secureverifyc9s54.ddns.net Open in urlscan Pro
51.222.56.143 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://secureverifyc9s54.ddns.net/
Submission: On April 13 via automatic, source certstream-suspicious (April 13th 2022, 4:07:39 am UTC) — Scanned from CA

Summary HTTP 15 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 15 HTTP transactions. The main IP is 51.222.56.143, located in Canada and belongs to OVH, FR. The main domain is secureverifyc9s54.ddns.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 12th 2022. Valid for: 3 months.

This is the only time secureverifyc9s54.ddns.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fifth Third Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
11	51.222.56.143 51.222.56.143	16276 (OVH) (OVH)
1	23.3.125.203 23.3.125.203	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2607:f8b0:400... 2607:f8b0:4006:816::200a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80b::200a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80e::2003	15169 (GOOGLE) (GOOGLE)
15	5

11 51.222.56.143 (Canada)

ASN16276 (OVH, FR)
PTR: ip143.ip-51-222-56.net

secureverifyc9s54.ddns.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.3.125.203 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-3-125-203.deploy.static.akamaitechnologies.com

www.53.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:816::200a (United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80b::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80e::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	ddns.net secureverifyc9s54.ddns.net	949 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 282 fonts.googleapis.com — Cisco Umbrella Rank: 46	32 KB
1	gstatic.com fonts.gstatic.com	44 KB
1	53.com www.53.com — Cisco Umbrella Rank: 64131
15	4

	Domain	Requested by
11	secureverifyc9s54.ddns.net	secureverifyc9s54.ddns.net
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	secureverifyc9s54.ddns.net
1	ajax.googleapis.com	secureverifyc9s54.ddns.net
1	www.53.com	secureverifyc9s54.ddns.net
15	5

This site contains links to these domains. Also see Links.

Domain
locations.53.com
express.53.com
onlinebanking.53.com
ir.53.com

Subject Issuer	Validity	Valid
secureverifyc9s54.ddns.net cPanel, Inc. Certification Authority	`2022-04-12` - `2022-07-11`	3 months	crt.sh
www.53.com DigiCert Global CA G2	`2022-01-06` - `2023-01-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://secureverifyc9s54.ddns.net/
Frame ID: B5F6E0CFFD78C0565B5F2D4EB7C570A6
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fifth Third Banking Login | Fifth Third Bank

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

1026 kB
Transfer

1091 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://locations.53.com/search.html
Title: Branch & ATM Locator

Search URL Search Domain Scan URL

URL: https://express.53.com/portal/auth/login/Login
Title: Go To Login

Search URL Search Domain Scan URL

URL: https://onlinebanking.53.com/ib/#/forgotUserId
Title: Forgot User ID

Search URL Search Domain Scan URL

URL: https://onlinebanking.53.com/ib/#/forgotPassword
Title: Forgot Password

Search URL Search Domain Scan URL

URL: https://onlinebanking.53.com/ib/#/newUser
Title: Register

Search URL Search Domain Scan URL

URL: https://ir.53.com/
Title: Investor Relations

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
secureverifyc9s54.ddns.net/ 153 KB
154 KB 43ms
10ms Document
text/html 51.222.56.143
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://secureverifyc9s54.ddns.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.222.56.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip143.ip-51-222-56.net
Software: Apache /
Resource Hash: 60f5e1d9a059dc6545ef8483fd28c7bc045dbc9f5803ee17930832dd6f8019de

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Apr 2022 04:07:35 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked

GET
H/1.1 200
OK style.css
secureverifyc9s54.ddns.net/components/css/ 697 KB
697 KB 17ms
9ms Stylesheet
text/css 51.222.56.143
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://secureverifyc9s54.ddns.net/components/css/style.css
Requested by: Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.222.56.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip143.ip-51-222-56.net
Software: Apache /
Resource Hash: fbcb9caf8200f54a0600a3d904cb68cd75cc538f3c29ef3788a561267501c924

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secureverifyc9s54.ddns.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 04:07:35 GMT
Last-Modified: Tue, 17 Aug 2021 05:31:04 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 713429

GET
H/1.1 200
OK cms.css
secureverifyc9s54.ddns.net/components/css/ 24 KB
24 KB 32ms
10ms Stylesheet
text/css 51.222.56.143
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://secureverifyc9s54.ddns.net/components/css/cms.css
Requested by: Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.222.56.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip143.ip-51-222-56.net
Software: Apache /
Resource Hash: 72cc6c41a40ffb416fc1c05e10518335200be501583db9b1b6e8996750b50fe5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secureverifyc9s54.ddns.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 04:07:35 GMT
Last-Modified: Tue, 17 Aug 2021 05:31:28 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 24820

GET
H/1.1 200
OK clientlib-fonts.57097d1a4d8c482342bd80c07259dc7c.css
secureverifyc9s54.ddns.net/components/css/ 206 B
447 B 32ms
11ms Stylesheet
text/css 51.222.56.143
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://secureverifyc9s54.ddns.net/components/css/clientlib-fonts.57097d1a4d8c482342bd80c07259dc7c.css
Requested by: Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.222.56.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip143.ip-51-222-56.net
Software: Apache /
Resource Hash: f949d8ad9a849eb722302a43f6e9e0a2d924f4232e198de110a7995be04180ad

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secureverifyc9s54.ddns.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 04:07:35 GMT
Last-Modified: Tue, 17 Aug 2021 23:41:38 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 206

GET
H/1.1 200
OK logo.svg
secureverifyc9s54.ddns.net/components/img/ 5 KB
5 KB 34ms
9ms Image
image/svg+xml 51.222.56.143
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secureverifyc9s54.ddns.net/components/img/logo.svg
Requested by: Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.222.56.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip143.ip-51-222-56.net
Software: Apache /
Resource Hash: 617518a4c1f153f1cbcb09ac14a8b3f4be01fb80dd86159b6b02bbee52622ed3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secureverifyc9s54.ddns.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 04:07:35 GMT
Last-Modified: Tue, 17 Aug 2021 05:38:00 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4875

GET
H/1.1 200
OK 1440x565-ftblue-other.jpg
www.53.com/content/dam/fifth-third/heroes/ 0
0 280ms
151ms Image
text/html 23.3.125.203
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.53.com/content/dam/fifth-third/heroes/1440x565-ftblue-other.jpg
Requested by: Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.125.203 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-125-203.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secureverifyc9s54.ddns.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H/1.1 200
OK autocomplete.css
secureverifyc9s54.ddns.net/components/css/ 4 KB
4 KB 13ms
10ms Stylesheet
text/css 51.222.56.143
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://secureverifyc9s54.ddns.net/components/css/autocomplete.css
Requested by: Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.222.56.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip143.ip-51-222-56.net
Software: Apache /
Resource Hash: b602a4e946e93b897ae62a9518593c3dc8694df7be5b23ae28a6affb037fb3ad

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secureverifyc9s54.ddns.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 04:07:35 GMT
Last-Modified: Tue, 17 Aug 2021 05:32:40 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4028

GET
H/1.1 200
OK equal_housing_logo.png
secureverifyc9s54.ddns.net/components/img/ 3 KB
3 KB 28ms
9ms Image
image/png 51.222.56.143
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secureverifyc9s54.ddns.net/components/img/equal_housing_logo.png
Requested by: Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.222.56.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip143.ip-51-222-56.net
Software: Apache /
Resource Hash: c9874fdc3addc2b1da577088ec110c30e79e6afd4e89a20ac6ecff47cf1b3f45

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secureverifyc9s54.ddns.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 04:07:35 GMT
Last-Modified: Tue, 17 Aug 2021 05:40:36 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2758

GET
H/1.1 200
OK logo1.svg
secureverifyc9s54.ddns.net/components/img/ 5 KB
5 KB 10ms
9ms Image
image/svg+xml 51.222.56.143
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secureverifyc9s54.ddns.net/components/img/logo1.svg
Requested by: Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.222.56.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip143.ip-51-222-56.net
Software: Apache /
Resource Hash: 617518a4c1f153f1cbcb09ac14a8b3f4be01fb80dd86159b6b02bbee52622ed3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secureverifyc9s54.ddns.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 04:07:35 GMT
Last-Modified: Tue, 17 Aug 2021 05:40:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 4875

GET
H/1.1 200
OK search.css
secureverifyc9s54.ddns.net/components/css/ 3 KB
3 KB 13ms
10ms Stylesheet
text/css 51.222.56.143
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://secureverifyc9s54.ddns.net/components/css/search.css
Requested by: Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.222.56.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip143.ip-51-222-56.net
Software: Apache /
Resource Hash: 83c98e8c05d30c0072b9341b9615dd0ab5e4d5e14eb60e376c78d1cb7b678f46

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secureverifyc9s54.ddns.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 04:07:35 GMT
Last-Modified: Tue, 17 Aug 2021 05:32:54 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2670

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 68ms
19ms Script
text/javascript 2607:f8b0:4006:816::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secureverifyc9s54.ddns.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 10 Apr 2022 00:45:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 271309
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 Apr 2023 00:45:46 GMT

GET
H/1.1 200
OK jquery.mask.js Show response
secureverifyc9s54.ddns.net/components/js/ 23 KB
23 KB 14ms
10ms Script
application/javascript 51.222.56.143
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://secureverifyc9s54.ddns.net/components/js/jquery.mask.js
Requested by: Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.222.56.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip143.ip-51-222-56.net
Software: Apache /
Resource Hash: a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secureverifyc9s54.ddns.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 04:07:35 GMT
Last-Modified: Tue, 17 Aug 2021 21:33:20 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 23176

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 85ms
36ms Stylesheet
text/css 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,400i,600,700

Requested by

Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/components/css/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

04a391894f53929ef3fc81d5a87162bc5742cd87c0e15e0a4c1181b90cc64612

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://secureverifyc9s54.ddns.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 02:16:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 13 Apr 2022 04:07:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 13 Apr 2022 04:07:35 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v28/ 44 KB
44 KB 77ms
20ms Font
font/woff2 2607:f8b0:4006:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400i,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://secureverifyc9s54.ddns.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 12 Apr 2022 22:46:05 GMT
x-content-type-options: nosniff
age: 19290
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:03:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Apr 2023 22:46:05 GMT

GET
H/1.1 200
OK icomoon.woff
secureverifyc9s54.ddns.net/components/fonts/ 31 KB
31 KB 10ms
10ms Font
font/woff 51.222.56.143
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://secureverifyc9s54.ddns.net/components/fonts/icomoon.woff
Requested by: Host: secureverifyc9s54.ddns.net
URL: https://secureverifyc9s54.ddns.net/components/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.222.56.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ip143.ip-51-222-56.net
Software: Apache /
Resource Hash: 1539ec89c49a493f983dbde0e0c35c310eaaa74f91aa316eac33e942285bed2c

Request headers

Referer: https://secureverifyc9s54.ddns.net/components/css/style.css
Origin: https://secureverifyc9s54.ddns.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 04:07:35 GMT
Last-Modified: Tue, 17 Aug 2021 05:37:12 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 31620

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fifth Third Bank (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
fonts.googleapis.com
fonts.gstatic.com
secureverifyc9s54.ddns.net
www.53.com
23.3.125.203
2607:f8b0:4006:80b::200a
2607:f8b0:4006:80e::2003
2607:f8b0:4006:816::200a
51.222.56.143
04a391894f53929ef3fc81d5a87162bc5742cd87c0e15e0a4c1181b90cc64612
1539ec89c49a493f983dbde0e0c35c310eaaa74f91aa316eac33e942285bed2c
60f5e1d9a059dc6545ef8483fd28c7bc045dbc9f5803ee17930832dd6f8019de
617518a4c1f153f1cbcb09ac14a8b3f4be01fb80dd86159b6b02bbee52622ed3
72cc6c41a40ffb416fc1c05e10518335200be501583db9b1b6e8996750b50fe5
83c98e8c05d30c0072b9341b9615dd0ab5e4d5e14eb60e376c78d1cb7b678f46
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
b602a4e946e93b897ae62a9518593c3dc8694df7be5b23ae28a6affb037fb3ad
c9874fdc3addc2b1da577088ec110c30e79e6afd4e89a20ac6ecff47cf1b3f45
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f949d8ad9a849eb722302a43f6e9e0a2d924f4232e198de110a7995be04180ad
fbcb9caf8200f54a0600a3d904cb68cd75cc538f3c29ef3788a561267501c924

secureverifyc9s54.ddns.net Open in urlscan Pro 51.222.56.143 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

60 %IPv6

4 Domains

5 Subdomains

5 IPs

2 Countries

1026 kBTransfer

1091 kBSize

0 Cookies

6 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

Indicators

secureverifyc9s54.ddns.net Open in urlscan Pro
51.222.56.143 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

1026 kB
Transfer

1091 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!