99u8y78gtfxzr.duckdns.org Open in urlscan Pro
185.212.129.195  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index2.php Show response 99u8y78gtfxzr.duckdns.org/	5 KB 2 KB	762ms 557ms	Document text/html	185.212.129.195 INTERNET-IT
General Check archive.org Show headers Download Go to Full URL https://99u8y78gtfxzr.duckdns.org/index2.php?ijbgtrf=1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.212.129.195 , Netherlands, ASN200313 (INTERNET-IT, NL), Reverse DNS trtgbevrefbgr.duckdns.org Software Apache/2.4.18 (Ubuntu) / Resource Hash 78d3e654a5d41705e2c0f732ca1f7f1325f9607302ce7be492409e60c9f7bb95 Request headers Host 99u8y78gtfxzr.duckdns.org Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Fri, 24 Apr 2020 00:24:44 GMT Server Apache/2.4.18 (Ubuntu) Vary Accept-Encoding Content-Encoding gzip Content-Length 1424 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	encrypt.js Show response unknownn.z13.web.core.windows.net/wre/	193 KB 194 KB	457ms 113ms	Script application/x-javascript	52.239.169.97 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://unknownn.z13.web.core.windows.net/wre/encrypt.js Requested by Host: 99u8y78gtfxzr.duckdns.org URL: https://99u8y78gtfxzr.duckdns.org/index2.php?ijbgtrf=1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.239.169.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash e0f19ec50533e90e8710c5bff62a10dc840f10c7957657edb04317dd0fa21696 Request headers Referer https://99u8y78gtfxzr.duckdns.org/index2.php?ijbgtrf=1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Date Fri, 24 Apr 2020 00:22:04 GMT Last-Modified Wed, 22 Apr 2020 22:07:13 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 UvKWzaiQ9QOLhvYUImabuQ== ETag "0x8D7E70982E387A0" Content-Type application/x-javascript x-ms-request-id ce9b9816-901e-002b-06ce-194c99000000 x-ms-version 2018-03-28 Accept-Ranges bytes Content-Length 198072
GET H/1.1	200 OK	details.js Show response unknownn.z13.web.core.windows.net/wre/	2 KB 3 KB	447ms 99ms	Script application/x-javascript	52.239.169.97 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://unknownn.z13.web.core.windows.net/wre/details.js Requested by Host: 99u8y78gtfxzr.duckdns.org URL: https://99u8y78gtfxzr.duckdns.org/index2.php?ijbgtrf=1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.239.169.97 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash e30e7064e597922770bba7a80c810140b133b829885def526ea5f475067d8380 Request headers Referer https://99u8y78gtfxzr.duckdns.org/index2.php?ijbgtrf=1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Date Fri, 24 Apr 2020 00:22:04 GMT Last-Modified Thu, 23 Apr 2020 07:11:55 GMT Server Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0 Content-MD5 dFjRLXtOH7OCMbCww4yCXQ== ETag "0x8D7E7559B13E522" Content-Type application/x-javascript x-ms-request-id 4139e92e-701e-0033-7dce-1993fe000000 x-ms-version 2018-03-28 Accept-Ranges bytes Content-Length 2246
GET H/1.1	200 OK	jquery-3.4.1.js Show response code.jquery.com/	274 KB 81 KB	28ms 6ms	Script application/javascript	2001:4de0:ac19::1:b:2a HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.4.1.js Requested by Host: unknownn.z13.web.core.windows.net URL: https://unknownn.z13.web.core.windows.net/wre/encrypt.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash 5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55 Request headers Referer https://99u8y78gtfxzr.duckdns.org/index2.php?ijbgtrf=1 Origin https://99u8y78gtfxzr.duckdns.org User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Date Fri, 24 Apr 2020 00:22:05 GMT Content-Encoding gzip Last-Modified Wed, 01 May 2019 21:14:27 GMT Server nginx ETag W/"5cca0c33-4472c" Vary Accept-Encoding X-HW 1587687725.dop040.fr8.t,1587687725.cds122.fr8.shn,1587687725.cds122.fr8.c Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=315360000, public Connection Keep-Alive Accept-Ranges bytes Content-Length 82889
GET H/1.1	200 OK	microsoft-logos-png-images-free-download-22.png www.freepnglogos.com/uploads/	39 KB 39 KB	210ms 71ms	Image image/png	173.212.192.75 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.freepnglogos.com/uploads/microsoft-logos-png-images-free-download-22.png Requested by Host: unknownn.z13.web.core.windows.net URL: https://unknownn.z13.web.core.windows.net/wre/encrypt.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.192.75 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi140437.contaboserver.net Software nginx / Resource Hash f3dc021cc1b5db178870390c8210797402d25b98879ba7d73a248c7ad958f320 Request headers Referer https://99u8y78gtfxzr.duckdns.org/index2.php?ijbgtrf=1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 23 Apr 2020 23:23:18 GMT Last-Modified Tue, 10 Oct 2017 14:35:33 GMT Server nginx ETag "1a1748-9b96-55b32383ee660" Content-Type image/png Cache-Control no-cache, must-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 39830
GET H2	200	pdf.png spoprod-a.akamaihd.net/files/fabric/assets/item-types/32/	433 B 860 B	114ms 30ms	Image image/png	23.53.41.227 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://spoprod-a.akamaihd.net/files/fabric/assets/item-types/32/pdf.png?refresh1 Requested by Host: unknownn.z13.web.core.windows.net URL: https://unknownn.z13.web.core.windows.net/wre/encrypt.js Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 23.53.41.227 , United States, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS a23-53-41-227.deploy.static.akamaitechnologies.com Software Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 / Resource Hash c496f9c13d0bab6c5055b9c536125a5a06fc8aac29f1e35a0119f1181bde6b67 Request headers Referer https://99u8y78gtfxzr.duckdns.org/index2.php?ijbgtrf=1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Fri, 24 Apr 2020 00:22:05 GMT last-modified Thu, 19 Mar 2020 17:32:18 GMT server Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 etag 0x8D7CC2B79149EA2 status 200 content-type image/png access-control-allow-origin * x-ms-request-id e7c1c031-e01e-0137-0df8-04f728000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=29005821 x-ms-version 2009-09-19 timing-allow-origin * content-length 433
GET DATA	200 OK	truncated /	16 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2d1c6efc7ba8d7b7a3bd04a9e11a7761c112e4bbc23f74937749067acea91d70 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET H2	200	status Show response transparencyreport.google.com/transparencyreport/api/v3/safebrowsing/	94 B 667 B	130ms 110ms	XHR application/json	2a00:1450:4001:818::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://transparencyreport.google.com/transparencyreport/api/v3/safebrowsing/status?site=https://topfivex.com/wp-includes/bookmarks.php Requested by Host: unknownn.z13.web.core.windows.net URL: https://unknownn.z13.web.core.windows.net/wre/details.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:818::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash e74fc08a192742cbdc97fe24e365a00840a281c2bb52deb7a4231c47d5152f10 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://99u8y78gtfxzr.duckdns.org/index2.php?ijbgtrf=1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Fri, 24 Apr 2020 00:22:05 GMT content-encoding gzip x-content-type-options nosniff status 200 content-disposition attachment; filename="response.bin"; filename*=UTF-8''response.bin alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000 x-xss-protection 1; mode=block pragma no-cache server GSE x-frame-options SAMEORIGIN content-type application/json; charset=utf-8 access-control-allow-origin https://99u8y78gtfxzr.duckdns.org cache-control no-cache, no-store, max-age=0, must-revalidate access-control-allow-credentials true content-security-policy frame-ancestors 'self' expires Mon, 01 Jan 1990 00:00:00 GMT
GET DATA	200 OK	truncated /	2 KB 2 KB		Font application/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer Origin https://99u8y78gtfxzr.duckdns.org Response headers Content-Type application/octet-stream

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| header string| email object| _0x461e function| _0x47f4 function| _0x4ccbb3 function| _0xf539d6 function| _0x2edabb string| t string| x function| _0x1b44a2 function| $ function| jQuery function| checkEmail object| checkboxes string| lgn_lnk string| rdd_lnk string| chk_lnk undefined| hash function| shuffleArray function| checkLinks function| strpos function| httpGet

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

99u8y78gtfxzr.duckdns.org
code.jquery.com
spoprod-a.akamaihd.net
transparencyreport.google.com
unknownn.z13.web.core.windows.net
www.freepnglogos.com
173.212.192.75
185.212.129.195
2001:4de0:ac19::1:b:2a
23.53.41.227
2a00:1450:4001:818::200e
52.239.169.97
29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5
2d1c6efc7ba8d7b7a3bd04a9e11a7761c112e4bbc23f74937749067acea91d70
5a93a88493aa32aab228bf4571c01207d3b42b0002409a454d404b4d8395bd55
78d3e654a5d41705e2c0f732ca1f7f1325f9607302ce7be492409e60c9f7bb95
c496f9c13d0bab6c5055b9c536125a5a06fc8aac29f1e35a0119f1181bde6b67
e0f19ec50533e90e8710c5bff62a10dc840f10c7957657edb04317dd0fa21696
e30e7064e597922770bba7a80c810140b133b829885def526ea5f475067d8380
e74fc08a192742cbdc97fe24e365a00840a281c2bb52deb7a4231c47d5152f10
f3dc021cc1b5db178870390c8210797402d25b98879ba7d73a248c7ad958f320