Report - 18n2a5.duckdns.org/KDDI2023.apk

Report Overview

Visited public
2023-12-01 17:08:52
Tags
dyndns
URL
18n2a5.duckdns.org/KDDI2023.apk
Finishing URL
about:privatebrowsing
IP / ASN
199.167.138.162
#15162 NETMINDERS-SERVER-HOSTING
Title
about:privatebrowsing
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
18n2a5.duckdns.org	unknown	2013-04-12	2023-12-01 16:12:59	2023-12-01 16:12:59	413 B	2.3 MB	199.167.138.162

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-01 17:08:39	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 17:08:39	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 17:08:39	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 17:08:39	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 17:08:39	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 17:08:39	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 17:08:40	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-12-01 17:08:40	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-12-01 17:08:40	medium	Client IP	199.167.138.162	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
18n2a5.duckdns.org/KDDI2023.apk
IP
199.167.138.162
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
2.3 MB (2303500 bytes)
Hash
d823d7df5152119aad8616aed818ebf2
8a31a2b4a76150eacfba063f82ca2a51c5dbbdc4
586b3d38880b3f16a4c0e86c2dde98dfdd85c755f8b8c67406cdc22a04a76607

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 36/66

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

18n2a5.duckdns.org/KDDI2023.apk

199.167.138.162

200 OK

2.3 MB

URL User Request GET HTTP/1.1
18n2a5.duckdns.org/KDDI2023.apk
IP
199.167.138.162:80
ASN
#15162 NETMINDERS-SERVER-HOSTING

File type
Zip archive data, at least v2.0 to extract, compression method=deflate\012- data
Size
2.3 MB (2303500 bytes)
Hash
d823d7df5152119aad8616aed818ebf2
8a31a2b4a76150eacfba063f82ca2a51c5dbbdc4
586b3d38880b3f16a4c0e86c2dde98dfdd85c755f8b8c67406cdc22a04a76607

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
VirusTotal	malicious	VirusTotal - Scan result 36/66

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /KDDI2023.apk HTTP/1.1
Host: 18n2a5.duckdns.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 01 Dec 2023 17:08:35 GMT
Content-Type: application/octet-stream
Content-Length: 2303500
Last-Modified: Thu, 30 Nov 2023 03:37:43 GMT
Connection: keep-alive
ETag: "65680387-23260c"
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers