1a8542a8c583af747b5e0238f007c341.myddns.rocks
Open in
urlscan Pro
185.212.129.46
Malicious Activity!
Public Scan
Effective URL: https://1a8542a8c583af747b5e0238f007c341.myddns.rocks/015f28b9df1bdd36427dd976fb73b29d///indexa.php?P=_93894575342hdfjsixaoweue5_j14897385492837813319...
Submission: On May 26 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 25th 2020. Valid for: 3 months.
This is the only time 1a8542a8c583af747b5e0238f007c341.myddns.rocks was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 3 | 2606:4700::68... 2606:4700::6810:136f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2606:4700::68... 2606:4700::6810:7a96 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 8 | 185.212.129.46 185.212.129.46 | 200313 (INTERNET-IT) (INTERNET-IT) | |
6 | 1 |
ASN200313 (INTERNET-IT, NL)
PTR: sitecoach.com
build-275520918e23d.ddnsfree.com | |
1a8542a8c583af747b5e0238f007c341.myddns.rocks |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
myddns.rocks
1 redirects
1a8542a8c583af747b5e0238f007c341.myddns.rocks |
310 KB |
4 |
gmu.edu
4 redirects
alumni.gmu.edu securemason.gmu.edu |
3 KB |
1 |
ddnsfree.com
1 redirects
build-275520918e23d.ddnsfree.com |
510 B |
6 | 3 |
Domain | Requested by | |
---|---|---|
7 | 1a8542a8c583af747b5e0238f007c341.myddns.rocks |
1 redirects
1a8542a8c583af747b5e0238f007c341.myddns.rocks
|
3 | alumni.gmu.edu | 3 redirects |
1 | build-275520918e23d.ddnsfree.com | 1 redirects |
1 | securemason.gmu.edu | 1 redirects |
6 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
1a8542a8c583af747b5e0238f007c341.myddns.rocks Let's Encrypt Authority X3 |
2020-05-25 - 2020-08-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://1a8542a8c583af747b5e0238f007c341.myddns.rocks/015f28b9df1bdd36427dd976fb73b29d///indexa.php?P=_93894575342hdfjsixaoweue5_j1489738549283781331983743fncn_Product-UserID&fy9=catherinemary.heard@kerry.com
Frame ID: C53581D534BA3590F3C0D067A8A71EDC
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://alumni.gmu.edu/redirect.aspx?linkID=3735797&sendId=1396628&eid=118930&gid=2&tokenUrl=https%...
HTTP 302
https://securemason.gmu.edu/controls/login/sts.ashx?sid=1564&gid=2&returnUrl=https%3a%2f%2falumni.gmu.ed... HTTP 302
https://alumni.gmu.edu/redirect.aspx?linkID=3735797&sendId=1396628&eid=118930&gid=2&tokenUrl=https%... HTTP 302
https://alumni.gmu.edu/redirect.aspx?linkID=3735797&sendId=1396628&eid=118930&gid=2&tokenUrl=https%... HTTP 302
https://build-275520918e23d.ddnsfree.com/cluster//?fy9=catherinemary.heard@kerry.com&https://georgemason.imodules.com... HTTP 302
https://1a8542a8c583af747b5e0238f007c341.myddns.rocks/015f28b9df1bdd36427dd976fb73b29d///?fy9=catherinemary.heard@kerry.com HTTP 302
https://1a8542a8c583af747b5e0238f007c341.myddns.rocks/015f28b9df1bdd36427dd976fb73b29d///indexa.php?P=_93894575342hdfjsixaoweue5_j... Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- url /\.aspx?(?:$|\?)/i
Microsoft ASP.NET (Web Frameworks) Expand
Detected patterns
- url /\.aspx?(?:$|\?)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- url /\.aspx?(?:$|\?)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://alumni.gmu.edu/redirect.aspx?linkID=3735797&sendId=1396628&eid=118930&gid=2&tokenUrl=https%3A%2F%2Fbuild-275520918e23d.ddnsfree.com%2Fcluster%2F%2F%3Ffy9%3Dcatherinemary.heard@kerry.com&https%3a%2f%2fgeorgemason.imodules.com%2fcontrols%2femail_marketing%2fview_in_browser.aspx%3fsid%3d1564%26gid%3d2%26sendId%3d1396628%26ecatid%3d12%26puid%3d460854c7-884f-4dbe-a858-d8cc8d776531
HTTP 302
https://securemason.gmu.edu/controls/login/sts.ashx?sid=1564&gid=2&returnUrl=https%3a%2f%2falumni.gmu.edu%2fredirect.aspx%3flinkID%3d3735797%26sendId%3d1396628%26eid%3d118930%26gid%3d2%26tokenUrl%3dhttps%253A%252F%252Fbuild-275520918e23d.ddnsfree.com%252Fcluster%252F%252F%253Ffy9%253Dcatherinemary.heard%40kerry.com%26https%253a%252f%252fgeorgemason.imodules.com%252fcontrols%252femail_marketing%252fview_in_browser.aspx%253fsid%253d1564%2526gid%253d2%2526sendId%253d1396628%2526ecatid%253d12%2526puid%253d460854c7-884f-4dbe-a858-d8cc8d776531 HTTP 302
https://alumni.gmu.edu/redirect.aspx?linkID=3735797&sendId=1396628&eid=118930&gid=2&tokenUrl=https%3a%2f%2fbuild-275520918e23d.ddnsfree.com%2fcluster%2f%2f%3ffy9%3dcatherinemary.heard%40kerry.com&https%3a%2f%2fgeorgemason.imodules.com%2fcontrols%2femail_marketing%2fview_in_browser.aspx%3fsid%3d1564%26gid%3d2%26sendId%3d1396628%26ecatid%3d12%26puid%3d460854c7-884f-4dbe-a858-d8cc8d776531=&sessionid=7fd97aa3-7568-48d9-88f0-05241edc1279&cc=1 HTTP 302
https://alumni.gmu.edu/redirect.aspx?linkID=3735797&sendId=1396628&eid=118930&gid=2&tokenUrl=https%3a%2f%2fbuild-275520918e23d.ddnsfree.com%2fcluster%2f%2f%3ffy9%3dcatherinemary.heard%40kerry.com&https%3a%2f%2fgeorgemason.imodules.com%2fcontrols%2femail_marketing%2fview_in_browser.aspx%3fsid%3d1564%26gid%3d2%26sendId%3d1396628%26ecatid%3d12%26puid%3d460854c7-884f-4dbe-a858-d8cc8d776531= HTTP 302
https://build-275520918e23d.ddnsfree.com/cluster//?fy9=catherinemary.heard@kerry.com&https://georgemason.imodules.com/controls/email_marketing/view_in_browser.aspx?sid=1564&gid=2&sendId=1396628&ecatid=12&puid=460854c7-884f-4dbe-a858-d8cc8d776531 HTTP 302
https://1a8542a8c583af747b5e0238f007c341.myddns.rocks/015f28b9df1bdd36427dd976fb73b29d///?fy9=catherinemary.heard@kerry.com HTTP 302
https://1a8542a8c583af747b5e0238f007c341.myddns.rocks/015f28b9df1bdd36427dd976fb73b29d///indexa.php?P=_93894575342hdfjsixaoweue5_j1489738549283781331983743fncn_Product-UserID&fy9=catherinemary.heard@kerry.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
indexa.php
1a8542a8c583af747b5e0238f007c341.myddns.rocks/015f28b9df1bdd36427dd976fb73b29d/// Redirect Chain
|
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
1a8542a8c583af747b5e0238f007c341.myddns.rocks/015f28b9df1bdd36427dd976fb73b29d///mx/ |
86 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
1a8542a8c583af747b5e0238f007c341.myddns.rocks/015f28b9df1bdd36427dd976fb73b29d///mx/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
acc.svg
1a8542a8c583af747b5e0238f007c341.myddns.rocks/015f28b9df1bdd36427dd976fb73b29d///mx/ |
379 B 712 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-small.jpg
1a8542a8c583af747b5e0238f007c341.myddns.rocks/015f28b9df1bdd36427dd976fb73b29d///mx/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
1a8542a8c583af747b5e0238f007c341.myddns.rocks/015f28b9df1bdd36427dd976fb73b29d///mx/ |
287 KB 287 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1a8542a8c583af747b5e0238f007c341.myddns.rocks
alumni.gmu.edu
build-275520918e23d.ddnsfree.com
securemason.gmu.edu
185.212.129.46
2606:4700::6810:136f
2606:4700::6810:7a96
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
34d8da073f47030ee94b99d84fbe68e3345bd8aaa37ea909ff2da00238447486
6ea72f8426d2fd527f9c70e6f0ba278b13182add31364b9e5e59ef2bbe1df166
7c1f847308f191158a4d6442fb5a477ca11a5f57254d4310f977ed977aad6dc2
aefa6be49d0a61962c49a045e68db8dbcfeb23095062e32431210e2667c36801
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b