Jump to content

What is drunkquantity.org


Recommended Posts

Today I was looking through router logs (TP-Link router) and I noticed a domain in the list of one of my teenager's logs. I tried to research that domain but failed to find anything significant. The domain is drunkquantity.org 

Can you provide any feedback on this?

Link to comment
Share on other sites

That would be the logical assumption and one that I had made initially but became curious when the domain does not produce any conclusive results. Therefore, I suspected it might be a known malware vault.

I did not come here in search of a means to entrap my child, but rather I thought that I was posting the question to an Emsisoft tech to advise me if I should have a heightened concern about a specific known malware infection.

Link to comment
Share on other sites

Did you ask your teenager about the site?

When I peeked at the site it looked to me as if it just has a generic front page, like any other hosted but not yet in-use domain.  I also googled for it (ie for hits that might mention it, and found nothing in my brief examination).  It's not impossible that there's specific page addresses at that domain that contain content.  If one visits Virus Total and plugs the domain into their URL check, one  gets shown that no anti-malware product currently flags the domain (though I don't know which of them would do if specific pages at that domain had been known to serve something even if the homepage does not).  See:

https://www.virustotal.com/gui/url/1724a090db8174a0c861c358a894fb18c9ddc2a71449a9ac639249a8e94c9a54/detection

 

I did not suggest you had any specific motive regarding your child.

 

This is a forum where many posts are made by users of Emsisoft products, or people with a generic interest.  You did not make it clear in your question that you only wanted answers from Emsisoft staff.  Note that this subforum is described as "Discuss with our employees and other forum members about...".

I would think that if you wanted only to hear from Emsisoft staff you would need to contact their support dept directly, at: [email protected]  or perhaps using the online chat option at their support page: https://help.emsisoft.com/en/  though a quick test suggests that (maybe depending on time of day?) that maybe just sends a message and they then reply by email.

Link to comment
Share on other sites

I did discuss it with my daughter and she has no knowledge of it and there is no reason for her to conceal it. I am aware that she drinks and she is open about it. This is why I was curious as to why it was appearing on the list.

Probably nothing. 

Thanks for your assistance.

Link to comment
Share on other sites

This analysis is the only clue I have right now as to why you're seeing it in your logs:
https://app.any.run/tasks/84a12529-4709-491c-bacf-33a39c8e57df/

It shows an HTML filed opened in Internet Explorer, and then after that Google Chrome appears to open and the domain in question appears to get typed in to address bar in Google Chrome. Presumably this is being done by some sort of script that executed after the HTML file was opened, however I don't know that for certain.

Link to comment
Share on other sites

I'm sorry, this is above my pay grade...as they say.

Are you saying that you found this HTML file somewhere in the wild somewhere and when launched it executes as you described? So it appears the resulting page appearing in the chrome browser is benign in this case?

Does it look like someone experimenting with a script? If that is the case, where you found the script, GT500, may be a clue to it's purpose.

What would be the purpose of this? Is this a technique that is used by advertisers to launch popups? The question for me then becomes, why would this appear on my daughters activity log"

The other entries in the log include the predictable teenage sites like snapchat and Apple iMessage, etc, but there is also "www.emiratesnbd.com" which appears to be a UAE bank which is strange - unless she has a secret off shore bank account :). I have zero knowledge or experience with snapchat, however, I envision these domains may have been launched as a result of some pop up ad or something in one of those click-bait animations or memes. 

Link to comment
Share on other sites

14 hours ago, iondjp said:

Are you saying that you found this HTML file somewhere in the wild somewhere and when launched it executes as you described?

No, someone else found it and uploaded it to any.run (an automated malware analysis service). I was making assumptions based on what I saw in the timeline of screenshots.

 

14 hours ago, iondjp said:

What would be the purpose of this?

It depends on what was or will be hosted at that domain. Our malware analysts haven't said anything about it yet, so I don't know if it hosts anything malicious.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...