Report - t2m.io/edWNHBm

Report Overview

Visited public
2023-11-21 20:27:44
Tags
dyndns
URL
t2m.io/edWNHBm
Finishing URL
wellsfargolotion.duckdns.org/?couplerings
IP / ASN
44.233.158.72
#16509 AMAZON-02
Title
wellsfargolotion.duckdns.org/?couplerings
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
t2m.io	308638	2017-05-04	2017-07-05 07:29:11	2023-11-15 20:44:55	470 B	317 B	44.233.158.72
oerk.at	unknown	unknown	2014-03-12 02:04:57	2023-10-29 04:09:54	469 B	284 B	212.9.133.2
wellsfargolotion.duckdns.org	unknown	unknown	No data	No data	1.3 kB	1.2 kB	162.240.159.63

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-21 20:27:29	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-11-21 20:27:29	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-11-21 20:27:29	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-11-21 20:27:29	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-11-21 20:27:31	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-11-21 20:27:31	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-11-21 20:27:33	medium	Client IP	162.240.159.63	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-11-21 20:27:33	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-11-21 20:27:33	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-11-21 20:27:33	medium	Client IP	162.240.159.63	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

URL IP Response Size

t2m.io/edWNHBm

44.233.158.72

301 Moved Permanently

0 B

URL User Request GET HTTP/1.1
t2m.io/edWNHBm
IP
44.233.158.72:443
ASN
#16509 AMAZON-02

Certificate
IssuerSectigo Limited
Subjectt2m.io
Fingerprint63:25:CF:DC:1E:D2:00:75:75:85:08:11:EE:01:E7:EC:10:CE:CF:5F
ValiditySat, 01 Jul 2023 00:00:00 GMT - Tue, 23 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /edWNHBm HTTP/1.1
Host: t2m.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 21 Nov 2023 20:27:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Location: https://oerk.at/19hcq

oerk.at/19hcq

212.9.133.2

301 Moved Permanently

0 B

URL User Request GET HTTP/1.1
oerk.at/19hcq
IP
212.9.133.2:443
ASN
#8787 Amaris Technologies GmbH

Certificate
IssuerDigiCert Inc
Subjectwww.oerk.at
FingerprintE6:DB:A0:26:1F:E6:8B:64:AC:F6:1C:09:6E:CE:9D:82:34:6D:BD:1B
ValidityTue, 21 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /19hcq HTTP/1.1
Host: oerk.at
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 21 Nov 2023 20:27:27 GMT
Server: Apache
X-Robots-Tag: noindex
Location: https://wellsfargolotion.duckdns.org/?couplerings
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

wellsfargolotion.duckdns.org/?couplerings

162.240.159.63

403 Forbidden

20 B

URL User Request GET HTTP/1.1
wellsfargolotion.duckdns.org/?couplerings
IP
162.240.159.63:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectwww.wellsfargolotion.duckdns.org
Fingerprint65:C1:E1:54:64:C6:49:3C:38:CA:65:88:3A:38:8C:EC:41:D1:42:D9
ValidityTue, 21 Nov 2023 17:16:17 GMT - Mon, 19 Feb 2024 17:16:16 GMT

File type
gzip compressed data, from Unix\012- data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /?couplerings HTTP/1.1
Host: wellsfargolotion.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Tue, 21 Nov 2023 20:27:28 GMT
Server: Apache
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

wellsfargolotion.duckdns.org/?couplerings

162.240.159.63

403 Forbidden

20 B

URL User Request GET HTTP/1.1
wellsfargolotion.duckdns.org/?couplerings
IP
162.240.159.63:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectwww.wellsfargolotion.duckdns.org
Fingerprint65:C1:E1:54:64:C6:49:3C:38:CA:65:88:3A:38:8C:EC:41:D1:42:D9
ValidityTue, 21 Nov 2023 17:16:17 GMT - Mon, 19 Feb 2024 17:16:16 GMT

File type
gzip compressed data, from Unix\012- data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /?couplerings HTTP/1.1
Host: wellsfargolotion.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Tue, 21 Nov 2023 20:27:30 GMT
Server: Apache
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

wellsfargolotion.duckdns.org/favicon.ico

162.240.159.63

404 Not Found

315 B

URL GET HTTP/1.1
wellsfargolotion.duckdns.org/favicon.ico
IP
162.240.159.63:80
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
http://wellsfargolotion.duckdns.org/?couplerings

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

NIDS	Severity	Alert
suricata	medium	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: wellsfargolotion.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://wellsfargolotion.duckdns.org/?couplerings
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 21 Nov 2023 20:27:31 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (5)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers