urlscan.io logo urlscan.io
SecurityTrails logo

lordakhyul.duckdns.org Open in urlscan Pro
13.82.123.121  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://lordakhyul.duckdns.org/facebook.html
Submission: On January 30 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 13.82.123.121, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is lordakhyul.duckdns.org.
This is the only time lordakhyul.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Gaming (Entertainment)

Domain & IP information

IP Address AS Autonomous System
4 13.82.123.121 8075 (MICROSOFT...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 13.32.99.106 16509 (AMAZON-02)
6 3
Apex Domain
Subdomains		 Transfer
4 duckdns.org
lordakhyul.duckdns.org
34 KB
1 pubgameshowtime.com
api.pubgameshowtime.com — Cisco Umbrella Rank: 596103
423 B
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 227
28 KB
6 3
Domain Requested by
4 lordakhyul.duckdns.org lordakhyul.duckdns.org
1 api.pubgameshowtime.com cdnjs.cloudflare.com
1 cdnjs.cloudflare.com lordakhyul.duckdns.org
6 3

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-21 -
2022-09-20		 a year crt.sh
api.pubgameshowtime.com
Amazon		 2020-04-17 -
2021-05-17		 a year crt.sh

This page contains 1 frames:

Primary Page: http://lordakhyul.duckdns.org/facebook.html
Frame ID: 75DCF8A38F5F66C15F65B035FB523C9C
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Facebook Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

17 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

62 kB
Transfer

125 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request facebook.html
lordakhyul.duckdns.org/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://lordakhyul.duckdns.org/facebook.html
Protocol
HTTP/1.1
Server
13.82.123.121 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
1a15a9e619fa20017c5eb2ad1631e28c394a6fa447d040be7174a474a70e706a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
content-type
text/html
last-modified
Thu, 04 Mar 2021 19:41:04 GMT
accept-ranges
bytes
content-encoding
gzip
vary
Accept-Encoding
content-length
1471
date
Sun, 30 Jan 2022 13:10:43 GMT
server
LiteSpeed
facebook.css
lordakhyul.duckdns.org/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://lordakhyul.duckdns.org/css/facebook.css
Requested by
Host: lordakhyul.duckdns.org
URL: http://lordakhyul.duckdns.org/facebook.html
Protocol
HTTP/1.1
Server
13.82.123.121 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
ee57af7dedeb4a0a94cbcf9f84d2061613eb4a819525eebbe3a25cef617fbc0f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://lordakhyul.duckdns.org/facebook.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 30 Jan 2022 13:10:43 GMT
content-encoding
gzip
last-modified
Thu, 04 Mar 2021 19:41:04 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
1031
expires
Sun, 06 Feb 2022 13:10:43 GMT
facebook_text.png
lordakhyul.duckdns.org/img/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://lordakhyul.duckdns.org/img/facebook_text.png
Requested by
Host: lordakhyul.duckdns.org
URL: http://lordakhyul.duckdns.org/facebook.html
Protocol
HTTP/1.1
Server
13.82.123.121 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://lordakhyul.duckdns.org/facebook.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 30 Jan 2022 13:10:43 GMT
last-modified
Thu, 04 Mar 2021 19:41:04 GMT
server
LiteSpeed
content-type
image/png
cache-control
public, max-age=604800
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
28789
expires
Sun, 06 Feb 2022 13:10:43 GMT
icon.png
lordakhyul.duckdns.org/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://lordakhyul.duckdns.org/img/icon.png
Requested by
Host: lordakhyul.duckdns.org
URL: http://lordakhyul.duckdns.org/facebook.html
Protocol
HTTP/1.1
Server
13.82.123.121 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
3899581abcfed9b40b7208bbbca8bdbfe3ae9655980dbf55f04dec9cb3309f27

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://lordakhyul.duckdns.org/facebook.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 30 Jan 2022 13:10:43 GMT
last-modified
Thu, 04 Mar 2021 19:41:04 GMT
server
LiteSpeed
content-type
image/png
cache-control
public, max-age=604800
Connection
Keep-Alive
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
2043
expires
Sun, 06 Feb 2022 13:10:43 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: lordakhyul.duckdns.org
URL: http://lordakhyul.duckdns.org/facebook.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://lordakhyul.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 30 Jan 2022 13:10:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2135087
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
27958
timing-allow-origin
*
last-modified
Mon, 04 May 2020 23:01:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb09ed3-15d84"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9HU6GHQN3vFak%2BAyZS46UvSZFZuOH0Zi04to0bosBBII4TjvhMYGXyYTZZtD8rPaxso1hlvIw47VQTD0T%2FHLXrACotxjrGE1XDJRkGwIr6hB6glKfz6ZG2dUQahpno260CDIUuMlqqEx5Xoycn82I0Og"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6d5af12b0d11f93b-MXP
expires
Fri, 20 Jan 2023 13:10:43 GMT
getcountry
api.pubgameshowtime.com/ip/ 		58 B
423 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.pubgameshowtime.com/ip/getcountry
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-106.fra60.r.cloudfront.net
Software
/
Resource Hash
4549fbf40e30440446ba9891b588db231b0767c0520340e25afe999e8fe2932d

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
http://lordakhyul.duckdns.org/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 30 Jan 2022 13:10:44 GMT
via
1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
x-amzn-requestid
38df61c5-f7c7-4215-9557-cf9a2ad1e5fc
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-61f68e54-3cd504831cb4a8bc5a66e402;Sampled=0
x-amz-apigw-id
MwstNGjRSK4FaYA=
content-length
58
x-amz-cf-id
ir_X2le4EdBAeLfia1V94FwI1lvwK8SdtfL9MB1M3NGRZjpstWsi1Q==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Gaming (Entertainment)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| checkip function| valid

0 Cookies