itemfreefire28.duckdns.org
Open in
urlscan Pro
20.248.170.244
Malicious Activity!
Public Scan
Submission: On May 15 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by aiixhost.mwhm on May 12th 2022. Valid for: a year.
This is the only time itemfreefire28.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Gaming (Entertainment)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 20.248.170.244 20.248.170.244 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:440... 2606:4700:4400::6812:25f4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 2620:0:862:ed... 2620:0:862:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
1 | 217.182.228.53 217.182.228.53 | 16276 (OVH) (OVH) | |
1 | 2a03:2880:f22... 2a03:2880:f22d:c2:face:b00c:0:1cc9 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
4 | 2606:4700::68... 2606:4700::6810:7baf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 129.226.2.89 129.226.2.89 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
23 | 11 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
itemfreefire28.duckdns.org |
ASN32934 (FACEBOOK, US)
z-p3-static.xx.fbcdn.net |
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
na.apps.amsoveasea.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 2213 |
316 KB |
4 |
unpkg.com
unpkg.com — Cisco Umbrella Rank: 910 |
40 KB |
4 |
duckdns.org
itemfreefire28.duckdns.org |
203 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
169 KB |
1 |
amsoveasea.com
na.apps.amsoveasea.com — Cisco Umbrella Rank: 180987 |
181 B |
1 |
gstatic.com
fonts.gstatic.com |
16 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46 |
1 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 660 |
83 KB |
1 |
fbcdn.net
z-p3-static.xx.fbcdn.net — Cisco Umbrella Rank: 81031 |
2 KB |
1 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 13381 |
135 KB |
1 |
pixabay.com
cdn.pixabay.com — Cisco Umbrella Rank: 21745 |
22 KB |
23 | 11 |
Domain | Requested by | |
---|---|---|
6 | upload.wikimedia.org |
itemfreefire28.duckdns.org
|
4 | unpkg.com |
itemfreefire28.duckdns.org
unpkg.com |
4 | itemfreefire28.duckdns.org |
itemfreefire28.duckdns.org
|
2 | cdnjs.cloudflare.com |
itemfreefire28.duckdns.org
cdnjs.cloudflare.com |
1 | na.apps.amsoveasea.com |
code.jquery.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
itemfreefire28.duckdns.org
|
1 | code.jquery.com |
itemfreefire28.duckdns.org
|
1 | z-p3-static.xx.fbcdn.net |
itemfreefire28.duckdns.org
|
1 | i.ibb.co |
itemfreefire28.duckdns.org
|
1 | cdn.pixabay.com |
itemfreefire28.duckdns.org
|
23 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
aiixhost.mwhm aiixhost.mwhm |
2022-05-12 - 2023-05-12 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
pixabay.com Cloudflare Inc ECC CA-3 |
2022-04-11 - 2023-04-11 |
a year | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2021-10-19 - 2022-11-17 |
a year | crt.sh |
ibb.co R3 |
2022-04-07 - 2022-07-06 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2022-02-21 - 2022-05-22 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-04-25 - 2022-07-18 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-04-25 - 2022-07-18 |
3 months | crt.sh |
na.apps.amsoveasea.com TrustAsia TLS RSA CA |
2021-05-31 - 2022-05-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://itemfreefire28.duckdns.org/
Frame ID: C3D8A8B6A0AB44CF16083BA583604E07
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Whatsapp Group InviteDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API (Font Scripts) Expand
Detected patterns
- googleapis\.com/.+webfont
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
itemfreefire28.duckdns.org/ |
12 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
itemfreefire28.duckdns.org/css/ |
10 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/ |
98 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google-1018443_960_720.png
cdn.pixabay.com/photo/2015/11/02/14/01/ |
22 KB 22 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
800px-Facebook_f_logo_%282019%29.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/5/51/Facebook_f_logo_%282019%29.svg/ |
24 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
768px-Instagram_logo_2016.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/e/e7/Instagram_logo_2016.svg/ |
89 KB 90 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
480px-YouTube_social_white_squircle.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/4/4f/YouTube_social_white_squircle.svg/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1200px-Twitter_bird_logo_2012.svg.png
upload.wikimedia.org/wikipedia/sco/thumb/9/9f/Twitter_bird_logo_2012.svg/ |
42 KB 43 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1200px-Linkedin.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/c/c9/Linkedin.svg/ |
45 KB 47 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2048px-WhatsApp_logo-color-vertical.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/1/19/WhatsApp_logo-color-vertical.svg/ |
102 KB 103 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.gif
itemfreefire28.duckdns.org/img/ |
152 KB 152 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Capture.png
i.ibb.co/XWwTVbJ/ |
135 KB 135 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb.png
itemfreefire28.duckdns.org/img/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lOol7j-zq4u.svg
z-p3-static.xx.fbcdn.net/rsrc.php/yz/r/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.js
code.jquery.com/ |
282 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionicons.map.js
unpkg.com/icon-package@7.7.9/ |
991 B 814 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/webfonts/ |
151 KB 151 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionicons.esm.js
unpkg.com/ionicons@5.0.0/dist/ionicons/ |
262 B 623 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionicons.js
unpkg.com/icon-package@7.7.9/ |
107 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
na.apps.amsoveasea.com/swoole/ |
39 B 181 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p-af480238.js
unpkg.com/ionicons@5.0.0/dist/ionicons/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Gaming (Entertainment)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| $ function| jQuery function| login object| _0x3d88 function| _0x306c function| don function| __sc_import_ionicons1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.pixabay.com/ | Name: __cf_bm Value: A6jR4LK2lHr4Vq8KSQmyISWxqIbfHPaG8BunI4Y67mo-1652619886-0-Aej1U/yO7L5vYyLSa5EiwLrMH+0ry/uK94T3Au9ZYmGrNc129TpTSOtJNMEaynUXuGu10f7+Kl2XXMkvIwkaHfE= |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.pixabay.com
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
i.ibb.co
itemfreefire28.duckdns.org
na.apps.amsoveasea.com
unpkg.com
upload.wikimedia.org
z-p3-static.xx.fbcdn.net
129.226.2.89
20.248.170.244
2001:4de0:ac18::1:a:1a
217.182.228.53
2606:4700:4400::6812:25f4
2606:4700::6810:7baf
2606:4700::6811:190e
2620:0:862:ed1a::2:b
2a00:1450:4001:800::2003
2a00:1450:4001:812::200a
2a03:2880:f22d:c2:face:b00c:0:1cc9
011b659d437ad1981a652b0a90211f61e1922a02fd52ff69953d5f627fa6e9e9
0601466d830b422735d912fae9e7a11dbb9cd72312b08347aa49b8309c1f5bb1
092a3cd5f86b3f039feefdeb86694cd16ae545af214cfda614bdbbe2d1bde401
0cf8bfac20e9f50684d332411da6f63aaa24bc78464b43209717209976c74bb5
0df5a33710e433de1f5415b1d47e4130ca7466aee5b81955f1045c4844bbb3ed
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239
2358eef82e19f11d27748db3055007ae32cc450a0c52aae4a1a95a45ff133048
28a06f4491def3fdc69ddefa5c850a2583ff312997aef3498e2f12e384c45115
306864af741ccb4110c95cadb4addf4df49f98366d740f2325f28e0bb6da4e08
35a79935107f53fa3b2f923363b50be53bd42e446f64f457c5e74a526bfa29b9
4f75765c7da5f953125e28d9f186e8f4c009a3b9a88f8621b27dd46631df2303
533ef6670e3d9c0e44718d0afa43f2edda11b58586e9da4e8f621145cf84d4d2
573d4fc0761869739f740cc7d5205fff8d1deca6b7f325ca75dfb112309f7665
5f7dcd0740eb7d2a35002b10fb66e16d39b0b8ca4679e7a05021e92c8642b7e7
7bf29f601e1b423183fbe350d635aeb150abf1fb6ef1c29ba0844ca164fc7636
8ebb99e4e0dd38df9afc08d10c48e9aae4f6897e26a2857ae750502cce10c788
ad2fa69668d48ce7a60308e70afd89a04d7baac164e3dd5b537d41f965e40ce8
baca5bd90863cdb00c0200e424db9b8ec7fa7bc4e993fe427979bd21e0536e0c
cb20cb5a2a732837cc6af60c833c83d62f352b088c10600ccf63d9cda5a2964b
d81224d38d403865a2186193664073bb7cbfa7be0352e0eecbb774259b5b9e1e
f3d7854a5e060542337a731983a1f0c053e1d7412dd69b4ffdebc37e9028eeac
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fad38a419d5174d319a1f981208346b04651d8fc67f72ef8a780bd23fa2b4709