![](/screenshots/3b2fe09a-8277-4a56-8ed8-45e79724a61f.png)
formulaire-secure.duckdns.org
Open in
urlscan Pro
192.249.127.154
Malicious Activity!
Public Scan
Effective URL: https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Submission: On June 11 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 6th 2024. Valid for: 3 months.
This is the only time formulaire-secure.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online) Sharepoint (Online) Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 8 | 192.249.127.154 192.249.127.154 | 22611 (INMOTION) (INMOTION) | |
2 | 2a00:1450:400... 2a00:1450:4001:810::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 34.87.236.72 34.87.236.72 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 2a04:4e42:400... 2a04:4e42:400::649 | 54113 (FASTLY) (FASTLY) | |
1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.18.10.207 104.18.10.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
18 | 10 |
ASN22611 (INMOTION, US)
PTR: vps106746.inmotionhosting.com
formulaire-secure.duckdns.org |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 72.236.87.34.bc.googleusercontent.com
dancinggorillas.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
duckdns.org
3 redirects
formulaire-secure.duckdns.org |
197 KB |
3 |
telegram.org
api.telegram.org — Cisco Umbrella Rank: 32021 |
832 B |
3 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1268 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3330 |
56 KB |
3 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 70 ajax.googleapis.com — Cisco Umbrella Rank: 461 |
32 KB |
2 |
dancinggorillas.com
dancinggorillas.com |
7 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 260 |
7 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 824 |
24 KB |
18 | 7 |
Domain | Requested by | |
---|---|---|
8 | formulaire-secure.duckdns.org |
3 redirects
formulaire-secure.duckdns.org
|
3 | api.telegram.org |
dancinggorillas.com
|
2 | dancinggorillas.com |
formulaire-secure.duckdns.org
dancinggorillas.com |
2 | maxcdn.bootstrapcdn.com |
formulaire-secure.duckdns.org
|
2 | fonts.googleapis.com |
formulaire-secure.duckdns.org
|
1 | stackpath.bootstrapcdn.com |
formulaire-secure.duckdns.org
|
1 | ajax.googleapis.com |
formulaire-secure.duckdns.org
|
1 | cdnjs.cloudflare.com |
formulaire-secure.duckdns.org
|
1 | code.jquery.com |
formulaire-secure.duckdns.org
|
18 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
af62e50be813287264.temporary.link R3 |
2024-06-06 - 2024-09-04 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-05-21 - 2024-08-13 |
3 months | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-05-25 - 2024-08-23 |
3 months | crt.sh |
dancinggorillas.com R10 |
2024-06-07 - 2024-09-05 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
cdnjs.cloudflare.com E1 |
2024-06-02 - 2024-08-31 |
3 months | crt.sh |
api.telegram.org Go Daddy Secure Certificate Authority - G2 |
2024-03-24 - 2025-04-25 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html
Frame ID: 7D7411DE45151EFE6FA6EA0AC779EB49
Requests: 23 HTTP requests in this frame
Screenshot
![](/screenshots/3b2fe09a-8277-4a56-8ed8-45e79724a61f.png)
Page Title
Plans ArchiPage URL History Show full URLs
-
https://formulaire-secure.duckdns.org/
HTTP 302
https://formulaire-secure.duckdns.org/consulter HTTP 301
https://formulaire-secure.duckdns.org/consulter/ HTTP 302
https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/Google Font API.png)
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
![](/vendor/wappa/icons/Popper.png)
Detected patterns
- /popper\.js/([0-9.]+)
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://formulaire-secure.duckdns.org/
HTTP 302
https://formulaire-secure.duckdns.org/consulter HTTP 301
https://formulaire-secure.duckdns.org/consulter/ HTTP 302
https://formulaire-secure.duckdns.org/nouveau-document/Document-Confidentiel-pdf.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Document-Confidentiel-pdf.html
formulaire-secure.duckdns.org/nouveau-document/ Redirect Chain
|
265 KB 194 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pdf_fr.js
dancinggorillas.com/style/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
0 0 |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
formulaire-secure.duckdns.org/nouveau-document/X911/ |
5 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telegram.js
formulaire-secure.duckdns.org/nouveau-document/X911/ |
119 B 332 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10.js
dancinggorillas.com/style/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sendMessage
api.telegram.org/bot69272958987:AAFFDSiV1sre7Hfr4o84UfSX2g3XwVHFbZPfzU/ |
58 B 278 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sendMessage
api.telegram.org/bot608367094314:AAGSbz4P642cuuaj_d54rlDQEtxWui_xUOgw/ |
58 B 277 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
20 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
150 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.png
formulaire-secure.duckdns.org/nouveau-document/ |
548 B 548 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 2 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sendMessage
api.telegram.org/bot1416352134:AAHzlttjul5tVkATewoBkP-RXBmPGBrFnZg/ |
58 B 277 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
formulaire-secure.duckdns.org/ |
548 B 611 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online) Sharepoint (Online) Microsoft (Consumer)76 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| _0xee8a36 function| _0x2e18 object| scriptElement string| a string| z string| e string| r string| t string| y string| u string| o string| p string| q string| s string| d string| f string| g string| h string| j string| k string| m string| w string| x string| c string| v string| b string| n string| aa string| zz string| ee string| rr string| tt string| yy string| uu string| ii string| oo string| pp string| qq string| ss string| url function| _0x2f5b function| _0x1ca0f5 string| domain string| path string| message string| botToken string| chatID string| fullMessage string| telegramUrl object| xhr function| _0x2493 function| _0x4a23 function| _0x37da function| _0x51d886 string| customText function| _0x4712 function| $ function| jQuery function| Popper object| bootstrap object| telegramConfig function| _0x3c1d function| _0x7effd2 function| _0x3253 string| ID string| DF string| IDS string| Parti string| Fonctio string| Slis string| Slisa string| Slisz string| Slise string| Slisr string| sol string| achat1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
formulaire-secure.duckdns.org/ | Name: PHPSESSID Value: pv78t84tsqqhg9b5e62v2c9as1 |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
api.telegram.org
cdnjs.cloudflare.com
code.jquery.com
dancinggorillas.com
fonts.googleapis.com
formulaire-secure.duckdns.org
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
104.17.25.14
104.18.10.207
104.18.11.207
192.249.127.154
2001:67c:4e8:f004::9
2a00:1450:4001:80b::200a
2a00:1450:4001:810::200a
2a04:4e42:400::649
34.87.236.72
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1e1a7b79f504bff1e126ebb0847d4af8b6eccd8a7340f769e53022fe80d8ca17
29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
3190a04524041dbdf508d22679479d36f3146506634d12e53743f4767310f0e4
4de4b2025984f293a3b15705fc4637d714751433dfc608efa85ea6599d83f0a2
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5b8cd38cfdf83e8d0a46af7c34ecb2962621aa69f6eb8458e7c86ac7a66a2948
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
9cb8d14a969f4a6cf8813f895480becc6b802df39c3cdf3be80338fb7d6dfee5
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
b4e544b010077ceacf159dfdf566b37d06f8ab3c151e9561720e392b8f1ea38e
cf5916e86bb18875db4e12ee5e799cce7b23bc1cd1ad721fb65d3879de629bec
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
db307fcef7f95139689007d7a623b340ec21282bd421c4e4b2ba09078f230545
e1d8b3863ea22b71c6ba99507c72c051441cd27b792002702d073cd215266692
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e506abc861de170589a46edde77df6db440977f2d310764c9b56ca837b3507ed
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b