submit-busines-restricted.duckdns.org Open in urlscan Pro
167.86.86.173 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://submit-busines-restricted.duckdns.org/
Submission: On March 23 via api (March 23rd 2024, 4:26:19 am UTC) from US — Scanned from US

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 19 HTTP transactions. The main IP is 167.86.86.173, located in Nuremberg, Germany and belongs to CONTABO, DE. The main domain is submit-busines-restricted.duckdns.org.
TLS certificate: Issued by R3 on March 22nd 2024. Valid for: 3 months.

This is the only time submit-busines-restricted.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 11	167.86.86.173 167.86.86.173	51167 (CONTABO) (CONTABO)
2	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2607:f8b0:400... 2607:f8b0:4006:81d::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3038::6815:ea6c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
19	6

11 167.86.86.173 (Nuremberg, Germany) 1 redirects

ASN51167 (CONTABO, DE)
PTR: bey.busana.my.id

submit-busines-restricted.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81d::200a (United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3038::6815:ea6c (United States)

ASN13335 (CLOUDFLARENET, US)

s3.scriptcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	duckdns.org 1 redirects submit-busines-restricted.duckdns.org	300 KB
3	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 716	88 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1828	31 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1217	32 KB
1	scriptcdn.net s3.scriptcdn.net — Cisco Umbrella Rank: 191591	41 KB
0	jefanyastore.biz.id Failed jefanyastore.biz.id Failed
19	6

	Domain	Requested by
11	submit-busines-restricted.duckdns.org	1 redirects submit-busines-restricted.duckdns.org
3	ajax.googleapis.com	submit-busines-restricted.duckdns.org
2	maxcdn.bootstrapcdn.com	submit-busines-restricted.duckdns.org
1	code.jquery.com	submit-busines-restricted.duckdns.org
1	s3.scriptcdn.net	submit-busines-restricted.duckdns.org
0	jefanyastore.biz.id Failed	submit-busines-restricted.duckdns.org
19	6

This site contains no links.

Subject Issuer	Validity	Valid
cpanel.submit-busines-restricted.duckdns.org R3	`2024-03-22` - `2024-06-20`	3 months	crt.sh
bootstrapcdn.com GTS CA 1P5	`2024-01-28` - `2024-04-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
scriptcdn.net E1	`2024-03-02` - `2024-05-31`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://submit-busines-restricted.duckdns.org/
Frame ID: BAD06AA06D2F97E4F0786851C8CA6950
Requests: 4 HTTP requests in this frame

Frame: https://submit-busines-restricted.duckdns.org/account_selector/
Frame ID: 77711596E7E90B96AC0FBEE94DEE107A
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Meta Support

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

89 %
HTTPS

80 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

493 kB
Transfer

1384 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://submit-busines-restricted.duckdns.org/account_selector HTTP 301
https://submit-busines-restricted.duckdns.org/account_selector/

19 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
submit-busines-restricted.duckdns.org/ 984 B
631 B 578ms
211ms Document
text/html 167.86.86.173
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://submit-busines-restricted.duckdns.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.86.86.173 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: bey.busana.my.id
Software: LiteSpeed /
Resource Hash: 4c3055cef84dc2814435be0c7a29815f6c6c0bef05f182c959e6903b3494b24b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 387
content-type: text/html; charset=UTF-8
date: Sat, 23 Mar 2024 04:26:14 GMT
server: LiteSpeed
vary: Accept-Encoding

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 118 KB
20 KB 117ms
44ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Requested by

Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 04:26:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 976
age: 2116179
cdn-cachedat: 11/04/2022 00:12:28
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"ec3bb52a00e176a7181d454dffaea219"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: a688874218d8d7bf2de562695c386bb7
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 868ba982ba1974c0-MIA
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.1.1/ 85 KB
30 KB 202ms
63ms Script
text/javascript 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js

Requested by

Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 10:13:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238351
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30244
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Mar 2025 10:13:43 GMT

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ 36 KB
10 KB 118ms
45ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

Requested by

Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 04:26:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 878
age: 2101334
cdn-cachedat: 09/04/2022 07:20:46
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"5869c96cc8f19086aee625d670d741f9"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: c99109e6837fa1a6bd2ca48659d6340d
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 868ba982ba1a74c0-MIA
cdn-requestpullsuccess: True

GET
H2

200

/ Show response
submit-busines-restricted.duckdns.org/account_selector/ Frame 7771
Redirect Chain

https://submit-busines-restricted.duckdns.org/account_selector
https://submit-busines-restricted.duckdns.org/account_selector/

39 KB
6 KB

173ms
172ms

Document
text/html

167.86.86.173
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://submit-busines-restricted.duckdns.org/account_selector/
Requested by: Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.86.86.173 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: bey.busana.my.id
Software: LiteSpeed /
Resource Hash: 7330857ec1d593f4b2e9aa5f5b4343584d4cd44c5537b55a4689ac7041585758

Request headers

Referer: https://submit-busines-restricted.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-encoding: br
content-length: 5767
content-type: text/html; charset=UTF-8
date: Sat, 23 Mar 2024 04:26:15 GMT
server: LiteSpeed
vary: Accept-Encoding

Redirect headers

content-length: 707
content-type: text/html
date: Sat, 23 Mar 2024 04:26:15 GMT
location: https://submit-busines-restricted.duckdns.org/account_selector/
server: LiteSpeed

GET
H3 200 sBXWJVtE_l6.css
submit-busines-restricted.duckdns.org/account_selector/css/ Frame 7771 36 KB
10 KB 474ms
473ms Stylesheet
text/css 167.86.86.173
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://submit-busines-restricted.duckdns.org/account_selector/css/sBXWJVtE_l6.css
Requested by: Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/account_selector/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 167.86.86.173 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: bey.busana.my.id
Software: LiteSpeed /
Resource Hash: 1c1648423329b6b28cffe0d7e4e37440b75508a6f6e294a43623f8480e4326ef

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/account_selector/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 04:26:15 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 03:50:08 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 9465
expires: Sat, 30 Mar 2024 04:26:15 GMT

GET
H3 200 PQsdvTo0jWu.css
submit-busines-restricted.duckdns.org/account_selector/css/ Frame 7771 37 KB
8 KB 496ms
493ms Stylesheet
text/css 167.86.86.173
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://submit-busines-restricted.duckdns.org/account_selector/css/PQsdvTo0jWu.css
Requested by: Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/account_selector/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 167.86.86.173 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: bey.busana.my.id
Software: LiteSpeed /
Resource Hash: a4eebaffa2a0f955b1c22963ce122d6b2721c06bb2de5fa598e5b6395877b208

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/account_selector/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 04:26:15 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 03:50:06 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 7886
expires: Sat, 30 Mar 2024 04:26:15 GMT

GET
H3 200 9S6WONSXioV.css
submit-busines-restricted.duckdns.org/account_selector/css/ Frame 7771 810 B
363 B 306ms
303ms Stylesheet
text/css 167.86.86.173
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://submit-busines-restricted.duckdns.org/account_selector/css/9S6WONSXioV.css
Requested by: Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/account_selector/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 167.86.86.173 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: bey.busana.my.id
Software: LiteSpeed /
Resource Hash: ed25d38dd96abfe8f674faa19436788b55109095ca63725fb1210e4f1f5a0fea

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/account_selector/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 04:26:15 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 03:50:02 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 318
expires: Sat, 30 Mar 2024 04:26:15 GMT

GET
H3 200 vRqE9ubQhYU.css
submit-busines-restricted.duckdns.org/account_selector/css/ Frame 7771 27 KB
6 KB 527ms
524ms Stylesheet
text/css 167.86.86.173
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://submit-busines-restricted.duckdns.org/account_selector/css/vRqE9ubQhYU.css
Requested by: Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/account_selector/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 167.86.86.173 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: bey.busana.my.id
Software: LiteSpeed /
Resource Hash: df9f33ffded27b0f002ed79860a184c3205b52d8a9c43d01833faba8a9c4bfda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/account_selector/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 04:26:15 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 03:50:12 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5789
expires: Sat, 30 Mar 2024 04:26:15 GMT

GET
H3 200 style-pay.css
submit-busines-restricted.duckdns.org/account_selector/css/ Frame 7771 44 KB
4 KB 539ms
536ms Stylesheet
text/css 167.86.86.173
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://submit-busines-restricted.duckdns.org/account_selector/css/style-pay.css
Requested by: Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/account_selector/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 167.86.86.173 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: bey.busana.my.id
Software: LiteSpeed /
Resource Hash: 88c5d4bbfd88778f114aaec06162bb779759ca30339703c4c7e6e294169f560d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/account_selector/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 04:26:15 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 03:50:10 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4276
expires: Sat, 30 Mar 2024 04:26:15 GMT

GET
H3 200 pAy5sS6Se6DC.css
submit-busines-restricted.duckdns.org/account_selector/css/ Frame 7771 446 KB
126 KB 550ms
548ms Stylesheet
text/css 167.86.86.173
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://submit-busines-restricted.duckdns.org/account_selector/css/pAy5sS6Se6DC.css
Requested by: Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/account_selector/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 167.86.86.173 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: bey.busana.my.id
Software: LiteSpeed /
Resource Hash: 23431b442c844f7284d5acd0e4636400941659175df1991e3db406444553c99b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/account_selector/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 04:26:15 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 03:50:06 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 128471
expires: Sat, 30 Mar 2024 04:26:15 GMT

GET
H2 200 c7fa7451-6f95-4815-ac32-b8cc2537837a Show response
s3.scriptcdn.net/cdn/ Frame 7771 117 KB
41 KB 376ms
262ms Script
application/javascript 2606:4700:3038::6815:ea6c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.scriptcdn.net/cdn/c7fa7451-6f95-4815-ac32-b8cc2537837a
Requested by: Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/account_selector/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:ea6c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e1d24e095ba0f034b25804a317b7e70be9614d6aba436d0d87e74053ced8394

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 04:26:16 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E7uNi85C2m%2BmWS2BaKo1RIPs9etfJveTGmsWVB4iA8UVQCpcEaFborG57yty9GhAT%2F%2BLKFJHS0NjAj7U07D04QZegxQQfDubCSAbIVBBVLZdSsNzSi3CDyGA%2FqJ5HSkv%2F8gxkiTiufT2hcR2JWFD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=3600
cf-ray: 868ba9896a220a32-MIA
alt-svc: h3=":443"; ma=86400

GET
H3 200 a.png
submit-busines-restricted.duckdns.org/account_selector/img/ Frame 7771 24 KB
24 KB 833ms
830ms Image
image/png 167.86.86.173
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://submit-busines-restricted.duckdns.org/account_selector/img/a.png
Requested by: Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/account_selector/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 167.86.86.173 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: bey.busana.my.id
Software: LiteSpeed /
Resource Hash: d7a879ae5ca10bfd663c1fd65b79e4df0ef0d9d0bc76183a3acd57dae4602dcd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/account_selector/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 04:26:15 GMT
last-modified: Wed, 27 Sep 2023 03:51:50 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 24451
expires: Sat, 30 Mar 2024 04:26:16 GMT

GET
H3 200 101492-blue-security.gif
submit-busines-restricted.duckdns.org/account_selector/img/ Frame 7771 117 KB
117 KB 311ms
309ms Image
image/gif 167.86.86.173
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://submit-busines-restricted.duckdns.org/account_selector/img/101492-blue-security.gif
Requested by: Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/account_selector/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 167.86.86.173 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: bey.busana.my.id
Software: LiteSpeed /
Resource Hash: 1a28452270079f7834854b18270302bb15e53a0690ff3519a0b1beb93f0b05a4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/account_selector/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 04:26:15 GMT
last-modified: Wed, 27 Sep 2023 03:51:48 GMT
server: LiteSpeed
content-type: image/gif
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 119376
expires: Sat, 30 Mar 2024 04:26:16 GMT

GET
H2 200 jquery-1.10.2.min.js Show response
code.jquery.com/ Frame 7771 91 KB
32 KB 718ms
34ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.10.2.min.js
Requested by: Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/account_selector/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 04:26:17 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2584875
x-cache: HIT, HIT
content-length: 32788
x-served-by: cache-lga13622-LGA, cache-mia-kmia1760039-MIA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1711167977.293544,VS0,VE0
etag: W/"28feccc0-16bb3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 12, 11311

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ Frame 7771 82 KB
29 KB 92ms
88ms Script
text/javascript 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/account_selector/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 22:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22348
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Mar 2025 22:13:48 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.3/ Frame 7771 82 KB
29 KB 66ms
64ms Script
text/javascript 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js

Requested by

Host: submit-busines-restricted.duckdns.org
URL: https://submit-busines-restricted.duckdns.org/account_selector/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://submit-busines-restricted.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 22 Mar 2024 22:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22348
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29707
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 22 Mar 2025 22:13:48 GMT

GET debug.js
jefanyastore.biz.id/js/ Frame 7771 0
0

GET ctrlu.js
jefanyastore.biz.id/js/ Frame 7771 0
0

GET
DATA 200
OK truncated
/ Frame 7771 135 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c2128b5b8a9ea02f0830a3b22c37023dae3f287e7ef5d91fbb4ff535c6b30675

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: jefanyastore.biz.id
URL: https://jefanyastore.biz.id/js/debug.js

Domain: jefanyastore.biz.id
URL: https://jefanyastore.biz.id/js/ctrlu.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			s3.scriptcdn.net/cdn	1970-01-21 04:05:03	Name: s3cdn_sess Value: MTcxMTE2Nzk3NnxEdi1CQkFFQ180SUFBUkFCRUFBQVBmLUNBQUVHYzNSeWFXNW5EQVVBQTNWcFpBWnpkSEpwYm1jTUlnQWdNakJpWWpGak5XTTFZVEl6TkRNd1pqZ3lNMlZoWldFek1HVTRZMlJpTlRRPXz4YwaFQyeLEDHlKjhRkPP86kIy48YuFdFAdZw_FJaelg==

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://submit-busines-restricted.duckdns.org/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://jefanyastore.biz.id/js/debug.js Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
network	error	URL: https://jefanyastore.biz.id/js/ctrlu.js Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
code.jquery.com
jefanyastore.biz.id
maxcdn.bootstrapcdn.com
s3.scriptcdn.net
submit-busines-restricted.duckdns.org
jefanyastore.biz.id
167.86.86.173
2606:4700:3038::6815:ea6c
2606:4700::6812:bcf
2607:f8b0:4006:81d::200a
2a04:4e42:600::649
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
1a28452270079f7834854b18270302bb15e53a0690ff3519a0b1beb93f0b05a4
1c1648423329b6b28cffe0d7e4e37440b75508a6f6e294a43623f8480e4326ef
23431b442c844f7284d5acd0e4636400941659175df1991e3db406444553c99b
4c3055cef84dc2814435be0c7a29815f6c6c0bef05f182c959e6903b3494b24b
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
7330857ec1d593f4b2e9aa5f5b4343584d4cd44c5537b55a4689ac7041585758
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
88c5d4bbfd88778f114aaec06162bb779759ca30339703c4c7e6e294169f560d
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
8e1d24e095ba0f034b25804a317b7e70be9614d6aba436d0d87e74053ced8394
a4eebaffa2a0f955b1c22963ce122d6b2721c06bb2de5fa598e5b6395877b208
c2128b5b8a9ea02f0830a3b22c37023dae3f287e7ef5d91fbb4ff535c6b30675
d7a879ae5ca10bfd663c1fd65b79e4df0ef0d9d0bc76183a3acd57dae4602dcd
df9f33ffded27b0f002ed79860a184c3205b52d8a9c43d01833faba8a9c4bfda
ed25d38dd96abfe8f674faa19436788b55109095ca63725fb1210e4f1f5a0fea
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

submit-busines-restricted.duckdns.org Open in urlscan Pro 167.86.86.173 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

89 %HTTPS

80 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

493 kBTransfer

1384 kBSize

1 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

submit-busines-restricted.duckdns.org Open in urlscan Pro
167.86.86.173 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

89 %
HTTPS

80 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

493 kB
Transfer

1384 kB
Size

1
Cookies

19 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!