toliogetonofb9f1a53.duckdns.org Open in urlscan Pro
193.169.255.119 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://romvalstudios.com/wp-content/uploads/useanyfont/cli
Effective URL:
https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php
Submission: On July 13 via manual (July 13th 2023, 6:58:04 am UTC) from SE — Scanned from SE

Summary HTTP 15 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 193.169.255.119, located in Poland and belongs to FUFONET, PL. The main domain is toliogetonofb9f1a53.duckdns.org.
TLS certificate: Issued by R3 on July 7th 2023. Valid for: 3 months.

This is the only time toliogetonofb9f1a53.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telia (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
2 2	192.185.36.81 192.185.36.81	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1 16	193.169.255.119 193.169.255.119	198810 (FUFONET) (FUFONET)
15	1

2 192.185.36.81 (United States) 2 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-36-81.unifiedlayer.com

romvalstudios.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 193.169.255.119 (Poland) 1 redirects

ASN198810 (FUFONET, PL)

toliogetonofb9f1a53.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	duckdns.org 1 redirects toliogetonofb9f1a53.duckdns.org	276 KB
2	romvalstudios.com 2 redirects romvalstudios.com	352 B
15	2

	Domain	Requested by
16	toliogetonofb9f1a53.duckdns.org	1 redirects toliogetonofb9f1a53.duckdns.org
2	romvalstudios.com	2 redirects
15	2

This site contains links to these domains. Also see Links.

Domain
sedawi.duckdns.org

Subject Issuer	Validity	Valid
toliogetonofb9f1a53.duckdns.org R3	`2023-07-07` - `2023-10-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php
Frame ID: 86140390655DB02F94B076F2E653BCBC
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telia

Page URL History Show full URLs

https://romvalstudios.com/wp-content/uploads/useanyfont/cli HTTP 301
https://romvalstudios.com/wp-content/uploads/useanyfont/cli/ HTTP 301
https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/ HTTP 301
https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

276 kB
Transfer

595 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://sedawi.duckdns.org/8ba82c283d3791d6b11c580b86f438e2/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://romvalstudios.com/wp-content/uploads/useanyfont/cli HTTP 301
https://romvalstudios.com/wp-content/uploads/useanyfont/cli/ HTTP 301
https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/ HTTP 301
https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.php Show response
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/
Redirect Chain

https://romvalstudios.com/wp-content/uploads/useanyfont/cli
https://romvalstudios.com/wp-content/uploads/useanyfont/cli/
https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/
https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

5 KB
2 KB

988ms
987ms

Document
text/html

193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PHP/8.0.29 PleskLin

Resource Hash

33e066748837d0462dae660b42e8709f5a7cd6293a47ee2c2eeeaeda3e12d689

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: se-SE,se;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 13 Jul 2023 06:57:44 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.0.29 PleskLin

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 13 Jul 2023 06:57:43 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: telia/index.php?#Thu,Jul,13,2023-6:57am#6888591211285
pragma: no-cache
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.0.29 PleskLin

GET
H2 200 simple-line-icons.min.css
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/css/ 11 KB
2 KB 2244ms
2240ms Stylesheet
text/css 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/css/simple-line-icons.min.css

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

eced437d4bb8a726d823bb80013c37e1e0eb81069618e7cc57ff1eadf0d0cff4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:46 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Mon, 27 Jun 2022 07:27:10 GMT
server: nginx
etag: W/"62b95bce-2af4"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 bootstrap.min.css
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/css/ 141 KB
18 KB 2366ms
2362ms Stylesheet
text/css 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/css/bootstrap.min.css

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:46 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Mon, 27 Jun 2022 07:27:10 GMT
server: nginx
etag: W/"62b95bce-235ed"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 all.css
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/fontawesome-free-6.1.1-web/css/ 135 KB
20 KB 2313ms
2311ms Stylesheet
text/css 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/fontawesome-free-6.1.1-web/css/all.css

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

b036af4bf83bdf1f13df4ef3560a2f4e27201f42feb54c73f336a7a40825a8ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:46 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Tue, 22 Mar 2022 13:08:02 GMT
server: nginx
etag: W/"6239ca32-21abd"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 style.css
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/css/ 4 KB
1 KB 2238ms
2236ms Stylesheet
text/css 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/css/style.css

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

bf4d67282b52264215f67900c573f5a26aaae87a987abf38bd0de659acaf0196

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:46 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Mon, 27 Jun 2022 07:27:10 GMT
server: nginx
etag: W/"62b95bce-1118"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 jquery-3.2.1.min.js Show response
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/js/ 85 KB
29 KB 2374ms
2372ms Script
application/javascript 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/js/jquery-3.2.1.min.js

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:46 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Mon, 27 Jun 2022 07:27:12 GMT
server: nginx
etag: W/"62b95bd0-15283"
x-powered-by: PleskLin
content-type: application/javascript

GET
H2 200 logo.png
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/img/ 43 KB
43 KB 4203ms
4202ms Image
image/png 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/img/logo.png

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

8bb64d69a822f2914ce4c14be5463173f068ba80332b0292582a1a9585eec2f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:50 GMT
strict-transport-security: max-age=15768000; includeSubDomains
last-modified: Mon, 27 Jun 2022 07:27:12 GMT
server: nginx
etag: "62b95bd0-aaac"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 43692

GET
H2 200 visa.png
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/img/ 994 B
1 KB 4348ms
4347ms Image
image/png 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/img/visa.png

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

a1f2fd214332fdd303359f9c5cc3dcfcefc97592252f972d113af63d0998e6e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:50 GMT
strict-transport-security: max-age=15768000; includeSubDomains
last-modified: Mon, 27 Jun 2022 07:27:12 GMT
server: nginx
x-accel-version: 0.01
etag: "3e2-5e268d9329400"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 994

GET
H2 200 mastercard.png
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/img/ 906 B
1 KB 4347ms
4346ms Image
image/png 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/img/mastercard.png

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

a9612e8d7f813082c02fb73a153c4e09e5ecf95f5099733401c037dcfc4a0b10

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:50 GMT
strict-transport-security: max-age=15768000; includeSubDomains
last-modified: Mon, 27 Jun 2022 07:27:12 GMT
server: nginx
x-accel-version: 0.01
etag: "38a-5e268d9329400"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 906

GET
H2 200 amex.png
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/img/ 795 B
1011 B 4346ms
4345ms Image
image/png 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/img/amex.png

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

98fb387713aeace0d07f630eeeb2cfec14e56bc7fd4c97ad28c9f2ff676bb66c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:50 GMT
strict-transport-security: max-age=15768000; includeSubDomains
last-modified: Mon, 27 Jun 2022 07:27:14 GMT
server: nginx
x-accel-version: 0.01
etag: "31b-5e268d9511880"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 795

GET
H2 200 jquery.payment.min.js Show response
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/js/ 8 KB
3 KB 4057ms
4057ms Script
application/javascript 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/js/jquery.payment.min.js

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:50 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Mon, 27 Jun 2022 07:27:14 GMT
server: nginx
etag: W/"62b95bd2-210b"
x-powered-by: PleskLin
content-type: application/javascript

GET
H2 200 jquery.mask.min.js Show response
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/js/ 8 KB
3 KB 4126ms
4125ms Script
application/javascript 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/js/jquery.mask.min.js

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:50 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Mon, 27 Jun 2022 07:27:14 GMT
server: nginx
etag: W/"62b95bd2-1ff9"
x-powered-by: PleskLin
content-type: application/javascript

GET
H2 200 script.js Show response
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/js/ 1 KB
704 B 4349ms
4347ms Script
application/javascript 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/js/script.js

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

324278d8eb475aca0c5e849af4b1bc28d198dbeda8d94a7a41a5bca7fa090521

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/index.php?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:50 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Mon, 27 Jun 2022 07:27:14 GMT
server: nginx
etag: W/"62b95bd2-560"
x-powered-by: PleskLin
content-type: application/javascript

GET
H2 200 fa-solid-900.woff2
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/fontawesome-free-6.1.1-web/webfonts/ 151 KB
151 KB 4272ms
4272ms Font
font/woff2 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/fontawesome-free-6.1.1-web/webfonts/fa-solid-900.woff2

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/fontawesome-free-6.1.1-web/css/all.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

d76fb4e841748a3f6bc63efa23156e02631c283bf41f84efcbdaf339ea3e1b73

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/fontawesome-free-6.1.1-web/css/all.css
Origin: https://toliogetonofb9f1a53.duckdns.org
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:50 GMT
strict-transport-security: max-age=15768000; includeSubDomains
last-modified: Tue, 22 Mar 2022 13:08:02 GMT
server: nginx
etag: "6239ca32-25a74"
x-powered-by: PleskLin
content-type: font/woff2
accept-ranges: bytes
content-length: 154228

GET
H2 404 INGMeWeb-Regular.woff2
toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/fonts/ 0
0 4341ms
4341ms Font
text/html 193.169.255.119
FUFONET

General

Check archive.org

Show headers Download Go to

Full URL

https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/fonts/INGMeWeb-Regular.woff2

Requested by

Host: toliogetonofb9f1a53.duckdns.org
URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/css/style.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

193.169.255.119 , Poland, ASN198810 (FUFONET, PL),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/css/style.css
Origin: https://toliogetonofb9f1a53.duckdns.org
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 06:57:50 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Fri, 07 Jul 2023 15:19:39 GMT
server: nginx
etag: W/"328-5ffe7295776bb"
content-type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telia (Telecommunication)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			romvalstudios.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: f37112afae0b18058d978169022284ff
			toliogetonofb9f1a53.duckdns.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 137iuhujno7vbd9go65ktl2t37

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://toliogetonofb9f1a53.duckdns.org/e05ab330/login/telia/assets/fonts/INGMeWeb-Regular.woff2 Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

romvalstudios.com
toliogetonofb9f1a53.duckdns.org
192.185.36.81
193.169.255.119
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
324278d8eb475aca0c5e849af4b1bc28d198dbeda8d94a7a41a5bca7fa090521
33e066748837d0462dae660b42e8709f5a7cd6293a47ee2c2eeeaeda3e12d689
6c4ba1c662b440b3aefe5e5147ea2df72f80e510e4979c65485a7b0fff894e37
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8bb64d69a822f2914ce4c14be5463173f068ba80332b0292582a1a9585eec2f4
98fb387713aeace0d07f630eeeb2cfec14e56bc7fd4c97ad28c9f2ff676bb66c
a1f2fd214332fdd303359f9c5cc3dcfcefc97592252f972d113af63d0998e6e1
a9612e8d7f813082c02fb73a153c4e09e5ecf95f5099733401c037dcfc4a0b10
b036af4bf83bdf1f13df4ef3560a2f4e27201f42feb54c73f336a7a40825a8ba
bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e
bf4d67282b52264215f67900c573f5a26aaae87a987abf38bd0de659acaf0196
d76fb4e841748a3f6bc63efa23156e02631c283bf41f84efcbdaf339ea3e1b73
eced437d4bb8a726d823bb80013c37e1e0eb81069618e7cc57ff1eadf0d0cff4

toliogetonofb9f1a53.duckdns.org Open in urlscan Pro 193.169.255.119 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

276 kBTransfer

595 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

toliogetonofb9f1a53.duckdns.org Open in urlscan Pro
193.169.255.119 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

276 kB
Transfer

595 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!