Report - verifybusinesssuite3489.duckdns.org/confirm.html

Report Overview

Visited public
2023-09-28 00:27:53
Tags
dyndns
URL
verifybusinesssuite3489.duckdns.org/confirm.html
Finishing URL
verifybusinesssuite3489.duckdns.org/confirm.html
IP / ASN
103.37.124.105
#0
Title
Facebook
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-09-28 00:29:01	454 B	90 kB	216.58.207.202
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-09-27 18:53:45	483 B	90 kB	151.101.2.137
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-09-27 21:08:12	2.1 kB	78 kB	151.101.193.229
upload.wikimedia.org	2215	2003-03-16	2012-05-21 11:39:45	2023-09-26 21:31:07	491 B	1.4 kB	185.15.59.240
ocsp.sectigo.com	487	2018-08-16	2019-11-29 12:50:24	2023-09-27 23:55:00	330 B	963 B	104.18.14.101
kit.fontawesome.com	1868	2012-10-18	2019-12-16 20:51:31	2023-09-26 21:21:49	481 B	12 kB	104.18.22.52
verifybusinesssuite3489.duckdns.org	unknown	2013-04-12	2023-09-27 05:31:33	2023-09-27 18:01:08	1.5 kB	495 kB	103.37.124.105
ka-f.fontawesome.com	3598	2012-10-18	2019-12-17 07:36:13	2023-09-27 01:21:03	2.1 kB	169 kB	172.64.130.9
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-27 18:12:01	666 B	1.4 kB	142.250.74.131
api.ipify.org	3267	2014-01-05	2014-10-06 14:38:43	2023-09-27 05:35:45	471 B	219 B	173.231.16.77

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-28 00:27:35	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-28 00:27:35	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-28 00:27:35	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-28 00:27:35	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-28 00:27:35	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-28 00:27:35	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-28 00:27:39	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-28 00:27:39	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-28 00:27:40	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-09-28 00:27:40	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-09-28 00:27:40	low	Client IP	173.231.16.77	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-09-27	medium	verifybusinesssuite3489.duckdns.org/confirm.html	Facebook, Inc.
2023-09-27	medium	verifybusinesssuite3489.duckdns.org/	Facebook, Inc.
2023-09-27	medium	verifybusinesssuite3489.duckdns.org/	Facebook, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	kit.fontawesome.com/83fd8385f7.js	ScriptElement	12 kB	2023-08-03	2024-11-01
Pretty URL kit.fontawesome.com/83fd8385f7.js IP 104.18.22.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-03 11:27 Last Seen2024-11-01 17:46 Times Seen312 Hash db23c81455aae8811b15da8365d4357b 5a938d7e697a68125be7e0aa8e59486654365d4c 7dc1b850e94055cb2e1d197420f0ac66eb2d8cce333f847533d195ec2e4af2dd Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 216.58.207.202 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 12:51 Times Seen205878 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js	ScriptElement	79 kB	2023-03-07	2025-05-11
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-11 11:52 Times Seen11913 Hash 0aa8d64e726c4a57adb5c88f9115996b 901169527507ff9e662cf64d8e361f359308970d 7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe Loading...

	verifybusinesssuite3489.duckdns.org/confirm.html	ScriptElement	1.4 kB	2023-07-16	2024-09-19
Pretty URL verifybusinesssuite3489.duckdns.org/confirm.html IP 103.37.124.105 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-16 01:33 Last Seen2024-09-19 20:15 Times Seen133 Hash f6e4e09921fbd672e3b1c45f6843b6b0 9bb266ecc422ff2fe11559dc8e190c3384f67dcd 8419d323254593395bc15f7c8691f789a5e33a5e8e53d2b425c9ede9c154562d Loading...

	verifybusinesssuite3489.duckdns.org/confirm.html	ScriptElement	828 B	2023-07-16	2024-09-19
Pretty URL verifybusinesssuite3489.duckdns.org/confirm.html IP 103.37.124.105 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-16 01:33 Last Seen2024-09-19 20:15 Times Seen140 Hash 51ec6a9ccf1854948489c06fc6556b77 ccf37bb222f3157effeac11b093c481f9c8232f1 35929f249e8c39f94e6b3a78f4be5901367409f8b033fca3428789d6332643cd Loading...

	cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js	ScriptElement	21 kB	2023-03-07	2025-05-11
Pretty URL cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 11:14 Times Seen5552 Hash 84415b7368fd6fc764cbe86039ce0626 62f238e73348c77eb9e865426a7d1b7de23cbb2d c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060 Loading...

	cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/js/bootstrap.min.js	ScriptElement	60 kB	2023-03-07	2025-05-11
Pretty URL cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/js/bootstrap.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 13:41 Times Seen5340 Hash 61f338f870fcd0ff46362ef109d28533 b3c116c65e6f053aaab45e5619a78ec00271a50f 5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548 Loading...

HTTP Transactions (19)

URL IP Response Size

cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/css/bootstrap.min.css

151.101.193.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/css/bootstrap.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65324)
Size
26 kB (26116 bytes)
Hash
7cc40c199d128af6b01e74a28c5900b0
d305110fb79113a961394b433d851a3410342b8c
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

HTTP Headers

GET /npm/bootstrap@4.4.1/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinesssuite3489.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinesssuite3489.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.4.1
x-jsd-version-type: version
etag: W/"26f1b-0wURD7eRE6lhOUtDPYUaNBA0K4w"
content-encoding: br
accept-ranges: bytes
date: Thu, 28 Sep 2023 00:27:38 GMT
age: 4802994
x-served-by: cache-fra-eddf8230099-FRA, cache-bma1647-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26116
X-Firefox-Spdy: h2

verifybusinesssuite3489.duckdns.org/confirm.html

103.37.124.105

200 OK

147 kB

URL User Request GET HTTP/1.1
verifybusinesssuite3489.duckdns.org/confirm.html
IP
103.37.124.105:443
ASN
#0

Certificate
IssuercPanel, Inc.
Subjectverifybusinesssuite3489.duckdns.org
FingerprintDA:08:F7:8E:A1:4E:3E:11:94:0D:82:E8:F3:9F:68:49:18:0B:F6:7B
ValidityWed, 27 Sep 2023 00:00:00 GMT - Tue, 26 Dec 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (33829)
Size
147 kB (147160 bytes)
Hash
acaa49ad5dd345a2261422e247684482
89c5997a7980728ddf1f1b94a529d6a43e8520f8
503cc33606d5da6e6092b456df8a3e7fda0bb91f05dbcc710e1c0d6b46dd79ca

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /confirm.html HTTP/1.1
Host: verifybusinesssuite3489.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Sep 2023 00:27:38 GMT
Server: Apache
Last-Modified: Wed, 27 Sep 2023 03:34:00 GMT
Accept-Ranges: bytes
Content-Length: 147160
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js

151.101.193.229

200 OK

24 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65299)
Size
24 kB (23943 bytes)
Hash
0aa8d64e726c4a57adb5c88f9115996b
901169527507ff9e662cf64d8e361f359308970d
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe

HTTP Headers

GET /npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinesssuite3489.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinesssuite3489.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.0.2
x-jsd-version-type: version
etag: W/"13397-kBFpUnUH/55mLPZNjjYfNZMIlw0"
content-encoding: br
accept-ranges: bytes
date: Thu, 28 Sep 2023 00:27:39 GMT
age: 11010054
x-served-by: cache-fra-eddf8230080-FRA, cache-bma1647-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23943
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js

151.101.193.229

200 OK

7.8 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (21084)
Size
7.8 kB (7835 bytes)
Hash
84415b7368fd6fc764cbe86039ce0626
62f238e73348c77eb9e865426a7d1b7de23cbb2d
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060

HTTP Headers

GET /npm/popper.js@1.16.0/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinesssuite3489.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinesssuite3489.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.16.0
x-jsd-version-type: version
etag: W/"5309-YvI45zNIx3656GVCan0bfeI8uy0"
content-encoding: br
accept-ranges: bytes
date: Thu, 28 Sep 2023 00:27:39 GMT
age: 10397752
x-served-by: cache-fra-eddf8230104-FRA, cache-bma1647-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7835
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/js/bootstrap.min.js

151.101.193.229

200 OK

17 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/js/bootstrap.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (59729)
Size
17 kB (17008 bytes)
Hash
61f338f870fcd0ff46362ef109d28533
b3c116c65e6f053aaab45e5619a78ec00271a50f
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

HTTP Headers

GET /npm/bootstrap@4.4.1/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinesssuite3489.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinesssuite3489.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.4.1
x-jsd-version-type: version
etag: W/"ea6a-s8EWxl5vBTqqtF5WGaeOwAJxpQ8"
content-encoding: br
accept-ranges: bytes
date: Thu, 28 Sep 2023 00:27:39 GMT
age: 3194611
x-served-by: cache-fra-eddf8230118-FRA, cache-bma1647-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17008
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.4.2/css/free.min.css?token=83fd8385f7

172.64.130.9

200 OK

54 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.4.2/css/free.min.css?token=83fd8385f7
IP
172.64.130.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint64:27:AB:CA:DB:24:8C:C9:87:09:13:04:21:49:9C:6A:4E:DD:97:93
ValiditySun, 10 Sep 2023 05:39:32 GMT - Sat, 09 Dec 2023 05:39:31 GMT

File type
ASCII text, with very long lines (65321)
Size
54 kB (54109 bytes)
Hash
ae737a19e46fd502ba9cbe9e33213861
a4b5d757af122c49259d4398807e62d4ca6f2493
5e0821588462d15b0ff8e911760fc041332c162e2e30ab4b1071bcc8eb6c8223

HTTP Headers

GET /releases/v6.4.2/css/free.min.css?token=83fd8385f7 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://verifybusinesssuite3489.duckdns.org/
Origin: https://verifybusinesssuite3489.duckdns.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Sep 2023 00:27:38 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
etag: W/"ae737a19e46fd502ba9cbe9e33213861"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 cdd8daeefcf66738f6e908663e79c33e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: gt67Q_dkma0pZbmxNw0kapb7LwmJtbvavQ5cFrB_D9O9e4eI1Se_eQ==
age: 59237
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1BXevgRQhd4Aq7o%2FiLc6%2F6OLd6DCdMkL3QHIyekjmdq78k95uEPWysmyaEEkida5S5SC0yDB%2FXK%2FUMmOp%2B7I%2F9tLFH8JCYufmSxfiY0eb7OS9tVSB2KCkfhttl6eTAu43ba0SXFUKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d7dca08bfb48cd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0bbd1e938700d156e361c1ab8640f3bd
20e70357b360a225b5094714bc89889fd045aa14
7e4f05e6aba3abeaf61da9d17ed8d5518df3bc493c3b319eb29faa4c282fb8db

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 28 Sep 2023 00:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-shims.min.css?token=83fd8385f7

172.64.130.9

200 OK

35 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-shims.min.css?token=83fd8385f7
IP
172.64.130.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint64:27:AB:CA:DB:24:8C:C9:87:09:13:04:21:49:9C:6A:4E:DD:97:93
ValiditySun, 10 Sep 2023 05:39:32 GMT - Sat, 09 Dec 2023 05:39:31 GMT

File type
ASCII text, with very long lines (27377)
Size
35 kB (35349 bytes)
Hash
da06df503ced6ee507b5fb4fa0999f74
d10d67ffa9c263e24c43b1df7fa3ba8f2dee2c36
236e285339a2a692e9491d356489cdf83513cfb1add049a0620123d644e47554

HTTP Headers

GET /releases/v6.4.2/css/free-v4-shims.min.css?token=83fd8385f7 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://verifybusinesssuite3489.duckdns.org/
Origin: https://verifybusinesssuite3489.duckdns.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Sep 2023 00:27:38 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
etag: W/"da06df503ced6ee507b5fb4fa0999f74"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 db92535f619848d07c0f5eb965b50adc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: 7f-9gc7Up6yO-D1mFdmGOIieZtVwsePIOOIJL5JF1jXeQtkTReDU7g==
age: 59237
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=voQhfHZqpXYXG7dK9861r0%2F%2BB1pMF0faCZ5hf1hhgNxTaDnw%2BIc%2BT6WZfFitRhkPBaP%2Bl0hROK2xydrBPMFq8J1K084gyUWzlJThZnLVWTFMWQuFBcpQKyGGxg6zkbMuI9MqAq%2BoDA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d7dca08c0848cd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0bbd1e938700d156e361c1ab8640f3bd
20e70357b360a225b5094714bc89889fd045aa14
7e4f05e6aba3abeaf61da9d17ed8d5518df3bc493c3b319eb29faa4c282fb8db

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 28 Sep 2023 00:27:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

upload.wikimedia.org/wikipedia/commons/5/51/Facebook_f_logo_%282019%29.svg

185.15.59.240

200 OK

265 B

URL GET HTTP/2
upload.wikimedia.org/wikipedia/commons/5/51/Facebook_f_logo_%282019%29.svg
IP
185.15.59.240:443
ASN
#14907 WIKIMEDIA

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerDigiCert Inc
Subject*.wikipedia.org
Fingerprint91:D4:DD:DD:2F:F9:18:E0:19:07:D8:6B:C7:54:54:F1:1A:8F:2C:DC
ValidityThu, 27 Oct 2022 00:00:00 GMT - Fri, 17 Nov 2023 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (358), with no line terminators
Size
265 B (265 bytes)
Hash
ce0c8188520a88e43c81e611847721ac
a90feacc04182f95fa6daf663a2a9861b470857c
0225596ff7a58f75d7558ca613ff56066f16117276fafa669e207672e6448abb

HTTP Headers

GET /wikipedia/commons/5/51/Facebook_f_logo_%282019%29.svg HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verifybusinesssuite3489.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 27 Sep 2023 04:17:09 GMT
server: ATS/9.1.4
etag: W/ce0c8188520a88e43c81e611847721ac
content-type: image/svg+xml
x-object-meta-sha1base36: jqxuxf8zsvmr9w4ubfr58fktkadka64
last-modified: Thu, 20 Aug 2020 10:11:57 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 72629
x-cache: cp3078 hit, cp3078 hit/298
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
content-length: 265
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-font-face.min.css?token=83fd8385f7

172.64.130.9

200 OK

74 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-font-face.min.css?token=83fd8385f7
IP
172.64.130.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint64:27:AB:CA:DB:24:8C:C9:87:09:13:04:21:49:9C:6A:4E:DD:97:93
ValiditySun, 10 Sep 2023 05:39:32 GMT - Sat, 09 Dec 2023 05:39:31 GMT

File type
ASCII text, with very long lines (1560)
Size
74 kB (74010 bytes)
Hash
9b853b50f37dd0ca770ce0f294d427df
06cafaca197afda406bc5a72bcd6474758e51e65
6c58c4804370b9c347d517491c450416ca371fb1403aceaa1d6f751403b07c48

HTTP Headers

GET /releases/v6.4.2/css/free-v4-font-face.min.css?token=83fd8385f7 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://verifybusinesssuite3489.duckdns.org/
Origin: https://verifybusinesssuite3489.duckdns.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Sep 2023 00:27:38 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
etag: W/"9b853b50f37dd0ca770ce0f294d427df"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 728b6476f3e2317ec8044d22806d4f94.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: GcSmtSWhc3WGeFGBOfRrH0wlZabcy7rdaJpDrjP0Ukmc2KBhhMZEeA==
age: 59237
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8rwqaLNvm7XjWpZicbb5yKeG2TP%2B%2B1RxAJATID1ZJvm3fLPGiiTLH2s1YE0CHbfFtLEVbEQtX1rN6KczXHzT%2FqnOhsyhDyGh1fAc7b51DemhgN%2FJCBOaWPZMzY1es2svq5dXQ4em2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d7dca08c0748cd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.14.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.14.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
535bb6ff9190fda88fa1889c1a1e036e
1ce79104d11e75b6c1a276f118c04eb1765c33c0
d4b93ae24caf7f6b237bccb85b40fee498b2319de21b881662367a7e593afb64

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Sep 2023 00:27:40 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 27 Sep 2023 15:08:11 GMT
Expires: Wed, 04 Oct 2023 15:08:10 GMT
Etag: "1ce79104d11e75b6c1a276f118c04eb1765c33c0"
Cache-Control: max-age=571304,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80d7dca7cebe5687-OSL

api.ipify.org/?format=json

173.231.16.77

200 OK

21 B

URL GET HTTP/1.1
api.ipify.org/?format=json
IP
173.231.16.77:443
ASN
#18450 WEBNX

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerSectigo Limited
Subject*.ipify.org
FingerprintF4:76:2D:2C:65:D1:15:BE:19:A4:C5:E0:8D:EB:89:1A:B6:75:4A:54
ValidityTue, 07 Feb 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
7d69c71af0f191e9a72db6153f8018d1
f67c5f2887bc05654b47f76e9621e53a4091aed1
5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65

HTTP Headers

GET /?format=json HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinesssuite3489.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinesssuite3489.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.1
Date: Thu, 28 Sep 2023 00:27:40 GMT
Content-Type: application/json
Content-Length: 21
Connection: keep-alive
Access-Control-Allow-Origin: *
Vary: Origin

verifybusinesssuite3489.duckdns.org/recovery.png

103.37.124.105

200 OK

274 kB

URL GET HTTP/1.1
verifybusinesssuite3489.duckdns.org/recovery.png
IP
103.37.124.105:443
ASN
#0

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuercPanel, Inc.
Subjectverifybusinesssuite3489.duckdns.org
FingerprintDA:08:F7:8E:A1:4E:3E:11:94:0D:82:E8:F3:9F:68:49:18:0B:F6:7B
ValidityWed, 27 Sep 2023 00:00:00 GMT - Tue, 26 Dec 2023 23:59:59 GMT

File type
PNG image data, 1340 x 1338, 8-bit/color RGBA, non-interlaced\012- data
Size
274 kB (273625 bytes)
Hash
0b6c07045c1d1b275b9a60b47daa63e7
659f97c7e778c62e672328eff61ed9053db4d50a
c7fa8b6a6d8fb4ff2b71397516a22e120028fd6f023591e255a8910ff32a8fae

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /recovery.png HTTP/1.1
Host: verifybusinesssuite3489.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verifybusinesssuite3489.duckdns.org/confirm.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Sep 2023 00:27:39 GMT
Server: Apache
Last-Modified: Wed, 12 Jul 2023 01:15:28 GMT
Accept-Ranges: bytes
Content-Length: 273625
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

ka-f.fontawesome.com/releases/v6.4.2/css/free-v5-font-face.min.css?token=83fd8385f7

172.64.130.9

200 OK

823 B

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.4.2/css/free-v5-font-face.min.css?token=83fd8385f7
IP
172.64.130.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint64:27:AB:CA:DB:24:8C:C9:87:09:13:04:21:49:9C:6A:4E:DD:97:93
ValiditySun, 10 Sep 2023 05:39:32 GMT - Sat, 09 Dec 2023 05:39:31 GMT

File type
ASCII text, with very long lines (845), with no line terminators
Size
823 B (823 bytes)
Hash
60f771d70194eee2f6ca53f652629c57
80569fe18344d0c3f526479a886fba91d2de0aca
64d1a9645b5b437137ca6c04f5aa6bedd4fe5d102c592894411232a7121e7b02

HTTP Headers

GET /releases/v6.4.2/css/free-v5-font-face.min.css?token=83fd8385f7 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://verifybusinesssuite3489.duckdns.org/
Origin: https://verifybusinesssuite3489.duckdns.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Sep 2023 00:27:38 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
etag: W/"dbf296002d53e56d340b105d9d764940"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 ce738519b722f3350531751d4205f8f4.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: SXP231BFmSajxjn8k2xojEG5p0xa5ktYdeCKuItH3UNuXHVPf9FRJQ==
age: 59237
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SSB6i%2BJeD7pQ58PoQod2SP2aPfAjuejmVwYe6d9uPurOqKqeu2ELRQZKwuRLb2OZ59b7OFikMv%2BML1f3inL40IkOz6Ou1eMo1EG9bFH6xoMDmq%2BpjbEmrXc4jn8%2Fk0qWohmzk9bvzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80d7dca08bfd48cd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

kit.fontawesome.com/83fd8385f7.js

104.18.22.52

200 OK

12 kB

URL GET HTTP/2
kit.fontawesome.com/83fd8385f7.js
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11213)
Size
12 kB (11643 bytes)
Hash
db23c81455aae8811b15da8365d4357b
5a938d7e697a68125be7e0aa8e59486654365d4c
7dc1b850e94055cb2e1d197420f0ac66eb2d8cce333f847533d195ec2e4af2dd

HTTP Headers

GET /83fd8385f7.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinesssuite3489.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinesssuite3489.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Sep 2023 00:27:38 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F4jod0ZAPOPnnE9JQ3GC
cf-cache-status: MISS
server: cloudflare
cf-ray: 80d7dc9e4e6ab51e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

216.58.207.202

200 OK

90 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
216.58.207.202:443
ASN
#15169 GOOGLE

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verifybusinesssuite3489.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 27 Sep 2023 02:19:30 GMT
expires: Thu, 26 Sep 2024 02:19:30 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 79689
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.2.137

200 OK

90 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinesssuite3489.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinesssuite3489.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 28 Sep 2023 00:27:39 GMT
age: 622759
x-served-by: cache-lga21931-LGA, cache-bma1621-BMA
x-cache: HIT, HIT
x-cache-hits: 30, 171699
x-timer: S1695860859.333163,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

verifybusinesssuite3489.duckdns.org/Facebook_f_logo.png

103.37.124.105

200 OK

73 kB

URL GET HTTP/1.1
verifybusinesssuite3489.duckdns.org/Facebook_f_logo.png
IP
103.37.124.105:443
ASN
#0

Requested by
https://verifybusinesssuite3489.duckdns.org/confirm.html
Certificate
IssuercPanel, Inc.
Subjectverifybusinesssuite3489.duckdns.org
FingerprintDA:08:F7:8E:A1:4E:3E:11:94:0D:82:E8:F3:9F:68:49:18:0B:F6:7B
ValidityWed, 27 Sep 2023 00:00:00 GMT - Tue, 26 Dec 2023 23:59:59 GMT

File type
PNG image data, 2048 x 2048, 8-bit/color RGBA, non-interlaced\012- data
Size
73 kB (73382 bytes)
Hash
65df09dbb9166f247de083239cf4afd8
7d326258e869741b8558de74710a977274520cc0
79c20677cdad62f33798382bf81b3fd30044d1f49b8952995d9a6d7c704e7e70

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /Facebook_f_logo.png HTTP/1.1
Host: verifybusinesssuite3489.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verifybusinesssuite3489.duckdns.org/confirm.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Sep 2023 00:27:39 GMT
Server: Apache
Last-Modified: Wed, 12 Jul 2023 01:15:28 GMT
Accept-Ranges: bytes
Content-Length: 73382
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections