Report - kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b

Report Overview

Visited public
2023-09-24 12:44:44
Tags
dyndns
URL
kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b
Finishing URL
kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b
IP / ASN
47.245.123.34
#45102 Alibaba US Technology Co., Ltd.
Title
User Safety
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
kmdw7553dad6wd.duckdns.org	unknown	unknown	No data	No data	2.5 kB	363 kB	47.245.123.34

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-24 12:44:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 12:44:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 12:44:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 12:44:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 12:44:26	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 12:44:26	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 12:44:27	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 12:44:27	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 12:44:28	medium	Client IP	47.245.123.34	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-09-24 12:44:28	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 12:44:28	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 12:44:28	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 12:44:28	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 12:44:28	medium	Client IP	47.245.123.34	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-09-24 12:44:28	medium	Client IP	47.245.123.34	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-09-24 12:44:30	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 12:44:30	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 12:44:32	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 12:44:32	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 12:44:32	medium	Client IP	47.245.123.34	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-09-24 12:44:33	medium	Client IP	47.245.123.34	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-09-24 12:44:33	medium	Client IP	47.245.123.34	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-24	medium	kmdw7553dad6wd.duckdns.org	Sinkholed
2023-09-24	medium	kmdw7553dad6wd.duckdns.org	Sinkholed
2023-09-24	medium	kmdw7553dad6wd.duckdns.org	Sinkholed
2023-09-24	medium	kmdw7553dad6wd.duckdns.org	Sinkholed
2023-09-24	medium	kmdw7553dad6wd.duckdns.org	Sinkholed
2023-09-24	medium	kmdw7553dad6wd.duckdns.org	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b	ScriptElement	237 B	2023-03-07	2024-08-21
Pretty URL kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b IP 47.245.123.34 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:20 Last Seen2024-08-21 05:52 Times Seen21 Hash b839231686ec4ed0e6836031eb3b899f bf7fe877260c694977494e0323c972a89f9cd0f1 c149cd9397b337d1c1e5bc73ed283ba4b5390bbb7d93fab789355a97de9e5d58 Loading...

	kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b	ScriptElement	355 B	2023-03-07	2024-08-21
Pretty URL kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b IP 47.245.123.34 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:20 Last Seen2024-08-21 05:52 Times Seen21 Hash 25d16b5ec5b3344dce0dcc30773ecfb6 e37e5c15bb0dc6ac7802237a08b8c10ecbbbdd13 846ee8b3c31bbb3dfa6f2a775bdbb659675ea4371eb81db874ab79f2b4c2b196 Loading...

HTTP Transactions (6)

URL IP Response Size

kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b

47.245.123.34

200 OK

2.9 kB

URL User Request GET HTTP/1.1
kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b
IP
47.245.123.34:80
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (457), with CRLF line terminators
Size
2.9 kB (2920 bytes)
Hash
b1f18f4ed2c2fc2922419409f5d2ecaf
1a829223841068f77b8f457c68ae8047d3a349a5
ce6e632ef95ad5631cae3ad12eaf821732382298b261dbf5490c1293fa4af7d6

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /invalid.php?token=Unndajj88123nNAshda4r774b HTTP/1.1
Host: kmdw7553dad6wd.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 2920
Date: Sun, 24 Sep 2023 12:44:27 GMT
Server: LiteSpeed
Connection: Keep-Alive

kmdw7553dad6wd.duckdns.org/css/style-m.css

47.245.123.34

200 OK

4.2 kB

URL GET HTTP/1.1
kmdw7553dad6wd.duckdns.org/css/style-m.css
IP
47.245.123.34:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b

File type
ASCII text, with very long lines (40165), with CRLF line terminators
Size
4.2 kB (4151 bytes)
Hash
5e6dba9dae09492a7b5c9403d346ef4e
bb9da3073b0c726460adc0eb936ca778691d3693
b4704e80d667bd32933786d5944e8b716c2f23b602a9b404aeb440f0d6cbcde1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/style-m.css HTTP/1.1
Host: kmdw7553dad6wd.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Sun, 01 Oct 2023 12:44:27 GMT
Etag: "9f2c-634f43ca-140f44;gz"
Last-Modified: Wed, 19 Oct 2022 00:24:42 GMT
Content-Type: text/css
Content-Length: 4151
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Sun, 24 Sep 2023 12:44:27 GMT
Server: LiteSpeed
Connection: Keep-Alive

kmdw7553dad6wd.duckdns.org/css/g2SAD3rtfUHJ5.css

47.245.123.34

200 OK

134 kB

URL GET HTTP/1.1
kmdw7553dad6wd.duckdns.org/css/g2SAD3rtfUHJ5.css
IP
47.245.123.34:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b

File type
ASCII text, with very long lines (61366), with CRLF line terminators
Size
134 kB (133944 bytes)
Hash
d8c41d208f4446d42ba08aaaa9771bc5
da6f7333f387b9ae8fd7b93108473680d5ec670b
221a29c84a95cb7e1696208972bcdaa94eab7c8d93a23c7710651060b047a96d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /css/g2SAD3rtfUHJ5.css HTTP/1.1
Host: kmdw7553dad6wd.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Sun, 01 Oct 2023 12:44:28 GMT
Etag: "6f97b-634f43be-140f43;gz"
Last-Modified: Wed, 19 Oct 2022 00:24:30 GMT
Content-Type: text/css
Content-Length: 133944
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Sun, 24 Sep 2023 12:44:28 GMT
Server: LiteSpeed
Connection: Keep-Alive

kmdw7553dad6wd.duckdns.org/img/456.png

47.245.123.34

200 OK

124 kB

URL GET HTTP/1.1
kmdw7553dad6wd.duckdns.org/img/456.png
IP
47.245.123.34:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b

File type
PNG image data, 1484 x 1017, 8-bit/color RGBA, non-interlaced\012- data
Size
124 kB (124473 bytes)
Hash
7e66e948d4505489bea9f39a6f63cc4b
0e70cc6ddd959dd335edff451bc976fd8c352171
0f71355947d81a4e9325da44045f48d943dac3a95f61d2ef34186f25f64f7644

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /img/456.png HTTP/1.1
Host: kmdw7553dad6wd.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Sun, 01 Oct 2023 12:44:32 GMT
Etag: "1e639-634f440e-140f46;;;"
Last-Modified: Wed, 19 Oct 2022 00:25:50 GMT
Content-Type: image/png
Content-Length: 124473
Accept-Ranges: bytes
Date: Sun, 24 Sep 2023 12:44:32 GMT
Server: LiteSpeed
Connection: Keep-Alive

kmdw7553dad6wd.duckdns.org/img/meTlOGo.png

47.245.123.34

200 OK

41 kB

URL GET HTTP/1.1
kmdw7553dad6wd.duckdns.org/img/meTlOGo.png
IP
47.245.123.34:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b

File type
PNG image data, 1510 x 378, 8-bit/color RGBA, non-interlaced\012- data
Size
41 kB (41087 bytes)
Hash
b37f1f5437c7a79f11656aa241bd003c
e0c65878dcfb00a292a213368340fc8b0fcf7bf1
d443a0f89f270d7d8a13d3a067442a84220fd30c59645416b6610d422b25e45d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /img/meTlOGo.png HTTP/1.1
Host: kmdw7553dad6wd.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Sun, 01 Oct 2023 12:44:32 GMT
Etag: "a07f-634f4406-140f51;;;"
Last-Modified: Wed, 19 Oct 2022 00:25:42 GMT
Content-Type: image/png
Content-Length: 41087
Accept-Ranges: bytes
Date: Sun, 24 Sep 2023 12:44:32 GMT
Server: LiteSpeed
Connection: Keep-Alive

kmdw7553dad6wd.duckdns.org/img/icon.png

47.245.123.34

200 OK

55 kB

URL GET HTTP/1.1
kmdw7553dad6wd.duckdns.org/img/icon.png
IP
47.245.123.34:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b

File type
PNG image data, 1120 x 1120, 8-bit/color RGBA, non-interlaced\012- data
Size
55 kB (54897 bytes)
Hash
42514bf183be76a24b6e2423f8c68528
64c4984893cd26c1d91398609ee6432bc55de412
53357225f5e7edb5d4cc2009057a543258fb8bf11a8b17a6056b6f8e5a7370e5

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /img/icon.png HTTP/1.1
Host: kmdw7553dad6wd.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://kmdw7553dad6wd.duckdns.org/invalid.php?token=Unndajj88123nNAshda4r774b
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: public, max-age=604800
Expires: Sun, 01 Oct 2023 12:44:32 GMT
Etag: "d671-627f9f02-140f50;;;"
Last-Modified: Sat, 14 May 2022 12:22:26 GMT
Content-Type: image/png
Content-Length: 54897
Accept-Ranges: bytes
Date: Sun, 24 Sep 2023 12:44:32 GMT
Server: LiteSpeed
Connection: Keep-Alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections