Hackers/scammers like to send SMS containing internet url address links which directs the user to a malware website. These malware websites can be used to push malicious TAC/PAC/OTP reading malware (require user's permission). Home PC antivirus software can detect these malicious links but on a phone is a different issue altogether. Android phones are especially vulnerable to this as Android phone allows users to bypass protection to install non Google PlayStore apps.
The domain Duckdns is mostly abused by phishing scammers (tech people call them Phisherman) to hide their actual website. Many popular antivirus programs do flag out these sites when trying to browse.