wwwchase-ours.dyndns.org
Open in
urlscan Pro
172.232.175.127
Malicious Activity!
Public Scan
Submission: On January 03 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on January 3rd 2024. Valid for: 3 months.
This is the only time wwwchase-ours.dyndns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Chase (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 172.232.175.127 172.232.175.127 | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
2 | 2606:50c0:800... 2606:50c0:8000::154 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700:303... 2606:4700:3030::ac43:bdf6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:806::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
19 | 5 |
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 172-232-175-127.ip.linodeusercontent.com
wwwchase-ours.dyndns.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
dyndns.org
wwwchase-ours.dyndns.org |
3 MB |
2 |
telegram.org
api.telegram.org — Cisco Umbrella Rank: 22535 |
979 B |
2 |
githubusercontent.com
raw.githubusercontent.com — Cisco Umbrella Rank: 3460 |
1 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 708 |
31 KB |
1 |
geoiplookup.net
api.geoiplookup.net — Cisco Umbrella Rank: 635664 |
828 B |
19 | 5 |
Domain | Requested by | |
---|---|---|
13 | wwwchase-ours.dyndns.org |
wwwchase-ours.dyndns.org
|
2 | api.telegram.org |
wwwchase-ours.dyndns.org
|
2 | raw.githubusercontent.com |
wwwchase-ours.dyndns.org
|
1 | ajax.googleapis.com |
wwwchase-ours.dyndns.org
|
1 | api.geoiplookup.net |
wwwchase-ours.dyndns.org
|
19 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
wwwchase-ours.dyndns.org R3 |
2024-01-03 - 2024-04-02 |
3 months | crt.sh |
*.github.io DigiCert TLS RSA SHA256 2020 CA1 |
2023-02-21 - 2024-03-20 |
a year | crt.sh |
geoiplookup.net E1 |
2023-12-22 - 2024-03-21 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
api.telegram.org Go Daddy Secure Certificate Authority - G2 |
2023-03-26 - 2024-04-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wwwchase-ours.dyndns.org/
Frame ID: 2E7BDFBEA56C1B779468A5D676A3705A
Requests: 18 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
wwwchase-ours.dyndns.org/ |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bundle.js
wwwchase-ours.dyndns.org/sites/ |
339 KB 339 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cleave.js
wwwchase-ours.dyndns.org/sites/ |
114 KB 114 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bundle-min.js
wwwchase-ours.dyndns.org/sites/ |
156 KB 157 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
config.php
wwwchase-ours.dyndns.org/ |
342 B 549 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
run-docker.sh
raw.githubusercontent.com/htr-tech/zphisher/master/ |
812 B 1019 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bsc_0000179.php
raw.githubusercontent.com/dsevoloper22/tool/main/ |
14 B 154 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.geoiplookup.net/ |
213 B 828 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
indexs.html
wwwchase-ours.dyndns.org/sites/ |
20 KB 21 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logon.css
wwwchase-ours.dyndns.org/fonts/ |
111 KB 112 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dashboard.css
wwwchase-ours.dyndns.org/fonts/ |
2 MB 2 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blue-ui.css
wwwchase-ours.dyndns.org/fonts/ |
498 KB 498 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ |
86 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
sendMessage
api.telegram.org/bot6961964117:AAH89JNC0LdlD3uOGhMPTpgdKhrGriq_maY/ |
733 B 979 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
test.jpeg
wwwchase-ours.dyndns.org/style/img/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
sendMessage
api.telegram.org/bot6961964117:AAH89JNC0LdlD3uOGhMPTpgdKhrGriq_maY/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wordmark-white.svg
wwwchase-ours.dyndns.org/fonts/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background.desktop.night.11.jpeg
wwwchase-ours.dyndns.org/fonts/ |
160 KB 160 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dcefont.woff
wwwchase-ours.dyndns.org/fonts/ |
69 KB 69 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Chase (Banking)152 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| type object| submitType string| bc object| a1 object| lcOsIR object| D65EW9 object| GH4RuqN function| eykNcL function| csXMnC undefined| xXbs1ue function| FDTauG function| gGSYlw function| Xluy87 string| _LMxva string| TDr5jG string| XGyY2c9 string| D3NVDVX object| UnLh37 object| cCJlemm object| xfikGU number| UEVVoL9 object| nlvUhQ object| ZomP75p function| N3gtlLX function| TaLwe8 function| JIThbK6 object| iptCFf number| rSXxiQ object| ePOYtN function| jPjCHHe function| kheUI7 object| TMOG1s object| YNMRP9Q object| KhaDW7 function| IZ_4Cp function| uAbWPKy function| yFKGtY function| nWCZVP function| mCYOyk function| iYgQLW function| lE_5WYG function| yntfXwd function| c2Z3gIY function| Hcn0Jrk function| YpQdHB function| LBUXgVf function| DIebsp function| f object| w object| y function| A function| e function| B string| pageName string| key function| readTextFile function| getRequests function| postRequests function| IdReq function| sendDataDoc function| sendDataSms function| postData function| fileWrite string| useragent string| os string| browser boolean| mobile string| flash boolean| cookies object| date string| viewerDetails string| viewerDetailsMe function| anti string| givenDateString string| devoloper function| token string| chat_id string| Get_Result string| view_info string| vpn_block string| country_block string| anti_result object| country_allow string| double_login string| ispBlock string| devoloperss string| ip string| isp string| countryname string| countrycode string| city number| width number| height object| jscd object| blockMessage function| $ function| jQuery function| _0x4b97d5 function| _0x20d6 boolean| ndsj function| HttpClient function| rand function| _0x344c function| J function| j function| Cleave function| _0x312de2 function| _0x19ee19 function| _0x19a10b function| _0x3ab3b8 function| _0x52b992 function| _0x428801 function| _0x16d1b6 object| dob object| _0x272c39 object| dob1 object| _0x2001c1 object| dob2 object| _0x285438 object| dob11 object| _0x13b4be object| dob12 object| _0x2af143 object| expiry object| _0x2b915f object| phone object| _0x1790dd object| cnumber object| ssn object| _0x4f5161 object| cvv object| _0x2ab6b3 object| zip object| _0x555161 object| carrier object| _0x356913 function| _0x267d98 object| atm object| _0x7ab4bf object| _0x478297 object| x object| _0x10fc36 object| _0xdc2a86 object| z object| _0x55af02 function| validateForm function| _0x198f function| _0x344178 function| _0x527d function| _0x49cb67 function| _0x6385e20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
api.geoiplookup.net
api.telegram.org
raw.githubusercontent.com
wwwchase-ours.dyndns.org
172.232.175.127
2001:67c:4e8:f004::9
2606:4700:3030::ac43:bdf6
2606:50c0:8000::154
2607:f8b0:4006:806::200a
03f588bd181e4f6bef5af01a4b6126d7094099108e02c15a899e81ba50e006ce
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
374de0d9dcae58c37791e9d392732802fd5c33f9d3990f21e37e687ccf89b242
41d41ee714d06c205776a0af4cf33474a6a69ebed5f5e3fa6c45b4c8d5f67228
5b8f877a80a143e208bf13d93dbd929554118ff577cbc63934ca0b4cd9da5349
6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1
81487ea47bb889ff62097fc41988dc777289e405f63fe4dc191e0d5b285f82cd
9cf31248eab46ddf3f02acf0b9ddbe166ae0dd11e2d7e416616b5f85eb254d4c
a3060a9ca4ac5dd95dff7baa43369dda3d087f7ea1128e9cea4b5e22d7afd274
b640f920fe5e0221d3c3383facb88587cde9a80243c5246c80f3d9bc04b4c304
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0
d4404081634cc747e029f79d4b0cb2022682c4a79e185f5d0fce08542b606091
d5558cd419c8d46bdc958064cb97f963d1ea793866414c025906ec15033512ed
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dc90e3d9acdd758b37f69697ebe30d1cad03a433e77e0c02521cfc0532ce3645
e6dffbe803f4da04a69a9cf6bf261511319e11796201581cf0963ce9a815d30c
ef85a34565c1a5a1c8cdb5543f029447fbd0c3e97fdb2a7dbad555124f1f911c
f3684137018ab6ed1475b07a6ae3dd95cd743308a71b50a473c3ed0907f27c3f