# medlab.duckdns.org — SUSPICIOUS > PhishDestroy flags medlab.duckdns.org hosting a suspected phishing kit on Let's Encrypt SSL. Check the full report. ## Summary PhishDestroy identifies medlab.duckdns.org as a live phishing domain under active investigation for hosting a generic phishing kit targeting unspecified brands. The domain operates under the free DuckDNS subdomain service and currently shows no detections on VirusTotal, indicating a newly deployed or stealthy threat. Technical artifacts such as the Let's Encrypt SSL certificate and resolution to IP 185.203.241.161 suggest an attempt to appear legitimate while distributing fraudulent content. No specific drainer kit or branded impersonation has been confirmed at this stage, but the generic nature of the phishing kit allows for rapid adaptation to mimic multiple healthcare or medical service providers. This domain resolves to IP 185.203.241.161 and uses a Let's Encrypt SSL certificate issued for medlab.duckdns.org. VirusTotal currently reports 0/95 detections, indicating undetected malicious activity. The domain is registered under the DuckDNS free DNS service, which is commonly exploited for short-lived phishing campaigns due to its low barrier to entry and minimal oversight. Creation date and registrar details are not publicly disclosed due to DuckDNS's privacy-preserving registration model. Google Safe Browsing (GSB) has not yet flagged this domain, and it remains absent from major threat intelligence blocklists, further highlighting its recent emergence and the need for proactive monitoring. The domain is currently active and under investigation, with a status of 'under_investigation' and a risk level of 'active'. Immediate response actions include continued monitoring via sandbox analysis and threat intelligence feeds, with no active takedown initiated as of this report. Remaining risk is assessed as moderate due to the domain's low detection rate and potential for rapid evolution into a high-impact phishing campaign. Users are advised to avoid interacting with medlab.duckdns.org and report any suspicious activity to their security teams or PhishDestroy for further analysis. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 185.203.241.161 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/medlab.duckdns.org - PhishDestroy: https://phishdestroy.io/domain/medlab.duckdns.org/ - LLM endpoint: https://phishdestroy.io/domain/medlab.duckdns.org/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/medlab.duckdns.org/ Last updated: 2026-04-07