Report - 0gyc79.duckdns.org/

Report Overview

Submitted URL
0gyc79.duckdns.org/
IP
104.255.153.198
ASN
#7040 NETMINDERS
Submitted
2024-05-10 17:14:20
Access
public
Website Title
undefined
Final URL
0gyc79.duckdns.org/
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
22
Network Intrusion Detection
42
Threat Detection Systems
42

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
0gyc79.duckdns.org	unknown	unknown	No data	No data	7.6 kB	1.6 MB	104.255.153.198
cdn.dcloud.net.cn	116868	2013-07-17	2018-09-15	2024-05-08	434 B	577 B	111.231.169.247

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 17:13:55	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:55	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:55	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:55	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:55	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:55	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:55	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:55	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 17:13:56	medium	Client IP	104.255.153.198	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed
2024-05-10	medium	0gyc79.duckdns.org	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	0gyc79.duckdns.org/	0 B	2023-03-07	2024-05-20
Pretty URL 0gyc79.duckdns.org/ IP 104.255.153.198 ASN #7040 NETMINDERS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 21:09:30 Times Seen37892864 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	0gyc79.duckdns.org/assets/index-a3f073a0.js	96 kB	2024-05-09	2024-05-17
Pretty URL 0gyc79.duckdns.org/assets/index-a3f073a0.js IP 104.255.153.198 ASN #7040 NETMINDERS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 07:52:42 Last Seen2024-05-17 14:28:31 Times Seen8 Hash 5c03359f4b1d676702371b8a13bc9c8c 54b0ef019e66fe056e93794cccc39a7ddbb78bb5 afb7780a0afb3f7bdb63200ae54fe51473d2ef5c28a6c3af0f263e2922993183 Loading...

	0gyc79.duckdns.org/assets/pages-index-index.7b6c1bb5.js	8.1 kB	2024-05-09	2024-05-17
Pretty URL 0gyc79.duckdns.org/assets/pages-index-index.7b6c1bb5.js IP 104.255.153.198 ASN #7040 NETMINDERS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-09 07:52:42 Last Seen2024-05-17 14:28:31 Times Seen8 Hash 71ecb39bfd1ae099e7d71cbe47f8912d 73850a58817190ff14df41bb56d7109c252381ec 19fe381743e14f6befce6298e5a90405d44f433bfadd37abce7afab13e596dc1 Loading...

		Size	First Seen	Last Seen
	#1 Write - 3d5272693eb411e5b8b13a243f76c720	148 B	2023-03-07	2024-05-20
Pretty Observations First Seen2023-03-07 01:10:06 Last Seen2024-05-20 20:23:28 Times Seen1769 Hash 3d5272693eb411e5b8b13a243f76c720 6a586ab8e0a4bf12bbc60eea6ca9f2418625a22c 9582f31f9eb892b8823a780e579d464d54e26d97d65dc327d2b2bdd92d47c4b8 Loading...

HTTP Transactions (22)

URL IP Response Size

0gyc79.duckdns.org/

104.255.153.198

200 OK

840 B

URL User Request GET HTTP/1.1
0gyc79.duckdns.org/
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

File type
HTML document, ASCII text
Size
840 B (840 bytes)
Hash
347a4ac5cc6f8d4a255e22bd082fbc04
de2b21cbdf5b80895956a979fba7df682075d45b
87da5f189257721a13c77f7bb32dd3613e3a0a2356ced729ea0cc9a4bdac2c42

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET / HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:55 GMT
Content-Type: text/html
Content-Length: 840
Last-Modified: Sat, 16 Mar 2024 15:48:19 GMT
Connection: keep-alive
ETag: "65f5bf43-348"
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/uni.07e52d16.css

104.255.153.198

200 OK

489 B

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/uni.07e52d16.css
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
ASCII text, with very long lines (1092)
Size
489 B (489 bytes)
Hash
82870e926b8f0acf2a17a418ee02a597
fd01a21c47c165f82303a1cae409521c7483d34d
07e52d16eab103cde90a03bb0f7285a1366ae5874ee1f00841d645ff43966634

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/uni.07e52d16.css HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:55 GMT
Content-Type: text/css
Last-Modified: Mon, 19 Feb 2024 15:45:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65d3777f-445"
Expires: Sat, 11 May 2024 05:13:55 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

0gyc79.duckdns.org/assets/index-44297b41.css

104.255.153.198

200 OK

1.5 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/index-44297b41.css
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
ASCII text, with very long lines (3779)
Size
1.5 kB (1479 bytes)
Hash
7d3ce4022c21d70bdf616ee723f04510
c0855c1fbe6f7bab264869fb111da9cec6da7d27
44297b414ff828ce846be5e65b9c2f267e6ea6295e065f91eea35f1833d4069d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/index-44297b41.css HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:55 GMT
Content-Type: text/css
Last-Modified: Mon, 19 Feb 2024 15:45:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65d3777f-ec4"
Expires: Sat, 11 May 2024 05:13:55 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

0gyc79.duckdns.org/assets/index-a3f073a0.js

104.255.153.198

200 OK

40 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/index-a3f073a0.js
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (59880)
Size
40 kB (40191 bytes)
Hash
5c03359f4b1d676702371b8a13bc9c8c
54b0ef019e66fe056e93794cccc39a7ddbb78bb5
afb7780a0afb3f7bdb63200ae54fe51473d2ef5c28a6c3af0f263e2922993183

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/index-a3f073a0.js HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:55 GMT
Content-Type: application/javascript
Last-Modified: Mon, 19 Feb 2024 15:45:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65d3777f-1762e"
Expires: Sat, 11 May 2024 05:13:55 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

0gyc79.duckdns.org/assets/pages-index-index.7b6c1bb5.js

104.255.153.198

200 OK

4.8 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/pages-index-index.7b6c1bb5.js
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (7759)
Size
4.8 kB (4771 bytes)
Hash
71ecb39bfd1ae099e7d71cbe47f8912d
73850a58817190ff14df41bb56d7109c252381ec
19fe381743e14f6befce6298e5a90405d44f433bfadd37abce7afab13e596dc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/pages-index-index.7b6c1bb5.js HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/assets/index-a3f073a0.js
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: application/javascript
Last-Modified: Tue, 02 Apr 2024 10:08:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"660bd931-1f8a"
Expires: Sat, 11 May 2024 05:13:56 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

0gyc79.duckdns.org/favicon.ico

104.255.153.198

404 Not Found

146 B

URL GET HTTP/1.1
0gyc79.duckdns.org/favicon.ico
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

0gyc79.duckdns.org/static/css/index.css

104.255.153.198

200 OK

1.3 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/static/css/index.css
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
Unicode text, UTF-8 text
Size
1.3 kB (1254 bytes)
Hash
2cdaac6f028ba5291f9142b2386d355c
aadcb0d76134230ed2f88f3449277f7d0ac534ef
21ca84f6f6bbfe2a4e27b23704634f80a67ce9d33d23d26e961603bd1a42f22d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /static/css/index.css HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: text/css
Last-Modified: Sat, 16 Mar 2024 15:16:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"65f5b7ce-1010"
Expires: Sat, 11 May 2024 05:13:56 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

0gyc79.duckdns.org/assets/wenzi2-d5a2a494.png

104.255.153.198

200 OK

8.5 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/wenzi2-d5a2a494.png
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
PNG image data, 347 x 179, 8-bit/color RGB, non-interlaced
Size
8.5 kB (8455 bytes)
Hash
d9aa131a86a8cd4058bc46eb96afb14f
70ff66fdb08773c080c65c1c4e1150c660ba46e9
d5a2a49470cf7a7063292ec14f1baa47cc41dd6459528db1bc25286d4c566e4e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/wenzi2-d5a2a494.png HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/png
Content-Length: 8455
Last-Modified: Mon, 19 Feb 2024 15:45:03 GMT
Connection: keep-alive
ETag: "65d3777f-2107"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/wenzi0-3f132efc.png

104.255.153.198

200 OK

9.8 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/wenzi0-3f132efc.png
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
PNG image data, 345 x 171, 8-bit/color RGBA, non-interlaced
Size
9.8 kB (9773 bytes)
Hash
0ef28d6e07df1259c56186bdf8f2248d
a112f98701a11a321e199f7d40675fc51d1f1005
d37372b4fdda1878546c9e2dca770ddb718dfd03be3b14f07a3f703092c54863

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/wenzi0-3f132efc.png HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/png
Content-Length: 9773
Last-Modified: Sat, 16 Mar 2024 15:18:38 GMT
Connection: keep-alive
ETag: "65f5b84e-262d"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/4-85522e9e.jpg

104.255.153.198

200 OK

108 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/4-85522e9e.jpg
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 564x1333, components 3
Size
108 kB (108084 bytes)
Hash
2fc3da553bf4ea84a240ef43e9fbcd9b
83dddda7789b7eb75d53af4099457854ee37c310
85522e9e0cd1b576f002745cd22c84b3fd797e2eacdf35319e85d29c5e6a0549

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/4-85522e9e.jpg HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/jpeg
Content-Length: 108084
Last-Modified: Sat, 16 Mar 2024 15:43:02 GMT
Connection: keep-alive
ETag: "65f5be06-1a634"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/wenzi1-d1d062fe.png

104.255.153.198

200 OK

9.8 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/wenzi1-d1d062fe.png
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
PNG image data, 345 x 171, 8-bit/color RGBA, non-interlaced
Size
9.8 kB (9773 bytes)
Hash
0ef28d6e07df1259c56186bdf8f2248d
a112f98701a11a321e199f7d40675fc51d1f1005
d37372b4fdda1878546c9e2dca770ddb718dfd03be3b14f07a3f703092c54863

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/wenzi1-d1d062fe.png HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/png
Content-Length: 9773
Last-Modified: Sat, 16 Mar 2024 15:19:00 GMT
Connection: keep-alive
ETag: "65f5b864-262d"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/topbanner-b629c3c2.png

104.255.153.198

200 OK

56 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/topbanner-b629c3c2.png
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
PNG image data, 676 x 280, 8-bit/color RGBA, non-interlaced
Size
56 kB (56056 bytes)
Hash
4f7c6dc5b014b9fa00df6377b47a0312
735cde6d5a83b407a4f9dadef90d0dcc10bd5d92
b629c3c290d55f4bdc6aace4dfb809fe6a388df4a793a4b33364ca75dd0fd1f2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/topbanner-b629c3c2.png HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/png
Content-Length: 56056
Last-Modified: Mon, 19 Feb 2024 15:45:03 GMT
Connection: keep-alive
ETag: "65d3777f-daf8"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/logo-f24f6eb0.png

104.255.153.198

200 OK

8.6 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/logo-f24f6eb0.png
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
PNG image data, 564 x 126, 8-bit/color RGBA, non-interlaced
Size
8.6 kB (8636 bytes)
Hash
278190a0918d1bdba49ed5bdb2e99eb7
c73d5dbd405018c5897deec1775ca491d96578a3
22de9975408fe75e94c2ec2c612bd874eb4ee7e158b900294ba4285fdf2f05a3

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/logo-f24f6eb0.png HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/png
Content-Length: 8636
Last-Modified: Sat, 16 Mar 2024 15:24:51 GMT
Connection: keep-alive
ETag: "65f5b9c3-21bc"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/static/images/logo1.png

104.255.153.198

200 OK

133 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/static/images/logo1.png
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
PNG image data, 376 x 814, 8-bit/color RGBA, non-interlaced
Size
133 kB (133163 bytes)
Hash
8212e89a6d6a8a399e7408dd13cf1b71
9879e0d339615ae4241ad74447a9a2025012ddeb
14a076d4b530a76243d0eb747207210a8f7037d5afb2672d907e0b79c1993540

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /static/images/logo1.png HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/static/css/index.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/png
Content-Length: 133163
Last-Modified: Sat, 16 Mar 2024 15:00:47 GMT
Connection: keep-alive
ETag: "65f5b41f-2082b"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/5-8a4879e9.jpg

104.255.153.198

200 OK

220 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/5-8a4879e9.jpg
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1260x2467, components 3
Size
220 kB (220434 bytes)
Hash
70d4ce3151128521dbf612eb23d3d478
4f19243bbd203394289bce990a36fbd636ffb4cf
604972b1f9b31f40ed54a231c5f55e25f41b138bc43f06c1777f8d90fc70b628

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/5-8a4879e9.jpg HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/jpeg
Content-Length: 220434
Last-Modified: Sat, 16 Mar 2024 15:45:24 GMT
Connection: keep-alive
ETag: "65f5be94-35d12"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/7-499c11e1.jpg

104.255.153.198

200 OK

173 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/7-499c11e1.jpg
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1260x2607, components 3
Size
173 kB (172925 bytes)
Hash
9049d9546194dbd2fa7abbbd2576952a
40fa92690a04d4a5d744e49372af725bf1ac26b1
fcef8054e8c4f1db57ef18f1a261c7feb2270c9b2858882bf10884e86a36d5ef

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/7-499c11e1.jpg HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/jpeg
Content-Length: 172925
Last-Modified: Sat, 16 Mar 2024 15:39:55 GMT
Connection: keep-alive
ETag: "65f5bd4b-2a37d"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/3-9f7c6283.jpg

104.255.153.198

200 OK

193 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/3-9f7c6283.jpg
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 1067x2117, components 3
Size
193 kB (192957 bytes)
Hash
9bb7d5837da189a0dd3e628b83ea65a8
2b6737d37e37d4df6d2e9ad9274987a620019d0f
9f7c6283db42f8966f0e809a7202b6e2f2f18f9e1e0c10eb90379b9b5a13a62c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/3-9f7c6283.jpg HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/jpeg
Content-Length: 192957
Last-Modified: Sat, 16 Mar 2024 15:43:01 GMT
Connection: keep-alive
ETag: "65f5be05-2f1bd"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/6-e431ac81.jpg

104.255.153.198

200 OK

152 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/6-e431ac81.jpg
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1260x2462, components 3
Size
152 kB (152169 bytes)
Hash
b3a3f10a85ad8729318afdf97ea72236
a7f78663d1eaffc7d33df6f949e4b8285116be37
9851f0ef6ec7d7012161ba7de43dfe61ae0683b69c9a9fe34251fe32f4b41e34

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/6-e431ac81.jpg HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/jpeg
Content-Length: 152169
Last-Modified: Sat, 16 Mar 2024 15:45:16 GMT
Connection: keep-alive
ETag: "65f5be8c-25269"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/tu1-b1ddc6d0.png

104.255.153.198

200 OK

39 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/tu1-b1ddc6d0.png
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
PNG image data, 287 x 431, 8-bit/color RGB, non-interlaced
Size
39 kB (38803 bytes)
Hash
5d61e494cb6055df1f25bdb919335159
96abee1d2dd6a81dcae0e644e21754e6ddac660e
b1ddc6d02f7c472793efc4b57a5e7399d9578ffaadca2ca924fc74b4852bdcd1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/tu1-b1ddc6d0.png HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/png
Content-Length: 38803
Last-Modified: Mon, 19 Feb 2024 15:45:03 GMT
Connection: keep-alive
ETag: "65d3777f-9793"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/1-85b7a68d.jpg

104.255.153.198

200 OK

158 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/1-85b7a68d.jpg
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1258x2464, components 3
Size
158 kB (158452 bytes)
Hash
93e7608cc20f25b39c76d38762ba5979
249e2f687edcef851136fb37ef27893eb273d5fe
ffd083934935c13e41a58e4f974ae5b982ca650cfa84b8b6425d043fe53393db

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/1-85b7a68d.jpg HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/jpeg
Content-Length: 158452
Last-Modified: Sat, 16 Mar 2024 15:45:18 GMT
Connection: keep-alive
ETag: "65f5be8e-26af4"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

0gyc79.duckdns.org/assets/2-fd352367.jpg

104.255.153.198

200 OK

234 kB

URL GET HTTP/1.1
0gyc79.duckdns.org/assets/2-fd352367.jpg
IP
104.255.153.198:80
ASN
#7040 NETMINDERS

Requested by
http://0gyc79.duckdns.org/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1244x2471, components 3
Size
234 kB (233564 bytes)
Hash
45b64cc832ecbb96d486e07c295f44b8
59aa62d512e7e6a3561702149ea6fc00733ab235
699845d02a197fb90e0adb264ead432f3a9daa6574c21f9c3dd6848f652ba87e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /assets/2-fd352367.jpg HTTP/1.1
Host: 0gyc79.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:56 GMT
Content-Type: image/jpeg
Content-Length: 233564
Last-Modified: Sat, 16 Mar 2024 15:45:45 GMT
Connection: keep-alive
ETag: "65f5bea9-3905c"
Expires: Sun, 09 Jun 2024 17:13:56 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

cdn.dcloud.net.cn/img/shadow-grey.png

111.231.169.247

200 OK

136 B

URL GET HTTP/1.1
cdn.dcloud.net.cn/img/shadow-grey.png
IP
111.231.169.247:443
ASN
#45090 Shenzhen Tencent Computer Systems Company Limited

Requested by
http://0gyc79.duckdns.org/
Certificate
IssuerUnizeto Technologies S.A.
Subject*.dcloud.net.cn
FingerprintAE:46:5C:A4:9B:D3:F7:AC:7D:5E:C7:27:E1:5F:C3:7C:DA:CE:F2:AC
ValiditySat, 05 Aug 2023 03:00:05 GMT - Tue, 03 Sep 2024 03:00:04 GMT

File type
PNG image data, 1 x 6, 4-bit colormap, non-interlaced
Size
136 B (136 bytes)
Hash
5a962adf74d92ae702467b3f47976547
36f74049375584e3fa69b5ef87e9572336ff9e7a
ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f

HTTP Headers

GET /img/shadow-grey.png HTTP/1.1
Host: cdn.dcloud.net.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://0gyc79.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 17:13:59 GMT
Content-Type: image/png
Content-Length: 136
Last-Modified: Thu, 06 Jun 2019 06:42:07 GMT
Connection: close
ETag: "5cf8b5bf-88"
Expires: Fri, 10 May 2024 19:13:59 GMT
Cache-Control: max-age=7200
Set-Cookie: __uni__uid=rBEQUmY+Vddizgxoo6BSAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=dcloud.net.cn; path=/; secure; httponly; samesite=none
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (22)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by