g87huij.duckdns.org
Open in
urlscan Pro
185.212.129.140
Malicious Activity!
Public Scan
Submission: On November 20 via manual from FR
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on October 26th 2019. Valid for: 3 months.
This is the only time g87huij.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 185.212.129.140 185.212.129.140 | 200313 (INTERNET-IT) (INTERNET-IT) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3a | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
9 | 192.229.221.185 192.229.221.185 | 15133 (EDGECAST) (EDGECAST - MCI Communications Services) | |
3 | 23.37.59.171 23.37.59.171 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 35.204.217.18 35.204.217.18 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 23.37.61.51 23.37.61.51 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
17 | 6 |
ASN200313 (INTERNET-IT, NL)
PTR: tutorial23523523423.website
g87huij.duckdns.org |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
code.jquery.com |
ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
logincdn.msauth.net |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-37-59-171.deploy.static.akamaitechnologies.com
apps.skypeassets.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: 18.217.204.35.bc.googleusercontent.com
vivesinplastico.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-37-61-51.deploy.static.akamaitechnologies.com
secure.skypeassets.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
msauth.net
logincdn.msauth.net |
172 KB |
5 |
skypeassets.com
apps.skypeassets.com secure.skypeassets.com |
279 KB |
1 |
vivesinplastico.com
vivesinplastico.com |
538 B |
1 |
jquery.com
code.jquery.com |
81 KB |
1 |
duckdns.org
g87huij.duckdns.org |
7 KB |
17 | 5 |
Domain | Requested by | |
---|---|---|
9 | logincdn.msauth.net |
g87huij.duckdns.org
code.jquery.com |
3 | apps.skypeassets.com |
g87huij.duckdns.org
|
2 | secure.skypeassets.com |
g87huij.duckdns.org
|
1 | vivesinplastico.com |
code.jquery.com
|
1 | code.jquery.com |
g87huij.duckdns.org
|
1 | g87huij.duckdns.org | |
17 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
signup.live.com |
login.live.com |
account.live.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
g87huij.duckdns.org Let's Encrypt Authority X3 |
2019-10-26 - 2020-01-24 |
3 months | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
prod-identitycdnsan.msauth.net Microsoft IT TLS CA 5 |
2018-12-17 - 2020-12-17 |
2 years | crt.sh |
www.skypeassets.com Microsoft IT TLS CA 5 |
2019-10-31 - 2021-10-31 |
2 years | crt.sh |
vivesinplastico.com Let's Encrypt Authority X3 |
2019-10-12 - 2020-01-10 |
3 months | crt.sh |
secure.skypeassets.com Microsoft IT TLS CA 1 |
2019-10-31 - 2021-10-31 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://g87huij.duckdns.org/?ijbgtrf=bWFyY2luLmdyZW5Aa2VyaW5nLmNvbQ
Frame ID: 88A48D9856CD3AB791790A2329A77DD1
Requests: 17 HTTP requests in this frame
Screenshot
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Create one!
Search URL Search Domain Scan URL
Title: Sign in with a security key
Search URL Search Domain Scan URL
Title: Forgot password?
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
g87huij.duckdns.org/ |
36 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.4.1.js
code.jquery.com/ |
274 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Converged_v21033_WxEHoN1EKgnBBEbhm200rw2.css
logincdn.msauth.net/16.000/ |
98 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css;navigation.css
apps.skypeassets.com/static/8.14/skype.login/css/ |
23 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.css
apps.skypeassets.com/static/8.14/skype.login/css/ |
21 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
26.png
logincdn.msauth.net/16.000.28345.6/images/AppLogos/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo.svg
logincdn.msauth.net/16.000.28345.6/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
documentation.svg
logincdn.msauth.net/16.000.28345.6/images/ |
2 KB 749 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow_left.svg
logincdn.msauth.net/16.000.28345.6/images/ |
513 B 419 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_white.svg
logincdn.msauth.net/16.000.28345.6/images/ |
915 B 408 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ellipsis_grey.svg
logincdn.msauth.net/16.000.28345.6/images/ |
915 B 382 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
bookmarks.php
vivesinplastico.com/wp-includes/ |
337 B 538 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s_logo.png
apps.skypeassets.com/static/8.14/skype.login/images/logos/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
segoe-ui-light-latin.woff
secure.skypeassets.com/apollo/2.0.127/fonts/latin/ |
136 KB 134 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
segoe-ui-regular-latin.woff
secure.skypeassets.com/apollo/2.0.127/fonts/latin/ |
136 KB 134 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
21-small.jpg
logincdn.msauth.net/16.000.28345.6/images/AppBackgrounds/ |
417 B 536 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
21.jpg
logincdn.msauth.net/16.000.28345.6/images/AppBackgrounds/ |
145 KB 145 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| checkEmail function| goNext function| goBack function| closeBox function| loader function| checkSubmit function| isEmail function| iserror function| createCookie function| deleteAllCookies string| gEmail object| eml0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apps.skypeassets.com
code.jquery.com
g87huij.duckdns.org
logincdn.msauth.net
secure.skypeassets.com
vivesinplastico.com
185.212.129.140
192.229.221.185
2001:4de0:ac19::1:b:3a
23.37.59.171
23.37.61.51
35.204.217.18
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0621c8ed65ab0b13181904752182d866aaae7a34d3e0df0fb50b9e1031b7adba
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
2e1878bb1cc070dcfc04442eb663ca9f5484f1f609859b8b91df0100f382fee0
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
6f20c0f907be24273842650244598ad4688ee2c93e2b354886020bdcd9ec4a88
7397d858359e50d73074c69328fec62afb464eaa3f601fa76d78fb7b9e8e8c7c
9741ca2c55b48cdd7076b93959a71a5d71bab043cf5a2bf9f8c3c57cafd1e16a
99f534a617ffec78641c2e97ee6aa3e54112a3e2ee1dce690e5bf33b23f85aeb
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea
a9ff1dbb05072865940b307137c9b565af29837c8765b436df30c9b2dd74df1a
c1f6cd67c71be4644c03f22328630f37b7d5d61fe949dae85b7bcacb02a39b0d
d738ab6179c663fe22cc2daee36e33828f1d3ffc526aeaec9ae72c673da10e27
e2e535a651ba8baf2062a63808b8a9aeb3672b980ab3aa7b84e92f4d7d3c2807
f47f03ee0e67aff8f795556d4b5e7724375fa1c25907e2e120677f4b512c5486