{"report_id":"72a49a2e-7452-4129-8228-348e0c12715f","version":6,"status":"done","tags":[],"date":"2025-10-31T13:31:23Z","url":{"schema":"http","addr":"00010oo.wcomhost.com/","fqdn":"00010oo.wcomhost.com","domain":"wcomhost.com","tld":"com"},"ip":{"addr":"206.188.193.50","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"00010oo.wcomhost.com/","fqdn":"00010oo.wcomhost.com","domain":"wcomhost.com","tld":"com"},"title":"Bandwidth Overage","dom":{"size":2513,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"ee71ad81053dce1edb893e154212860c","sha1":"aac2426e81bf8d23bf3d87a8cff123f772e730a3","sha256":"5068cb4e18d900a050582bdfc875db78244dfdb5e72d7e84b97542445b9f1742","sha512":"213745d9b4b8f7384c54d33bf8f74346ec2e726ce00f3fb67c105d9c02f5d0a6aa21aefd77857c9fd0062d6f23bf16d4a7a208632d3a056041846712ba82924d","ssdeep":"","tlshash":"57517a08b5f4338eba250950eb517feb0ed9906b53530844b91e71bb1f884e6e8336ac","dom_hash":"domhash58e811eef4ca1394474034d6f65c82f0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":"PGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxoZWFkPgo8dGl0bGU+QmFuZHdpZHRoIE92ZXJhZ2U8L3RpdGxlPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xIj4KPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KPCEtLQouc3R5bGUxIHsKCWZvbnQtZmFtaWx5OiBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmOwoJZm9udC1zaXplOiAxMnB4Owp9Ci5zdHlsZTIgewoJZm9udC1mYW1pbHk6IEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7Cglmb250LXdlaWdodDogYm9sZDsKCWZvbnQtc2l6ZTogMTZweDsKfQotLT4KPC9zdHlsZT4KPC9oZWFkPgoKPGJvZHk+CjxwPiZuYnNwOzwvcD4KPHRhYmxlIHdpZHRoPSI3NjMiIGhlaWdodD0iMjUwIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiIGJvcmRlcj0iMCI+CiAgPHRib2R5Pjx0cj4KICAgIDx0ZCBjb2xzcGFuPSIyIj48dGFibGUgd2lkdGg9IjEwMCUiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIj4KICAgICAgPHRib2R5Pjx0cj4KICAgICAgICA8dGQgd2lkdGg9IjciIGJhY2tncm91bmQ9ImltYWdlcy9jb3JuZXItdG9wbGVmdC5naWYiPjxpbWcgc3JjPSJpbWFnZXMvc3BhY2VyLmdpZiIgd2lkdGg9IjciIGhlaWdodD0iMTAiPjwvdGQ+CiAgICAgICAgPHRkIHdpZHRoPSI3NTIiIGJhY2tncm91bmQ9ImltYWdlcy90b3AtYmFjay5naWYiPjxpbWcgc3JjPSJpbWFnZXMvc3BhY2VyLmdpZiIgd2lkdGg9IjEiIGhlaWdodD0iMSI+PC90ZD4KICAgICAgPC90cj4KICAgIDwvdGJvZHk+PC90YWJsZT48L3RkPgogICAgPHRkIHJvd3NwYW49IjUiIHdpZHRoPSIxIiBiZ2NvbG9yPSIjMDAwMDAwIj48aW1nIHNyYz0iaW1hZ2VzL3NwYWNlci5naWYiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvdGQ+CiAgPC90cj4KICA8dHI+CiAgICA8dGQgcm93c3Bhbj0iMyIgd2lkdGg9IjEiIGJnY29sb3I9IiMwMDAwMDAiPjxzcGFuIGNsYXNzPSJzdHlsZTIiPjxpbWcgc3JjPSJpbWFnZXMvc3BhY2VyLmdpZiIgd2lkdGg9IjEiIGhlaWdodD0iMSI+IDwvc3Bhbj4gPC90ZD4KICAgIDx0ZCB3aWR0aD0iNzYxIj4mbmJzcDs8L3RkPgogIDwvdHI+CiAgPHRyPgogICAgPHRkIGFsaWduPSJsZWZ0Ij48dGFibGUgd2lkdGg9IjEwMCUiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIj4KICAgICAgPHRib2R5Pjx0cj4KICAgICAgICA8dGQgd2lkdGg9IjUlIj4mbmJzcDs8L3RkPgogICAgICAgIDx0ZCB3aWR0aD0iOTUlIj48c3BhbiBjbGFzcz0ic3R5bGUyIj5UaGlzIHNpdGUgaGFzIGV4Y2VlZGVkIHRoZSBhbGxvdHRlZCBiYW5kd2lkdGguPC9zcGFuPjwvdGQ+CiAgICAgIDwvdHI+CiAgICAgIDx0cj4KICAgICAgICA8dGQ+Jm5ic3A7PC90ZD4KICAgICAgICA8dGQgaGVpZ2h0PSIyNSI+Jm5ic3A7PC90ZD4KICAgICAgPC90cj4KICAgICAgPHRyPgogICAgICAgIDx0ZD4mbmJzcDs8L3RkPgogICAgICAgIDx0ZD48c3BhbiBjbGFzcz0ic3R5bGUxIj48c3Ryb25nPkluZm9ybWF0aW9uIGZvciBzaXRlIG93bmVyczo8YnI+CiAgICAgICAgICAgICAgPGJyPgogICAgICAgIDwvc3Ryb25nPldlYiBob3N0aW5nIHBhY2thZ2VzIGhhdmUgZGlmZmVyZW50IG1vbnRobHkgYmFuZHdpZHRoIGFsbG93YW5jZXMuPGJyPgpJZiB5b3UgcmVxdWlyZSBhZGRpdGlvbmFsIGJhbmR3aWR0aCBvbiBhIHJlZ3VsYXIgYmFzaXMsIGEgZGlmZmVyZW50IHBhY2thZ2UgbWF5IGJlIG5lY2Vzc2FyeS4gPGJyPgo8YnI+ClRvIHVwZ3JhZGUgeW91ciBob3N0aW5nIHBhY2thZ2UsIDxhIGhyZWY9Imh0dHBzOi8vc3VwcG9ydC53ZWIuY29tIj5sb2cgaW4gdG8gU3VwcG9ydCBQb3J0YWw8L2E+Ljwvc3Bhbj48L3RkPgogICAgICA8L3RyPgogICAgICA8dHI+CiAgICAgICAgPHRkPiZuYnNwOzwvdGQ+CiAgICAgICAgPHRkPiZuYnNwOzwvdGQ+CiAgICAgIDwvdHI+CiAgICAgIDx0cj4KICAgICAgICA8dGQ+Jm5ic3A7PC90ZD4KICAgICAgICA8dGQ+Jm5ic3A7PC90ZD4KICAgICAgPC90cj4KICAgICAgPHRyPgogICAgICAgIDx0ZD4mbmJzcDs8L3RkPgogICAgICAgIDx0ZD4mbmJzcDs8L3RkPgogICAgICA8L3RyPgogICAgICA8dHI+CiAgICAgICAgPHRkPiZuYnNwOzwvdGQ+CiAgICAgICAgPHRkPjxzcGFuIGNsYXNzPSJzdHlsZTEiPjxhIGhyZWY9Imh0dHA6Ly93d3cud2ViLmNvbSI+SG9zdGVkIGJ5IFdlYi5jb208L2E+PC9zcGFuPi48L3RkPgogICAgICA8L3RyPgogICAgPC90Ym9keT48L3RhYmxlPjwvdGQ+CiAgPC90cj4KICA8dHI+CiAgICA8dGQ+Jm5ic3A7PC90ZD4KICA8L3RyPgogIDx0cj4KICAgIDx0ZCBjb2xzcGFuPSIyIiBoZWlnaHQ9IjEiIGJnY29sb3I9IiMwMDAwMDAiPjxpbWcgc3JjPSJpbWFnZXMvc3BhY2VyLmdpZiIgd2lkdGg9IjEiIGhlaWdodD0iMSI+PC90ZD4KICA8L3RyPgo8L3Rib2R5PjwvdGFibGU+CgoKPC9ib2R5PjwvaHRtbD4="}},"submit":{"url":{"schema":"http","addr":"00010oo.wcomhost.com/","fqdn":"00010oo.wcomhost.com","domain":"wcomhost.com","tld":"com"},"ip":{"addr":"206.188.193.50","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-05T13:31:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":3,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T13:31:08Z","timestamp":1761917468,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.6","port":55844,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-31T13:31:08.606057+0000\",\"flow_id\":1322994777934096,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":55844,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"www.057axh.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":469,\"bytes_toclient\":116,\"start\":\"2025-10-31T13:29:43.477456+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T13:31:14Z","timestamp":1761917474,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.6","port":55856,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-31T13:31:14.680107+0000\",\"flow_id\":1326980507589589,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":55856,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"www.057axh.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":469,\"bytes_toclient\":116,\"start\":\"2025-10-31T13:29:43.875477+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T13:31:15Z","timestamp":1761917475,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.6","port":55878,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-31T13:31:15.302952+0000\",\"flow_id\":1749794268145690,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":55878,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"www.057axh.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":589,\"bytes_toclient\":116,\"start\":\"2025-10-31T13:29:44.616474+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"00010oo.wcomhost.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"00010oo.wcomhost.com","ip":{"addr":"206.188.193.50","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"domain_registered":"2012-01-25","domain_rank":0,"first_seen":"2025-07-30T23:46:55.983972Z","last_seen":"2025-07-30T23:46:55.983972Z","alert_count":5,"request_count":5,"received_data":6570,"sent_data":2305,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.25.3.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T13:31:08Z","timestamp":1761917468,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.6","port":55844,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-31T13:31:08.606057+0000\",\"flow_id\":1322994777934096,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":55844,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"www.057axh.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":469,\"bytes_toclient\":116,\"start\":\"2025-10-31T13:29:43.477456+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T13:31:14Z","timestamp":1761917474,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.6","port":55856,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-31T13:31:14.680107+0000\",\"flow_id\":1326980507589589,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":55856,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"www.057axh.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":469,\"bytes_toclient\":116,\"start\":\"2025-10-31T13:29:43.875477+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-31T13:31:15Z","timestamp":1761917475,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.6","port":55878,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-31T13:31:15.302952+0000\",\"flow_id\":1749794268145690,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":55878,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"www.057axh.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":589,\"bytes_toclient\":116,\"start\":\"2025-10-31T13:29:44.616474+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"00010oo.wcomhost.com/images/corner-topleft.gif","fqdn":"00010oo.wcomhost.com","domain":"wcomhost.com","tld":"com"},"ip":{"addr":"206.188.193.50","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://00010oo.wcomhost.com/","date":"2025-10-31T13:31:02.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wcomhost.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 15 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"35:01:AE:F8:10:0E:61:92:0F:57:E6:F8:C7:44:CD:E7:70:90:04:14","sha256":"AB:FF:41:58:3F:24:C1:E3:E3:E5:67:B0:D9:80:49:C0:5B:61:FB:97:77:73:7A:D3:4B:13:6A:E7:8D:20:4B:8D"}}},"request":{"raw":"GET /images/corner-topleft.gif HTTP/1.1\r\nHost: 00010oo.wcomhost.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://00010oo.wcomhost.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty/1.25.3.1\r\nDate: Fri, 31 Oct 2025 13:31:02 GMT\r\nContent-Type: image/gif\r\nContent-Length: 114\r\nConnection: keep-alive\r\nLast-Modified: Thu, 07 Feb 2013 20:17:43 GMT\r\nETag: \"72-4d528229d87c0\"\r\nStrict-Transport-Security: max-age=31536000\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: \"1; mode=block\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nX-Webcom-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.25.3.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":114,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 7 x 10","md5":"06725723704b66883bfee4fe6bd5aa3f","sha1":"e21e6af446c8fafd8897eba5ab6a933b496f41fa","sha256":"8299539e2dede390392bc3a776c115de14db90d433a6d9e30dae5020851fce80","sha512":"743dd0d5503321c347f3d83da4522d3d861f3f065969ee683cd5f21ce15fed08c6280dd3a2a9e033edaee615306058b0506712423ae6df2deb2503068231bfb8","ssdeep":"","tlshash":"b4b012d9c3c7daf0d250b870a6beb4907e28710eed114e05a1891b4be0ab345290efdd","first_seen":"2023-05-20T00:42:10Z","last_seen":"2026-01-08T02:07:14.349356Z","times_seen":62,"resource_available":false,"data":null}},"time_used":774,"timings":{"blocked":326,"dns":1,"connect":104,"send":0,"wait":116,"receive":0,"ssl":225},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"00010oo.wcomhost.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"00010oo.wcomhost.com/images/top-back.gif","fqdn":"00010oo.wcomhost.com","domain":"wcomhost.com","tld":"com"},"ip":{"addr":"206.188.193.50","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://00010oo.wcomhost.com/","date":"2025-10-31T13:31:02.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wcomhost.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 15 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"35:01:AE:F8:10:0E:61:92:0F:57:E6:F8:C7:44:CD:E7:70:90:04:14","sha256":"AB:FF:41:58:3F:24:C1:E3:E3:E5:67:B0:D9:80:49:C0:5B:61:FB:97:77:73:7A:D3:4B:13:6A:E7:8D:20:4B:8D"}}},"request":{"raw":"GET /images/top-back.gif HTTP/1.1\r\nHost: 00010oo.wcomhost.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://00010oo.wcomhost.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty/1.25.3.1\r\nDate: Fri, 31 Oct 2025 13:31:02 GMT\r\nContent-Type: image/gif\r\nContent-Length: 140\r\nConnection: keep-alive\r\nLast-Modified: Thu, 07 Feb 2013 20:17:43 GMT\r\nETag: \"8c-4d528229d87c0\"\r\nStrict-Transport-Security: max-age=31536000\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: \"1; mode=block\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nX-Webcom-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty:1.25.3.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":140,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 7 x 20","md5":"0abae0c72884345cdafffaff6e2e76a2","sha1":"f5cc111d96836ae09bd49f33ee234c2a2665124b","sha256":"0e7414a925492cb866d7c9f6ff9ddcc5e91f6e341b5f8c78e187720e4d32c5ff","sha512":"9dc286da1f81867b32cf33f82b59c536ace238deaddc09ec8aed753b9e10e001f22f276265e62f9c6ee38ddceb6474cd9b6c118f83d4b09ddd2f53890b74b736","ssdeep":"","tlshash":"5dc01286f096cde1c32036b0c4fdf4087c10a084ab100e04650c572aa11f31711073de","first_seen":"2023-05-20T00:42:10Z","last_seen":"2026-01-08T02:07:14.348799Z","times_seen":62,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":101,"dns":0,"connect":0,"send":0,"wait":140,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"00010oo.wcomhost.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"00010oo.wcomhost.com/favicon.ico","fqdn":"00010oo.wcomhost.com","domain":"wcomhost.com","tld":"com"},"ip":{"addr":"206.188.193.50","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://00010oo.wcomhost.com/","date":"2025-10-31T13:31:02.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wcomhost.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 15 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"35:01:AE:F8:10:0E:61:92:0F:57:E6:F8:C7:44:CD:E7:70:90:04:14","sha256":"AB:FF:41:58:3F:24:C1:E3:E3:E5:67:B0:D9:80:49:C0:5B:61:FB:97:77:73:7A:D3:4B:13:6A:E7:8D:20:4B:8D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 00010oo.wcomhost.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://00010oo.wcomhost.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: openresty/1.25.3.1\r\nDate: Fri, 31 Oct 2025 13:31:02 GMT\r\nContent-Type: text/html\r\nContent-Length: 575\r\nConnection: keep-alive\r\nLast-Modified: Mon, 06 May 2024 19:16:49 GMT\r\nETag: \"23f-617cde9496008\"\r\nStrict-Transport-Security: max-age=31536000\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: \"1; mode=block\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty:1.25.3.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":575,"size_decoded":0,"mime_type":"text/html","magic":"ASCII text","md5":"4546cec9cc9f33afaa19f1e81c7278fb","sha1":"1b389a6d4d910de0f991a27487f1e1cd8b1223df","sha256":"54998b618c0740e80bd07e3b28870fd68ce831df08dc73a8e3e3a261efdfb720","sha512":"021d1061337eaaaadd78d1b2341a88e7534183a7b3ef74af96f07d7339f32f5d08ee9a220cf0e14861f321791cc7608177707968312f1d2ad9c7347bae7f9d23","ssdeep":"","tlshash":"48f0e96feaf2133392d065282b08bed28f1590674b705716769c5309df10b55a5ab9c1","first_seen":"2023-04-06T01:26:14Z","last_seen":"2026-04-03T16:23:36.280885Z","times_seen":1174,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"00010oo.wcomhost.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"00010oo.wcomhost.com/","fqdn":"00010oo.wcomhost.com","domain":"wcomhost.com","tld":"com"},"ip":{"addr":"206.188.193.50","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-31T13:31:01.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wcomhost.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 15 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"35:01:AE:F8:10:0E:61:92:0F:57:E6:F8:C7:44:CD:E7:70:90:04:14","sha256":"AB:FF:41:58:3F:24:C1:E3:E3:E5:67:B0:D9:80:49:C0:5B:61:FB:97:77:73:7A:D3:4B:13:6A:E7:8D:20:4B:8D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 00010oo.wcomhost.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty/1.25.3.1\r\nDate: Fri, 31 Oct 2025 13:31:01 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nLast-Modified: Thu, 07 Feb 2013 20:17:43 GMT\r\nETag: W/\"a35-4d528229d87c0\"\r\nStrict-Transport-Security: max-age=31536000\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: \"1; mode=block\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nX-Webcom-Cache-Status: BYPASS\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.25.3.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2613,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"cd1dd564a3732421a4a5c70d8834a5e5","sha1":"fc52f6c1be2ffb8e74f72c538b0aa968695295a5","sha256":"da0e2233bca45d76b83e88cb296f1f88f7e1979f82686f7d98964dea642638df","sha512":"a2f6b02a7a50d847b25bddcd5e73e7dc3c4181ada003fc4c99e63527802c2bec092f828e9a0f063e39bf60b2e2eeb5dc2b7e3105fd830323922724ec1fcffd3f","ssdeep":"","tlshash":"c9519c09f5f4338de6514960eb517feb0ed5906b53430848751e71bb1f884e69833aac","first_seen":"2024-08-19T19:40:06.34553Z","last_seen":"2026-01-08T02:07:14.352078Z","times_seen":7,"resource_available":true,"data":null}},"time_used":1337,"timings":{"blocked":607,"dns":152,"connect":107,"send":0,"wait":122,"receive":0,"ssl":344},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"00010oo.wcomhost.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"00010oo.wcomhost.com/images/spacer.gif","fqdn":"00010oo.wcomhost.com","domain":"wcomhost.com","tld":"com"},"ip":{"addr":"206.188.193.50","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://00010oo.wcomhost.com/","date":"2025-10-31T13:31:02.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wcomhost.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 15 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"35:01:AE:F8:10:0E:61:92:0F:57:E6:F8:C7:44:CD:E7:70:90:04:14","sha256":"AB:FF:41:58:3F:24:C1:E3:E3:E5:67:B0:D9:80:49:C0:5B:61:FB:97:77:73:7A:D3:4B:13:6A:E7:8D:20:4B:8D"}}},"request":{"raw":"GET /images/spacer.gif HTTP/1.1\r\nHost: 00010oo.wcomhost.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://00010oo.wcomhost.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty/1.25.3.1\r\nDate: Fri, 31 Oct 2025 13:31:02 GMT\r\nContent-Type: image/gif\r\nContent-Length: 807\r\nConnection: keep-alive\r\nLast-Modified: Thu, 07 Feb 2013 20:17:43 GMT\r\nETag: \"327-4d528229d87c0\"\r\nStrict-Transport-Security: max-age=31536000\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-XSS-Protection: \"1; mode=block\"\r\nReferrer-Policy: no-referrer-when-downgrade\r\nX-Webcom-Cache-Status: BYPASS\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.25.3.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":807,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"6d7094ef5fab0b484aaac8aa061272be","sha1":"2c7091bf4de5188ea3482b62b60f3e9ac4994bac","sha256":"0baaab6731e56601ca7bb881159f37c720972736c3c32e416213f82df2b8963b","sha512":"9119bcb2165048b32cfbca9e9d1510f251d1d6af74e7a23650a666c9e5a19a8257d0ebccbcd5dec1ae990b756f88d09ae9885693c3e99e787a2f73b225d631b8","ssdeep":"","tlshash":"50012115073cd898cfaca8f6c4ce058c219ce55d2071fd8b1c419476962d6fed8beb56","first_seen":"2023-05-20T00:42:10Z","last_seen":"2026-01-08T02:07:14.347569Z","times_seen":62,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-31","alert":"Sinkholed","trigger":"00010oo.wcomhost.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}