26345468.duckdns.org
Open in
urlscan Pro
184.174.96.2
Malicious Activity!
Public Scan
Effective URL: https://26345468.duckdns.org/login.php
Submission: On July 11 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R11 on July 9th 2024. Valid for: 3 months.
This is the only time 26345468.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Chase (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 7 | 184.174.96.2 184.174.96.2 | 16276 (OVH) (OVH) | |
7 | 2 |
ASN16276 (OVH, FR)
PTR: 184.174.96.2.rdns.ColocationAmerica.com
26345468.duckdns.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
duckdns.org
1 redirects
26345468.duckdns.org telegrambotcheck.duckdns.org Failed |
426 KB |
7 | 1 |
Domain | Requested by | |
---|---|---|
7 | 26345468.duckdns.org |
1 redirects
26345468.duckdns.org
|
0 | telegrambotcheck.duckdns.org Failed |
26345468.duckdns.org
|
7 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
akgirisim.gleeze.com R11 |
2024-07-09 - 2024-10-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://26345468.duckdns.org/login.php
Frame ID: 4CB54C53B27A0F0746F75E91AC0FF125
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
chasePage URL History Show full URLs
-
https://26345468.duckdns.org/
HTTP 302
https://26345468.duckdns.org/login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://26345468.duckdns.org/
HTTP 302
https://26345468.duckdns.org/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
26345468.duckdns.org/ Redirect Chain
|
1 KB 818 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chase.css
26345468.duckdns.org/res/css/ |
2 KB 913 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
26345468.duckdns.org/res/img/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jq.js
26345468.duckdns.org/res/ |
361 KB 123 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
back.png
26345468.duckdns.org/res/img/ |
299 KB 299 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST |
receive_token
telegrambotcheck.duckdns.org/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
26345468.duckdns.org/ |
282 B 498 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- telegrambotcheck.duckdns.org
- URL
- https://telegrambotcheck.duckdns.org:1001/receive_token?referrer=sarfita
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Chase (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| token string| tokens string| protocol string| url object| data0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
26345468.duckdns.org
telegrambotcheck.duckdns.org
telegrambotcheck.duckdns.org
184.174.96.2
01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085
0e9f72f3fe7252eb40ae42c8c4fef84a3aba2d571f30da97ecc028fae7afbc55
2633590e4759069d4b0c1887ef2fd0a845716c02ac1dc2e8627a21708449037d
9b7fb8a0b13410e3e37c7169940d823e338988daf59ffa5278b63f891611720f
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0
d9b25f5ed5a4e51c2cb6f07f77e130a24632ecbedffa430888fff41cda8ad009