terughome.duckdns.org Open in urlscan Pro
45.81.234.81 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dik.si/tfmyu
Effective URL:
https://terughome.duckdns.org/pme/
Submission: On March 28 via manual (March 28th 2024, 7:45:05 am UTC) from NL — Scanned from NL

Summary HTTP 10 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 6 domains to perform 10 HTTP transactions. The main IP is 45.81.234.81, located in Germany and belongs to SYNLINQ synlinq.de, DE. The main domain is terughome.duckdns.org.
TLS certificate: Issued by R3 on March 27th 2024. Valid for: 3 months.

This is the only time terughome.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NL Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
5	45.81.234.81 45.81.234.81	44486 (SYNLINQ s...) (SYNLINQ synlinq.de)
2	2606:4700::68... 2606:4700::6812:18a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	4

1 188.114.96.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dik.si	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 45.81.234.81 (Germany)

ASN44486 (SYNLINQ synlinq.de, DE)
PTR: 45.81.234.81.mc-host24.de

terughome.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18a3 (United States)

ASN13335 (CLOUDFLARENET, US)

i.gyazo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	duckdns.org terughome.duckdns.org	164 KB
2	gyazo.com i.gyazo.com — Cisco Umbrella Rank: 96989	2 KB
1	t.co t.co — Cisco Umbrella Rank: 676	552 B
1	dik.si 1 redirects dik.si	1 KB
0	digid.nl Failed digid.nl Failed
0	werkenvoor.be Failed werkenvoor.be Failed
10	6

	Domain	Requested by
5	terughome.duckdns.org	t.co terughome.duckdns.org
2	i.gyazo.com	terughome.duckdns.org
1	t.co
1	dik.si	1 redirects
0	digid.nl Failed
0	werkenvoor.be Failed	terughome.duckdns.org
10	6

This site contains links to these domains. Also see Links.

Domain
www.digid.nl

Subject Issuer	Validity	Valid
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-07` - `2025-01-06`	a year	crt.sh
terughome.duckdns.org R3	`2024-03-27` - `2024-06-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-04` - `2024-05-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://terughome.duckdns.org/pme/
Frame ID: 99542C507A8C7C09EE842D296D0852E9
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DigiD: Aanvraag | Teruggave 2024

Page URL History Show full URLs

https://dik.si/tfmyu HTTP 301
https://t.co/ZcBm0635qu Page URL
https://terughome.duckdns.org/pme/ Page URL

Page Statistics

10
Requests

80 %
HTTPS

25 %
IPv6

6
Domains

6
Subdomains

4
IPs

4
Countries

167 kB
Transfer

241 kB
Size

4
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.digid.nl/
Title: Bekijk de DigiD website

Search URL Search Domain Scan URL

URL: https://www.digid.nl/contact
Title: neem contact op

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dik.si/tfmyu HTTP 301
https://t.co/ZcBm0635qu Page URL
https://terughome.duckdns.org/pme/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://dik.si/tfmyu HTTP 301
https://t.co/ZcBm0635qu

Request Chain 3

https://client.selor.be/img/federale_overheid_logo.png HTTP 301
https://workingfor.be/language_selection_page HTTP 301
https://workingfor.be/nl/language_selection_page HTTP 301
https://werkenvoor.be/nl/language_selection_page HTTP 302
https://werkenvoor.be/nl

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

ZcBm0635qu
t.co/
Redirect Chain

https://dik.si/tfmyu
https://t.co/ZcBm0635qu

258 B
552 B

172ms
129ms

Document
text/html

104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/ZcBm0635qu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: nl-NL,nl;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 181
content-type: text/html; charset=utf-8
date: Thu, 28 Mar 2024 07:44:59 GMT
expires: Thu, 28 Mar 2024 07:50:00 GMT
perf: 7469935968
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 25781fe233d4f9d9f0b2ac3b4a60aab58daf0697aa4db5c06ea454e4c36e506e
x-response-time: 110
x-transaction-id: acdaa8c22d6dface
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, private
cf-cache-status: DYNAMIC
cf-ray: 86b5ff7b4d4d0ba5-AMS
content-type: text/html; charset=UTF-8
date: Thu, 28 Mar 2024 07:45:00 GMT
expires: -1
location: https://t.co/ZcBm0635qu
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rlpa0FarHTsGe4bIcpwVGv9ssPyzpauShtU080M%2BVpg059lIr2k%2FihjDj3Y5t330oa8w9GykS9zlO9NjLk3bdqZoBT%2BFrIIoJV6kFKykafD%2Fe3%2BrBnCscmw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK Primary Request / Show response
terughome.duckdns.org/pme/ 11 KB
3 KB 420ms
19ms Document
text/html 45.81.234.81
SYNLINQ synlinq.de

General

Check archive.org

Show headers Download Go to

Full URL: https://terughome.duckdns.org/pme/
Requested by: Host: t.co
URL: https://t.co/ZcBm0635qu
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 45.81.234.81 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),
Reverse DNS: 45.81.234.81.mc-host24.de
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 192dc94ad1508181d889864528b52b1121494ee59a3427980b9e822303191d52

Request headers

Referer: https://t.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: nl-NL,nl;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 3050
Content-Type: text/html
Date: Thu, 28 Mar 2024 07:45:00 GMT
ETag: "2c40-614adf041b640-gzip"
Keep-Alive: timeout=5, max=100
Last-Modified: Thu, 28 Mar 2024 00:52:33 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding

GET
H/1.1 200
OK style.css
terughome.duckdns.org/pme/files/ 83 KB
14 KB 22ms
21ms Stylesheet
text/css 45.81.234.81
SYNLINQ synlinq.de

General

Check archive.org

Show headers Download Go to

Full URL: https://terughome.duckdns.org/pme/files/style.css
Requested by: Host: terughome.duckdns.org
URL: https://terughome.duckdns.org/pme/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 45.81.234.81 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),
Reverse DNS: 45.81.234.81.mc-host24.de
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 87fb9c3207fdfcc161f73fe9be582e9ed7860e39fd99cffb416612827db88dbd

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://terughome.duckdns.org/pme/
accept-language: nl-NL,nl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 28 Mar 2024 07:45:00 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 Mar 2024 00:34:36 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "14c55-614adb00fff00-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 14501

GET
H2 200 338fb277bb78b95a127ef29ffa8e5b47.png
i.gyazo.com/ 1 KB
1 KB 80ms
38ms Image
image/png 2606:4700::6812:18a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.gyazo.com/338fb277bb78b95a127ef29ffa8e5b47.png
Requested by: Host: terughome.duckdns.org
URL: https://terughome.duckdns.org/pme/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18a3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1959fe077c4e2308ca8fcf9aaf57bc910085fa05824899fdbd92278e53158feb

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://terughome.duckdns.org/
accept-language: nl-NL,nl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Mar 2024 07:45:01 GMT
via: 1.1 google
cf-cache-status: HIT
age: 22360
content-length: 1218
server: cloudflare
etag: "338f"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: https://gyazo.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
content-dpr: 1.250000
x-cache-level: ZS
accept-ranges: bytes
cf-ray: 86b5ff8d4e4a6612-AMS
expires: Fri, 28 Mar 2025 07:45:01 GMT

GET

nl
werkenvoor.be/
Redirect Chain

https://client.selor.be/img/federale_overheid_logo.png
https://workingfor.be/language_selection_page
https://workingfor.be/nl/language_selection_page
https://werkenvoor.be/nl/language_selection_page
https://werkenvoor.be/nl

0
0

GET
H2 200 e39e7a185134711f4f38cdc53eba27f5.png
i.gyazo.com/ 715 B
1 KB 68ms
35ms Image
image/png 2606:4700::6812:18a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.gyazo.com/e39e7a185134711f4f38cdc53eba27f5.png
Requested by: Host: terughome.duckdns.org
URL: https://terughome.duckdns.org/pme/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18a3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d092278c6030ce9aaa7a13b95244d9df0cba65d83932c18fd1821f945c2944d

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://terughome.duckdns.org/
accept-language: nl-NL,nl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Mar 2024 07:45:01 GMT
via: 1.1 google
cf-cache-status: HIT
age: 22360
content-length: 715
server: cloudflare
etag: "e39e"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: https://gyazo.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
content-dpr: 1.250000
x-cache-level: ZS
accept-ranges: bytes
cf-ray: 86b5ff8d4e4c6612-AMS
expires: Fri, 28 Mar 2025 07:45:01 GMT

GET
H/1.1 200
OK ROsanswebtextregular-54039c085acfdaf5124e55514d4153752a8526dc55b1d76c3bc731bfa4c3863a.woff
terughome.duckdns.org/pme/files/ 75 KB
75 KB 19ms
18ms Font
application/font-woff 45.81.234.81
SYNLINQ synlinq.de

General

Check archive.org

Show headers Download Go to

Full URL: https://terughome.duckdns.org/pme/files/ROsanswebtextregular-54039c085acfdaf5124e55514d4153752a8526dc55b1d76c3bc731bfa4c3863a.woff
Requested by: Host: terughome.duckdns.org
URL: https://terughome.duckdns.org/pme/files/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 45.81.234.81 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),
Reverse DNS: 45.81.234.81.mc-host24.de
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 54039c085acfdaf5124e55514d4153752a8526dc55b1d76c3bc731bfa4c3863a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://terughome.duckdns.org/pme/files/style.css
Origin: https://terughome.duckdns.org
accept-language: nl-NL,nl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 28 Mar 2024 07:45:01 GMT
Last-Modified: Thu, 28 Mar 2024 00:34:36 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "12ac9-614adb00fff00"
Content-Type: application/font-woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 76489

GET
H/1.1 200
OK ROsanswebtextbold-27c094142b294677babfd410f01ab0ef6450c30f0ced804477f1b98adfc3a591.woff
terughome.duckdns.org/pme/files/ 68 KB
68 KB 57ms
19ms Font
application/font-woff 45.81.234.81
SYNLINQ synlinq.de

General

Check archive.org

Show headers Download Go to

Full URL: https://terughome.duckdns.org/pme/files/ROsanswebtextbold-27c094142b294677babfd410f01ab0ef6450c30f0ced804477f1b98adfc3a591.woff
Requested by: Host: terughome.duckdns.org
URL: https://terughome.duckdns.org/pme/files/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 45.81.234.81 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),
Reverse DNS: 45.81.234.81.mc-host24.de
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 27c094142b294677babfd410f01ab0ef6450c30f0ced804477f1b98adfc3a591

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://terughome.duckdns.org/pme/files/style.css
Origin: https://terughome.duckdns.org
accept-language: nl-NL,nl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 28 Mar 2024 07:45:01 GMT
Last-Modified: Thu, 28 Mar 2024 00:34:36 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "10f5b-614adb00fff00"
Content-Type: application/font-woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 69467

GET
H/1.1 200
OK icons-650b3ba27798de4eaf8cfc95c3ef953beff6658da3a4cfc5762c77eeb050a630.woff2
terughome.duckdns.org/pme/files/ 3 KB
3 KB 54ms
20ms Font
application/octet-stream 45.81.234.81
SYNLINQ synlinq.de

General

Check archive.org

Show headers Download Go to

Full URL: https://terughome.duckdns.org/pme/files/icons-650b3ba27798de4eaf8cfc95c3ef953beff6658da3a4cfc5762c77eeb050a630.woff2
Requested by: Host: terughome.duckdns.org
URL: https://terughome.duckdns.org/pme/files/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 45.81.234.81 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),
Reverse DNS: 45.81.234.81.mc-host24.de
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: 650b3ba27798de4eaf8cfc95c3ef953beff6658da3a4cfc5762c77eeb050a630

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://terughome.duckdns.org/pme/files/style.css
Origin: https://terughome.duckdns.org
accept-language: nl-NL,nl;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 28 Mar 2024 07:45:01 GMT
Last-Modified: Thu, 28 Mar 2024 00:34:35 GMT
Server: Apache/2.4.18 (Ubuntu)
ETag: "a98-614adb000bcc0"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 2712

GET ro-favicon-wit-0xffffff-2e5a36a1132248f4104f3d5cab9c0632fa25d18a9a7054ac3ee23aaf3d9d037e.png
digid.nl/assets/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: werkenvoor.be
URL: https://werkenvoor.be/nl

Domain: digid.nl
URL: https://digid.nl/assets/ro-favicon-wit-0xffffff-2e5a36a1132248f4104f3d5cab9c0632fa25d18a9a7054ac3ee23aaf3d9d037e.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NL Government (Government)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal function| yesnoCheck2 function| yesnoCheck

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
dik.si/	1970-01-20 19:26:59	Name: XSRF-TOKEN Value: eyJpdiI6IlVObmV6NUlaZ2ZVQytncDBMMEdiYmc9PSIsInZhbHVlIjoiVHJZRjdLZ1FlRmpkNE1rUVJZWnZQT0w4bDhHRXFjZUh0ei9WanY0bTUvVlFueis0a2xDa1dCdDdrWDYzTkU5VHlRTlIwOWltTldSWVpuRjhuU1JHZU16ME5RRmVqMjQ4TzBXeDBzSHFKZHk0cStnd3hGWFozSnd5OExWcXlwUnoiLCJtYWMiOiJmNzBkMDUyOWVhYzBiOGE0YmIzMzA0YmIzMzU0Njg5OTRhZThiZjMyZDQ0OWU0MzE5MTAwMzNkYThjZDhmMTI0IiwidGFnIjoiIn0%3D
dik.si/	1970-01-20 19:26:59	Name: diksi_session Value: eyJpdiI6IlJERWdIMFN1TTJFeGJDdkMzL3RUeHc9PSIsInZhbHVlIjoiU25VRGthcWlNUWJpUkpuNXA3dTN5a1NGMm1sdHB4VVFiNFhTMTJiSHFWY3V6dTB0SjJpOElvMVBZaGVvT09VTGkzRTkxZmV0UE10b0Q1QWxueTd6NVdxem5QLytPTll5anJVemJZcWFENFFwcWFzRWJCTy9ycm5uOE9sTnM2OUEiLCJtYWMiOiJhNTBjMjNiODY5ZjA2OGNjMGNjYjEwMTA4M2NhNTcyZDQxYjlkZTE4ZTM4Mjg0ODVmYWQ3MGIxMGU0Njg3YmZlIiwidGFnIjoiIn0%3D
.t.co/	1970-01-21 04:57:06	Name: muc Value: 31766c04-283d-4ca9-a042-9a98c583adab
i.gyazo.com/	1970-01-21 05:02:51	Name: Gyazo_cfwoker Value: i

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://terughome.duckdns.org/pme/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://terughome.duckdns.org/pme/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

digid.nl
dik.si
i.gyazo.com
t.co
terughome.duckdns.org
werkenvoor.be
digid.nl
werkenvoor.be
104.244.42.69
188.114.96.3
2606:4700::6812:18a3
45.81.234.81
192dc94ad1508181d889864528b52b1121494ee59a3427980b9e822303191d52
1959fe077c4e2308ca8fcf9aaf57bc910085fa05824899fdbd92278e53158feb
27c094142b294677babfd410f01ab0ef6450c30f0ced804477f1b98adfc3a591
2d092278c6030ce9aaa7a13b95244d9df0cba65d83932c18fd1821f945c2944d
54039c085acfdaf5124e55514d4153752a8526dc55b1d76c3bc731bfa4c3863a
650b3ba27798de4eaf8cfc95c3ef953beff6658da3a4cfc5762c77eeb050a630
87fb9c3207fdfcc161f73fe9be582e9ed7860e39fd99cffb416612827db88dbd

terughome.duckdns.org Open in urlscan Pro 45.81.234.81 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

80 %HTTPS

25 %IPv6

6 Domains

6 Subdomains

4 IPs

4 Countries

167 kBTransfer

241 kBSize

4 Cookies

2 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

4 Cookies

2 Console Messages

Security Headers

Indicators

terughome.duckdns.org Open in urlscan Pro
45.81.234.81 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

80 %
HTTPS

25 %
IPv6

6
Domains

6
Subdomains

4
IPs

4
Countries

167 kB
Transfer

241 kB
Size

4
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!