lordakhyul.duckdns.org
Open in
urlscan Pro
13.82.123.121
Malicious Activity!
Public Scan
Submission: On January 30 via automatic, source openphish — Scanned from DE
Summary
This is the only time lordakhyul.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Gaming (Entertainment)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 13.82.123.121 13.82.123.121 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 13.32.99.106 13.32.99.106 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 3 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
lordakhyul.duckdns.org |
ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-106.fra60.r.cloudfront.net
api.pubgameshowtime.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
duckdns.org
lordakhyul.duckdns.org |
34 KB |
1 |
pubgameshowtime.com
api.pubgameshowtime.com — Cisco Umbrella Rank: 596103 |
423 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 227 |
28 KB |
6 | 3 |
Domain | Requested by | |
---|---|---|
4 | lordakhyul.duckdns.org |
lordakhyul.duckdns.org
|
1 | api.pubgameshowtime.com |
cdnjs.cloudflare.com
|
1 | cdnjs.cloudflare.com |
lordakhyul.duckdns.org
|
6 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
api.pubgameshowtime.com Amazon |
2020-04-17 - 2021-05-17 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://lordakhyul.duckdns.org/facebook.html
Frame ID: 75DCF8A38F5F66C15F65B035FB523C9C
Requests: 6 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
facebook.html
lordakhyul.duckdns.org/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
facebook.css
lordakhyul.duckdns.org/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
facebook_text.png
lordakhyul.duckdns.org/img/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon.png
lordakhyul.duckdns.org/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
getcountry
api.pubgameshowtime.com/ip/ |
58 B 423 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Gaming (Entertainment)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| checkip function| valid0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.pubgameshowtime.com
cdnjs.cloudflare.com
lordakhyul.duckdns.org
13.32.99.106
13.82.123.121
2606:4700::6810:135e
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
1a15a9e619fa20017c5eb2ad1631e28c394a6fa447d040be7174a474a70e706a
3899581abcfed9b40b7208bbbca8bdbfe3ae9655980dbf55f04dec9cb3309f27
4549fbf40e30440446ba9891b588db231b0767c0520340e25afe999e8fe2932d
ee57af7dedeb4a0a94cbcf9f84d2061613eb4a819525eebbe3a25cef617fbc0f
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d