Report - riki361521373.duckdns.org/invalid.html

Report Overview

Submitted URL
riki361521373.duckdns.org/invalid.html
IP
47.254.253.51
ASN
#45102 Alibaba US Technology Co., Ltd.
Submitted
2023-06-02 01:19:25
Access
public
Website Title
Final URL
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
17
Network Intrusion Detection
44
Threat Detection Systems
64

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
riki361521373.duckdns.org	unknown	2013-04-12	2023-05-31	2023-06-01	6.1 kB	284 kB	47.254.253.51

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-02 01:19:06	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:06	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:06	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:06	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:06	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:06	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:07	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:07	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:07	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:07	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:07	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:07	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:07	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:07	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:07	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:07	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:08	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:08	high	47.254.253.51	Client IP	ET PHISHING Facebook Credential Phish Landing Page M1 2022-08-01
2023-06-02 01:19:08	high	47.254.253.51	Client IP	ET PHISHING Facebook Credential Phish Landing Page M2 2022-08-01
2023-06-02 01:19:08	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:08	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:08	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:08	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:08	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:08	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:08	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:08	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:08	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:08	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:08	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:09	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:09	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:09	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-06-02 01:19:09	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-06-02 01:19:09	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-06-02 01:19:09	medium	Client IP	47.254.253.51	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-01	medium	riki361521373.duckdns.org/invalid.html
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/
2023-05-31	medium	riki361521373.duckdns.org/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org
2023-06-02	medium	riki361521373.duckdns.org

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	riki361521373.duckdns.org/invalid.html	381 B	2023-03-07	2023-10-09
Pretty URL riki361521373.duckdns.org/invalid.html IP 47.254.253.51 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:50:19 Last Seen2023-10-09 02:50:00 Times Seen78 Hash c6e298b1d2429cbfc145b633c34389be 3229d66e00476d19e9e0fc58f3d3b6ab65ed7490 c8a4eb2f851cfe5b9daffffbc17184af5bda3480ae354f004de07953689d5d71 Loading...

	riki361521373.duckdns.org/invalid.html	506 B	2023-03-07	2023-10-09
Pretty URL riki361521373.duckdns.org/invalid.html IP 47.254.253.51 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:50:19 Last Seen2023-10-09 02:50:00 Times Seen78 Hash 0dbb80982898b51d38de8b2e9cb595c8 6146eaa434ea31c1fbc731fef73b010e39481a86 b8b8b06a337b3a83686bf86c0c9ca3dc6bc300f266e3104a9f10ed8b7c87af7a Loading...

	riki361521373.duckdns.org/invalid.html	170 B	2023-03-07	2023-10-09
Pretty URL riki361521373.duckdns.org/invalid.html IP 47.254.253.51 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 16:50:19 Last Seen2023-10-09 02:50:00 Times Seen78 Hash 9634147b27d025e7553f7c0fc1c1a277 a97fc9beec6b153208b7c0b52ff144bdafb80c59 b1c77116d4550c80a45b3dc1d535cfce06d3544e1daf3c645afb6e3a469f2d64 Loading...

HTTP Transactions (16)

URL IP Response Size

riki361521373.duckdns.org/invalid.html

47.254.253.51

200 OK

3.1 kB

URL User Request GET HTTP/1.1
riki361521373.duckdns.org/invalid.html
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (523), with CRLF line terminators
Size
3.1 kB (3060 bytes)
Hash
0d3b582d5d6bede0dca140d7e7af4d0e
e54d147964e7623f6338364ff87b853c75a0853f
f7aaaca92c45a4e999af4a46dc4899599cd6536f31228d0a3000a34e14e4711e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	high	ET PHISHING Facebook Credential Phish Landing Page M1 2022-08-01
suricata	high	ET PHISHING Facebook Credential Phish Landing Page M2 2022-08-01

HTTP Headers

GET /invalid.html HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Etag: "3564-62fbdd14-142a89;gz"
Last-Modified: Tue, 16 Aug 2022 18:08:20 GMT
Content-Type: text/html
Content-Length: 3060
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:07 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/css/f/1-KA_puvd3z6.css

47.254.253.51

200 OK

12 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/css/f/1-KA_puvd3z6.css
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
ASCII text, with very long lines (4404)
Size
12 kB (12416 bytes)
Hash
823fb0bde1638cbe90c54a2ede34354d
ad1c8ee4fd62115c4d3c5a021f01994585132ec5
2becd2fe4a703fa46bd985f71ac02b18c3e46db18ad69a9c8b1c8c4c05f9c1a1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/f/1-KA_puvd3z6.css HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:08 GMT
Etag: "d1f8-616d28c6-142a90;gz"
Last-Modified: Mon, 18 Oct 2021 07:56:54 GMT
Content-Type: text/css
Content-Length: 12416
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:08 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/css/f/vd5Go76gH.css

47.254.253.51

200 OK

3.7 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/css/f/vd5Go76gH.css
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
ASCII text, with very long lines (3836)
Size
3.7 kB (3711 bytes)
Hash
2643910fde59b74a69a6bce85782cb8f
bf08698ab15d3ae0edaa8433336efc2209e210f1
dd3a67a7299a242c3b49064be260e5f6e937ac36d91fead6453daea315a614ad

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/f/vd5Go76gH.css HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:08 GMT
Etag: "38c2-60ce2b00-142a9a;gz"
Last-Modified: Sat, 19 Jun 2021 17:36:00 GMT
Content-Type: text/css
Content-Length: 3711
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:08 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/css/f/fe46Dg9Fy7.css

47.254.253.51

200 OK

3.5 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/css/f/fe46Dg9Fy7.css
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
ASCII text, with very long lines (19867), with no line terminators
Size
3.5 kB (3502 bytes)
Hash
fda996c9efb647f4acb977ab7c2a6750
d2ae51cb606963d645e4a1c89031891c8d5b9f56
58ca5e14a6cbcd2d21e53994a6b8aee07e6962b0d39202db0c7603bbf7fff459

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/f/fe46Dg9Fy7.css HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:08 GMT
Etag: "4d9b-60cddbda-142a92;gz"
Last-Modified: Sat, 19 Jun 2021 11:58:18 GMT
Content-Type: text/css
Content-Length: 3502
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:08 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/css/f/vd5Go76gH.css

47.254.253.51

200 OK

3.7 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/css/f/vd5Go76gH.css
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
ASCII text, with very long lines (3836)
Size
3.7 kB (3711 bytes)
Hash
2643910fde59b74a69a6bce85782cb8f
bf08698ab15d3ae0edaa8433336efc2209e210f1
dd3a67a7299a242c3b49064be260e5f6e937ac36d91fead6453daea315a614ad

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/f/vd5Go76gH.css HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:08 GMT
Etag: "38c2-60ce2b00-142a9a;gz"
Last-Modified: Sat, 19 Jun 2021 17:36:00 GMT
Content-Type: text/css
Content-Length: 3711
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:08 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/css/f/fe46Dg9Fy7.css

47.254.253.51

200 OK

3.5 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/css/f/fe46Dg9Fy7.css
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
ASCII text, with very long lines (19867), with no line terminators
Size
3.5 kB (3502 bytes)
Hash
fda996c9efb647f4acb977ab7c2a6750
d2ae51cb606963d645e4a1c89031891c8d5b9f56
58ca5e14a6cbcd2d21e53994a6b8aee07e6962b0d39202db0c7603bbf7fff459

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/f/fe46Dg9Fy7.css HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:08 GMT
Etag: "4d9b-60cddbda-142a92;gz"
Last-Modified: Sat, 19 Jun 2021 11:58:18 GMT
Content-Type: text/css
Content-Length: 3502
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:08 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/css/f/uYL8jyMVYgX.css

47.254.253.51

200 OK

14 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/css/f/uYL8jyMVYgX.css
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
ASCII text, with very long lines (11447)
Size
14 kB (14042 bytes)
Hash
324990d3e46c44eda751dd4bdbdd311a
fc41762dcc9c3a6fb485cf2daeaae4b201a3eb54
7bbdc460f0a880e5fe3faabbcb121f05b373ae8ced6b5069952235cb3e50da03

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/f/uYL8jyMVYgX.css HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:08 GMT
Etag: "13e84-61645592-142a96;gz"
Last-Modified: Mon, 11 Oct 2021 15:17:38 GMT
Content-Type: text/css
Content-Length: 14042
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:08 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/css/f/GuwON2vS.css

47.254.253.51

200 OK

98 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/css/f/GuwON2vS.css
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
ASCII text, with very long lines (38737)
Size
98 kB (97789 bytes)
Hash
b960b2727934209ef29ea4e87ff3a121
9cd7b3cba2070db14d7d1309cca18bde58727f5a
5f50b4222086248bb446d6db96e7a2dc532b66ad759e40edfd7197e50d6be528

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/f/GuwON2vS.css HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:08 GMT
Etag: "558ad-616d28e0-142a93;gz"
Last-Modified: Mon, 18 Oct 2021 07:57:20 GMT
Content-Type: text/css
Content-Length: 97789
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:08 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/css/f/nborelSu4U-.css

47.254.253.51

200 OK

1.3 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/css/f/nborelSu4U-.css
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
ASCII text, with very long lines (4574)
Size
1.3 kB (1293 bytes)
Hash
b44b1c5c21d1239b31ff6ddc393223d4
8cb0f7df5b6f69c0a395638adb549d977b6007bc
b974953d54dfa068afa6044858ef346745c03aa38cee59d4c695eb2d641e757c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/f/nborelSu4U-.css HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:08 GMT
Etag: "122e-60816e30-142a94;gz"
Last-Modified: Thu, 22 Apr 2021 12:38:08 GMT
Content-Type: text/css
Content-Length: 1293
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:08 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/css/f/nborelSu4U-.css

47.254.253.51

200 OK

1.3 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/css/f/nborelSu4U-.css
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
ASCII text, with very long lines (4574)
Size
1.3 kB (1293 bytes)
Hash
b44b1c5c21d1239b31ff6ddc393223d4
8cb0f7df5b6f69c0a395638adb549d977b6007bc
b974953d54dfa068afa6044858ef346745c03aa38cee59d4c695eb2d641e757c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/f/nborelSu4U-.css HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:08 GMT
Etag: "122e-60816e30-142a94;gz"
Last-Modified: Thu, 22 Apr 2021 12:38:08 GMT
Content-Type: text/css
Content-Length: 1293
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:08 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/css/f/uYL8jyMVYgX.css

47.254.253.51

200 OK

14 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/css/f/uYL8jyMVYgX.css
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
ASCII text, with very long lines (11447)
Size
14 kB (14042 bytes)
Hash
324990d3e46c44eda751dd4bdbdd311a
fc41762dcc9c3a6fb485cf2daeaae4b201a3eb54
7bbdc460f0a880e5fe3faabbcb121f05b373ae8ced6b5069952235cb3e50da03

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/f/uYL8jyMVYgX.css HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:08 GMT
Etag: "13e84-61645592-142a96;gz"
Last-Modified: Mon, 11 Oct 2021 15:17:38 GMT
Content-Type: text/css
Content-Length: 14042
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:08 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/css/f/1-KA_puvd3z6.css

47.254.253.51

200 OK

12 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/css/f/1-KA_puvd3z6.css
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
ASCII text, with very long lines (4404)
Size
12 kB (12416 bytes)
Hash
823fb0bde1638cbe90c54a2ede34354d
ad1c8ee4fd62115c4d3c5a021f01994585132ec5
2becd2fe4a703fa46bd985f71ac02b18c3e46db18ad69a9c8b1c8c4c05f9c1a1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/f/1-KA_puvd3z6.css HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:09 GMT
Etag: "d1f8-616d28c6-142a90;gz"
Last-Modified: Mon, 18 Oct 2021 07:56:54 GMT
Content-Type: text/css
Content-Length: 12416
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:09 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/css/f/GuwON2vS.css

47.254.253.51

200 OK

98 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/css/f/GuwON2vS.css
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
ASCII text, with very long lines (38737)
Size
98 kB (97789 bytes)
Hash
b960b2727934209ef29ea4e87ff3a121
9cd7b3cba2070db14d7d1309cca18bde58727f5a
5f50b4222086248bb446d6db96e7a2dc532b66ad759e40edfd7197e50d6be528

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/f/GuwON2vS.css HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:08 GMT
Etag: "558ad-616d28e0-142a93;gz"
Last-Modified: Mon, 18 Oct 2021 07:57:20 GMT
Content-Type: text/css
Content-Length: 97789
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:08 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/img/Screenshot_2.png

47.254.253.51

200 OK

5.8 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/img/Screenshot_2.png
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
PNG image data, 493 x 121, 8-bit/color RGBA, non-interlaced\012- data
Size
5.8 kB (5750 bytes)
Hash
7f59cd4923ec112f3e9fd4d3a89beb71
617267f1467e53c835bb87b9aefc3abdde61437d
b08c62cb2476f540d1cd10ea287b223afa60c3b221c10af76a4d6d5af523317f

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /img/Screenshot_2.png HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:09 GMT
Etag: "1676-62a306c0-142ae7;;;"
Last-Modified: Fri, 10 Jun 2022 08:54:24 GMT
Content-Type: image/png
Content-Length: 5750
Accept-Ranges: bytes
Date: Fri, 02 Jun 2023 01:19:09 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/img/LgoFSecoKE.png

47.254.253.51

200 OK

2.8 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/img/LgoFSecoKE.png
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
PNG image data, 104 x 86, 8-bit colormap, non-interlaced\012- data
Size
2.8 kB (2809 bytes)
Hash
297dabe77f9a04cb0a04cd31f0e0106a
c0d9a23cb9d50140af63011108c05838e43ebac3
616e9846faffc87367a4b576937951e70b5aa828cc56d3439982a5052aad5525

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /img/LgoFSecoKE.png HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/css/f/GuwON2vS.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:09 GMT
Etag: "af9-60816e74-142acb;;;"
Last-Modified: Thu, 22 Apr 2021 12:39:16 GMT
Content-Type: image/png
Content-Length: 2809
Accept-Ranges: bytes
Date: Fri, 02 Jun 2023 01:19:09 GMT
Server: LiteSpeed
Connection: Keep-Alive

riki361521373.duckdns.org/img/hLr6bu_y0J.ico

47.254.253.51

200 OK

1.1 kB

URL GET HTTP/1.1
riki361521373.duckdns.org/img/hLr6bu_y0J.ico
IP
47.254.253.51:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://riki361521373.duckdns.org/invalid.html

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
1.1 kB (1135 bytes)
Hash
8cddca427dae9b925e73432f8733e05a
1999a6f624a25cfd938eef6492d34fdc4f55dedc
89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	Facebook, Inc.
quad9	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /img/hLr6bu_y0J.ico HTTP/1.1
Host: riki361521373.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://riki361521373.duckdns.org/invalid.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Fri, 09 Jun 2023 01:19:09 GMT
Etag: "10be-60816f4a-142ac9;gz"
Last-Modified: Thu, 22 Apr 2021 12:42:50 GMT
Content-Type: image/x-icon
Content-Length: 1135
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 02 Jun 2023 01:19:09 GMT
Server: LiteSpeed
Connection: Keep-Alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size