acc-secureinfo.ddns.net
Open in
urlscan Pro
192.236.154.5
Malicious Activity!
Public Scan
Effective URL: https://acc-secureinfo.ddns.net/micuenta/users/userID-13793/myaccount/home.php
Submission Tags: @jcybersec_
Submission: On May 28 via api from GB
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 22nd 2020. Valid for: 3 months.
This is the only time acc-secureinfo.ddns.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 192.236.154.5 192.236.154.5 | 54290 (HOSTWINDS) (HOSTWINDS) | |
1 | 2606:4700::68... 2606:4700::6810:85e5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 151.101.1.195 151.101.1.195 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:86c0:209... 2a00:86c0:2091::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
14 | 5 |
ASN54290 (HOSTWINDS, US)
PTR: hwsrv-724475.hostwindsdns.com
acc-secureinfo.ddns.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
ddns.net
acc-secureinfo.ddns.net |
306 KB |
1 |
nflxext.com
assets.nflxext.com |
69 KB |
1 |
angularjs.org
code.angularjs.org |
235 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
73 KB |
0 |
microsoft.com
Failed
ajax.microsoft.com Failed |
|
14 | 5 |
Domain | Requested by | |
---|---|---|
10 | acc-secureinfo.ddns.net |
acc-secureinfo.ddns.net
|
1 | assets.nflxext.com |
acc-secureinfo.ddns.net
|
1 | code.angularjs.org |
acc-secureinfo.ddns.net
|
1 | cdnjs.cloudflare.com |
acc-secureinfo.ddns.net
|
0 | ajax.microsoft.com Failed |
acc-secureinfo.ddns.net
|
14 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
acc-secureinfo.ddns.net cPanel, Inc. Certification Authority |
2020-05-22 - 2020-08-20 |
3 months | crt.sh |
cloudflare.com CloudFlare Inc ECC CA-2 |
2020-01-07 - 2020-10-09 |
9 months | crt.sh |
ombrelleria.com Let's Encrypt Authority X3 |
2020-05-20 - 2020-08-18 |
3 months | crt.sh |
*.1.nflxso.net DigiCert SHA2 Secure Server CA |
2020-05-16 - 2020-06-15 |
a month | crt.sh |
This page contains 1 frames:
Primary Page:
https://acc-secureinfo.ddns.net/micuenta/users/userID-13793/myaccount/home.php
Frame ID: 7920C459D3C1B26EE3CA341F19166DA2
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://acc-secureinfo.ddns.net/micuenta/users/userID-13793/login/index.php?-EN Page URL
- https://acc-secureinfo.ddns.net/micuenta/users/userID-13793/myaccount/home.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- script /\/([\d.]+(?:-?rc[.\d]*)*)\/angular(?:\.min)?\.js/i
- script /angular.*\.js/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://acc-secureinfo.ddns.net/micuenta/users/userID-13793/login/index.php?-EN Page URL
- https://acc-secureinfo.ddns.net/micuenta/users/userID-13793/myaccount/home.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index.php
acc-secureinfo.ddns.net/micuenta/users/userID-13793/login/ |
136 B 343 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
home.php
acc-secureinfo.ddns.net/micuenta/users/userID-13793/myaccount/ |
9 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/ |
258 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.js
acc-secureinfo.ddns.net/micuenta/users/userID-13793/myaccount/bots/ |
38 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular.js
code.angularjs.org/1.2.20/ |
778 KB 235 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none2.css
acc-secureinfo.ddns.net/micuenta/users/userID-13793/myaccount/css/ |
157 KB 157 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none3.css
acc-secureinfo.ddns.net/micuenta/users/userID-13793/myaccount/css/ |
5 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
acc-secureinfo.ddns.net/micuenta/users/userID-13793/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plugins.js
acc-secureinfo.ddns.net/micuenta/users/userID-13793/myaccount/js/ |
55 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Dwissel.js
acc-secureinfo.ddns.net/micuenta/users/userID-13793/myaccount/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
additional-methods.js
ajax.microsoft.com/ajax/jquery.validate/1.11.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon.png
acc-secureinfo.ddns.net/micuenta/users/userID-13793/images/ |
37 KB 37 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
processing.gif
acc-secureinfo.ddns.net/micuenta/users/userID-13793/myaccount/images/ |
610 B 852 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-88.woff
assets.nflxext.com/ffe/siteui/fonts/ |
69 KB 69 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ajax.microsoft.com
- URL
- http://ajax.microsoft.com/ajax/jquery.validate/1.11.1/additional-methods.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| angular1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
acc-secureinfo.ddns.net/ | Name: PHPSESSID Value: d4271fc6f62e585c1572d1c6aa0d2bf1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
acc-secureinfo.ddns.net
ajax.microsoft.com
assets.nflxext.com
cdnjs.cloudflare.com
code.angularjs.org
ajax.microsoft.com
151.101.1.195
192.236.154.5
2606:4700::6810:85e5
2a00:86c0:2091::1
04b8abcbc72d05761c8c52da11074b31e24ed54fbeaa009627eb76361a802776
11abcb5456f0c04c96fc10f9ac83e93c8d625eacf511736ffa8b035dd2ac7955
208994e7418599fbe8296b8b5c8a69736b69e6915aacb9ce8077bb52ce752d11
25bc96ed5dc34d90eb368ea895bc8d5e48c50e782f4fca84d3079f53eb739229
47abb3cb303e5e809a7587683ebd68ace72e98584748086b963b0ca328611bda
6037c8b4d52c20a21dbaec077eb417c7eacc17e5bfe318d6ee2f0f487140cc82
adbd14eb9e143159068565219b797e9877531a07b52acecb4fc532ed703a1e04
ae7c544fb7afa182e29c40467c553ada2af72c9714f50c9418a119cd83319024
b25a2092f0752b754e933008f10213c55dd5ce93a791e355b0abed9182cc8df9
ba892f7903e737d06c952be4ed3266746ed5e1090377fbc5d2ac975626c4533a
c5021196c67154a7a0a1d6c17b8b4bdc5d5ae773f7ff62db74c90abda388eb49
da8d26a43e4892c7134b905155edcff79b722927b839f49e5d081a1f14348147