mail.kudaterbangtinggi.duckdns.org
Open in
urlscan Pro
178.128.49.169
Malicious Activity!
Public Scan
Submission: On April 07 via automatic, source phishtank — Scanned from SG
Summary
TLS certificate: Issued by R3 on April 6th 2024. Valid for: 3 months.
This is the only time mail.kudaterbangtinggi.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 178.128.49.169 178.128.49.169 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 2600:9000:23d... 2600:9000:23d2:600:1d:d7f6:39d3:d9e1 | 16509 (AMAZON-02) (AMAZON-02) | |
13 | 2 |
ASN14061 (DIGITALOCEAN-ASN, US)
mail.kudaterbangtinggi.duckdns.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
duckdns.org
mail.kudaterbangtinggi.duckdns.org |
518 KB |
1 |
media-amazon.com
m.media-amazon.com — Cisco Umbrella Rank: 441 |
28 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
12 | mail.kudaterbangtinggi.duckdns.org |
mail.kudaterbangtinggi.duckdns.org
|
1 | m.media-amazon.com |
mail.kudaterbangtinggi.duckdns.org
|
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cpcontacts.kudaterbangtinggi.duckdns.org R3 |
2024-04-06 - 2024-07-05 |
3 months | crt.sh |
images-na.ssl-images-amazon.com DigiCert Global CA G2 |
2024-01-05 - 2024-12-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://mail.kudaterbangtinggi.duckdns.org/home/billingssn.php?MTcxMjQxOTI5NGJkM2JjMGNkNDNmMjk5YWJhODcyZjA3N2UyNWM2ZjczYzc3Y2MzNGQxOTVkN2UwYjYwYTgyYzcxOWZlYjMyNmMxZjcwODQ5YQ==
Frame ID: EFD39C3C5BB83A022EB322818C5CAB39
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Security CheckupDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
billingssn.php
mail.kudaterbangtinggi.duckdns.org/home/ |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boostrap.min.css
mail.kudaterbangtinggi.duckdns.org/home/files/ |
148 KB 148 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sign-dekstop.css
mail.kudaterbangtinggi.duckdns.org/home/files/ |
133 KB 133 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.sign-desktop.css
mail.kudaterbangtinggi.duckdns.org/home/files/ |
36 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
mail.kudaterbangtinggi.duckdns.org/home/files/ |
7 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
security.png
mail.kudaterbangtinggi.duckdns.org/home/files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.3.1.min.js
mail.kudaterbangtinggi.duckdns.org/home/files/ |
85 KB 86 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mask.min.js
mail.kudaterbangtinggi.duckdns.org/home/files/ |
8 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.min.js
mail.kudaterbangtinggi.duckdns.org/home/files/ |
36 KB 36 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
additional-methods.min.js
mail.kudaterbangtinggi.duckdns.org/home/files/ |
22 KB 22 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.creditCardValidator.js
mail.kudaterbangtinggi.duckdns.org/home/files/ |
9 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
mail.kudaterbangtinggi.duckdns.org/home/files/ |
17 KB 17 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mPGmT0r6IeTyIee.png
m.media-amazon.com/images/S/sash/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| $jscomp function| modifyTextContent function| _0x32fa function| parseHTML function| _0x26b50 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
m.media-amazon.com
mail.kudaterbangtinggi.duckdns.org
178.128.49.169
2600:9000:23d2:600:1d:d7f6:39d3:d9e1
0c56d79edb4b4187f79ddcecd68fae587c56402c3ed737ed954b3eda3d250967
1327e703fcf1311de11818f1fedcef1ec0ba4f60734962c6955fdffc408d5287
17d02e2db6dbedb95dd449d06868c147ac2c3b5371497bcb9407e75336a99e09
1b044a1b368de54b1e907057c5f307847f431318a20f4ea443d674fc154d2f91
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
83aa8769832e5a5dc190f3bea1828f0513f5ed5ba82f5472e7489766f5f94dd6
b252a9c63a6b1b4c2784dd3eb2a6ec193beadd57f4f17a7e4ad1b96343a7e03c
b28c3d3d2148e7491f492f68f674b7cc38abbbbd61873886c2c80cea196addef
bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e
c37acb6ff8f11e1404570abccea987789690d886f070dc6ab19945b99d9105e4
d7c1c8a8d6ddb159cbe9b91c9d0bb43024314695cd4fa6003cdcf7f95072af8a
f8d3e2d9178ac88eb284d0a527bf094b36cc9a286aeca8e697ce0bc11eb7d613
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a