📌 Current Findings:

Domain: account-settingfbads10110299482.vercel.app

DNS and WHOIS Analysis:

• WHOIS doesn’t provide direct info due to privacy/redirection via vercel.app.
• DNS resolved to two IP addresses:
  • 216.198.79.129 (reverse DNS: 216-198-79-129.client.cypresscom.net)
  • 64.29.17.129
• Wildcard DNS enabled.

2. Nmap Scan Results:

• Open Ports:
  • 53/tcp: DNS service (dnsmasq) exposed, possibly for internal DNS caching or redirection.
  • 80/tcp: HTTP service running on Vercel (redirecting HTTP → HTTPS).
  • 443/tcp HTTPS, Golang net/http Server, hosted on Vercel.
• Interesting Headers found:
  • X-Vercel-Id and X-Vercel-Error indicated “DEPLOYMENT_NOT_FOUND,” hinting deployment misconfigurations or intentionally deleted deployments.
  • Permanent redirects to empty URLs (misconfigured or intentionally evasive).

Nikto Scan Results:

• Detected wildcard SSL (*.vercel.app).
• Found potentially interesting backup files (e.g., .tar, .jks, .pem, .cer, .war, .bz2).
  • Examples:
    • /archive.tar.bz2
    • /database.jks
    • /app.war
• These files might contain sensitive data or could be default results due to wildcard DNS.

Gobuster Enumeration:

• Identified directory:

/_src  –> Redirects to source page on Vercel (might be access-restricted or require authentication).

• Wildcard responses indicated, necessitating careful length filtering.

🧰 Next Steps for Exploitation & Deeper Analysis:

Given your recon data, proceed as follows:

Step 1: Download and Analyze Backup/Archive Files:

wget https://account-settingfbads10110299482.vercel.app/database.jks

wget https://account-settingfbads10110299482.vercel.app/app.war

Inspect downloaded files using:

file database.jks

strings database.jks

unzip app.war

Test for injections (XSS, SQLi):

• SQLmap for automated database injections:

sqlmap -u “https://account-settingfbads10110299482.vercel.app/?fbclid=” –random-agent –batch –crawl=3

Further SSL Analysis:

• Check SSL certificate details more deeply for anomalies or issuer details:

openssl s_client -connect account-settingfbads10110299482.vercel.app:443

Check for Open Directories:

• Use tools like dirsearch or feroxbuster with a more extensive wordlist to enumerate directories.

feroxbuster -u https://account-settingfbads10110299482.vercel.app -w /path/to/wordlist.txt

Test for Subdomains:

• Use tools like sublist3r or amass to enumerate subdomains:

sublist3r -d account-settingfbads10110299482.vercel.app

✅ Detailed Analysis of Your Findings:

After analyzing the files and results, here’s a clear breakdown and interpretation:

🔍 1. File Inspection Results:

📂 database.jks Analysis

• The file database.jks is not a real Java Keystore (JKS) file but rather an HTML phishing landing page designed to impersonate Facebook:
• Purpose: Clearly crafted to deceive victims into believing their Facebook page is scheduled for deletion due to policy violations, enticing them into submitting credentials.

📂 app.war Analysis

• app.war is NOT a valid .war (web application archive) file, as indicated by

End-of-central-directory signature not found.

• This indicates a false positive (dummy or placeholder) response from the server.