{"report_id":"16035ecf-e973-44d9-a3c2-af702f912028","version":6,"status":"done","tags":["dyndns"],"date":"2025-07-16T03:30:30Z","url":{"schema":"http","addr":"nextcloud.losaltos.duckdns.org/","fqdn":"nextcloud.losaltos.duckdns.org","domain":"losaltos.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"195.82.104.101","port":0,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"final":{"url":{"schema":"https","addr":"nextcloud.losaltos.duckdns.org/","fqdn":"nextcloud.losaltos.duckdns.org","domain":"losaltos.duckdns.org","tld":"duckdns.org"},"title":"Nextcloud"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-08-20T03:30:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"nextcloud.losaltos.duckdns.org","ip":{"addr":"195.82.104.101","port":443,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"domain_registered":"2013-04-12","domain_rank":0,"first_seen":"2025-07-16T03:30:30.195563Z","last_seen":"2025-07-16T03:30:30.195563Z","alert_count":14,"request_count":10,"received_data":139488,"sent_data":6180,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-16T03:30:09Z","timestamp":1752636609,"ip_dst":{"addr":"195.82.104.101","port":80,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"ip_src":{"addr":"172.18.0.13","port":37082,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-07-16T03:30:09.688704+0000\",\"flow_id\":1472257289455655,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":37082,\"dest_ip\":\"195.82.104.101\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"nextcloud.losaltos.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://nextcloud.losaltos.duckdns.org:443/\",\"length\":5},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":687,\"bytes_toclient\":385,\"start\":\"2025-07-16T03:30:09.559143+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"about","addr":"about:certerror?e=nssBadCert\u0026u=https%3A//nextcloud.losaltos.duckdns.org/\u0026c=UTF-8\u0026d=%20","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"1fc778fb81973516c7df9ee7caca05e6","sha1":"7953945d192422cc2b1d8610d1b0fa1469bb5b7f","sha256":"a09c624476cbe1462a188d07d0ce0a20e258a5e9b7890f44b3c8b68a0a3b26eb","sha512":"12c9fa58aadc72e4ea186baa2249de3f9b8e9e3220205e924d072f702e46e0e1ef4e30c78f3f6cdb2c6c1706f7613ce2c9a081d67ea234a66fd932e4eaea3207","ssdeep":"","tlshash":"f0b0124e75a6c4a116fbf87a01374204283731133444ea9e3d5c09804f50964a3836c5","size":111,"data":"","first_seen":"2025-03-02T08:59:45.587636Z","last_seen":"2025-08-04T22:29:31.323865Z","times_seen":45796,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"nextcloud.losaltos.duckdns.org/","fqdn":"nextcloud.losaltos.duckdns.org","domain":"losaltos.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"195.82.104.101","port":443,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-16T03:30:11.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"issuer":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"validity":{"start":"Sat, 05 Jul 2025 16:34:58 GMT","end":"Sun, 05 Jul 2026 16:34:58 GMT"},"fingerprint":{"sha1":"C2:33:56:78:E1:A8:49:A5:F9:D5:E7:CF:A9:B6:D8:DA:02:76:F7:7E","sha256":"79:72:69:6E:03:53:F4:80:4B:D9:AC:BD:13:5A:F8:9F:C8:A7:61:2B:91:87:32:DB:47:D6:15:C6:81:77:A1:2D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: nextcloud.losaltos.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 503 Service Unavailable\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'nonce-MS80Q3J6NmpncXFhTnZaVm1zUzduVzF2STFHWEpMVldVaGhCNXljbndsST06czQ5a2wwcnAyTVROVjRZWnFhYno2aDBqYUFmUVZOa1lBUzh6MTJCaGlpST0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Wed, 16 Jul 2025 03:30:11 GMT\r\nreferrer-policy: no-referrer\r\nserver: Apache/2.4.61 (Debian)\r\nset-cookie: oc9u9r7gdxn8=265f72ecf20211a77ce0f9586badf788; path=/; HttpOnly; SameSite=Lax\noc_sessionPassphrase=rnUTrHx1wHowwt9JxEHStRCh3N0c4vlWgTfMinnXmxqoRfS0brzHyeb%2FHA69lvhMIPY%2BIy%2BX0TQihB%2B9zMYbbMGQjPWynpocNHlOtN36yW%2FQuxj%2FFKrL2WnfVxV1O3hr; path=/; HttpOnly; SameSite=Lax\noc9u9r7gdxn8=265f72ecf20211a77ce0f9586badf788; path=/; HttpOnly; SameSite=Lax\nnc_sameSiteCookielax=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax\nnc_sameSiteCookiestrict=true; path=/; httponly;expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict\noc9u9r7gdxn8=265f72ecf20211a77ce0f9586badf788; path=/; HttpOnly; SameSite=Lax\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-powered-by: PHP/8.2.23\r\nx-robots-tag: noindex, nofollow\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 2141\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"503","status_text":"Service Unavailable","fingerprints":null,"data":{"size":2141,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"85fd84c4c9950546828a628c2c1a9a28","sha1":"3ff2bb0dc693ad0cd59964ccab31b12df800e3e6","sha256":"dc98dbc425f2167546fa7620af7434131948f973f30f56482b275ee32ed83155","sha512":"74e33768371de5634f1205203f9d8a22054440a1c693e886bf94cdb0161c6d9569d94b59a399e09587493b1710b8375f55ce8cce111932af3f29ce7e8f9ae5ce","ssdeep":"","tlshash":"7f41208344cd9f6b110287c2b9a4b2ccd14ffd78fa5a68e5f5f300679281f648a0a1b6","first_seen":"2025-07-16T03:30:33.175044Z","last_seen":"2025-07-16T03:30:33.175044Z","times_seen":1,"resource_available":false,"data":null}},"time_used":493,"timings":{"blocked":201,"dns":2,"connect":64,"send":0,"wait":86,"receive":1,"ssl":133},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-16T03:30:09Z","timestamp":1752636609,"ip_dst":{"addr":"195.82.104.101","port":80,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"ip_src":{"addr":"172.18.0.13","port":37082,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-07-16T03:30:09.688704+0000\",\"flow_id\":1472257289455655,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":37082,\"dest_ip\":\"195.82.104.101\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"nextcloud.losaltos.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://nextcloud.losaltos.duckdns.org:443/\",\"length\":5},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":687,\"bytes_toclient\":385,\"start\":\"2025-07-16T03:30:09.559143+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nextcloud.losaltos.duckdns.org/core/img/favicon-touch.png","fqdn":"nextcloud.losaltos.duckdns.org","domain":"losaltos.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"195.82.104.101","port":443,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nextcloud.losaltos.duckdns.org/","date":"2025-07-16T03:30:11.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"issuer":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"validity":{"start":"Sat, 05 Jul 2025 16:34:58 GMT","end":"Sun, 05 Jul 2026 16:34:58 GMT"},"fingerprint":{"sha1":"C2:33:56:78:E1:A8:49:A5:F9:D5:E7:CF:A9:B6:D8:DA:02:76:F7:7E","sha256":"79:72:69:6E:03:53:F4:80:4B:D9:AC:BD:13:5A:F8:9F:C8:A7:61:2B:91:87:32:DB:47:D6:15:C6:81:77:A1:2D"}}},"request":{"raw":"GET /core/img/favicon-touch.png HTTP/1.1\r\nHost: nextcloud.losaltos.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: oc9u9r7gdxn8=265f72ecf20211a77ce0f9586badf788; oc_sessionPassphrase=rnUTrHx1wHowwt9JxEHStRCh3N0c4vlWgTfMinnXmxqoRfS0brzHyeb%2FHA69lvhMIPY%2BIy%2BX0TQihB%2B9zMYbbMGQjPWynpocNHlOtN36yW%2FQuxj%2FFKrL2WnfVxV1O3hr; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncache-control: max-age=15778463\r\ncontent-type: image/png\r\ndate: Wed, 16 Jul 2025 03:30:11 GMT\r\netag: \"9f9-6213a7681eaf4\"\r\nlast-modified: Tue, 03 Sep 2024 17:34:00 GMT\r\nreferrer-policy: no-referrer\r\nserver: Apache/2.4.61 (Debian)\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-robots-tag: noindex, nofollow\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 2553\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2553,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit colormap, non-interlaced","md5":"1d3564d060120cf25d4282eea184d914","sha1":"213ed2074711aad3dd4d1af1a058985940cb566f","sha256":"88ee0ec5e6b1ca971772e0904297258e31dbfaa5dd3d540aeefc2009ab37b7fd","sha512":"4828b6c802a2adf8bee5bc09bfdd25ddf9abf4ee91e35673efee33488e345ac59d70094a1ac846e29ae55cda2764d0f51c7311f3c19d8395c019dd42ffb27146","ssdeep":"","tlshash":"f751495e96714d3d8808331334a04c8b8b9b8806152edaf9c9e416eeec4779fce8142f","first_seen":"2023-06-27T07:23:12Z","last_seen":"2026-04-06T00:04:29.608037Z","times_seen":289,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nextcloud.losaltos.duckdns.org/core/img/logo/logo.svg","fqdn":"nextcloud.losaltos.duckdns.org","domain":"losaltos.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"195.82.104.101","port":443,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nextcloud.losaltos.duckdns.org/","date":"2025-07-16T03:30:11.673Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"issuer":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"validity":{"start":"Sat, 05 Jul 2025 16:34:58 GMT","end":"Sun, 05 Jul 2026 16:34:58 GMT"},"fingerprint":{"sha1":"C2:33:56:78:E1:A8:49:A5:F9:D5:E7:CF:A9:B6:D8:DA:02:76:F7:7E","sha256":"79:72:69:6E:03:53:F4:80:4B:D9:AC:BD:13:5A:F8:9F:C8:A7:61:2B:91:87:32:DB:47:D6:15:C6:81:77:A1:2D"}}},"request":{"raw":"GET /core/img/logo/logo.svg HTTP/1.1\r\nHost: nextcloud.losaltos.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: oc9u9r7gdxn8=265f72ecf20211a77ce0f9586badf788; oc_sessionPassphrase=rnUTrHx1wHowwt9JxEHStRCh3N0c4vlWgTfMinnXmxqoRfS0brzHyeb%2FHA69lvhMIPY%2BIy%2BX0TQihB%2B9zMYbbMGQjPWynpocNHlOtN36yW%2FQuxj%2FFKrL2WnfVxV1O3hr; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncache-control: max-age=15778463\r\ncontent-type: image/svg+xml\r\ndate: Wed, 16 Jul 2025 03:30:11 GMT\r\netag: \"32f-6213a768219d4\"\r\nlast-modified: Tue, 03 Sep 2024 17:34:00 GMT\r\nreferrer-policy: no-referrer\r\nserver: Apache/2.4.61 (Debian)\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-robots-tag: noindex, nofollow\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 815\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":815,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f82b623e4e0e9ade941268dbad4d6302","sha1":"e02c08d6524f4e89fb8c609171843e5fccfc1d1c","sha256":"7b762288d5b7bf4d5d3fd83c5caac1792dc525f1aab4b70968cb9fb9a113867f","sha512":"29a51bdf4998f28bc190d29dda9d9ca9368d8a2295cf06d3fc8e20e49f280d5bb57cb8a83276e5dec050cc4d9fde6a817802b10f19a148d06a38f4d44fa80b80","ssdeep":"","tlshash":"69016b9ff37d60f9f30383ccc6d0db413639a2989140cb54c4c9b86a264b695609ac9d","first_seen":"2023-05-12T11:00:25Z","last_seen":"2026-04-08T16:02:41.515107Z","times_seen":555,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"nextcloud.losaltos.duckdns.org/","fqdn":"nextcloud.losaltos.duckdns.org","domain":"losaltos.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"195.82.104.101","port":80,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-16T03:30:09.560Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: nextcloud.losaltos.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nLocation: https://nextcloud.losaltos.duckdns.org:443/\r\nDate: Wed, 16 Jul 2025 03:30:09 GMT\r\nContent-Length: 5\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-09T13:28:35.973848Z","times_seen":13540758,"resource_available":true,"data":null}},"time_used":197,"timings":{"blocked":64,"dns":2,"connect":65,"send":0,"wait":65,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-16T03:30:09Z","timestamp":1752636609,"ip_dst":{"addr":"195.82.104.101","port":80,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"ip_src":{"addr":"172.18.0.13","port":37082,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-07-16T03:30:09.688704+0000\",\"flow_id\":1472257289455655,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":37082,\"dest_ip\":\"195.82.104.101\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"nextcloud.losaltos.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://nextcloud.losaltos.duckdns.org:443/\",\"length\":5},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":687,\"bytes_toclient\":385,\"start\":\"2025-07-16T03:30:09.559143+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nextcloud.losaltos.duckdns.org/","fqdn":"nextcloud.losaltos.duckdns.org","domain":"losaltos.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-16T03:30:09.701Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: nextcloud.losaltos.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-09T13:28:35.973848Z","times_seen":13540758,"resource_available":true,"data":null}},"time_used":145,"timings":{"blocked":0,"dns":1,"connect":65,"send":0,"wait":0,"receive":0,"ssl":73},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-16T03:30:09Z","timestamp":1752636609,"ip_dst":{"addr":"195.82.104.101","port":80,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"ip_src":{"addr":"172.18.0.13","port":37082,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-07-16T03:30:09.688704+0000\",\"flow_id\":1472257289455655,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":37082,\"dest_ip\":\"195.82.104.101\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"nextcloud.losaltos.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://nextcloud.losaltos.duckdns.org:443/\",\"length\":5},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":687,\"bytes_toclient\":385,\"start\":\"2025-07-16T03:30:09.559143+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nextcloud.losaltos.duckdns.org/apps/theming/css/default.css?v=f5a209a9-3","fqdn":"nextcloud.losaltos.duckdns.org","domain":"losaltos.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"195.82.104.101","port":443,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nextcloud.losaltos.duckdns.org/","date":"2025-07-16T03:30:11.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"issuer":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"validity":{"start":"Sat, 05 Jul 2025 16:34:58 GMT","end":"Sun, 05 Jul 2026 16:34:58 GMT"},"fingerprint":{"sha1":"C2:33:56:78:E1:A8:49:A5:F9:D5:E7:CF:A9:B6:D8:DA:02:76:F7:7E","sha256":"79:72:69:6E:03:53:F4:80:4B:D9:AC:BD:13:5A:F8:9F:C8:A7:61:2B:91:87:32:DB:47:D6:15:C6:81:77:A1:2D"}}},"request":{"raw":"GET /apps/theming/css/default.css?v=f5a209a9-3 HTTP/1.1\r\nHost: nextcloud.losaltos.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: oc9u9r7gdxn8=265f72ecf20211a77ce0f9586badf788; oc_sessionPassphrase=rnUTrHx1wHowwt9JxEHStRCh3N0c4vlWgTfMinnXmxqoRfS0brzHyeb%2FHA69lvhMIPY%2BIy%2BX0TQihB%2B9zMYbbMGQjPWynpocNHlOtN36yW%2FQuxj%2FFKrL2WnfVxV1O3hr; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncache-control: max-age=15778463, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Wed, 16 Jul 2025 03:30:11 GMT\r\netag: \"f03-6213a7675b600-gzip\"\r\nlast-modified: Tue, 03 Sep 2024 17:33:59 GMT\r\nreferrer-policy: no-referrer\r\nserver: Apache/2.4.61 (Debian)\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-robots-tag: noindex, nofollow\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 1241\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3843,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"dc6ba7682dfd84239e56d7396cb119aa","sha1":"6a44152a2ffddd1ce42776e47811ab2a9202f783","sha256":"55ab8f9a09838af9b6dfd99a57d777df333a4d1aa2a531b7635948b24bc9dba7","sha512":"3a8ce84678b43ba807aa35a6fe49b1b1111b4f072dc237688418d4883c4aa0a19619a8ef4f893261dfc83c0107ad143c478c158e06e87fe3e0de17c843371040","ssdeep":"","tlshash":"b2817445b805f66b393f04ff352ad66862387943c620eb6ebded61291c4dbdb15f2028","first_seen":"2024-06-02T10:38:27Z","last_seen":"2026-02-02T09:56:58.367418Z","times_seen":79,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nextcloud.losaltos.duckdns.org/core/css/guest.css?v=3955ca8c-3","fqdn":"nextcloud.losaltos.duckdns.org","domain":"losaltos.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"195.82.104.101","port":443,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nextcloud.losaltos.duckdns.org/","date":"2025-07-16T03:30:11.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"issuer":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"validity":{"start":"Sat, 05 Jul 2025 16:34:58 GMT","end":"Sun, 05 Jul 2026 16:34:58 GMT"},"fingerprint":{"sha1":"C2:33:56:78:E1:A8:49:A5:F9:D5:E7:CF:A9:B6:D8:DA:02:76:F7:7E","sha256":"79:72:69:6E:03:53:F4:80:4B:D9:AC:BD:13:5A:F8:9F:C8:A7:61:2B:91:87:32:DB:47:D6:15:C6:81:77:A1:2D"}}},"request":{"raw":"GET /core/css/guest.css?v=3955ca8c-3 HTTP/1.1\r\nHost: nextcloud.losaltos.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: oc9u9r7gdxn8=265f72ecf20211a77ce0f9586badf788; oc_sessionPassphrase=rnUTrHx1wHowwt9JxEHStRCh3N0c4vlWgTfMinnXmxqoRfS0brzHyeb%2FHA69lvhMIPY%2BIy%2BX0TQihB%2B9zMYbbMGQjPWynpocNHlOtN36yW%2FQuxj%2FFKrL2WnfVxV1O3hr; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncache-control: max-age=15778463, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Wed, 16 Jul 2025 03:30:11 GMT\r\netag: \"4038-6213a768025d6-gzip\"\r\nlast-modified: Tue, 03 Sep 2024 17:34:00 GMT\r\nreferrer-policy: no-referrer\r\nserver: Apache/2.4.61 (Debian)\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-robots-tag: noindex, nofollow\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 4566\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16440,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (15596)","md5":"993735769eda5ec03e6d8eb43d5e4374","sha1":"1e0b474c0e71ce3126a724c19a12fed8030198ef","sha256":"4c5519d896e4be90e57ce6abb0754808163915bae7ca4f292e21f41faf576859","sha512":"16d5f6a56cd30098f4ddaddcb2e9af6bb9266f7daafad5ce8a022220054faea125e0bf9029b6148cf228d38ddd87d0fcbb57acecae5058911fed509adedade85","ssdeep":"192:Vu5IzZp9yN0PyZHz3f6sRwLDBjrCGM9gSCd9DQt0+4r6+J96DYl:V+F+IT4BjyzCgJ4rDJ9SYl","tlshash":"1572c6186480e07eaa1b853136c92a58f5288403cd975fffa717f571cae69ea0e3364d","first_seen":"2025-04-10T14:55:48.456393Z","last_seen":"2026-01-31T13:12:16.437511Z","times_seen":44,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nextcloud.losaltos.duckdns.org/core/img/favicon.ico","fqdn":"nextcloud.losaltos.duckdns.org","domain":"losaltos.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"195.82.104.101","port":443,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nextcloud.losaltos.duckdns.org/","date":"2025-07-16T03:30:11.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"issuer":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"validity":{"start":"Sat, 05 Jul 2025 16:34:58 GMT","end":"Sun, 05 Jul 2026 16:34:58 GMT"},"fingerprint":{"sha1":"C2:33:56:78:E1:A8:49:A5:F9:D5:E7:CF:A9:B6:D8:DA:02:76:F7:7E","sha256":"79:72:69:6E:03:53:F4:80:4B:D9:AC:BD:13:5A:F8:9F:C8:A7:61:2B:91:87:32:DB:47:D6:15:C6:81:77:A1:2D"}}},"request":{"raw":"GET /core/img/favicon.ico HTTP/1.1\r\nHost: nextcloud.losaltos.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: oc9u9r7gdxn8=265f72ecf20211a77ce0f9586badf788; oc_sessionPassphrase=rnUTrHx1wHowwt9JxEHStRCh3N0c4vlWgTfMinnXmxqoRfS0brzHyeb%2FHA69lvhMIPY%2BIy%2BX0TQihB%2B9zMYbbMGQjPWynpocNHlOtN36yW%2FQuxj%2FFKrL2WnfVxV1O3hr; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncache-control: max-age=15778463\r\ncontent-type: image/vnd.microsoft.icon\r\ndate: Wed, 16 Jul 2025 03:30:11 GMT\r\netag: \"cbe-6213a7681eaf4\"\r\nlast-modified: Tue, 03 Sep 2024 17:34:00 GMT\r\nreferrer-policy: no-referrer\r\nserver: Apache/2.4.61 (Debian)\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-robots-tag: noindex, nofollow\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 3262\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3262,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 32x32, 24 bits/pixel","md5":"68f33e69aa1a4a9cbfbacd6a553ef422","sha1":"8dbd058612591a5dee5e077983dc89a49382888e","sha256":"bea7d85401905c569359239339770d962854ccda24f134a76f492ab58ecde9f5","sha512":"108063e89ca2f5cbcaa07a487a7a1266797ec6db197dc4e39289dce4101f0d192e171e033d0884055a0cb5775026e21935c5cd9710e8e745bbb819a53570438f","ssdeep":"","tlshash":"9a61efa15b1153b0d15ebb7246f7178f168d6ce0ec812fc9382970c49b75f80d152a89","first_seen":"2023-05-01T19:33:17Z","last_seen":"2026-04-06T00:04:29.612431Z","times_seen":434,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nextcloud.losaltos.duckdns.org/apps/theming/img/background/kamil-porembinski-clouds.jpg","fqdn":"nextcloud.losaltos.duckdns.org","domain":"losaltos.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"195.82.104.101","port":443,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nextcloud.losaltos.duckdns.org/","date":"2025-07-16T03:30:11.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"issuer":{"commonName":"TRAEFIK DEFAULT CERT","organization":""},"validity":{"start":"Sat, 05 Jul 2025 16:34:58 GMT","end":"Sun, 05 Jul 2026 16:34:58 GMT"},"fingerprint":{"sha1":"C2:33:56:78:E1:A8:49:A5:F9:D5:E7:CF:A9:B6:D8:DA:02:76:F7:7E","sha256":"79:72:69:6E:03:53:F4:80:4B:D9:AC:BD:13:5A:F8:9F:C8:A7:61:2B:91:87:32:DB:47:D6:15:C6:81:77:A1:2D"}}},"request":{"raw":"GET /apps/theming/img/background/kamil-porembinski-clouds.jpg HTTP/1.1\r\nHost: nextcloud.losaltos.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: oc9u9r7gdxn8=265f72ecf20211a77ce0f9586badf788; oc_sessionPassphrase=rnUTrHx1wHowwt9JxEHStRCh3N0c4vlWgTfMinnXmxqoRfS0brzHyeb%2FHA69lvhMIPY%2BIy%2BX0TQihB%2B9zMYbbMGQjPWynpocNHlOtN36yW%2FQuxj%2FFKrL2WnfVxV1O3hr; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncache-control: max-age=15778463\r\ncontent-type: image/jpeg\r\ndate: Wed, 16 Jul 2025 03:30:11 GMT\r\netag: \"19d68-6213a7675f480\"\r\nlast-modified: Tue, 03 Sep 2024 17:33:59 GMT\r\nreferrer-policy: no-referrer\r\nserver: Apache/2.4.61 (Debian)\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-robots-tag: noindex, nofollow\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 105832\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":105832,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 4288x2848, components 3","md5":"9fe018ffe7281ad7680de7a96b8093c2","sha1":"c985d342e13e7249354451e755172a428eb7a43b","sha256":"f5b07fbdfce4a9698d7f3c76bad8cd521c8285e123ff0ac33ebd08c30df7db71","sha512":"238b362f2a4d98746fbed1fb9e9db9eb10130ad37a793184ff91d3d3c2d5ad1ca8b13313b0ba8cbdf95759049d482bbb0b3cf58903bf50cc7723fe0e4d6dff3b","ssdeep":"1536:qEJrB0j5DMT8Jp94oBFqUNKdKMT/Voc3VWq3wPCA8BqPYPydQ6+1HKOX:qE7K/p5BFqGcLVr333wPCJqPPdQ63OX","tlshash":"02a3022d4942678bd6ec3770c50d4bb5e64fad108a93da7b23e14f78b25c96cee850a0","first_seen":"2024-02-16T09:41:09Z","last_seen":"2026-03-02T00:00:34.611056Z","times_seen":105,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":133,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nextcloud.losaltos.duckdns.org/","fqdn":"nextcloud.losaltos.duckdns.org","domain":"losaltos.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-16T03:30:08.047Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: nextcloud.losaltos.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-09T13:28:35.973848Z","times_seen":13540758,"resource_available":true,"data":null}},"time_used":1460,"timings":{"blocked":0,"dns":1325,"connect":62,"send":0,"wait":0,"receive":0,"ssl":69},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-16T03:30:09Z","timestamp":1752636609,"ip_dst":{"addr":"195.82.104.101","port":80,"asn":200845,"as":"Avatel Telecom, SA","country":"Spain","country_code":"ES"},"ip_src":{"addr":"172.18.0.13","port":37082,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-07-16T03:30:09.688704+0000\",\"flow_id\":1472257289455655,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":37082,\"dest_ip\":\"195.82.104.101\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"nextcloud.losaltos.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://nextcloud.losaltos.duckdns.org:443/\",\"length\":5},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":687,\"bytes_toclient\":385,\"start\":\"2025-07-16T03:30:09.559143+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}