{"report_id":"68ce76a4-0c79-4d56-83fe-07680b33cbf0","version":6,"status":"done","tags":["dyndns"],"date":"2025-08-25T10:26:49Z","url":{"schema":"http","addr":"adhost5.zapto.org","fqdn":"adhost5.zapto.org","domain":"adhost5.zapto.org","tld":"zapto.org"},"ip":{"addr":"67.212.173.74","port":0,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"adhost5.zapto.org/","fqdn":"adhost5.zapto.org","domain":"adhost5.zapto.org","tld":"zapto.org"},"title":"404 Not Found"},"submit":{"url":{"schema":"http","addr":"adhost5.zapto.org","fqdn":"adhost5.zapto.org","domain":"adhost5.zapto.org","tld":"zapto.org"},"ip":{"addr":"67.212.173.74","port":0,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-29T10:26:49Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"summary":[{"fqdn":"adhost5.zapto.org","ip":{"addr":"67.212.173.74","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"domain_registered":"2001-08-10","domain_rank":0,"first_seen":"2025-08-25T10:26:49.785245Z","last_seen":"2025-08-25T10:26:49.785246Z","alert_count":3,"request_count":3,"received_data":3648,"sent_data":1413,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"app.monetizer.com","ip":{"addr":"69.175.50.226","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"domain_registered":"2004-03-03","domain_rank":2291072,"first_seen":"2017-02-09T03:28:47Z","last_seen":"2025-08-24T06:36:27.227061Z","alert_count":0,"request_count":1,"received_data":3203,"sent_data":449,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"adhost5.zapto.org/","fqdn":"adhost5.zapto.org","domain":"adhost5.zapto.org","tld":"zapto.org"},"ip":{"addr":"67.212.173.74","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-25T10:26:27.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adhost5.zapto.org","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Thu, 24 Jul 2025 20:18:28 GMT","end":"Wed, 22 Oct 2025 20:18:27 GMT"},"fingerprint":{"sha1":"6E:9C:38:A1:17:FF:26:C3:8B:76:46:85:D1:77:C8:E5:27:28:9C:3B","sha256":"D7:25:A3:9A:4D:AB:41:7B:0A:26:57:54:DA:4C:4D:F1:3F:3E:A6:6C:05:84:F7:59:3C:68:39:56:20:40:57:3D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: adhost5.zapto.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Mon, 25 Aug 2025 10:26:28 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\naccept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nalt-svc: h3=\":443\"; ma=604800; persist=1\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":553,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (553), with no line terminators","md5":"f6f4f0a23b4dab6627ddd0690bf4b24e","sha1":"9e2e175e98f08af276830f7c8431911392da7544","sha256":"92067bd8e54c663e28c1ee0e0d38e525adf0b6c9ef3174a7a5f5eefbbd848636","sha512":"558a0c85b8b8710c8bcce8efb18b83bc8a0ba68afae2cdde8c748d22171fe7d8f404c9079c6427d8332af259df5a87b59f1cbbff69c8c330b17d6b0bf5c67815","ssdeep":"","tlshash":"c5f08b5ec0861084716254d4f0c37bd49428028faea74eecbe7569a9ae871fa533a79c","first_seen":"2024-08-19T23:27:02.342485Z","last_seen":"2026-06-03T07:29:45.511574Z","times_seen":480,"resource_available":true,"data":null}},"time_used":551,"timings":{"blocked":224,"dns":1,"connect":103,"send":0,"wait":103,"receive":0,"ssl":115},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"adhost5.zapto.org/","fqdn":"adhost5.zapto.org","domain":"adhost5.zapto.org","tld":"zapto.org"},"ip":{"addr":"67.212.173.74","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-25T10:26:28.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adhost5.zapto.org","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Thu, 24 Jul 2025 20:18:28 GMT","end":"Wed, 22 Oct 2025 20:18:27 GMT"},"fingerprint":{"sha1":"6E:9C:38:A1:17:FF:26:C3:8B:76:46:85:D1:77:C8:E5:27:28:9C:3B","sha256":"D7:25:A3:9A:4D:AB:41:7B:0A:26:57:54:DA:4C:4D:F1:3F:3E:A6:6C:05:84:F7:59:3C:68:39:56:20:40:57:3D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: adhost5.zapto.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Mon, 25 Aug 2025 10:26:28 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\naccept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nalt-svc: h3=\":443\"; ma=604800; persist=1\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":553,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (553), with no line terminators","md5":"f6f4f0a23b4dab6627ddd0690bf4b24e","sha1":"9e2e175e98f08af276830f7c8431911392da7544","sha256":"92067bd8e54c663e28c1ee0e0d38e525adf0b6c9ef3174a7a5f5eefbbd848636","sha512":"558a0c85b8b8710c8bcce8efb18b83bc8a0ba68afae2cdde8c748d22171fe7d8f404c9079c6427d8332af259df5a87b59f1cbbff69c8c330b17d6b0bf5c67815","ssdeep":"","tlshash":"c5f08b5ec0861084716254d4f0c37bd49428028faea74eecbe7569a9ae871fa533a79c","first_seen":"2024-08-19T23:27:02.342485Z","last_seen":"2026-06-03T07:29:45.511574Z","times_seen":480,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"app.monetizer.com/images/monetizer.png","fqdn":"app.monetizer.com","domain":"monetizer.com","tld":"com"},"ip":{"addr":"69.175.50.226","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://adhost5.zapto.org/","date":"2025-08-25T10:26:28.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"monetizer.com","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Sun, 03 Aug 2025 13:01:47 GMT","end":"Sat, 01 Nov 2025 13:01:46 GMT"},"fingerprint":{"sha1":"BF:04:AB:B9:72:7C:50:1D:A5:3F:40:89:0A:F6:1C:D8:F6:FC:9B:52","sha256":"E3:2E:D4:95:3A:9B:0B:0A:CE:E7:D6:53:DF:4E:F1:6A:70:BA:48:32:ED:69:C2:CC:39:AE:24:06:C3:3F:6A:58"}}},"request":{"raw":"GET /images/monetizer.png HTTP/1.1\r\nHost: app.monetizer.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://adhost5.zapto.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 25 Aug 2025 10:26:28 GMT\r\ncontent-type: image/png\r\ncontent-length: 2763\r\nlast-modified: Thu, 14 Aug 2025 11:10:06 GMT\r\netag: \"689dc40e-acb\"\r\nexpires: Tue, 26 Aug 2025 10:26:28 GMT\r\ncache-control: max-age=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nalt-svc: h3=\":443\"; ma=604800; persist=1\r\nx-frame-options: SAMEORIGIN\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2763,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 149, 8-bit colormap, non-interlaced","md5":"03a4f7ed6a82302928cb627d8c4b7ba4","sha1":"ee1470782b782b0b1d7e59616fe5d476c2ac08b2","sha256":"a907a5abbd6b6e9435a8d503c6a9c05767fd296d59dd6e5fee73e6bc96a9f29c","sha512":"3435aaa7de7ca957c0661fac94fc2b72b35f2bcda15507d14bafa5b1ad9c753646e3beb9aab3d1c4140b9538332d70c73ef7e5a039a530273c98a60e3e5bedb4","ssdeep":"","tlshash":"e5511bde2e56fc6964a011f58bf5870348347eca2d60317300bd7cd2988e25c7e76698","first_seen":"2023-05-01T09:57:29Z","last_seen":"2026-06-03T07:29:45.512258Z","times_seen":554,"resource_available":false,"data":null}},"time_used":558,"timings":{"blocked":227,"dns":15,"connect":102,"send":0,"wait":101,"receive":0,"ssl":109},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"adhost5.zapto.org/favicon.ico","fqdn":"adhost5.zapto.org","domain":"adhost5.zapto.org","tld":"zapto.org"},"ip":{"addr":"67.212.173.74","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://adhost5.zapto.org/","date":"2025-08-25T10:26:28.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adhost5.zapto.org","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Thu, 24 Jul 2025 20:18:28 GMT","end":"Wed, 22 Oct 2025 20:18:27 GMT"},"fingerprint":{"sha1":"6E:9C:38:A1:17:FF:26:C3:8B:76:46:85:D1:77:C8:E5:27:28:9C:3B","sha256":"D7:25:A3:9A:4D:AB:41:7B:0A:26:57:54:DA:4C:4D:F1:3F:3E:A6:6C:05:84:F7:59:3C:68:39:56:20:40:57:3D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: adhost5.zapto.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://adhost5.zapto.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: nginx\r\ndate: Mon, 25 Aug 2025 10:26:28 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1150\r\nlast-modified: Fri, 11 Aug 2023 10:37:02 GMT\r\netag: \"64d60f4e-47e\"\r\nexpires: Tue, 26 Aug 2025 10:26:28 GMT\r\ncache-control: max-age=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nalt-svc: h3=\":443\"; ma=604800; persist=1\r\naccept-ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"91abe01116ab422c598e9c8af72cf4da","sha1":"0f2815fe8e067d48537ad168225ab4674271fa27","sha256":"b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc","sha512":"a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c","ssdeep":"","tlshash":"172122f879c64fb4c438be3f3c4a9ae5ea70aa35efa0831316030446d42dbfd0825595","first_seen":"2023-04-05T07:36:26Z","last_seen":"2026-06-03T08:23:02.941463Z","times_seen":5148,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}