Report - forxlamfile.duckdns.org/europefridayedatingloverforchildern.txt

Report Overview

Submitted URL
forxlamfile.duckdns.org/europefridayedatingloverforchildern.txt
IP
192.3.101.142
ASN
#36352 AS-COLOCROSSING
Submitted
2024-05-10 20:29:27
Access
public
Website Title
forxlamfile.duckdns.org/europefridayedatingloverforchildern.txt
Final URL
forxlamfile.duckdns.org/europefridayedatingloverforchildern.txt
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
3
Network Intrusion Detection
6
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
forxlamfile.duckdns.org	unknown	unknown	No data	No data	829 B	113 kB	192.3.101.142

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 20:29:02	medium	Client IP	192.3.101.142	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 20:29:02	medium	Client IP	192.3.101.142	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 20:29:02	high	192.3.101.142	Client IP	ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1
2024-05-10 20:29:02	high	192.3.101.142	Client IP	ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1
2024-05-10 20:29:03	medium	Client IP	192.3.101.142	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2024-05-10 20:29:03	medium	Client IP	192.3.101.142	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	forxlamfile.duckdns.org/europefridayedatingloverforchildern.txt	Detects an base64 encoded executable with reversed characters

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	forxlamfile.duckdns.org	Sinkholed
2024-05-10	medium	forxlamfile.duckdns.org	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	forxlamfile.duckdns.org	Sinkholed
2024-05-10	medium	forxlamfile.duckdns.org	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

forxlamfile.duckdns.org/europefridayedatingloverforchildern.txt

192.3.101.142

112 kB

URL
forxlamfile.duckdns.org/europefridayedatingloverforchildern.txt
IP
192.3.101.142:0
ASN
#36352 AS-COLOCROSSING

File type
ASCII text, with very long lines (65536), with no line terminators
Size
112 kB (111517 bytes)
Hash
06351b596c811db29c9025f6d9b25a76
8f98efe43744a3ea4ded6c38dffa67666af17194
dc258255f3f7ccb96253ff386133347dc0a57421197b32d9050e344d571692e1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Public Nextron YARA rules	malware	Detects an base64 encoded executable with reversed characters
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	high	ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1
suricata	high	ET EXPLOIT_KIT Unknown EK Landing Feb 16 2015 b64 3 M1

HTTP Headers

GET /europefridayedatingloverforchildern.txt HTTP/1.1
Host: forxlamfile.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/plain
Content-Encoding: gzip
Last-Modified: Fri, 10 May 2024 18:47:40 GMT
Accept-Ranges: bytes
ETag: "0eebd88aa3da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Fri, 10 May 2024 20:29:02 GMT
Content-Length: 111517

forxlamfile.duckdns.org/favicon.ico

192.3.101.142

1.2 kB

URL
forxlamfile.duckdns.org/favicon.ico
IP
192.3.101.142:0
ASN
#36352 AS-COLOCROSSING

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.2 kB (1245 bytes)
Hash
5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: forxlamfile.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://forxlamfile.duckdns.org/europefridayedatingloverforchildern.txt
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
Date: Fri, 10 May 2024 20:29:02 GMT
Content-Length: 1245

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers