{"report_id":"442d104f-0235-4fcd-bff3-0250aa1704f3","version":6,"status":"done","tags":["dyndns"],"date":"2025-04-18T11:52:47Z","url":{"schema":"http","addr":"daapnifbzv.duckdns.org/en/","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":0,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"final":{"url":{"schema":"http","addr":"daapnifbzv.duckdns.org/en/","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"title":"daapnifbzv.duckdns.org/en/"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-27T11:52:47Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"daapnifbzv.duckdns.org","ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"domain_registered":"2013-04-12","domain_rank":0,"first_seen":"2025-04-18T11:52:48.011659Z","last_seen":"2025-04-18T11:52:48.011659Z","alert_count":28,"request_count":8,"received_data":294236,"sent_data":3047,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:31Z","timestamp":1744977151,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51186,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:31.215627+0000\",\"flow_id\":751820016100595,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51186,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/en/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":511,\"bytes_toclient\":334,\"start\":\"2025-04-18T11:52:30.632051+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:31Z","timestamp":1744977151,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51200,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:31.520000+0000\",\"flow_id\":1711648569992896,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51200,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":514,\"bytes_toclient\":504,\"start\":\"2025-04-18T11:52:30.894656+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:32Z","timestamp":1744977152,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51214,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:32.955856+0000\",\"flow_id\":2027358731146093,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51214,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":634,\"bytes_toclient\":504,\"start\":\"2025-04-18T11:52:32.365421+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51214,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.516788+0000\",\"flow_id\":2027358731146093,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51214,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/assets/card.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":5,\"bytes_toserver\":1194,\"bytes_toclient\":1475,\"start\":\"2025-04-18T11:52:32.365421+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51254,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.815619+0000\",\"flow_id\":1742903047200774,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51254,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/assets/card.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":596,\"bytes_toclient\":400,\"start\":\"2025-04-18T11:52:33.237574+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51246,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.817939+0000\",\"flow_id\":673542089842338,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51246,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/styles.2b2408b28c6b13bb450e.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":612,\"bytes_toclient\":400,\"start\":\"2025-04-18T11:52:33.237218+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51270,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.831019+0000\",\"flow_id\":657893376500403,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51270,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/runtime.9b214d14fa4ea25c94c0.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":597,\"bytes_toclient\":407,\"start\":\"2025-04-18T11:52:33.238259+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.837347+0000\",\"flow_id\":1132671946300516,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51244,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/polyfills.649ac95cc0f663eb2ea5.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":599,\"bytes_toclient\":407,\"start\":\"2025-04-18T11:52:33.236644+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51274,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.844652+0000\",\"flow_id\":1625790026459694,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51274,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/main.cb307f485390a6a94066.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":594,\"bytes_toclient\":407,\"start\":\"2025-04-18T11:52:33.240174+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:36Z","timestamp":1744977156,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51246,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:36.296596+0000\",\"flow_id\":673542089842338,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51246,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1243},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":22,\"pkts_toclient\":27,\"bytes_toserver\":1947,\"bytes_toclient\":36908,\"start\":\"2025-04-18T11:52:33.237218+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2025-04-17","alert":"Apple Inc.","trigger":"daapnifbzv.duckdns.org/en/","verdict":"phishing","severity":"medium","comment":"Apple Inc.","link":"https://openphish.com","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2025-04-17","alert":"Apple Inc.","trigger":"daapnifbzv.duckdns.org/en/","verdict":"phishing","severity":"medium","comment":"Apple Inc.","link":"https://openphish.com","meta":null}]},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"daapnifbzv.duckdns.org/en/runtime.9b214d14fa4ea25c94c0.js","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"4ac3e6290ad24ac46b8a1970a7efb266","sha1":"6f792827e5974b69c7c9a87e81f33b5ef670bff3","sha256":"94f516b9d49d3b5ecf42fba742d930a0224275eedb9d19b4c33644dc8c2a3c26","sha512":"858d5e7c91393ffbc464ca02dbbd49341cea9d1233b26d4f2c803cc6256685b36635cc8d0d8231de2a193eb0b97ccc8fe0e2b1b68124eb3b5efd2394b5486f70","ssdeep":"","tlshash":"5841c8d832a4f5b98382686c043fa825f1791d62597ee5f0d349d8f5bc34c498056fa5","size":2278,"data":"","first_seen":"2024-03-27T17:58:11Z","last_seen":"2026-02-08T11:08:58.932912Z","times_seen":1610,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51270,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.831019+0000\",\"flow_id\":657893376500403,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51270,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/runtime.9b214d14fa4ea25c94c0.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":597,\"bytes_toclient\":407,\"start\":\"2025-04-18T11:52:33.238259+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"daapnifbzv.duckdns.org/en/polyfills.649ac95cc0f663eb2ea5.js","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"4794c42590c7158a1a334801f7068376","sha1":"63e0e06b459566123ab988af6258369ba5b181dd","sha256":"073c634b2120ecfe1b6b98e45f44d807088bd437e757eb3b049867a615e6a49d","sha512":"8336d904ffee8c2e4fa92b82fe1946081f790878ebdfd2dde8eb411f1dcb93735652b044399d7ff59b0a5e257f7b0b32deff995b50afc7765c09dbf23ae678c0","ssdeep":"384:Z1BuYg4fyZYXsbaGbjZXyxRt2/Zn9gCydU/i2FD0PBL4IFahaTRu51lOo4a7PuaO:fXad/aU/iPL4SIggpDkgHtOT/pcC","tlshash":"a52307c97781b8b69bf76275847f410be23b25a1bc9c89a4f111d4e46c7a10c853bf2e","size":45945,"data":"","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.935977Z","times_seen":2144,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.837347+0000\",\"flow_id\":1132671946300516,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51244,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/polyfills.649ac95cc0f663eb2ea5.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":599,\"bytes_toclient\":407,\"start\":\"2025-04-18T11:52:33.236644+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"daapnifbzv.duckdns.org/en/assets/card.js","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"7aa76d18dd3e3598ac9561adf01f3882","sha1":"26d9fcdd2b6bee0b3f1b96b015f3703b5fbd49e0","sha256":"6d5516bbbebba2d51878f1e791b642f3b2944270b8e84770f15a16376b202213","sha512":"ca7fad2d70c38030e1ae8ce0c66e3ebcc988df9f693d784b51c050b9fbe0a04a1125198cd602f616bb9002d0190b50847f0f83f7a53963d6e8c0b755bec9e1fe","ssdeep":"768:CGYeJShtejcjhtA0bhtsslHopQr67fgXkO0LracW7FUmBM:tyTjhxbh7HFdk1pvmBM","tlshash":"3d43b469f082e0bde223856a10db5bce727dca17d607056cf263b0cd6e52bcd9169b0c","size":58699,"data":"","first_seen":"2024-03-27T17:58:11Z","last_seen":"2026-02-08T11:08:58.929059Z","times_seen":2144,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51214,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.516788+0000\",\"flow_id\":2027358731146093,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51214,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/assets/card.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":5,\"bytes_toserver\":1194,\"bytes_toclient\":1475,\"start\":\"2025-04-18T11:52:32.365421+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"daapnifbzv.duckdns.org/en/runtime.9b214d14fa4ea25c94c0.js","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"","requested_by":"http://daapnifbzv.duckdns.org/en/","date":"2025-04-18T11:52:33.258Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /en/runtime.9b214d14fa4ea25c94c0.js HTTP/1.1\r\nHost: daapnifbzv.duckdns.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://daapnifbzv.duckdns.org/en/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/javascript\r\nDate: Fri, 18 Apr 2025 11:52:32 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d9fe46cdea7ae6\"\r\nLast-Modified: Sat, 14 Oct 2023 02:33:24 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2278,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (2278), with no line terminators","md5":"4ac3e6290ad24ac46b8a1970a7efb266","sha1":"6f792827e5974b69c7c9a87e81f33b5ef670bff3","sha256":"94f516b9d49d3b5ecf42fba742d930a0224275eedb9d19b4c33644dc8c2a3c26","sha512":"858d5e7c91393ffbc464ca02dbbd49341cea9d1233b26d4f2c803cc6256685b36635cc8d0d8231de2a193eb0b97ccc8fe0e2b1b68124eb3b5efd2394b5486f70","ssdeep":"","tlshash":"5841c8d832a4f5b98382686c043fa825f1791d62597ee5f0d349d8f5bc34c498056fa5","first_seen":"2024-03-27T17:58:11Z","last_seen":"2026-02-08T11:08:58.932912Z","times_seen":1610,"resource_available":true,"data":null}},"time_used":872,"timings":{"blocked":277,"dns":1,"connect":297,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51270,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.831019+0000\",\"flow_id\":657893376500403,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51270,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/runtime.9b214d14fa4ea25c94c0.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":597,\"bytes_toclient\":407,\"start\":\"2025-04-18T11:52:33.238259+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"daapnifbzv.duckdns.org/en/assets/card.js","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"","requested_by":"http://daapnifbzv.duckdns.org/en/","date":"2025-04-18T11:52:33.251Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /en/assets/card.js HTTP/1.1\r\nHost: daapnifbzv.duckdns.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://daapnifbzv.duckdns.org/en/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/javascript\r\nDate: Fri, 18 Apr 2025 11:52:32 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d7d7f3614aa44b\"\r\nLast-Modified: Fri, 12 Nov 2021 18:30:34 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":58699,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (51786)","md5":"7aa76d18dd3e3598ac9561adf01f3882","sha1":"26d9fcdd2b6bee0b3f1b96b015f3703b5fbd49e0","sha256":"6d5516bbbebba2d51878f1e791b642f3b2944270b8e84770f15a16376b202213","sha512":"ca7fad2d70c38030e1ae8ce0c66e3ebcc988df9f693d784b51c050b9fbe0a04a1125198cd602f616bb9002d0190b50847f0f83f7a53963d6e8c0b755bec9e1fe","ssdeep":"768:CGYeJShtejcjhtA0bhtsslHopQr67fgXkO0LracW7FUmBM:tyTjhxbh7HFdk1pvmBM","tlshash":"3d43b469f082e0bde223856a10db5bce727dca17d607056cf263b0cd6e52bcd9169b0c","first_seen":"2024-03-27T17:58:11Z","last_seen":"2026-02-08T11:08:58.929059Z","times_seen":2144,"resource_available":true,"data":null}},"time_used":1539,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":287,"receive":1252,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51214,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.516788+0000\",\"flow_id\":2027358731146093,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51214,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/assets/card.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":5,\"bytes_toserver\":1194,\"bytes_toclient\":1475,\"start\":\"2025-04-18T11:52:32.365421+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"daapnifbzv.duckdns.org/en/polyfills.649ac95cc0f663eb2ea5.js","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"","requested_by":"http://daapnifbzv.duckdns.org/en/","date":"2025-04-18T11:52:33.261Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /en/polyfills.649ac95cc0f663eb2ea5.js HTTP/1.1\r\nHost: daapnifbzv.duckdns.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://daapnifbzv.duckdns.org/en/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/javascript\r\nDate: Fri, 18 Apr 2025 11:52:32 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d9fe46cdeac179\"\r\nLast-Modified: Sat, 14 Oct 2023 02:33:24 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45945,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (45945), with no line terminators","md5":"4794c42590c7158a1a334801f7068376","sha1":"63e0e06b459566123ab988af6258369ba5b181dd","sha256":"073c634b2120ecfe1b6b98e45f44d807088bd437e757eb3b049867a615e6a49d","sha512":"8336d904ffee8c2e4fa92b82fe1946081f790878ebdfd2dde8eb411f1dcb93735652b044399d7ff59b0a5e257f7b0b32deff995b50afc7765c09dbf23ae678c0","ssdeep":"384:Z1BuYg4fyZYXsbaGbjZXyxRt2/Zn9gCydU/i2FD0PBL4IFahaTRu51lOo4a7PuaO:fXad/aU/iPL4SIggpDkgHtOT/pcC","tlshash":"a52307c97781b8b69bf76275847f410be23b25a1bc9c89a4f111d4e46c7a10c853bf2e","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.935977Z","times_seen":2144,"resource_available":true,"data":null}},"time_used":1486,"timings":{"blocked":276,"dns":4,"connect":300,"send":0,"wait":326,"receive":580,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.837347+0000\",\"flow_id\":1132671946300516,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51244,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/polyfills.649ac95cc0f663eb2ea5.js\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":599,\"bytes_toclient\":407,\"start\":\"2025-04-18T11:52:33.236644+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"daapnifbzv.duckdns.org/en/favicon.ico","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"","requested_by":"http://daapnifbzv.duckdns.org/en/","date":"2025-04-18T11:52:36.007Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /en/favicon.ico HTTP/1.1\r\nHost: daapnifbzv.duckdns.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://daapnifbzv.duckdns.org/en/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 22382\r\nContent-Type: image/x-icon\r\nDate: Fri, 18 Apr 2025 11:52:35 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nETag: \"1d71ee1f8b7af6e\"\r\nLast-Modified: Mon, 22 Mar 2021 06:09:52 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22382,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"891e510219786f543ca998282ed99f45","sha1":"19fe2ff6a2418bcb44b02308b998cef84199ee08","sha256":"e4bdf72e2f803f7e19907c12f407ac7f7cd5f1f94bfd730b9be24b0d49191b48","sha512":"e6729e7e1ed1909297317e249adb7af6c230b2a7082ea792c7776fa5037c8ed8aaf02bcc4015334b6c439732f965ce19291ffe863126d0c20bed9a0c89c4a95b","ssdeep":"48:sSY37LOM5M80I15CEARV/acnFNOpaF/vXE:sSw7LOekI1EE+fPOpaF30","tlshash":"4ea290bf6358f8d5d25d4ee0c91d82fc16196e20f8e0858f2a303e7d76b9ee28401617","first_seen":"2023-04-12T07:52:52Z","last_seen":"2026-04-03T21:46:16.187072Z","times_seen":14582,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":290,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:36Z","timestamp":1744977156,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51246,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:36.296596+0000\",\"flow_id\":673542089842338,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51246,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1243},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":22,\"pkts_toclient\":27,\"bytes_toserver\":1947,\"bytes_toclient\":36908,\"start\":\"2025-04-18T11:52:33.237218+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"daapnifbzv.duckdns.org/en/","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-18T11:52:27.657Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /en/ HTTP/1.1\r\nHost: daapnifbzv.duckdns.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T09:46:13.591387Z","times_seen":13326202,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:31Z","timestamp":1744977151,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51200,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:31.520000+0000\",\"flow_id\":1711648569992896,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51200,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":514,\"bytes_toclient\":504,\"start\":\"2025-04-18T11:52:30.894656+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:32Z","timestamp":1744977152,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51214,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:32.955856+0000\",\"flow_id\":2027358731146093,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51214,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":634,\"bytes_toclient\":504,\"start\":\"2025-04-18T11:52:32.365421+0000\"}}"}],"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2025-04-17","alert":"Apple Inc.","trigger":"daapnifbzv.duckdns.org/en/","verdict":"phishing","severity":"medium","comment":"Apple Inc.","link":"https://openphish.com","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"daapnifbzv.duckdns.org/en/","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-18T11:52:32.479Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /en/ HTTP/1.1\r\nHost: daapnifbzv.duckdns.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nDate: Fri, 18 Apr 2025 11:52:31 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d9fe46cfb43625\"\r\nLast-Modified: Sat, 14 Oct 2023 02:33:27 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\nX-Rate-Limit-Limit: 24h\r\nX-Rate-Limit-Remaining: 88\r\nX-Rate-Limit-Reset: 2025-04-19T11:33:39.1787898Z\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":933,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"fb8b9d9bf56c5251a14ad8cf217df902","sha1":"87852731aa55f66ce221f4d2379712c341f7bf00","sha256":"3074a00c33a6892ee549ced168872d8ffb9c78fe10f47cea0921aed8ac60d6ee","sha512":"45927a04ba337b7c9aadf9de7e21da9e72dec9cd7c4e459834899fed85e5740941f3b1466ba8ca01a1eb5db13f90b50583bec7db4d88ebe78f813c2ae3cb9616","ssdeep":"","tlshash":"2211564b8d02c146e2141d9a7f71f24c50c9dc1b16a0ed6838ef5535cf54b4c8c9ba2c","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.928286Z","times_seen":1903,"resource_available":true,"data":null}},"time_used":792,"timings":{"blocked":190,"dns":5,"connect":298,"send":0,"wait":291,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:31Z","timestamp":1744977151,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51200,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:31.520000+0000\",\"flow_id\":1711648569992896,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51200,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":514,\"bytes_toclient\":504,\"start\":\"2025-04-18T11:52:30.894656+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:32Z","timestamp":1744977152,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51214,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:32.955856+0000\",\"flow_id\":2027358731146093,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51214,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":634,\"bytes_toclient\":504,\"start\":\"2025-04-18T11:52:32.365421+0000\"}}"}],"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2025-04-17","alert":"Apple Inc.","trigger":"daapnifbzv.duckdns.org/en/","verdict":"phishing","severity":"medium","comment":"Apple Inc.","link":"https://openphish.com","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"daapnifbzv.duckdns.org/en/assets/card.css","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"","requested_by":"http://daapnifbzv.duckdns.org/en/","date":"2025-04-18T11:52:33.253Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /en/assets/card.css HTTP/1.1\r\nHost: daapnifbzv.duckdns.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://daapnifbzv.duckdns.org/en/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/css\r\nDate: Fri, 18 Apr 2025 11:52:32 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d7d7f36c04bfc4\"\r\nLast-Modified: Fri, 12 Nov 2021 18:30:52 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27076,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (27071)","md5":"8c10638062fc10e7800b5f041d66cbe1","sha1":"94a8f282dc29814af277016d8741fc857b49304d","sha256":"96712b90b0eb91764af520996a42c0bff93e823e5e825e2544d1ef4723d625d3","sha512":"190330f2f4cb1c230618a98960c3d60bfd8ebb762a229d62f9c24dd0d162d1fa19eee7ec4d0b845edbbf50e9bd0199aae84d2bca9057e08a5701ab2abec66a7d","ssdeep":"192:oeXBhpkkhRXBhnpXBh6u4PXBhpkkhRXBhnpXBhgu4aajLZ3TPHD59A3G3yjHin33:nl3vekiKb75IKKghPnn5Jejcjhtjp","tlshash":"1fc2a829d042d1bde233ca5765c7a7ee757cc613a643196df663308eae433ce91a820d","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.929905Z","times_seen":2100,"resource_available":false,"data":null}},"time_used":859,"timings":{"blocked":275,"dns":2,"connect":290,"send":0,"wait":289,"receive":3,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51254,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.815619+0000\",\"flow_id\":1742903047200774,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51254,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/assets/card.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":596,\"bytes_toclient\":400,\"start\":\"2025-04-18T11:52:33.237574+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"daapnifbzv.duckdns.org/en/styles.2b2408b28c6b13bb450e.css","fqdn":"daapnifbzv.duckdns.org","domain":"daapnifbzv.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"","requested_by":"http://daapnifbzv.duckdns.org/en/","date":"2025-04-18T11:52:33.255Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /en/styles.2b2408b28c6b13bb450e.css HTTP/1.1\r\nHost: daapnifbzv.duckdns.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://daapnifbzv.duckdns.org/en/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/css\r\nDate: Fri, 18 Apr 2025 11:52:32 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d9fe46cde87d4f\"\r\nLast-Modified: Sat, 14 Oct 2023 02:33:24 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":134991,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"c739cee2deb86082090e380beec5b7a0","sha1":"f54b118cf0b048e09c70ad1ecf661a21b1a47406","sha256":"0697729b655b3fadc015ce16eecd8cbd3b48a9e34e3c2a3e8b6ad0f8053887d2","sha512":"fbc598084815add336917f2ce627dbc8b27efe5d00b0173cb1c19a912b3e0a43eff9c45b184db437795ed0e19bc54b8035da3d45fabb2764911f476a760a3624","ssdeep":"768:uBNxxmV/5rcEO2Ep5z0rXznwh4lmCynNMP7SE81g6q6YaRPHcut3o2w05zps:2e5rcEO/p5zSnSgVYPcue2l5zy","tlshash":"04d3a4391911221d763be533a8d0674e21edc186f5332dbfb6855218cb8aec463b7ec9","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.931057Z","times_seen":2144,"resource_available":false,"data":null}},"time_used":1151,"timings":{"blocked":273,"dns":3,"connect":290,"send":0,"wait":293,"receive":291,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-04-18T11:52:33Z","timestamp":1744977153,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.32","port":51246,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-04-18T11:52:33.817939+0000\",\"flow_id\":673542089842338,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":51246,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"daapnifbzv.duckdns.org\",\"url\":\"/en/styles.2b2408b28c6b13bb450e.css\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://daapnifbzv.duckdns.org/en/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":612,\"bytes_toclient\":400,\"start\":\"2025-04-18T11:52:33.237218+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-18","alert":"Sinkholed","trigger":"daapnifbzv.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}