oqzajneyiw.duckdns.org Open in urlscan Pro
193.105.134.21  Malicious Activity! Public Scan

9 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response oqzajneyiw.duckdns.org/	9 KB 3 KB	1153ms 547ms	Document text/html	193.105.134.21 ICME
General Check archive.org Show headers Download Go to Full URL https://oqzajneyiw.duckdns.org/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.105.134.21 , Isle Of Man, ASN42237 (ICME, IM), Reverse DNS mx1.agd.li Software nginx / Resource Hash b57ef745d3913c8c4ba61da62c2c6979c3bdea61bfba6e76f0a20f1afe9032c9 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1 Accept-Language jp-JP,jp;q=0.9 Response headers server nginx date Thu, 20 Jan 2022 02:53:27 GMT content-type text/html; charset=utf-8 vary Accept-Encoding strict-transport-security max-age=31536000 content-encoding gzip
GET H2	200	idk.css oqzajneyiw.duckdns.org/static/haucvv/	43 KB 11 KB	220ms 220ms	Stylesheet text/css	193.105.134.21 ICME
General Check archive.org Show headers Download Go to Full URL https://oqzajneyiw.duckdns.org/static/haucvv/idk.css Requested by Host: oqzajneyiw.duckdns.org URL: https://oqzajneyiw.duckdns.org/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.105.134.21 , Isle Of Man, ASN42237 (ICME, IM), Reverse DNS mx1.agd.li Software nginx / Resource Hash 6e24853bd77e76a9aa22a6862ba42237a971dfd53c2d8a7fb9c82e6090961465 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://oqzajneyiw.duckdns.org/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1 Response headers date Thu, 20 Jan 2022 02:53:27 GMT content-encoding gzip last-modified Fri, 29 Oct 2021 03:00:24 GMT server nginx vary Accept-Encoding content-type text/css; charset=utf-8 cache-control max-age=2592000 strict-transport-security max-age=31536000 expires Sat, 19 Feb 2022 02:53:27 GMT
GET H2	200	checkboxRadio.css oqzajneyiw.duckdns.org/static/haucvv/	4 KB 1 KB	219ms 218ms	Stylesheet text/css	193.105.134.21 ICME
General Check archive.org Show headers Download Go to Full URL https://oqzajneyiw.duckdns.org/static/haucvv/checkboxRadio.css Requested by Host: oqzajneyiw.duckdns.org URL: https://oqzajneyiw.duckdns.org/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.105.134.21 , Isle Of Man, ASN42237 (ICME, IM), Reverse DNS mx1.agd.li Software nginx / Resource Hash 3161eb2799583d9009881d3d9e669044f2afc39ad040db4ab4b8254a03e6fe6b Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://oqzajneyiw.duckdns.org/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1 Response headers date Thu, 20 Jan 2022 02:53:27 GMT content-encoding gzip last-modified Fri, 29 Oct 2021 03:00:24 GMT server nginx vary Accept-Encoding content-type text/css; charset=utf-8 cache-control max-age=2592000 strict-transport-security max-age=31536000 expires Sat, 19 Feb 2022 02:53:27 GMT
GET H2	200	jquery-1.9.1.min.js Show response oqzajneyiw.duckdns.org/static/hau/	90 KB 36 KB	437ms 436ms	Script application/javascript	193.105.134.21 ICME
General Check archive.org Show headers Download Go to Full URL https://oqzajneyiw.duckdns.org/static/hau/jquery-1.9.1.min.js Requested by Host: oqzajneyiw.duckdns.org URL: https://oqzajneyiw.duckdns.org/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.105.134.21 , Isle Of Man, ASN42237 (ICME, IM), Reverse DNS mx1.agd.li Software nginx / Resource Hash c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://oqzajneyiw.duckdns.org/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1 Response headers date Thu, 20 Jan 2022 02:53:27 GMT content-encoding gzip last-modified Tue, 24 Jul 2018 07:09:50 GMT server nginx vary Accept-Encoding content-type application/javascript cache-control max-age=2592000 strict-transport-security max-age=31536000 expires Sat, 19 Feb 2022 02:53:27 GMT
GET H2	200	jquery.mloading.js Show response oqzajneyiw.duckdns.org/static/hau/	9 KB 4 KB	654ms 653ms	Script application/javascript	193.105.134.21 ICME
General Check archive.org Show headers Download Go to Full URL https://oqzajneyiw.duckdns.org/static/hau/jquery.mloading.js Requested by Host: oqzajneyiw.duckdns.org URL: https://oqzajneyiw.duckdns.org/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.105.134.21 , Isle Of Man, ASN42237 (ICME, IM), Reverse DNS mx1.agd.li Software nginx / Resource Hash 379db2eeb17a70eb688d5fb5d77e77620d208b9627ea95b3905cf2afdf56c1cb Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://oqzajneyiw.duckdns.org/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1 Response headers date Thu, 20 Jan 2022 02:53:27 GMT content-encoding gzip last-modified Tue, 24 Jul 2018 07:09:50 GMT server nginx vary Accept-Encoding content-type application/javascript cache-control max-age=2592000 strict-transport-security max-age=31536000 expires Sat, 19 Feb 2022 02:53:27 GMT
GET H2	200	jquery.cookie.js Show response oqzajneyiw.duckdns.org/static/hau/	3 KB 2 KB	434ms 434ms	Script application/javascript	193.105.134.21 ICME
General Check archive.org Show headers Download Go to Full URL https://oqzajneyiw.duckdns.org/static/hau/jquery.cookie.js Requested by Host: oqzajneyiw.duckdns.org URL: https://oqzajneyiw.duckdns.org/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.105.134.21 , Isle Of Man, ASN42237 (ICME, IM), Reverse DNS mx1.agd.li Software nginx / Resource Hash b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://oqzajneyiw.duckdns.org/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1 Response headers date Thu, 20 Jan 2022 02:53:27 GMT content-encoding gzip last-modified Tue, 24 Jul 2018 07:09:50 GMT server nginx vary Accept-Encoding content-type application/javascript cache-control max-age=2592000 strict-transport-security max-age=31536000 expires Sat, 19 Feb 2022 02:53:27 GMT
GET H/1.1	200 OK	21226333.js Show response js.users.51.la/	5 KB 6 KB	364ms 122ms	Script application/javascript	218.12.76.151 CHINA169-BACKBONE...
General Check archive.org Show headers Download Go to Full URL https://js.users.51.la/21226333.js Requested by Host: oqzajneyiw.duckdns.org URL: https://oqzajneyiw.duckdns.org/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 218.12.76.151 Baoding, China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN), Reverse DNS Software openresty / Resource Hash 61fd1b5e31995cc8566798567b82662aeec5dd8bb88082a7fe0ac4f70f2b372a Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://oqzajneyiw.duckdns.org/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1 Response headers nginx-hit 1 Date Thu, 20 Jan 2022 02:53:27 GMT via CHN-HEshijiazhuang-AREACUCC1-CACHE24[4],CHN-HEshijiazhuang-AREACUCC1-CACHE13[0,TCP_HIT,2],CHN-SH-GLOBAL1-CACHE43[55],CHN-SH-GLOBAL1-CACHE90[50,TCP_MISS,54] X-CCDN-CacheTTL 86400 Age 153689 Content-Disposition inline;filename=f.txt Connection keep-alive request-id 0000017E6C3E20FD9051BBB9C4709996 x-reserved amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc Content-Length 4898 id-2 32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSr8ZhkTa08YatZovtEGcDpuzeaTX4lB Last-Modified Mon Nov 29 15:56:55 CST 2021 Server openresty ETag "e8b3c869405f9b3d8a75dc8db528a69d" Content-Type application/javascript;charset=UTF-8 version-id G001117D6AB26203FFFF94180DEF4F4E Accept-Ranges bytes x-hcs-proxy-type 1
GET H2	200	au_id.jpg oqzajneyiw.duckdns.org/static/haucvv/	34 KB 34 KB	219ms 218ms	Image image/jpeg	193.105.134.21 ICME
General Check archive.org Show headers Download Go to Show image Full URL https://oqzajneyiw.duckdns.org/static/haucvv/au_id.jpg Requested by Host: oqzajneyiw.duckdns.org URL: https://oqzajneyiw.duckdns.org/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 193.105.134.21 , Isle Of Man, ASN42237 (ICME, IM), Reverse DNS mx1.agd.li Software nginx / Resource Hash 1ec5abc3e4e21e84224089afccec3c1677323ec02fe04f2bbf6083a9b9d3fc2d Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://oqzajneyiw.duckdns.org/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1 Response headers date Thu, 20 Jan 2022 02:53:28 GMT last-modified Fri, 29 Oct 2021 03:00:24 GMT server nginx strict-transport-security max-age=31536000 content-type image/jpeg cache-control max-age=2592000 accept-ranges bytes content-length 34778 expires Sat, 19 Feb 2022 02:53:28 GMT
GET H/1.1	200	go1 ia.51.la/	0 215 B	457ms 156ms	Image text/plain	183.131.207.66 CHINATELECOM-ZHEJ...
General Check archive.org Show headers Download Go to Show image Full URL https://ia.51.la/go1?id=21226333&rt=1642647207969&rl=1600*1200&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1642647207969&tt=au%2520ID%25E3%2583%25AD%25E3%2582%25B0%25E3%2582%25A4%25E3%2583%25B3&kw=&cu=https%253A%252F%252Foqzajneyiw.duckdns.org%252F&pu= Requested by Host: oqzajneyiw.duckdns.org URL: https://oqzajneyiw.duckdns.org/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 183.131.207.66 , China, ASN136190 (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA, ZHEJIANG Province, P.R.China., CN), Reverse DNS Software CloudWAF / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://oqzajneyiw.duckdns.org/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1 Response headers Date Thu, 20 Jan 2022 02:53:28 GMT Server CloudWAF Connection keep-alive Content-Length 0

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: au ID (Telecommunication)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery undefined| order

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			oqzajneyiw.duckdns.org/	1969-12-31 23:59:59	Name: sessionid Value: 2c9ba7db3a52660bcca559debba6a414
			oqzajneyiw.duckdns.org/	1969-12-31 23:59:59	Name: __tins__21226333 Value: %7B%22sid%22%3A%201642647207969%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201642649007969%7D
			oqzajneyiw.duckdns.org/	1969-12-31 23:59:59	Name: __51cke__ Value:
			oqzajneyiw.duckdns.org/	1969-12-31 23:59:59	Name: __51laig__ Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://oqzajneyiw.duckdns.org/(Line 57) Message: Mixed Content: The page at 'https://oqzajneyiw.duckdns.org/' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://aupay.auoneauidshenad.ga/pc/index2.php'. This endpoint should be made available over a secure connection.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ia.51.la
js.users.51.la
oqzajneyiw.duckdns.org
183.131.207.66
193.105.134.21
218.12.76.151
1ec5abc3e4e21e84224089afccec3c1677323ec02fe04f2bbf6083a9b9d3fc2d
3161eb2799583d9009881d3d9e669044f2afc39ad040db4ab4b8254a03e6fe6b
379db2eeb17a70eb688d5fb5d77e77620d208b9627ea95b3905cf2afdf56c1cb
61fd1b5e31995cc8566798567b82662aeec5dd8bb88082a7fe0ac4f70f2b372a
6e24853bd77e76a9aa22a6862ba42237a971dfd53c2d8a7fb9c82e6090961465
b57ef745d3913c8c4ba61da62c2c6979c3bdea61bfba6e76f0a20f1afe9032c9
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855