Report - dicom.3utilities.com/viewer.php

Report Overview

Visited public
2023-11-10 12:21:50
Tags
dyndns
URL
dicom.3utilities.com/viewer.php
Finishing URL
dicom.3utilities.com/viewer.php
IP / ASN
129.152.31.35
#31898 ORACLE-BMC-31898
Title
DICOM Software
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dicom.3utilities.com	unknown	1999-12-20	2020-04-19 11:09:45	2023-10-08 12:20:09	2.3 kB	7.1 kB	129.152.31.35
www.paypalobjects.com	1467	2005-05-12	2012-05-30 08:40:21	2023-11-10 05:43:33	931 B	5.6 kB	151.101.2.133
www.paypal.com	2583	1999-07-15	2012-05-21 15:22:43	2023-11-10 10:11:30	452 B	1.4 kB	151.101.65.21

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-10 12:21:33	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.3utilities .com
2023-11-10 12:21:33	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.3utilities .com
2023-11-10 12:21:33	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.3utilities .com
2023-11-10 12:21:33	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.3utilities .com
2023-11-10 12:21:33	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.3utilities .com
2023-11-10 12:21:34	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.3utilities .com

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

dicom.3utilities.com/viewer.php

129.152.31.35

200 OK

2.2 kB

URL User Request GET HTTP/1.1
dicom.3utilities.com/viewer.php
IP
129.152.31.35:443
ASN
#31898 ORACLE-BMC-31898

Certificate
IssuerLet's Encrypt
Subjectbettar.no-ip.org
FingerprintB6:16:F1:16:AA:B2:57:CD:84:79:F4:22:E1:8B:8A:8C:84:72:E6:5A
ValidityTue, 10 Oct 2023 13:30:14 GMT - Mon, 08 Jan 2024 13:30:13 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (447)
Size
2.2 kB (2191 bytes)
Hash
528a053d979753cb39b57c52202163ec
1c552f6c9f9fc66e35ecb5cc695a8da8c2ab0154
2c3c92436b532a2b593be157109023d1c3ed3214a09d563985a92d9f3a67be5e

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /viewer.php HTTP/1.1
Host: dicom.3utilities.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 Nov 2023 12:21:33 GMT
Server: Apache/2.4.52 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2191
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

dicom.3utilities.com/style.css

129.152.31.35

200 OK

423 B

URL GET HTTP/1.1
dicom.3utilities.com/style.css
IP
129.152.31.35:443
ASN
#31898 ORACLE-BMC-31898

Requested by
https://dicom.3utilities.com/viewer.php
Certificate
IssuerLet's Encrypt
Subjectbettar.no-ip.org
FingerprintB6:16:F1:16:AA:B2:57:CD:84:79:F4:22:E1:8B:8A:8C:84:72:E6:5A
ValidityTue, 10 Oct 2023 13:30:14 GMT - Mon, 08 Jan 2024 13:30:13 GMT

File type
ASCII text, with CRLF, LF line terminators
Size
423 B (423 bytes)
Hash
2a9ca8dee8d89765dce9b6ff9334f911
75b310d5533fe91b5574c65cdb8c9d71754f1161
6dbcdd25b200c714c159df6a1b9747d70bc7e826294a570ab5de0de837b79571

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /style.css HTTP/1.1
Host: dicom.3utilities.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dicom.3utilities.com/viewer.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 Nov 2023 12:21:33 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 12 May 2020 07:06:01 GMT
ETag: "39e-5a56e1895a840-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 423
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

www.paypalobjects.com/en_US/IT/i/btn/btn_donateCC_LG.gif

151.101.2.133

200 OK

3.0 kB

URL GET HTTP/2
www.paypalobjects.com/en_US/IT/i/btn/btn_donateCC_LG.gif
IP
151.101.2.133:443
ASN
#54113 FASTLY

Requested by
https://dicom.3utilities.com/viewer.php
Certificate
IssuerDigiCert Inc
Subjectwww.paypal.com
FingerprintEA:FF:48:F5:D0:D2:52:21:68:19:F0:08:CE:AB:9B:F5:52:C0:26:D7
ValidityFri, 13 Oct 2023 00:00:00 GMT - Tue, 20 Aug 2024 23:59:59 GMT

File type
GIF image data, version 89a, 221 x 47\012- data
Size
3.0 kB (2951 bytes)
Hash
ed8ceda91b0ec5a21f57df16048ab050
d339691985c55af2f07b4e4b45c96f7129c0e1be
ebba6ff8a7e5e63c4767a4034103d0ae04d68bead3831cf64da39c2dca748561

HTTP Headers

GET /en_US/IT/i/btn/btn_donateCC_LG.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dicom.3utilities.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
dc: ccg11-origin-www-1.paypal.com
etag: "sRXrp808mHh3j6E0YcvTageGjj9qbqAFTm/51FwFwBA"
fastly-io-info: ifsz=4070 idim=221x47 ifmt=gif ofsz=2951 odim=221x47 ofmt=gif
fastly-io-served-by: vpop-haf2300706
fastly-stats: io=1
paypal-debug-id: 81974390085d3
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000081974390085d3-fc88a6db6128c77c-01
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 10 Nov 2023 12:21:33 GMT
x-served-by: cache-sjc1000085-SJC, cache-bma1620-BMA
x-cache: HIT, HIT
x-cache-hits: 3946, 1
x-timer: S1699618894.968598,VS0,VE1
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 2951
X-Firefox-Spdy: h2

dicom.3utilities.com/img/1XVWp3389SBqWTcWXrh8TveCHqkYZfsXP.png

129.152.31.35

200 OK

593 B

URL GET HTTP/1.1
dicom.3utilities.com/img/1XVWp3389SBqWTcWXrh8TveCHqkYZfsXP.png
IP
129.152.31.35:443
ASN
#31898 ORACLE-BMC-31898

Requested by
https://dicom.3utilities.com/viewer.php
Certificate
IssuerLet's Encrypt
Subjectbettar.no-ip.org
FingerprintB6:16:F1:16:AA:B2:57:CD:84:79:F4:22:E1:8B:8A:8C:84:72:E6:5A
ValidityTue, 10 Oct 2023 13:30:14 GMT - Mon, 08 Jan 2024 13:30:13 GMT

File type
PNG image data, 66 x 66, 8-bit/color RGB, non-interlaced\012- data
Size
593 B (593 bytes)
Hash
56934a7d65cbd7d4fd909d7c1a484894
3bad263bad5b819afe734441beda33c8b1bda124
3153da8df31b2c2af7f1a978d45cc145f3716ae173859ce4a66c325f8b381513

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /img/1XVWp3389SBqWTcWXrh8TveCHqkYZfsXP.png HTTP/1.1
Host: dicom.3utilities.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dicom.3utilities.com/viewer.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 Nov 2023 12:21:33 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Wed, 22 Jan 2014 12:54:50 GMT
ETag: "251-4f08ea15b9a80"
Accept-Ranges: bytes
Content-Length: 593
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

dicom.3utilities.com/img/Paypal%20QR%20Code.png

129.152.31.35

200 OK

2.2 kB

URL GET HTTP/1.1
dicom.3utilities.com/img/Paypal%20QR%20Code.png
IP
129.152.31.35:443
ASN
#31898 ORACLE-BMC-31898

Requested by
https://dicom.3utilities.com/viewer.php
Certificate
IssuerLet's Encrypt
Subjectbettar.no-ip.org
FingerprintB6:16:F1:16:AA:B2:57:CD:84:79:F4:22:E1:8B:8A:8C:84:72:E6:5A
ValidityTue, 10 Oct 2023 13:30:14 GMT - Mon, 08 Jan 2024 13:30:13 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2202 bytes)
Hash
f09455a2c8e902b9b6f62501f455b4da
ad57b1b29a965ce5fe9589c6119f14c4c50d7803
347d92fe4033101f8eab93193cdd15ae52c70b86e06cddcf45b7f8f5696e55fe

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /img/Paypal%20QR%20Code.png HTTP/1.1
Host: dicom.3utilities.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dicom.3utilities.com/viewer.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 10 Nov 2023 12:21:34 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Thu, 21 Jul 2022 12:18:16 GMT
ETag: "89a-5e44fb6531200"
Accept-Ranges: bytes
Content-Length: 2202
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

www.paypal.com/en_IT/i/scr/pixel.gif

151.101.65.21

301 Moved Permanently

0 B

URL GET HTTP/2
www.paypal.com/en_IT/i/scr/pixel.gif
IP
151.101.65.21:443
ASN
#54113 FASTLY

Requested by
https://dicom.3utilities.com/viewer.php
Certificate
IssuerDigiCert Inc
Subjectwww.paypal.com
FingerprintEA:FF:48:F5:D0:D2:52:21:68:19:F0:08:CE:AB:9B:F5:52:C0:26:D7
ValidityFri, 13 Oct 2023 00:00:00 GMT - Tue, 20 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /en_IT/i/scr/pixel.gif HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dicom.3utilities.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
accept-ch: Sec-CH-UA-Full
cache-control: max-age=0, no-cache, no-store, must-revalidate
location: https://www.paypalobjects.com/en_IT/i/scr/pixel.gif
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f947818e55c54
set-cookie: ts=vreXpYrS%3D1794313294%26vteXpYrS%3D1699620694%26vr%3Db92e30f518b0a553f8caebfdfe4e767f%26vt%3Db92e30f518b0a553f8caebfdfe4e767e%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 09 Nov 2026 12:21:34 GMT; HttpOnly; Secure
ts_c=vr%3Db92e30f518b0a553f8caebfdfe4e767f%26vt%3Db92e30f518b0a553f8caebfdfe4e767e; Path=/; Domain=paypal.com; Expires=Mon, 09 Nov 2026 12:21:34 GMT; Secure
traceparent: 00-0000000000000000000f947818e55c54-da4a85a201bc0197-01
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 10 Nov 2023 12:21:34 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-eddf8230118-FRA, cache-bma1620-BMA, cache-bma1620-BMA
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1699618894.967568,VS0,VE187
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
content-length: 0
X-Firefox-Spdy: h2

dicom.3utilities.com/favicon.ico

129.152.31.35

404 Not Found

283 B

URL GET HTTP/1.1
dicom.3utilities.com/favicon.ico
IP
129.152.31.35:443
ASN
#31898 ORACLE-BMC-31898

Requested by
https://dicom.3utilities.com/viewer.php
Certificate
IssuerLet's Encrypt
Subjectbettar.no-ip.org
FingerprintB6:16:F1:16:AA:B2:57:CD:84:79:F4:22:E1:8B:8A:8C:84:72:E6:5A
ValidityTue, 10 Oct 2023 13:30:14 GMT - Mon, 08 Jan 2024 13:30:13 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
283 B (283 bytes)
Hash
67fd93cad4c9ba2a46ff0f4640e6a1d1
bac044659f11c47bdebe0c9aa5e3a17e140d834a
fe99f1604cb94db99399a4b7b5405f66c9e3e96eea1963af69a8439ba386627c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dicom.3utilities.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dicom.3utilities.com/viewer.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 10 Nov 2023 12:21:34 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 283
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.paypalobjects.com/en_IT/i/scr/pixel.gif

151.101.2.133

404 Not Found

1.1 kB

URL GET HTTP/2
www.paypalobjects.com/en_IT/i/scr/pixel.gif
IP
151.101.2.133:443
ASN
#54113 FASTLY

Requested by
https://dicom.3utilities.com/viewer.php
Certificate
IssuerDigiCert Inc
Subjectwww.paypal.com
FingerprintEA:FF:48:F5:D0:D2:52:21:68:19:F0:08:CE:AB:9B:F5:52:C0:26:D7
ValidityFri, 13 Oct 2023 00:00:00 GMT - Tue, 20 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
1.1 kB (1108 bytes)
Hash
f024b281ba0df57720d5028c3d2dba4d
93751ec48f9ad5e3165b71270bf1f46895c412f5
24d099beac3d63d4eeb021e28d21ace493071ed0b1268852fc22f92211547a25

HTTP Headers

GET /en_IT/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dicom.3utilities.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
access-control-allow-origin: *
content-type: text/html
dc: ccg11-origin-www-1.paypal.com
fastly-io-error: invalid status
fastly-io-served-by: img01-europe-west1
fastly-stats: io=1
paypal-debug-id: ca881b59b70fa
traceparent: 00-0000000000000000000ca881b59b70fa-cc43d8bdfe60cedd-01
accept-ranges: bytes
date: Fri, 10 Nov 2023 12:21:34 GMT
via: 1.1 varnish
x-served-by: cache-bma1620-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1699618894.185539,VS0,VE606
x-content-type-options: nosniff
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate, private, max-age=0, s-maxage=0
strict-transport-security: max-age=31557600
content-length: 1108
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (8)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections