26345468.duckdns.org

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 184.174.96.2, located in Wilmington, United States and belongs to OVH, FR. The main domain is 26345468.duckdns.org.
TLS certificate: Issued by R11 on July 9th 2024. Valid for: 3 months.

This is the only time 26345468.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 7	184.174.96.2 184.174.96.2		16276 (OVH) (OVH)
7	2

7 184.174.96.2 (Wilmington, United States) 1 redirects

ASN16276 (OVH, FR)
PTR: 184.174.96.2.rdns.ColocationAmerica.com

26345468.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	duckdns.org 1 redirects 26345468.duckdns.org telegrambotcheck.duckdns.org Failed	426 KB
7	1

	Domain	Requested by
7	26345468.duckdns.org	1 redirects 26345468.duckdns.org
0	telegrambotcheck.duckdns.org Failed	26345468.duckdns.org
7	2

This site contains no links.

Subject Issuer	Validity	Valid
akgirisim.gleeze.com R11	`2024-07-09` - `2024-10-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://26345468.duckdns.org/login.php
Frame ID: 4CB54C53B27A0F0746F75E91AC0FF125
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

chase

Page URL History Show full URLs

https://26345468.duckdns.org/ HTTP 302
https://26345468.duckdns.org/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

426 kB
Transfer

664 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://26345468.duckdns.org/ HTTP 302
https://26345468.duckdns.org/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response 26345468.duckdns.org/ Redirect Chain https://26345468.duckdns.org/ https://26345468.duckdns.org/login.php	1 KB 818 B	131ms 131ms	Document text/html	184.174.96.2 OVH
General Check archive.org Show headers Download Go to Full URL https://26345468.duckdns.org/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 184.174.96.2 Wilmington, United States, ASN16276 (OVH, FR), Reverse DNS 184.174.96.2.rdns.ColocationAmerica.com Software Apache/2.4.52 (Ubuntu) / Resource Hash `9b7fb8a0b13410e3e37c7169940d823e338988daf59ffa5278b63f891611720f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 567 Content-Type text/html; charset=UTF-8 Date Thu, 11 Jul 2024 15:01:34 GMT Keep-Alive timeout=5, max=99 Server Apache/2.4.52 (Ubuntu) Vary Accept-Encoding Redirect headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Thu, 11 Jul 2024 15:01:34 GMT Keep-Alive timeout=5, max=100 Server Apache/2.4.52 (Ubuntu) location login.php
GET H/1.1	200 OK	chase.css 26345468.duckdns.org/res/css/	2 KB 913 B	126ms 125ms	Stylesheet text/css	184.174.96.2 OVH
General Check archive.org Show headers Download Go to Full URL https://26345468.duckdns.org/res/css/chase.css Requested by Host: 26345468.duckdns.org URL: https://26345468.duckdns.org/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 184.174.96.2 Wilmington, United States, ASN16276 (OVH, FR), Reverse DNS 184.174.96.2.rdns.ColocationAmerica.com Software Apache/2.4.52 (Ubuntu) / Resource Hash `2633590e4759069d4b0c1887ef2fd0a845716c02ac1dc2e8627a21708449037d` Request headers Referer https://26345468.duckdns.org/login.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Thu, 11 Jul 2024 15:01:34 GMT Content-Encoding gzip Last-Modified Thu, 11 Jul 2024 12:39:47 GMT Server Apache/2.4.52 (Ubuntu) ETag "606-61cf80eddebe1-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 578
GET H/1.1	200 OK	logo.svg 26345468.duckdns.org/res/img/	1 KB 2 KB	251ms 123ms	Image image/svg+xml	184.174.96.2 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://26345468.duckdns.org/res/img/logo.svg Requested by Host: 26345468.duckdns.org URL: https://26345468.duckdns.org/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 184.174.96.2 Wilmington, United States, ASN16276 (OVH, FR), Reverse DNS 184.174.96.2.rdns.ColocationAmerica.com Software Apache/2.4.52 (Ubuntu) / Resource Hash `d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0` Request headers Referer https://26345468.duckdns.org/login.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Thu, 11 Jul 2024 15:01:34 GMT Last-Modified Thu, 11 Jul 2024 12:39:48 GMT Server Apache/2.4.52 (Ubuntu) ETag "581-61cf80ef5e86b" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 1409
GET H/1.1	200 OK	jq.js Show response 26345468.duckdns.org/res/	361 KB 123 KB	383ms 136ms	Script text/javascript	184.174.96.2 OVH
General Check archive.org Show headers Download Go to Full URL https://26345468.duckdns.org/res/jq.js Requested by Host: 26345468.duckdns.org URL: https://26345468.duckdns.org/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 184.174.96.2 Wilmington, United States, ASN16276 (OVH, FR), Reverse DNS 184.174.96.2.rdns.ColocationAmerica.com Software Apache/2.4.52 (Ubuntu) / Resource Hash `d9b25f5ed5a4e51c2cb6f07f77e130a24632ecbedffa430888fff41cda8ad009` Request headers Referer https://26345468.duckdns.org/login.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Thu, 11 Jul 2024 15:01:35 GMT Content-Encoding gzip Last-Modified Thu, 11 Jul 2024 12:39:45 GMT Server Apache/2.4.52 (Ubuntu) ETag "5a2d8-61cf80ec0fdbc-gzip" Vary Accept-Encoding Transfer-Encoding chunked Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	back.png 26345468.duckdns.org/res/img/	299 KB 299 KB	244ms 125ms	Image image/png	184.174.96.2 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://26345468.duckdns.org/res/img/back.png Requested by Host: 26345468.duckdns.org URL: https://26345468.duckdns.org/res/css/chase.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 184.174.96.2 Wilmington, United States, ASN16276 (OVH, FR), Reverse DNS 184.174.96.2.rdns.ColocationAmerica.com Software Apache/2.4.52 (Ubuntu) / Resource Hash `01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085` Request headers Referer https://26345468.duckdns.org/res/css/chase.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Thu, 11 Jul 2024 15:01:35 GMT Last-Modified Thu, 11 Jul 2024 12:39:48 GMT Server Apache/2.4.52 (Ubuntu) ETag "4abe8-61cf80ef6750b" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 306152
POST		receive_token telegrambotcheck.duckdns.org/	0 0

GET H/1.1	404 Not Found	favicon.ico 26345468.duckdns.org/	282 B 498 B	133ms 132ms	Other text/html	184.174.96.2 OVH
General Check archive.org Show headers Download Go to Full URL https://26345468.duckdns.org/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 184.174.96.2 Wilmington, United States, ASN16276 (OVH, FR), Reverse DNS 184.174.96.2.rdns.ColocationAmerica.com Software Apache/2.4.52 (Ubuntu) / Resource Hash `0e9f72f3fe7252eb40ae42c8c4fef84a3aba2d571f30da97ecc028fae7afbc55` Request headers Referer https://26345468.duckdns.org/login.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Thu, 11 Jul 2024 15:01:35 GMT Server Apache/2.4.52 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 282 Content-Type text/html; charset=iso-8859-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: telegrambotcheck.duckdns.org
URL: https://telegrambotcheck.duckdns.org:1001/receive_token?referrer=sarfita

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://26345468.duckdns.org/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://26345468.duckdns.org/login.php Message: Access to fetch at 'https://telegrambotcheck.duckdns.org:1001/receive_token?referrer=sarfita' from origin 'https://26345468.duckdns.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://telegrambotcheck.duckdns.org:1001/receive_token?referrer=sarfita Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

26345468.duckdns.org
telegrambotcheck.duckdns.org
telegrambotcheck.duckdns.org
184.174.96.2
01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085
0e9f72f3fe7252eb40ae42c8c4fef84a3aba2d571f30da97ecc028fae7afbc55
2633590e4759069d4b0c1887ef2fd0a845716c02ac1dc2e8627a21708449037d
9b7fb8a0b13410e3e37c7169940d823e338988daf59ffa5278b63f891611720f
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0
d9b25f5ed5a4e51c2cb6f07f77e130a24632ecbedffa430888fff41cda8ad009

26345468.duckdns.org Open in urlscan Pro 184.174.96.2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

0 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

426 kBTransfer

664 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

3 Console Messages

Indicators

26345468.duckdns.org Open in urlscan Pro
184.174.96.2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

426 kB
Transfer

664 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!