23r0fejr240jfegrvuewnfhbinsauf.duckdns.org
Open in
urlscan Pro
185.212.129.195
Malicious Activity!
Public Scan
Effective URL: https://23r0fejr240jfegrvuewnfhbinsauf.duckdns.org/?ijbgtrf=Y2hhbmRyYWthbnRoQHN0b2lsbWd0LmNvbTo6Mg==
Submission: On June 23 via manual from IN
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on June 21st 2020. Valid for: 3 months.
This is the only time 23r0fejr240jfegrvuewnfhbinsauf.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 185.212.129.195 185.212.129.195 | 200313 (INTERNET-IT) (INTERNET-IT) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
9 | 192.229.221.185 192.229.221.185 | 15133 (EDGECAST) (EDGECAST) | |
1 | 164.160.128.110 164.160.128.110 | 328110 (Garanntor...) (Garanntor-Hosting-AS) | |
12 | 4 |
ASN200313 (INTERNET-IT, NL)
PTR: trtgbevrefbgr.duckdns.org
23r0fejr240jfegrvuewnfhbinsauf.duckdns.org |
ASN328110 (Garanntor-Hosting-AS, NG)
PTR: gh-ws-lh03.garanntor.net
donnashashimao.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
msauth.net
logincdn.msauth.net |
172 KB |
1 |
donnashashimao.com
donnashashimao.com |
321 B |
1 |
jquery.com
code.jquery.com |
81 KB |
1 |
duckdns.org
23r0fejr240jfegrvuewnfhbinsauf.duckdns.org |
8 KB |
12 | 4 |
Domain | Requested by | |
---|---|---|
9 | logincdn.msauth.net |
23r0fejr240jfegrvuewnfhbinsauf.duckdns.org
code.jquery.com |
1 | donnashashimao.com |
code.jquery.com
|
1 | code.jquery.com |
23r0fejr240jfegrvuewnfhbinsauf.duckdns.org
|
1 | 23r0fejr240jfegrvuewnfhbinsauf.duckdns.org | |
12 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
signup.live.com |
login.live.com |
account.live.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
23r0fejr240jfegrvuewnfhbinsauf.duckdns.org Let's Encrypt Authority X3 |
2020-06-21 - 2020-09-19 |
3 months | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
prod-identitycdnsan.msauth.net Microsoft IT TLS CA 5 |
2018-12-17 - 2020-12-17 |
2 years | crt.sh |
donnashashimao.com Let's Encrypt Authority X3 |
2020-04-29 - 2020-07-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://23r0fejr240jfegrvuewnfhbinsauf.duckdns.org/?ijbgtrf=Y2hhbmRyYWthbnRoQHN0b2lsbWd0LmNvbTo6Mg==
Frame ID: 30C6C1EFCB19A25BD0B1C58868680707
Requests: 12 HTTP requests in this frame
Screenshot
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Create one!
Search URL Search Domain Scan URL
Title: Sign in with a security key
Search URL Search Domain Scan URL
Title: Forgot password?
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
23r0fejr240jfegrvuewnfhbinsauf.duckdns.org/ |
34 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.4.1.js
code.jquery.com/ |
274 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Converged_v21033_WxEHoN1EKgnBBEbhm200rw2.css
logincdn.msauth.net/16.000/ |
98 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
26.png
logincdn.msauth.net/16.000.28345.6/images/AppLogos/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo.svg
logincdn.msauth.net/16.000.28345.6/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
documentation.svg
logincdn.msauth.net/16.000.28345.6/images/ |
2 KB 757 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow_left.svg
logincdn.msauth.net/16.000.28345.6/images/ |
513 B 440 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_white.svg
logincdn.msauth.net/16.000.28345.6/images/ |
915 B 416 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_grey.svg
logincdn.msauth.net/16.000.28345.6/images/ |
915 B 391 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
bookmarks.php
donnashashimao.com/wp-includes/3/ |
15 B 321 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
21-small.jpg
logincdn.msauth.net/16.000.28345.6/images/AppBackgrounds/ |
417 B 600 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
21.jpg
logincdn.msauth.net/16.000.28345.6/images/AppBackgrounds/ |
145 KB 145 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| checkEmail function| goNext function| goBack function| closeBox function| loader function| checkSubmit function| isEmail function| iserror function| createCookie function| deleteAllCookies string| gEmail object| eml0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
23r0fejr240jfegrvuewnfhbinsauf.duckdns.org
code.jquery.com
donnashashimao.com
logincdn.msauth.net
164.160.128.110
185.212.129.195
192.229.221.185
2001:4de0:ac19::1:b:3b
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
7ace4384dcde74386abef9e62609b08433aa4d567779ea6fb32fe34d39b47ba9
9741ca2c55b48cdd7076b93959a71a5d71bab043cf5a2bf9f8c3c57cafd1e16a
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea
a9ff1dbb05072865940b307137c9b565af29837c8765b436df30c9b2dd74df1a
b6b39ec609c375fb461b601ed12bf3c28db91592d4f93a3ebc817100c3e4b358
e2e535a651ba8baf2062a63808b8a9aeb3672b980ab3aa7b84e92f4d7d3c2807
f47f03ee0e67aff8f795556d4b5e7724375fa1c25907e2e120677f4b512c5486