Report - 431yuk.duckdns.org/

Report Overview

Visited public
2023-12-01 15:13:40
Tags
dyndns
URL
431yuk.duckdns.org/
Finishing URL
431yuk.duckdns.org/
IP / ASN
199.167.138.162
#15162 NETMINDERS-SERVER-HOSTING
Title
431yuk.duckdns.org/
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
431yuk.duckdns.org	unknown	unknown	No data	No data	6.6 kB	1.3 MB	199.167.138.162

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:26	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:27	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-01 15:13:27	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 15:13:27	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 15:13:27	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	431yuk.duckdns.org/script.js	ScriptElement	811 B	2023-03-07	2023-12-01
Pretty URL 431yuk.duckdns.org/script.js IP 199.167.138.162 ASN #15162 NETMINDERS-SERVER-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12 Last Seen2023-12-01 16:21 Times Seen3 Hash ba3b83549689e44da226639480c0017b 0ef34e12591f37e4beaaa38d15c1b02261bb3d69 a7f1c847cab7e7373cd60145c23ff3754c1fd8964f0869fee05086a1eeb8433e Loading...

	431yuk.duckdns.org/	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL 431yuk.duckdns.org/ IP 199.167.138.162 ASN #15162 NETMINDERS-SERVER-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 06:49 Times Seen4651460 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	431yuk.duckdns.org/	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL 431yuk.duckdns.org/ IP 199.167.138.162 ASN #15162 NETMINDERS-SERVER-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 06:49 Times Seen4651460 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	431yuk.duckdns.org/	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL 431yuk.duckdns.org/ IP 199.167.138.162 ASN #15162 NETMINDERS-SERVER-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 06:49 Times Seen4651460 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (18)

URL IP Response Size

431yuk.duckdns.org/

199.167.138.162

1.2 kB

URL User Request GET
431yuk.duckdns.org/
IP
199.167.138.162:0
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Non-ISO extended-ASCII text, with CRLF line terminators
Size
1.2 kB (1232 bytes)
Hash
c7fb272feb3e7cab8eb3c68fa05e06a7
6db7f31725675d26562a05caa70d5478ca8cd61b
9a98a55557d032b5668cb2aacb0123f458caa4495c03475ddab8470d583ca0a7

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET / HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:21 GMT
Content-Type: text/html
Last-Modified: Fri, 01 Dec 2023 15:09:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6569f729-ff4"
Content-Encoding: gzip

431yuk.duckdns.org/script.js

199.167.138.162

200 OK

811 B

URL GET HTTP/1.1
431yuk.duckdns.org/script.js
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
811 B (811 bytes)
Hash
ba3b83549689e44da226639480c0017b
0ef34e12591f37e4beaaa38d15c1b02261bb3d69
a7f1c847cab7e7373cd60145c23ff3754c1fd8964f0869fee05086a1eeb8433e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /script.js HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: application/javascript
Content-Length: 811
Last-Modified: Sun, 07 May 2023 08:21:28 GMT
Connection: keep-alive
ETag: "64575f88-32b"
Expires: Sat, 02 Dec 2023 03:13:22 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

431yuk.duckdns.org/css/index.css

199.167.138.162

200 OK

1.4 kB

URL GET HTTP/1.1
431yuk.duckdns.org/css/index.css
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.4 kB (1384 bytes)
Hash
fe089054089bfc3ffd10e12517420181
9adc1546d5cff7f2e5f474d4b66432db4a0dd7db
e2c210653f5f8a31a5629528431083688540f686a332b9eb9fbc242a09810929

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/index.css HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: text/css
Last-Modified: Sun, 09 Apr 2023 15:34:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6432db22-1387"
Expires: Sat, 02 Dec 2023 03:13:22 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

431yuk.duckdns.org/images/2.png

199.167.138.162

200 OK

33 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/2.png
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
PNG image data, 355 x 161, 8-bit/color RGBA, non-interlaced\012- data
Size
33 kB (32973 bytes)
Hash
2357b063084c809e13b9b18cd4214e52
f4d9a5cb83a3199c5bcf6fd1b83cf844aa82475f
c8c043425b8bc37616a23b86318f446facd9177f2e90bdb315b921e5cb230cdc

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/2.png HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/png
Content-Length: 32973
Last-Modified: Mon, 10 Apr 2023 07:23:26 GMT
Connection: keep-alive
ETag: "6433b96e-80cd"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/images/1.png

199.167.138.162

200 OK

49 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/1.png
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
PNG image data, 355 x 247, 8-bit/color RGBA, non-interlaced\012- data
Size
49 kB (49307 bytes)
Hash
e4b7c52893de152f530aebb9b21ec4fe
36ab254dbc77ea8566bba035e0c94253ef119e39
df18af6ec92049e54245bb7ad008a8a80ce1e59ac46bde0f72273259a034dffa

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/1.png HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/png
Content-Length: 49307
Last-Modified: Mon, 10 Apr 2023 06:29:14 GMT
Connection: keep-alive
ETag: "6433acba-c09b"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/images/s7.jpg

199.167.138.162

200 OK

57 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/s7.jpg
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
PNG image data, 376 x 737, 8-bit/color RGBA, non-interlaced\012- data
Size
57 kB (57398 bytes)
Hash
b456f63b60523f90238970e36c1a60dd
bbacbc1adf62ddbbb2dbece469d32953285d6db7
051461721cafc1aead470fe37598b5551cad273ca1d4a298bba2e535651b179c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/s7.jpg HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/jpeg
Content-Length: 57398
Last-Modified: Mon, 10 Apr 2023 09:27:36 GMT
Connection: keep-alive
ETag: "6433d688-e036"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/images/s5.jpg

199.167.138.162

200 OK

123 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/s5.jpg
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
PNG image data, 376 x 685, 8-bit/color RGBA, non-interlaced\012- data
Size
123 kB (122783 bytes)
Hash
a8786b9f2e7ec75e2368443ecc964e5b
705bf3ffec6837573c905555ca30c226d1155ded
262598e06078aab643a5dddd38d8a24a21e0deb6539721b7ea39f1c84f0b3e0f

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/s5.jpg HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/jpeg
Content-Length: 122783
Last-Modified: Mon, 10 Apr 2023 09:27:34 GMT
Connection: keep-alive
ETag: "6433d686-1df9f"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/images/s1.jpg

199.167.138.162

200 OK

126 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/s1.jpg
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
PNG image data, 379 x 697, 8-bit/color RGBA, non-interlaced\012- data
Size
126 kB (125527 bytes)
Hash
e2189710abacf8667db4ba7c89eb321e
d922373985dd4cb5325f83a9cd8b6f5485166879
d881584174ce1b975f9584af0444646ba89d67a584011f8d96634544a2e8cb18

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/s1.jpg HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/jpeg
Content-Length: 125527
Last-Modified: Mon, 10 Apr 2023 09:27:36 GMT
Connection: keep-alive
ETag: "6433d688-1ea57"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/images/logo.png

199.167.138.162

200 OK

13 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/logo.png
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
PNG image data, 247 x 124, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (12623 bytes)
Hash
edceecd29fd70877fe80146a1403e7cd
dd4355f2915bcc4fb21382f4cd1def1d9ed07a65
d37fddfb1c36e398d28362e0033c48ce4a85f18e441b2c201bc927934f80a80b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/png
Content-Length: 12623
Last-Modified: Sun, 09 Apr 2023 15:30:44 GMT
Connection: keep-alive
ETag: "6432da24-314f"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/images/top.png

199.167.138.162

200 OK

51 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/top.png
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
PNG image data, 676 x 280, 8-bit/color RGB, non-interlaced\012- data
Size
51 kB (51082 bytes)
Hash
c2f9b38d71fa659a844a1b2aa8f59ea6
16162794ffa73014af78b6d4bf5767e49e624ce3
c971c81591bccc6d4ba3cf2b56451423d63c85d940424bc97fcb16335fcb5940

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/top.png HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/png
Content-Length: 51082
Last-Modified: Fri, 31 Mar 2023 08:26:28 GMT
Connection: keep-alive
ETag: "64269934-c78a"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/images/s2.jpg

199.167.138.162

200 OK

162 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/s2.jpg
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
PNG image data, 370 x 688, 8-bit/color RGBA, non-interlaced\012- data
Size
162 kB (162384 bytes)
Hash
b35938892206e13bfb6ba75e1eec526b
2be259cd0c7b3ee131db9b16a6d2f2dde4bd7647
cd8526a1ed16217273148b714456f751141b5aabdab83fa3d0c468bd01801964

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/s2.jpg HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/jpeg
Content-Length: 162384
Last-Modified: Mon, 10 Apr 2023 09:27:34 GMT
Connection: keep-alive
ETag: "6433d686-27a50"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/css/logo1.png

199.167.138.162

200 OK

116 kB

URL GET HTTP/1.1
431yuk.duckdns.org/css/logo1.png
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
PNG image data, 389 x 844, 8-bit/color RGBA, non-interlaced\012- data
Size
116 kB (116052 bytes)
Hash
5c07d6fc17fc451cc317ef65b1faf3d1
a755894a0c3a5008d2af0bf359329a2e4955dcbd
df1620527de99da9a68a0de47af09236accefae26b5cbc9dcbc7b6e0c9879799

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/logo1.png HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/css/index.css
Cookie: count_download=2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/png
Content-Length: 116052
Last-Modified: Sun, 09 Apr 2023 15:32:54 GMT
Connection: keep-alive
ETag: "6432daa6-1c554"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/images/22.png

199.167.138.162

200 OK

8.5 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/22.png
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
PNG image data, 387 x 177, 8-bit/color RGB, non-interlaced\012- data
Size
8.5 kB (8528 bytes)
Hash
1f51f752f84e3c8ea851b5cabf469261
2daf7fbd578c5abd0aa49262e72526f48d6c216d
c8099a545b49748a83286e245d7275f4ce0e67e47bdec5fbab63c88ee3734888

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/22.png HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/png
Content-Length: 8528
Last-Modified: Fri, 31 Mar 2023 08:26:28 GMT
Connection: keep-alive
ETag: "64269934-2150"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/images/33.png

199.167.138.162

200 OK

3.1 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/33.png
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
PNG image data, 182 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
3.1 kB (3064 bytes)
Hash
78c19804e6580c01d60a8fab511e2606
349463c008b743a532fea3ef26aec8de46bff7ba
6c248e215287f9644dffa6c9d63201b53b0cfc98ebc2ad20145a544d58e83d26

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/33.png HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/png
Content-Length: 3064
Last-Modified: Mon, 10 Apr 2023 07:32:14 GMT
Connection: keep-alive
ETag: "6433bb7e-bf8"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/images/s3.jpg

199.167.138.162

200 OK

289 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/s3.jpg
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 1067x2117, components 3\012- data
Size
289 kB (289300 bytes)
Hash
ddad4706482784de62697013908d92cb
3dc30c06937e3328b077855068e661e0f6b37cee
0e6fa14ad5416438d9ddc0a959b1061f8650f455faa33b36777ac657df6a3be0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/s3.jpg HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/jpeg
Content-Length: 289300
Last-Modified: Mon, 10 Apr 2023 08:19:48 GMT
Connection: keep-alive
ETag: "6433c6a4-46a14"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/images/s6.jpg

199.167.138.162

200 OK

119 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/s6.jpg
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
PNG image data, 378 x 692, 8-bit/color RGBA, non-interlaced\012- data
Size
119 kB (119017 bytes)
Hash
0016c65c8801a6a175ec8a99d3dcfdf6
d8a0b42fc159a4799f0cab0c144046486fdd42c2
5070faed45433f4acdfb481b0f7f0513a5c869aea55ac4d4840147b7ae1c784c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/s6.jpg HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/jpeg
Content-Length: 119017
Last-Modified: Mon, 10 Apr 2023 09:27:34 GMT
Connection: keep-alive
ETag: "6433d686-1d0e9"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/images/s4.jpg

199.167.138.162

200 OK

153 kB

URL GET HTTP/1.1
431yuk.duckdns.org/images/s4.jpg
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=2316, software=www.meitu.com, width=1080], baseline, precision 8, 564x1333, components 3\012- data
Size
153 kB (152739 bytes)
Hash
663be73947f896e15a22796222a1ac7b
50a569fed23d9f41667cc336cfff48dca0e5b4a7
5914154a24e03ba48b41a3cb701588b45c73fa2d24d907e976416416692b5a88

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /images/s4.jpg HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 15:13:22 GMT
Content-Type: image/jpeg
Content-Length: 152739
Last-Modified: Fri, 31 Mar 2023 08:26:28 GMT
Connection: keep-alive
ETag: "64269934-254a3"
Expires: Sun, 31 Dec 2023 15:13:22 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

431yuk.duckdns.org/favicon.ico

199.167.138.162

404 Not Found

146 B

URL GET HTTP/1.1
431yuk.duckdns.org/favicon.ico
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

Requested by
http://431yuk.duckdns.org/

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 431yuk.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://431yuk.duckdns.org/
Cookie: count_download=2
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 01 Dec 2023 15:13:23 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN