{"report_id":"4cb55742-8813-487a-b467-d984d61cdb88","version":6,"status":"done","tags":["dyndns"],"date":"2023-11-02T14:15:28Z","url":{"schema":"http","addr":"uspsmail95km09t3.ddns.net/a523583c2d546e5c9192e8f205ee3492/?token=aa49c2708631d3b724a8899094cc91004b3ff174b9efbe6d6d458c901df171281b5a5e76365bec6dcd39fceb4bde132cf1531972654cb1f0e150f8af888055cb../index.php../index.php../index.php../index.php","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"title":"USPS - Offer"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T16:17:09Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"uspsmail95km09t3.ddns.net","ip":{"addr":"157.245.90.85","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":19,"request_count":13,"received_data":42050,"sent_data":7558,"comment":"","tags":null,"fingerprints":null},{"fqdn":"maps.googleapis.com","ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":33876,"first_seen":"2019-10-17 17:56:16","last_seen":"2023-11-02 13:41:57","alert_count":0,"request_count":2,"received_data":84236,"sent_data":902,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.siteground.com","ip":{"addr":"34.149.40.93","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2004-03-22","domain_rank":291195,"first_seen":"2017-01-30 08:53:08","last_seen":"2023-10-31 15:18:15","alert_count":0,"request_count":1,"received_data":929,"sent_data":351,"comment":"","tags":null,"fingerprints":null},{"fqdn":"devilsms.live","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2021-09-16","domain_rank":0,"first_seen":"2022-06-09 23:23:15","last_seen":"2023-10-23 20:43:39","alert_count":1,"request_count":1,"received_data":0,"sent_data":433,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:12Z","timestamp":1698934512,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60173,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:12.658575+0000\",\"flow_id\":2042801050094735,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":60173,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":4423,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:12.658575+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:12Z","timestamp":1698934512,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36359,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:12.658778+0000\",\"flow_id\":1560940079222106,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":36359,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":31595,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:12.658778+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:12Z","timestamp":1698934512,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":43092,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:12.710116+0000\",\"flow_id\":1924363031991780,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":43092,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":40247,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:12.710116+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:15Z","timestamp":1698934515,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":55269,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:15.188498+0000\",\"flow_id\":1382896505184338,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":55269,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":27430,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:15.188498+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:15Z","timestamp":1698934515,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":35070,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:15.658629+0000\",\"flow_id\":1979755225353413,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":35070,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":45080,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:15.658629+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:16Z","timestamp":1698934516,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60958,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:16.249199+0000\",\"flow_id\":2192557970083183,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":60958,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":55031,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:16.249199+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:16Z","timestamp":1698934516,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59670,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:16.350861+0000\",\"flow_id\":1379928682814093,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":59670,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":2927,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:16.350861+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:17Z","timestamp":1698934517,"ip_dst":{"addr":"157.245.90.85","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":55622,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2023-11-02T14:15:17.220633+0000\",\"flow_id\":1853100934762323,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":55622,\"dest_ip\":\"157.245.90.85\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_14\"]}},\"http\":{\"hostname\":\"uspsmail95km09t3.ddns.net\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"f9b7e20e8c07d239edfc72d8a4b6fd22?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820\",\"length\":10},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":552,\"bytes_toclient\":770,\"start\":\"2023-11-02T14:15:15.659283+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:17Z","timestamp":1698934517,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46198,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:17.224811+0000\",\"flow_id\":452391840607787,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":46198,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":20252,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:17.224811+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:17Z","timestamp":1698934517,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":46577,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:17.324397+0000\",\"flow_id\":795362155591552,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":46577,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":61062,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":2}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":1,\"bytes_toserver\":191,\"bytes_toclient\":206,\"start\":\"2023-11-02T14:14:24.751488+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:17Z","timestamp":1698934517,"ip_dst":{"addr":"157.245.90.85","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":55622,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2023-11-02T14:15:17.324223+0000\",\"flow_id\":1853100934762323,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":55622,\"dest_ip\":\"157.245.90.85\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_14\"]}},\"http\":{\"hostname\":\"uspsmail95km09t3.ddns.net\",\"url\":\"/f9b7e20e8c07d239edfc72d8a4b6fd22?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"http://uspsmail95km09t3.ddns.net/f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820\",\"length\":409},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1579,\"bytes_toclient\":1732,\"start\":\"2023-11-02T14:15:15.659283+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:17Z","timestamp":1698934517,"ip_dst":{"addr":"157.245.90.85","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":55622,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2023-11-02T14:15:17.642758+0000\",\"flow_id\":1853100934762323,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":55622,\"dest_ip\":\"157.245.90.85\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_14\"]}},\"http\":{\"hostname\":\"uspsmail95km09t3.ddns.net\",\"url\":\"/f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"../index.php\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":1645,\"bytes_toclient\":2251,\"start\":\"2023-11-02T14:15:15.659283+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:17Z","timestamp":1698934517,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":41121,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:17.890925+0000\",\"flow_id\":2142813658912813,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":41121,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":61627,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:17.890925+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:17Z","timestamp":1698934517,"ip_dst":{"addr":"Client IP","port":55622,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"157.245.90.85","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing","source":"{\"timestamp\":\"2023-11-02T14:15:17.994388+0000\",\"flow_id\":1853100934762323,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"157.245.90.85\",\"src_port\":80,\"dest_ip\":\"10.70.215.190\",\"dest_port\":55622,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2820835,\"rev\":4,\"signature\":\"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2016_06_22\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"HUNTING\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_12_22\"]}},\"http\":{\"hostname\":\"uspsmail95km09t3.ddns.net\",\"url\":\"/f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"../index.php\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":2000,\"bytes_toclient\":2317,\"start\":\"2023-11-02T14:15:15.659283+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:18Z","timestamp":1698934518,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47716,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:18.058162+0000\",\"flow_id\":945591525237554,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":47716,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":61822,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:18.058162+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:18Z","timestamp":1698934518,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":55711,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:18.060060+0000\",\"flow_id\":445567137671836,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":55711,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":35855,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:18.060060+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:18Z","timestamp":1698934518,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44548,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:18.068005+0000\",\"flow_id\":972319106664869,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":44548,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":31410,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:18.068005+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:18Z","timestamp":1698934518,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42375,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:18.426511+0000\",\"flow_id\":673273418777103,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":42375,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":28697,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:18.426511+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:18Z","timestamp":1698934518,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47764,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET POLICY DNS Query to DynDNS Domain *.ddns .net","source":"{\"timestamp\":\"2023-11-02T14:15:18.428317+0000\",\"flow_id\":1604907659856157,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":47764,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2028675,\"rev\":2,\"signature\":\"ET POLICY DNS Query to DynDNS Domain *.ddns .net\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_10_12\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"POLICY\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2019_10_12\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":20211,\"rrname\":\"uspsmail95km09t3.ddns.net\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":96,\"bytes_toclient\":0,\"start\":\"2023-11-02T14:15:18.428317+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:20Z","timestamp":1698934520,"ip_dst":{"addr":"157.245.90.85","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":55622,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2023-11-02T14:15:20.183702+0000\",\"flow_id\":1853100934762323,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":55622,\"dest_ip\":\"157.245.90.85\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_14\"]}},\"http\":{\"hostname\":\"uspsmail95km09t3.ddns.net\",\"url\":\"/index.php\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://www.siteground.com\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":2066,\"bytes_toclient\":2784,\"start\":\"2023-11-02T14:15:15.659283+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-02","alert":"Sinkholed","trigger":"devilsms.live","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/common.js","fqdn":"maps.googleapis.com","domain":"maps.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2005cff13e09393e76f625c7c3e6d0b7","sha1":"47d240c168d611f38c102cf2b6320ea582e69e46","sha256":"50c76b6340f567a536017cdf52bef65fdbbec4d637253e823543059ac68c2fd1","sha512":"b7122caa3f4501f20c507addf63dc80c49f42dc7f3e28180db2a495d8b931ee2acd55517cd7a856402e2330975070a16c5cc49b5e36e1e5b57d58f6d31db5032","ssdeep":"1536:Nj2K0IVivAXiR1TtgigxMPZe0N+A//hMOhWv5iZqkQzV39NEkle8h:DVGAXmWiwo+A//hMOh85QqkQl9N95h","tlshash":"2273c59d725275a69317f0b9123f000ab13a64adf4484dacb24cd9e29ef585d02bbf7c","size":77983,"data":"","first_seen":"2023-03-07T13:02:45Z","last_seen":"2026-02-12T07:32:12.530746Z","times_seen":53,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/util.js","fqdn":"maps.googleapis.com","domain":"maps.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"16b73dc0de9683fb153b38cf6b5a6e6d","sha1":"22261377b57577dcd8046a8970ef5c80aefdf5dc","sha256":"d9f2fabff1b5fdcf2833cdcca025f1ec73c4889c41410e8a018cb1a84bb6ac79","sha512":"1a7e0c0b5f44faf69fe8368b24ae68b95d0839a285785cf7b5a805837425da75e2b89e2f3d50624cc6eca540dde0bea983bed5c29581d2c3f1e11d74502bdf05","ssdeep":"3072:lfTnZQ5U/ay5v5b681Czm83dsFkP3T+jq:lfaMayV5b68EfNskP3T+jq","tlshash":"43e32aa8724270a98277f5f6053f104aa53e985af8054c7cb288d9e1ddf8c9d11bbf78","size":146194,"data":"","first_seen":"2023-03-07T13:02:45Z","last_seen":"2026-02-12T07:32:12.522809Z","times_seen":53,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"bcc09075b1751dac2dd0df99783c78a3","sha1":"4d730f4032ac21b115905910d2853eb7249d563a","sha256":"96c875d292aaab9b960846cc196f292b70f8ee3c8e557470a95e9eccbb76b2bc","sha512":"12cbe195b1efe8c793d0b0d259f644f3ea03fe0e85e47ed849454cf2f02f6e59d8bd2d403e871c93e1ce145826b5dc588d23785a983d3afb232ac63227326ff1","ssdeep":"","tlshash":"2bf05976a1522830476635a96046468ee8b008200a1dd7d1c81c64f22c70b3df077b98","size":478,"data":"","first_seen":"2023-03-07T13:02:45Z","last_seen":"2024-11-07T10:09:02.591779Z","times_seen":46,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/a523583c2d546e5c9192e8f205ee3492/?token=aa49c2708631d3b724a8899094cc91004b3ff174b9efbe6d6d458c901df171281b5a5e76365bec6dcd39fceb4bde132cf1531972654cb1f0e150f8af888055cb../index.php../index.php../index.php../index.php","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-02T14:15:12.713Z","timestamp":1698934512713,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET /a523583c2d546e5c9192e8f205ee3492/?token=aa49c2708631d3b724a8899094cc91004b3ff174b9efbe6d6d458c901df171281b5a5e76365bec6dcd39fceb4bde132cf1531972654cb1f0e150f8af888055cb../index.php../index.php../index.php../index.php HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Thu, 02 Nov 2023 14:15:12 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2; path=/\r\nLocation: ../index.php\r\nContent-Length: 0\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T18:59:10.993715Z","times_seen":15181510,"resource_available":true,"data":null}},"time_used":2675,"timings":{"blocked":203,"dns":1,"connect":97,"send":0,"wait":2267,"receive":0,"ssl":105},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/index.php","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-02T14:15:15.190Z","timestamp":1698934515190,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET /index.php HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Thu, 02 Nov 2023 14:15:14 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nLocation: e61fc31aed34e22c90e8bc9865670b8a?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":2,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text","md5":"d784fa8b6d98d27699781bd9a7cf19f0","sha1":"dd122581c8cd44d0227f9c305581ffcb4b6f1b46","sha256":"e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700","sha512":"f8aca02e28996a586f535eed5de9f4533b8b2910762f524459f6fae6fb3f8f7540db5f2c809c1c07167a95b33f6f3f85589af99182e2d2bf93f964de169dd4c0","ssdeep":"","tlshash":"c710000000000000000000300000000000000000000000000000003000000000000000","first_seen":"2023-03-07T01:32:15Z","last_seen":"2026-05-14T12:33:22.995126Z","times_seen":2479,"resource_available":true,"data":null}},"time_used":1053,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1053,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:20Z","timestamp":1698934520,"ip_dst":{"addr":"157.245.90.85","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.190","port":55622,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2023-11-02T14:15:20.183702+0000\",\"flow_id\":1853100934762323,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":55622,\"dest_ip\":\"157.245.90.85\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_14\"]}},\"http\":{\"hostname\":\"uspsmail95km09t3.ddns.net\",\"url\":\"/index.php\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://www.siteground.com\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":2066,\"bytes_toclient\":2784,\"start\":\"2023-11-02T14:15:15.659283+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-02T14:15:16.250Z","timestamp":1698934516250,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET /e61fc31aed34e22c90e8bc9865670b8a?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15 HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Thu, 02 Nov 2023 14:15:15 GMT\r\nServer: Apache\r\nLocation: https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15\r\nContent-Length: 410\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":410,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"577297708e628188924e0c684389ee35","sha1":"68ced06a37d94d59db97ab753224b187f859e7e8","sha256":"3915f07c6e4291e631ebe82f15a09a031e1ca597c8dc064243d15ead1c75b2b1","sha512":"58989ba52d06146449cea9fe58a37c856b66178e4537c7126fab859cde440c12802718b8fb687374767102e34a226eb245120d000b0ec8c0a5476845880d01b6","ssdeep":"","tlshash":"21e0abde72d232e0b8133b0528803066a46b1066a6d16afe25e214c8c975472bb4a1da","first_seen":"2023-11-02T15:15:35Z","last_seen":"2023-11-02T15:15:35Z","times_seen":1,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-11-02T14:15:17.225977608Z","timestamp":1698934517225,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Thu, 02 Nov 2023 14:15:14 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: PHPSESSID=ed8e2927d037f6cf07ace9ac4f333611; path=/\r\nLocation: f9b7e20e8c07d239edfc72d8a4b6fd22?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"d784fa8b6d98d27699781bd9a7cf19f0","sha1":"dd122581c8cd44d0227f9c305581ffcb4b6f1b46","sha256":"e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700","sha512":"f8aca02e28996a586f535eed5de9f4533b8b2910762f524459f6fae6fb3f8f7540db5f2c809c1c07167a95b33f6f3f85589af99182e2d2bf93f964de169dd4c0","ssdeep":"","tlshash":"c710000000000000000000300000000000000000000000000000003000000000000000","first_seen":"2023-03-07T01:32:15Z","last_seen":"2026-05-14T12:33:22.995126Z","times_seen":2479,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:17Z","timestamp":1698934517,"ip_dst":{"addr":"157.245.90.85","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.190","port":55622,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2023-11-02T14:15:17.220633+0000\",\"flow_id\":1853100934762323,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":55622,\"dest_ip\":\"157.245.90.85\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_14\"]}},\"http\":{\"hostname\":\"uspsmail95km09t3.ddns.net\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"f9b7e20e8c07d239edfc72d8a4b6fd22?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820\",\"length\":10},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":552,\"bytes_toclient\":770,\"start\":\"2023-11-02T14:15:15.659283+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/f9b7e20e8c07d239edfc72d8a4b6fd22?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-11-02T14:15:17.324604806Z","timestamp":1698934517324,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET /f9b7e20e8c07d239edfc72d8a4b6fd22?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820 HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Thu, 02 Nov 2023 14:15:16 GMT\r\nServer: Apache\r\nLocation: http://uspsmail95km09t3.ddns.net/f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820\r\nContent-Length: 409\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":409,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"ea046c137b2371134f6d8d1e75b09330","sha1":"7346d5d7fb1cfabae70b9ea30c60b050a350fd3a","sha256":"5afd247b31649d682ad57b2d87b7e0bf59e0748aaa46d79f1ab4a0d47515f972","sha512":"7631c9d8af3d3e00c5dcf4d5dc36bdc0785331e6472538c85e96af4a6ecc8b05b12d43ff0983f4503edae4a9af25ee3c0ee8198b197c44aeaff1ac75170aab4e","ssdeep":"","tlshash":"a2e0f1fc068311e06d772f10b5c4019611ed40b0168a6cff65aa39c5c49a4f5da6b4ec","first_seen":"2023-11-02T15:15:35Z","last_seen":"2023-11-02T15:15:35Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:17Z","timestamp":1698934517,"ip_dst":{"addr":"157.245.90.85","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.190","port":55622,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2023-11-02T14:15:17.324223+0000\",\"flow_id\":1853100934762323,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":55622,\"dest_ip\":\"157.245.90.85\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_14\"]}},\"http\":{\"hostname\":\"uspsmail95km09t3.ddns.net\",\"url\":\"/f9b7e20e8c07d239edfc72d8a4b6fd22?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"http://uspsmail95km09t3.ddns.net/f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820\",\"length\":409},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1579,\"bytes_toclient\":1732,\"start\":\"2023-11-02T14:15:15.659283+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-11-02T14:15:17.595914188Z","timestamp":1698934517595,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET /f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820 HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Thu, 02 Nov 2023 14:15:16 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: PHPSESSID=03651bb867001fcbd894798c19e3ab1a; path=/\r\nLocation: ../index.php\r\nContent-Length: 0\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T18:59:10.993715Z","times_seen":15181510,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:17Z","timestamp":1698934517,"ip_dst":{"addr":"157.245.90.85","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.190","port":55622,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2023-11-02T14:15:17.642758+0000\",\"flow_id\":1853100934762323,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":55622,\"dest_ip\":\"157.245.90.85\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_14\"]}},\"http\":{\"hostname\":\"uspsmail95km09t3.ddns.net\",\"url\":\"/f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"../index.php\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":7,\"bytes_toserver\":1645,\"bytes_toclient\":2251,\"start\":\"2023-11-02T14:15:15.659283+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:17Z","timestamp":1698934517,"ip_dst":{"addr":"10.70.215.190","port":55622,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"157.245.90.85","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"severity":"high","alert":"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing","source":"{\"timestamp\":\"2023-11-02T14:15:17.994388+0000\",\"flow_id\":1853100934762323,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"157.245.90.85\",\"src_port\":80,\"dest_ip\":\"10.70.215.190\",\"dest_port\":55622,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2820835,\"rev\":4,\"signature\":\"ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2016_06_22\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"HUNTING\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_12_22\"]}},\"http\":{\"hostname\":\"uspsmail95km09t3.ddns.net\",\"url\":\"/f9b7e20e8c07d239edfc72d8a4b6fd22/?token=59561dac3c5c7115e2153a7183ab96b3c784915c9ce80d740af3e10d1c4a05330533b61ea0caa2f0732b687b1e90238bf33b65617034e92ec851662f647da820\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"../index.php\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":8,\"bytes_toserver\":2000,\"bytes_toclient\":2317,\"start\":\"2023-11-02T14:15:15.659283+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-02T14:15:16.351Z","timestamp":1698934516351,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET /e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15 HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 02 Nov 2023 14:15:15 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11960,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- assembler source, Unicode text, UTF-8 text, with very long lines (420)","md5":"2dd964028673f3b183bea4abde962de3","sha1":"22be0aef32770e8b6b02fbc93413cc4bf1c5ab6a","sha256":"0b43d1a94443b09e1eaf4e2b765ba5ebc63505269c88b4ad5a74a698c0c41073","sha512":"109260ebd88a9213ed6ee16812ba70dab8c5f51e18203c1b94a19c7024aa23343889216a81c04cdea684711f3e5b76f9f2607c3d1533e09b5484a6c94fc559b1","ssdeep":"96:GquG1GJoC1VW6tdSIDEepFZoC4kmy1WfD4h9HDs2MhhQY1ABfRnhTIyW8P8PetxG:GjU67S+EeoMKD4hDWhQCyjG80V","tlshash":"2d32969384f1497a026299b63eebb64e9fa05453c54a2d8074ac33c82fd7e51cd8336f","first_seen":"2023-11-02T15:15:35Z","last_seen":"2023-11-02T15:15:35Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1255,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":1246,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/util.js","fqdn":"maps.googleapis.com","domain":"maps.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15","date":"2023-11-02T14:15:18.079Z","timestamp":1698934518079,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 09 Oct 2023 08:10:33 GMT","end":"Mon, 01 Jan 2024 08:10:32 GMT"},"fingerprint":{"sha1":"87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64","sha256":"21:01:08:44:C6:23:40:DF:93:D5:D0:96:62:C1:54:CA:02:E7:1B:4F:7D:7C:D4:AD:8A:EF:50:19:D7:4E:08:4C"}}},"request":{"raw":"GET /maps-api-v3/api/js/38/11/intl/nl_ALL/util.js HTTP/1.1\r\nHost: maps.googleapis.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsmail95km09t3.ddns.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"maps-api-js\"\r\nreport-to: {\"group\":\"maps-api-js\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/maps-api-js\"}]}\r\ncontent-length: 53998\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 31 Oct 2023 14:38:56 GMT\r\nexpires: Wed, 30 Oct 2024 14:38:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 04 Nov 2019 22:32:04 GMT\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding, Origin\r\nage: 171381\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":53998,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with very long lines (3412)","md5":"16b73dc0de9683fb153b38cf6b5a6e6d","sha1":"22261377b57577dcd8046a8970ef5c80aefdf5dc","sha256":"d9f2fabff1b5fdcf2833cdcca025f1ec73c4889c41410e8a018cb1a84bb6ac79","sha512":"1a7e0c0b5f44faf69fe8368b24ae68b95d0839a285785cf7b5a805837425da75e2b89e2f3d50624cc6eca540dde0bea983bed5c29581d2c3f1e11d74502bdf05","ssdeep":"3072:lfTnZQ5U/ay5v5b681Czm83dsFkP3T+jq:lfaMayV5b68EfNskP3T+jq","tlshash":"43e32aa8724270a98277f5f6053f104aa53e985af8054c7cb288d9e1ddf8c9d11bbf78","first_seen":"2023-03-07T13:02:45Z","last_seen":"2026-02-12T07:32:12.522809Z","times_seen":53,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":22,"dns":1,"connect":8,"send":0,"wait":9,"receive":11,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maps.googleapis.com/maps-api-v3/api/js/38/11/intl/nl_ALL/common.js","fqdn":"maps.googleapis.com","domain":"maps.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15","date":"2023-11-02T14:15:18.075Z","timestamp":1698934518075,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 09 Oct 2023 08:10:33 GMT","end":"Mon, 01 Jan 2024 08:10:32 GMT"},"fingerprint":{"sha1":"87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64","sha256":"21:01:08:44:C6:23:40:DF:93:D5:D0:96:62:C1:54:CA:02:E7:1B:4F:7D:7C:D4:AD:8A:EF:50:19:D7:4E:08:4C"}}},"request":{"raw":"GET /maps-api-v3/api/js/38/11/intl/nl_ALL/common.js HTTP/1.1\r\nHost: maps.googleapis.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsmail95km09t3.ddns.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"maps-api-js\"\r\nreport-to: {\"group\":\"maps-api-js\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/maps-api-js\"}]}\r\ncontent-length: 28568\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Nov 2023 14:14:59 GMT\r\nexpires: Fri, 01 Nov 2024 14:14:59 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 04 Nov 2019 22:32:04 GMT\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding, Origin\r\nage: 18\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28568,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with very long lines (1601)","md5":"2005cff13e09393e76f625c7c3e6d0b7","sha1":"47d240c168d611f38c102cf2b6320ea582e69e46","sha256":"50c76b6340f567a536017cdf52bef65fdbbec4d637253e823543059ac68c2fd1","sha512":"b7122caa3f4501f20c507addf63dc80c49f42dc7f3e28180db2a495d8b931ee2acd55517cd7a856402e2330975070a16c5cc49b5e36e1e5b57d58f6d31db5032","ssdeep":"1536:Nj2K0IVivAXiR1TtgigxMPZe0N+A//hMOhWv5iZqkQzV39NEkle8h:DVGAXmWiwo+A//hMOh85QqkQl9N95h","tlshash":"2273c59d725275a69317f0b9123f000ab13a64adf4484dacb24cd9e29ef585d02bbf7c","first_seen":"2023-03-07T13:02:45Z","last_seen":"2026-02-12T07:32:12.530746Z","times_seen":53,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":28,"dns":6,"connect":7,"send":0,"wait":18,"receive":3,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/content/marktplaats/client.min.css","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15","date":"2023-11-02T14:15:18.071Z","timestamp":1698934518071,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET /content/marktplaats/client.min.css HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15\r\nCookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 02 Nov 2023 14:15:17 GMT\r\nServer: Apache\r\nContent-Length: 315\r\nKeep-Alive: timeout=5, max=96\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":315,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"a34ac19f4afae63adc5d2f7bc970c07f","sha1":"a82190fc530c265aa40a045c21770d967f4767b8","sha256":"d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3","sha512":"42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765","ssdeep":"","tlshash":"b0e0e75f41473347402252907dc110d1d505236b797161fd3d85b4ab501dc3dc99f7dc","first_seen":"2023-03-07T01:02:33Z","last_seen":"2026-05-14T19:01:33.403645Z","times_seen":145352,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/content/marktplaats/normalize.112272e5.css","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15","date":"2023-11-02T14:15:18.073Z","timestamp":1698934518073,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET /content/marktplaats/normalize.112272e5.css HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15\r\nCookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 02 Nov 2023 14:15:17 GMT\r\nServer: Apache\r\nContent-Length: 315\r\nKeep-Alive: timeout=5, max=95\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":315,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"a34ac19f4afae63adc5d2f7bc970c07f","sha1":"a82190fc530c265aa40a045c21770d967f4767b8","sha256":"d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3","sha512":"42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765","ssdeep":"","tlshash":"b0e0e75f41473347402252907dc110d1d505236b797161fd3d85b4ab501dc3dc99f7dc","first_seen":"2023-03-07T01:02:33Z","last_seen":"2026-05-14T19:01:33.403645Z","times_seen":145352,"resource_available":true,"data":null}},"time_used":183,"timings":{"blocked":85,"dns":0,"connect":0,"send":0,"wait":97,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/images/logo-mini-sb.png","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15","date":"2023-11-02T14:15:18.083Z","timestamp":1698934518083,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET /e61fc31aed34e22c90e8bc9865670b8a/images/logo-mini-sb.png HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15\r\nCookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 02 Nov 2023 14:15:17 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 02 Nov 2023 14:15:15 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 23625\r\nKeep-Alive: timeout=5, max=94\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23625,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 135 x 16, 8-bit/color RGBA, non-interlaced\\012- data","md5":"43707dd65a8c8ec7754b7b45fd483488","sha1":"f258a5de57dfa37baf13296da6055e8f8881d742","sha256":"585262db6911000f59795831f9db7bb41477bcafb135c82b51b0473363134fcf","sha512":"4f821dbcb766cfca452c7a1350e36231fbf82d2d62426e7309e56595813138aaec56daa0c28274a73972977e6d2026aba1ba8866cbdace5c6f5ac276e5664921","ssdeep":"","tlshash":"","first_seen":"2023-05-01T22:22:00Z","last_seen":"2025-10-30T01:12:08.805508Z","times_seen":84,"resource_available":false,"data":null}},"time_used":367,"timings":{"blocked":173,"dns":0,"connect":0,"send":0,"wait":97,"receive":97,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/content/marktplaats/favicon-192x192.png","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15","date":"2023-11-02T14:15:18.428Z","timestamp":1698934518428,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET /content/marktplaats/favicon-192x192.png HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15\r\nCookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 02 Nov 2023 14:15:17 GMT\r\nServer: Apache\r\nContent-Length: 315\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":315,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"a34ac19f4afae63adc5d2f7bc970c07f","sha1":"a82190fc530c265aa40a045c21770d967f4767b8","sha256":"d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3","sha512":"42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765","ssdeep":"","tlshash":"b0e0e75f41473347402252907dc110d1d505236b797161fd3d85b4ab501dc3dc99f7dc","first_seen":"2023-03-07T01:02:33Z","last_seen":"2026-05-14T19:01:33.403645Z","times_seen":145352,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/content/marktplaats/favicon.ico","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15","date":"2023-11-02T14:15:18.431Z","timestamp":1698934518431,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET /content/marktplaats/favicon.ico HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15\r\nCookie: PHPSESSID=24e43cc055314328dd74ba5cf2957db2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 02 Nov 2023 14:15:17 GMT\r\nServer: Apache\r\nContent-Length: 315\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":315,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"a34ac19f4afae63adc5d2f7bc970c07f","sha1":"a82190fc530c265aa40a045c21770d967f4767b8","sha256":"d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3","sha512":"42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765","ssdeep":"","tlshash":"b0e0e75f41473347402252907dc110d1d505236b797161fd3d85b4ab501dc3dc99f7dc","first_seen":"2023-03-07T01:02:33Z","last_seen":"2026-05-14T19:01:33.403645Z","times_seen":145352,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"uspsmail95km09t3.ddns.net/index.php","fqdn":"uspsmail95km09t3.ddns.net","domain":"uspsmail95km09t3.ddns.net","tld":"ddns.net"},"ip":{"addr":"157.245.90.85","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-02T14:15:15.190Z","timestamp":1698934515190,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uspsmail95km09t3.ddns.net","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Nov 2023 12:03:26 GMT","end":"Wed, 31 Jan 2024 12:03:25 GMT"},"fingerprint":{"sha1":"91:8A:69:96:96:66:0E:E9:DB:6A:6B:21:48:3C:3A:F3:BF:14:62:8E","sha256":"42:ED:96:4C:57:EF:09:F9:8D:51:5C:6C:BE:60:76:43:AB:1F:FD:E4:51:F9:D5:CC:03:CB:37:29:77:18:E3:77"}}},"request":{"raw":"GET /index.php HTTP/1.1\r\nHost: uspsmail95km09t3.ddns.net\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Thu, 02 Nov 2023 14:15:17 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: PHPSESSID=52833fbceeeeda8f15f101c49b70b5ec; path=/\r\nLocation: https://www.siteground.com\r\nContent-Length: 0\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T18:59:10.993715Z","times_seen":15181510,"resource_available":true,"data":null}},"time_used":1053,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1053,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-02T14:15:20Z","timestamp":1698934520,"ip_dst":{"addr":"157.245.90.85","port":80,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"ip_src":{"addr":"10.70.215.190","port":55622,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2023-11-02T14:15:20.183702+0000\",\"flow_id\":1853100934762323,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.190\",\"src_port\":55622,\"dest_ip\":\"157.245.90.85\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":3,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_14\"]}},\"http\":{\"hostname\":\"uspsmail95km09t3.ddns.net\",\"url\":\"/index.php\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"https://www.siteground.com\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":2066,\"bytes_toclient\":2784,\"start\":\"2023-11-02T14:15:15.659283+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"www.siteground.com/","fqdn":"www.siteground.com","domain":"siteground.com","tld":"com"},"ip":{"addr":"34.149.40.93","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-11-02T14:15:20.538604007Z","timestamp":1698934520538,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.siteground.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Thu, 02 Nov 2023 14:15:19 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nlocation: https://eu.siteground.com\r\nset-cookie: PHPSESSID=6669b90adb653a9533ff62b81579e09a; path=/; domain=.siteground.com; secure; HttpOnly\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nx-httpd-modphp: 1\r\nstrict-transport-security: max-age=31536000; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1\r\nx-frame-options: DENY\r\nx-server: 0, 0, 0\r\nhost-header: 192fc2e7e50945beb8231a492d6a8024, 192fc2e7e50945beb8231a492d6a8024, 192fc2e7e50945beb8231a492d6a8024\r\nx-proxy-cache: MISS, MISS, MISS\r\nx-proxy-cache-info: d302 NC:000000 UP:, d302 NC:000000 UP:, d302 NC:000000 UP:\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000, h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nage: 0\r\nvia: 1.1 google\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T18:59:10.993715Z","times_seen":15181510,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"devilsms.live/css/usps/main.css","fqdn":"devilsms.live","domain":"devilsms.live","tld":"live"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://uspsmail95km09t3.ddns.net/e61fc31aed34e22c90e8bc9865670b8a/?token=1483af1bc97f6252d7b9432e4f826639403d54624c4387abec7d2bea033efe456c84f55c031dae68fd42deb9f03ae62d7354be4e1b8b16d76a40b6fbe1af6d15","date":"2023-11-02T14:15:18.069Z","timestamp":1698934518069,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /css/usps/main.css HTTP/1.1\r\nHost: devilsms.live\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://uspsmail95km09t3.ddns.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-14T18:59:10.993715Z","times_seen":15181510,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-02","alert":"Sinkholed","trigger":"devilsms.live","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}