckdns.org
s.yimg.com
sb.scorecardresearch.com
104.111.214.103
2a00:1288:110:c204::b000
2a00:1288:f03d:1fa::4000
54.180.143.88
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637
65b710c8dbaa88616cd7d61effcd31e08fccad4fe38df0f62d1fc0af1ff0108e
7bd440561281e97648a7c7e9905f727cf5a244824fed4572aa978efeadbbc500
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
beda08cf133742da414a64d415ec68804378c115eaf47ce8a638e10127613174
d788b261d015feaf256043eb3a93fe1a2d93d373b86266bbb85d781acbd9aaef
e912ee1b5721d5705a0add39acd647a1dbcaa22e209e01b6080ac141445702e3
f8b3cec38178f350625a2e3f4051a503a1460a1ac0e55eb15402eafb5211bcb0