{"report_id":"71f9c8e4-6e45-4446-a032-5df2e917e7e7","version":6,"status":"done","tags":["dyndns"],"date":"2026-03-03T03:01:34Z","url":{"schema":"http","addr":"mhjjh.dynv6.net/","fqdn":"mhjjh.dynv6.net","domain":"mhjjh.dynv6.net","tld":"dynv6.net"},"ip":{"addr":"118.194.249.109","port":0,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"final":{"url":{"schema":"http","addr":"mhjjh.dynv6.net/","fqdn":"mhjjh.dynv6.net","domain":"mhjjh.dynv6.net","tld":"dynv6.net"},"title":"mhjjh.dynv6.net/","dom":{"size":54,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"c04e3c09e3175a6dd231aa178d5ef509","sha1":"905b4a5f1f8a68eae75224396f076b4d7e8848d6","sha256":"a926d991aeff40ede9a0c08311cbd873a8c3eea73799a0f1d113d6275e18ac8a","sha512":"1a8a32a07d58157e015a29cda131bd27b645f7cb390f61e198b90fbd4774178273c25b3d63ae2bf85569750a954b6775900e5e68b756db84b6c708fa57d7e403","ssdeep":"","tlshash":"a99002f990d100455c203d8d1dc116455c286295200549042581b4fcc4086598a521c4","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mhjjh.dynv6.net/","fqdn":"mhjjh.dynv6.net","domain":"mhjjh.dynv6.net","tld":"dynv6.net"},"ip":{"addr":"118.194.249.109","port":0,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-07T03:01:34Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":2,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T03:01:13Z","timestamp":1772506873,"ip_dst":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":37182,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.dynv6 .net Domain","source":"{\"timestamp\":\"2026-03-03T03:01:13.861761+0000\",\"flow_id\":1899306730245882,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":37182,\"dest_ip\":\"118.194.249.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042838,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.dynv6 .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"mhjjh.dynv6.net\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":672,\"bytes_toclient\":409,\"start\":\"2026-03-03T03:01:13.315130+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T03:01:14Z","timestamp":1772506874,"ip_dst":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":37194,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.dynv6 .net Domain","source":"{\"timestamp\":\"2026-03-03T03:01:14.217426+0000\",\"flow_id\":522174858896478,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":37194,\"dest_ip\":\"118.194.249.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042838,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.dynv6 .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"mhjjh.dynv6.net\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://mhjjh.dynv6.net/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":301},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":627,\"bytes_toclient\":682,\"start\":\"2026-03-03T03:01:13.566366+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-03","alert":"Phishing Block","trigger":"mhjjh.dynv6.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"mhjjh.dynv6.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"summary":[{"fqdn":"mhjjh.dynv6.net","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2014-10-24","domain_rank":0,"first_seen":"2026-03-03T03:01:34.850677Z","last_seen":"2026-03-03T03:01:34.850677Z","alert_count":12,"request_count":3,"received_data":811,"sent_data":1239,"comment":"","tags":null,"fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"OpenSSL:3.1.3","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]},{"name":"Apache HTTP Server:2.4.58","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"mhjjh.dynv6.net/","fqdn":"mhjjh.dynv6.net","domain":"mhjjh.dynv6.net","tld":"dynv6.net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T03:01:12.531Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: mhjjh.dynv6.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T21:20:15.219421Z","times_seen":14295486,"resource_available":true,"data":null}},"time_used":527,"timings":{"blocked":527,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T03:01:13Z","timestamp":1772506873,"ip_dst":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.34","port":37182,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.dynv6 .net Domain","source":"{\"timestamp\":\"2026-03-03T03:01:13.861761+0000\",\"flow_id\":1899306730245882,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":37182,\"dest_ip\":\"118.194.249.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042838,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.dynv6 .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"mhjjh.dynv6.net\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":672,\"bytes_toclient\":409,\"start\":\"2026-03-03T03:01:13.315130+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-03","alert":"Phishing Block","trigger":"mhjjh.dynv6.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"mhjjh.dynv6.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"mhjjh.dynv6.net/","fqdn":"mhjjh.dynv6.net","domain":"mhjjh.dynv6.net","tld":"dynv6.net"},"ip":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T03:01:13.315Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: mhjjh.dynv6.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 03 Mar 2026 03:01:13 GMT\r\nServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12\r\nX-Powered-By: PHP/8.2.12\r\nContent-Length: 15\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"OpenSSL:3.1.3","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]},{"name":"Apache HTTP Server:2.4.58","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":15,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"55bb6a6ce01aba5e2540c67d766fb8f8","sha1":"32a4fd9837338a46a5cdc1bfe3149fbec30fed69","sha256":"e5bd74ceee37fce5805dfdd7dd38df39411f4997fdcc7ab223b0589840111669","sha512":"a26fde7c9d73ebc8a408b125aed494a37bacf630f60168375beeff2b11431441dd388de2b10b6679053721ec2417556c4857b0d45de0df38dd23ad7b56e49873","ssdeep":"","tlshash":"1360000000c000c00c000c0f03000c00fc3c30c3000c00003000c0fcc00cfc003300c0","first_seen":"2024-08-19T20:32:23.828023Z","last_seen":"2026-04-23T13:13:10.145379Z","times_seen":89,"resource_available":true,"data":null}},"time_used":819,"timings":{"blocked":272,"dns":0,"connect":272,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T03:01:13Z","timestamp":1772506873,"ip_dst":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.34","port":37182,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.dynv6 .net Domain","source":"{\"timestamp\":\"2026-03-03T03:01:13.861761+0000\",\"flow_id\":1899306730245882,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":37182,\"dest_ip\":\"118.194.249.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042838,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.dynv6 .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"mhjjh.dynv6.net\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":672,\"bytes_toclient\":409,\"start\":\"2026-03-03T03:01:13.315130+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-03","alert":"Phishing Block","trigger":"mhjjh.dynv6.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"mhjjh.dynv6.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"mhjjh.dynv6.net/favicon.ico","fqdn":"mhjjh.dynv6.net","domain":"mhjjh.dynv6.net","tld":"dynv6.net"},"ip":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://mhjjh.dynv6.net/","date":"2026-03-03T03:01:13.936Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mhjjh.dynv6.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://mhjjh.dynv6.net/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 03 Mar 2026 03:01:14 GMT\r\nServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12\r\nContent-Length: 301\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server:2.4.58","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"OpenSSL:3.1.3","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":301,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"d2ccf920ca490e8f1461049eb20f573f","sha1":"4b9e36d3bed893b1a2fb74b09f717213101d2513","sha256":"fab657c46ecf5f5d3627df8cb041869dac131f22376de27028f9eecdfab07e2e","sha512":"717b2ff5817de857b1d244d5048a07221f4760bcf8bbf0fe118340946a63ce3e3b37146fe71b8df5a8254695390e6ac6145e30c606a07f0182e3bb762c3e2458","ssdeep":"","tlshash":"7de07d5d504333c70801159039c212a1124816f5707983e86d85d447525483dcd8728d","first_seen":"2026-03-03T03:01:36.549609Z","last_seen":"2026-03-04T08:51:40.361777Z","times_seen":2,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T03:01:14Z","timestamp":1772506874,"ip_dst":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.34","port":37194,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.dynv6 .net Domain","source":"{\"timestamp\":\"2026-03-03T03:01:14.217426+0000\",\"flow_id\":522174858896478,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":37194,\"dest_ip\":\"118.194.249.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042838,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.dynv6 .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"mhjjh.dynv6.net\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://mhjjh.dynv6.net/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":301},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":627,\"bytes_toclient\":682,\"start\":\"2026-03-03T03:01:13.566366+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-03","alert":"Phishing Block","trigger":"mhjjh.dynv6.net","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-03","alert":"Sinkholed","trigger":"mhjjh.dynv6.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}