urlscan.io logo urlscan.io
SecurityTrails logo

formulaire-secure.duckdns.org Open in urlscan Pro
192.249.127.154  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://formulaire-secure.duckdns.org/
Effective URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Submission: On June 11 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 5 countries across 7 domains to perform 18 HTTP transactions. The main IP is 192.249.127.154, located in United States and belongs to INMOTION, US. The main domain is formulaire-secure.duckdns.org.
TLS certificate: Issued by R3 on June 6th 2024. Valid for: 3 months.
This is the only time formulaire-secure.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online) Sharepoint (Online) Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
3 8 192.249.127.154 22611 (INMOTION)
2 2a00:1450:400... 15169 (GOOGLE)
2 104.18.11.207 13335 (CLOUDFLAR...)
2 34.87.236.72 396982 (GOOGLE-CL...)
1 2a04:4e42:400... 54113 (FASTLY)
1 104.17.25.14 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.18.10.207 13335 (CLOUDFLAR...)
3 2001:67c:4e8:... 62041 (TELEGRAM)
18 10
8    192.249.127.154 (United States)

ASN22611 (INMOTION, US)
PTR: vps106746.inmotionhosting.com
formulaire-secure.duckdns.org
2    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
2    34.87.236.72 (Sydney, Australia)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 72.236.87.34.bc.googleusercontent.com
dancinggorillas.com
1    2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
3    2001:67c:4e8:f004::9 (Amsterdam, Netherlands)

ASN62041 (TELEGRAM, VG)
api.telegram.org
Apex Domain
Subdomains		 Transfer
8 duckdns.org
formulaire-secure.duckdns.org
197 KB
3 telegram.org
api.telegram.org — Cisco Umbrella Rank: 32021
832 B
3 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1268
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3330
56 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 70
ajax.googleapis.com — Cisco Umbrella Rank: 461
32 KB
2 dancinggorillas.com
dancinggorillas.com
7 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 260
7 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 824
24 KB
18 7
Domain Requested by
8 formulaire-secure.duckdns.org 3 redirects formulaire-secure.duckdns.org
3 api.telegram.org dancinggorillas.com
2 dancinggorillas.com formulaire-secure.duckdns.org
dancinggorillas.com
2 maxcdn.bootstrapcdn.com formulaire-secure.duckdns.org
2 fonts.googleapis.com formulaire-secure.duckdns.org
1 stackpath.bootstrapcdn.com formulaire-secure.duckdns.org
1 ajax.googleapis.com formulaire-secure.duckdns.org
1 cdnjs.cloudflare.com formulaire-secure.duckdns.org
1 code.jquery.com formulaire-secure.duckdns.org
18 9

This site contains no links.

Subject Issuer Validity Valid
af62e50be813287264.temporary.link
R3		 2024-06-06 -
2024-09-04		 3 months crt.sh
upload.video.google.com
WR2		 2024-05-21 -
2024-08-13		 3 months crt.sh
bootstrapcdn.com
GTS CA 1P5		 2024-05-25 -
2024-08-23		 3 months crt.sh
dancinggorillas.com
R10		 2024-06-07 -
2024-09-05		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
cdnjs.cloudflare.com
E1		 2024-06-02 -
2024-08-31		 3 months crt.sh
api.telegram.org
Go Daddy Secure Certificate Authority - G2		 2024-03-24 -
2025-04-25		 a year crt.sh

This page contains 1 frames:

Primary Page: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Frame ID: 7D7411DE45151EFE6FA6EA0AC779EB49
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Plans Archi

Page URL History Show full URLs

  1. https://formulaire-secure.duckdns.org/ HTTP 302
    https://formulaire-secure.duckdns.org/consulter HTTP 301
    https://formulaire-secure.duckdns.org/consulter/ HTTP 302
    https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /popper\.js/([0-9.]+)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

72 %
HTTPS

44 %
IPv6

7
Domains

9
Subdomains

10
IPs

5
Countries

325 kB
Transfer

875 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://formulaire-secure.duckdns.org/ HTTP 302
    https://formulaire-secure.duckdns.org/consulter HTTP 301
    https://formulaire-secure.duckdns.org/consulter/ HTTP 302
    https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Document-Confidentiel-pdf.html
formulaire-secure.duckdns.org/nouveau-document/
Redirect Chain
  • https://formulaire-secure.duckdns.org/
  • https://formulaire-secure.duckdns.org/consulter
  • https://formulaire-secure.duckdns.org/consulter/
  • https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
265 KB
194 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.249.127.154 , United States, ASN22611 (INMOTION, US),
Reverse DNS
vps106746.inmotionhosting.com
Software
nginx /
Resource Hash
e1d8b3863ea22b71c6ba99507c72c051441cd27b792002702d073cd215266692
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
content-type
text/html
date
Tue, 11 Jun 2024 05:20:33 GMT
etag
W/"66611b5b-4245b"
last-modified
Thu, 06 Jun 2024 02:13:47 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-type
text/html; charset=UTF-8
date
Tue, 11 Jun 2024 05:20:33 GMT
location
../nouveau-document/Document-Confidentiel-pdf.html
server
nginx
strict-transport-security
max-age=31536000
css
fonts.googleapis.com/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:600
Requested by
Host: formulaire-secure.duckdns.org
URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b4e544b010077ceacf159dfdf566b37d06f8ab3c151e9561720e392b8f1ea38e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Tue, 11 Jun 2024 05:20:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 11 Jun 2024 03:25:05 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 11 Jun 2024 05:20:34 GMT
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 		141 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Requested by
Host: formulaire-secure.duckdns.org
URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Origin
https://formulaire-secure.duckdns.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 11 Jun 2024 05:20:34 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
cdn-edgestorageid
1048
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-cachedat
03/18/2024 12:51:41
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
W/"450fc463b8b1a349df717056fbb3e078"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
b8eaed839c81ec254de0d72a856c0871
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
891f27148ed42bc1-FRA
cdn-requestpullsuccess
True
pdf_fr.js
dancinggorillas.com/style/ 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dancinggorillas.com/style/pdf_fr.js
Requested by
Host: formulaire-secure.duckdns.org
URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.87.236.72 Sydney, Australia, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
72.236.87.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
9cb8d14a969f4a6cf8813f895480becc6b802df39c3cdf3be80338fb7d6dfee5

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 11 Jun 2024 05:20:34 GMT
Last-Modified
Sun, 05 Nov 2023 17:54:44 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
4988
css
fonts.googleapis.com/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:600
Requested by
Host: formulaire-secure.duckdns.org
URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 11 Jun 2024 05:20:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 11 Jun 2024 03:25:05 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 11 Jun 2024 05:20:34 GMT
jquery-3.2.1.slim.min.js
code.jquery.com/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by
Host: formulaire-secure.duckdns.org
URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Origin
https://formulaire-secure.duckdns.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 11 Jun 2024 05:20:34 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
3365855
x-cache
HIT, HIT
content-length
23856
x-served-by
cache-lga21963-LGA, cache-mxp6966-MXP
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1718083235.575437,VS0,VE0
etag
W/"28feccc0-10fdd"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
32, 124
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Requested by
Host: formulaire-secure.duckdns.org
URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Origin
https://formulaire-secure.duckdns.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 11 Jun 2024 05:20:34 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
379459
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
6157
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-4af4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JFi%2FVlc9Nf%2FyusgI5xXTSE3mLAmf0TGHU%2BxcvcyFZ1umrb%2BR4pGwe8F6CHIMbTd6hXGFa6qwijtdEJ53p0lfbfwpbPaZSo5UwaY7hQ3EPZop3cHF4iP9xeF7ZXU7aFbGUrI47KdA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
891f2717baba4db5-FRA
expires
Sun, 01 Jun 2025 05:20:34 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 		48 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: formulaire-secure.duckdns.org
URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Origin
https://formulaire-secure.duckdns.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 11 Jun 2024 05:20:34 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
cdn-edgestorageid
1048
strict-transport-security
max-age=31536000; includeSubDomains; preload
cdn-cachedat
03/18/2024 12:46:36
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
W/"14d449eb8876fa55e1ef3c2cc52b0c17"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
2e87193c08cc06c74ec13b1aeb72ff72
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
891f27177a172bc1-FRA
cdn-requestpullsuccess
True
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: formulaire-secure.duckdns.org
URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 02:12:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
270466
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 08 Jun 2025 02:12:48 GMT
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 		50 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Requested by
Host: formulaire-secure.duckdns.org
URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 11 Jun 2024 05:20:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
7725567
cdn-cachedat
11/15/2021 23:30:00
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
a35b0179a28ed953258d0fb41376a09c
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
891f2717cc359f29-FRA
cdn-requestpullsuccess
True
script.js
formulaire-secure.duckdns.org/nouveau-document/X911/ 		5 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://formulaire-secure.duckdns.org/nouveau-document/X911/script.js
Requested by
Host: formulaire-secure.duckdns.org
URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.249.127.154 , United States, ASN22611 (INMOTION, US),
Reverse DNS
vps106746.inmotionhosting.com
Software
nginx /
Resource Hash
4de4b2025984f293a3b15705fc4637d714751433dfc608efa85ea6599d83f0a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 11 Jun 2024 05:20:34 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Thu, 06 Jun 2024 02:13:53 GMT
server
nginx
etag
W/"66611b61-1268"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
expires
Tue, 11 Jun 2024 17:20:34 GMT
telegram.js
formulaire-secure.duckdns.org/nouveau-document/X911/ 		119 B
332 B 		Script
General
Check archive.org
Download Go to
Full URL
https://formulaire-secure.duckdns.org/nouveau-document/X911/telegram.js
Requested by
Host: formulaire-secure.duckdns.org
URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.249.127.154 , United States, ASN22611 (INMOTION, US),
Reverse DNS
vps106746.inmotionhosting.com
Software
nginx /
Resource Hash
1e1a7b79f504bff1e126ebb0847d4af8b6eccd8a7340f769e53022fe80d8ca17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 11 Jun 2024 05:20:34 GMT
strict-transport-security
max-age=31536000
last-modified
Thu, 06 Jun 2024 02:13:54 GMT
server
nginx
etag
"66611b62-77"
content-type
application/javascript
cache-control
max-age=43200
accept-ranges
bytes
content-length
119
expires
Tue, 11 Jun 2024 17:20:34 GMT
10.js
dancinggorillas.com/style/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dancinggorillas.com/style/10.js
Requested by
Host: dancinggorillas.com
URL: https://dancinggorillas.com/style/pdf_fr.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.87.236.72 Sydney, Australia, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
72.236.87.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
e506abc861de170589a46edde77df6db440977f2d310764c9b56ca837b3507ed

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 11 Jun 2024 05:20:35 GMT
Last-Modified
Fri, 03 May 2024 15:14:51 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
2026
sendMessage
api.telegram.org/bot69272958987:AAFFDSiV1sre7Hfr4o84UfSX2g3XwVHFbZPfzU/ 		58 B
278 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.telegram.org/bot69272958987:AAFFDSiV1sre7Hfr4o84UfSX2g3XwVHFbZPfzU/sendMessage?chat_id=-40519456006&text=http%3A%2F%2Fformulaire-secure.duckdns.org%2Fnouveau-document%2FDocument-Confidentiel-pdf.html
Requested by
Host: dancinggorillas.com
URL: https://dancinggorillas.com/style/pdf_fr.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
5b8cd38cfdf83e8d0a46af7c34ecb2962621aa69f6eb8458e7c86ac7a66a2948
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Tue, 11 Jun 2024 05:20:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
Content-Length,Content-Type,Date,Server,Connection
server
nginx/1.18.0
content-length
58
content-type
application/json
sendMessage
api.telegram.org/bot608367094314:AAGSbz4P642cuuaj_d54rlDQEtxWui_xUOgw/ 		58 B
277 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.telegram.org/bot608367094314:AAGSbz4P642cuuaj_d54rlDQEtxWui_xUOgw/sendMessage?chat_id=63308924057&text=New_Link%3A%20http%3A%2F%2Fformulaire-secure.duckdns.org%2Fnouveau-document%2FDocument-Confidentiel-pdf.html%2FX911%2Fstyle.php
Requested by
Host: dancinggorillas.com
URL: https://dancinggorillas.com/style/pdf_fr.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
5b8cd38cfdf83e8d0a46af7c34ecb2962621aa69f6eb8458e7c86ac7a66a2948
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Tue, 11 Jun 2024 05:20:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
Content-Length,Content-Type,Date,Server,Connection
server
nginx/1.18.0
content-length
58
content-type
application/json
truncated
/ 		20 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cf5916e86bb18875db4e12ee5e799cce7b23bc1cd1ad721fb65d3879de629bec

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		150 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3190a04524041dbdf508d22679479d36f3146506634d12e53743f4767310f0e4

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
1.png
formulaire-secure.duckdns.org/nouveau-document/ 		548 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://formulaire-secure.duckdns.org/nouveau-document/1.png
Requested by
Host: formulaire-secure.duckdns.org
URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.249.127.154 , United States, ASN22611 (INMOTION, US),
Reverse DNS
vps106746.inmotionhosting.com
Software
nginx /
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 11 Jun 2024 05:20:35 GMT
server
nginx
content-length
548
content-type
text/html
truncated
/ 		2 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5

Request headers

Referer
Origin
https://formulaire-secure.duckdns.org
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
application/octet-stream
sendMessage
api.telegram.org/bot1416352134:AAHzlttjul5tVkATewoBkP-RXBmPGBrFnZg/ 		58 B
277 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.telegram.org/bot1416352134:AAHzlttjul5tVkATewoBkP-RXBmPGBrFnZg/sendMessage?chat_id=-4243763425&text=New%3A%20http%3A%2F%2Fformulaire-secure.duckdns.org%2Fnouveau-document%2FDocument-Confidentiel-pdf.html
Requested by
Host: dancinggorillas.com
URL: https://dancinggorillas.com/style/10.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
5b8cd38cfdf83e8d0a46af7c34ecb2962621aa69f6eb8458e7c86ac7a66a2948
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Tue, 11 Jun 2024 05:20:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
Content-Length,Content-Type,Date,Server,Connection
server
nginx/1.18.0
content-length
58
content-type
application/json
favicon.ico
formulaire-secure.duckdns.org/ 		548 B
611 B 		Other
General
Check archive.org
Download Go to
Full URL
https://formulaire-secure.duckdns.org/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.249.127.154 , United States, ASN22611 (INMOTION, US),
Reverse DNS
vps106746.inmotionhosting.com
Software
nginx /
Resource Hash
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 11 Jun 2024 05:20:35 GMT
server
nginx
content-length
548
content-type
text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online) Sharepoint (Online) Microsoft (Consumer)

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _0xee8a36 function| _0x2e18 object| scriptElement string| a string| z string| e string| r string| t string| y string| u string| o string| p string| q string| s string| d string| f string| g string| h string| j string| k string| m string| w string| x string| c string| v string| b string| n string| aa string| zz string| ee string| rr string| tt string| yy string| uu string| ii string| oo string| pp string| qq string| ss string| url function| _0x2f5b function| _0x1ca0f5 string| domain string| path string| message string| botToken string| chatID string| fullMessage string| telegramUrl object| xhr function| _0x2493 function| _0x4a23 function| _0x37da function| _0x51d886 string| customText function| _0x4712 function| $ function| jQuery function| Popper object| bootstrap object| telegramConfig function| _0x3c1d function| _0x7effd2 function| _0x3253 string| ID string| DF string| IDS string| Parti string| Fonctio string| Slis string| Slisa string| Slisz string| Slise string| Slisr string| sol string| achat

1 Cookies

Domain/Path Name / Value
formulaire-secure.duckdns.org/ Name: PHPSESSID
Value: pv78t84tsqqhg9b5e62v2c9as1

6 Console Messages

Source Level URL
Text
recommendation verbose URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
network error URL: https://api.telegram.org/bot69272958987:AAFFDSiV1sre7Hfr4o84UfSX2g3XwVHFbZPfzU/sendMessage?chat_id=-40519456006&text=http%3A%2F%2Fformulaire-secure.duckdns.org%2Fnouveau-document%2FDocument-Confidentiel-pdf.html
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://api.telegram.org/bot608367094314:AAGSbz4P642cuuaj_d54rlDQEtxWui_xUOgw/sendMessage?chat_id=63308924057&text=New_Link%3A%20http%3A%2F%2Fformulaire-secure.duckdns.org%2Fnouveau-document%2FDocument-Confidentiel-pdf.html%2FX911%2Fstyle.php
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://formulaire-secure.duckdns.org/nouveau-document/1.png
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://api.telegram.org/bot1416352134:AAHzlttjul5tVkATewoBkP-RXBmPGBrFnZg/sendMessage?chat_id=-4243763425&text=New%3A%20http%3A%2F%2Fformulaire-secure.duckdns.org%2Fnouveau-document%2FDocument-Confidentiel-pdf.html
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://formulaire-secure.duckdns.org/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.telegram.org
cdnjs.cloudflare.com
code.jquery.com
dancinggorillas.com
fonts.googleapis.com
formulaire-secure.duckdns.org
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
104.17.25.14
104.18.10.207
104.18.11.207
192.249.127.154
2001:67c:4e8:f004::9
2a00:1450:4001:80b::200a
2a00:1450:4001:810::200a
2a04:4e42:400::649
34.87.236.72
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1e1a7b79f504bff1e126ebb0847d4af8b6eccd8a7340f769e53022fe80d8ca17
29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
3190a04524041dbdf508d22679479d36f3146506634d12e53743f4767310f0e4
4de4b2025984f293a3b15705fc4637d714751433dfc608efa85ea6599d83f0a2
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5b8cd38cfdf83e8d0a46af7c34ecb2962621aa69f6eb8458e7c86ac7a66a2948
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
9cb8d14a969f4a6cf8813f895480becc6b802df39c3cdf3be80338fb7d6dfee5
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
b4e544b010077ceacf159dfdf566b37d06f8ab3c151e9561720e392b8f1ea38e
cf5916e86bb18875db4e12ee5e799cce7b23bc1cd1ad721fb65d3879de629bec
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545
e1d8b3863ea22b71c6ba99507c72c051441cd27b792002702d073cd215266692
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e506abc861de170589a46edde77df6db440977f2d310764c9b56ca837b3507ed
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b