{"report_id":"771f15a1-d8be-4a18-9130-a19b513abbdd","version":6,"status":"done","tags":["dyndns"],"date":"2025-08-04T05:22:06Z","url":{"schema":"http","addr":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","fqdn":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","domain":"sususuwhydaruz.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"104.243.45.193","port":0,"asn":23470,"as":"RELIABLESITE","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/","fqdn":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","domain":"sususuwhydaruz.duckdns.org","tld":"duckdns.org"},"title":"Making sure you're not a bot!"},"submit":{"url":{"schema":"http","addr":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","fqdn":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","domain":"sususuwhydaruz.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"104.243.45.193","port":0,"asn":23470,"as":"RELIABLESITE","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-08T05:22:06Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"summary":[{"fqdn":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","ip":{"addr":"104.243.45.193","port":443,"asn":23470,"as":"RELIABLESITE","country":"United States","country_code":"US"},"domain_registered":"2013-04-12","domain_rank":0,"first_seen":"2025-08-04T05:22:06.335954Z","last_seen":"2025-08-04T05:22:06.335954Z","alert_count":6,"request_count":6,"received_data":272778,"sent_data":4217,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/","fqdn":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","domain":"sususuwhydaruz.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"104.243.45.193","port":443,"asn":23470,"as":"RELIABLESITE","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-04T05:21:44.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 02:41:55 GMT","end":"Sun, 02 Nov 2025 02:41:54 GMT"},"fingerprint":{"sha1":"12:76:93:57:E2:B5:BB:E1:9A:F2:86:27:CA:50:7C:56:A7:B3:83:5C","sha256":"62:BD:8D:7D:11:9E:64:23:0E:4B:27:FB:80:A0:4F:D1:61:E5:BA:11:29:53:A8:D0:32:89:3B:DB:A1:C5:7C:44"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: no-store\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Mon, 04 Aug 2025 05:21:45 GMT\r\nset-cookie: techaro.lol-anubis-auth=; Path=/; Expires=Mon, 04 Aug 2025 05:20:45 GMT; Max-Age=0; SameSite=Lax\ntecharo.lol-anubis-cookie-test-if-you-block-this-anubis-wont-work=fb0fd94f9c7252cadd5d139583bf20efc8917aaf4c91730a4644dd2939163ffd; Path=/; Expires=Mon, 04 Aug 2025 05:51:45 GMT\r\nvia: 1.1 Caddy\r\ncontent-length: 2006\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4202,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2753)","md5":"2a7742c226af49113fad9bc216575fec","sha1":"e1d66bf2d476e32704ede476a340eed5d21ad2eb","sha256":"afc1af3fa809ad8182ec12d438d762b444ab4744b2fea45128b603821191c5ca","sha512":"ba6eecc3443e5d31cf08aba5850d79ea8798c61daad1f67511ec9f5d84d1574c1f45a5117dfe1ba326f4d9cacb5feaca01b450227a44b6cbc643e55630377b22","ssdeep":"96:zJa+DlmT9JGGyWxQdD/Z8cvEU9rSToC4nBu76W+qGtuYsr:7lmT9JNy2KDx8cvxSkC4B2Bvr","tlshash":"9681e6639daa805e0f834dd026a0725c776ac0170f068c59789c64a69f8276842736ed","first_seen":"2025-08-04T03:48:14.424099Z","last_seen":"2025-08-04T08:36:19.541869Z","times_seen":5,"resource_available":false,"data":null}},"time_used":773,"timings":{"blocked":336,"dns":121,"connect":98,"send":0,"wait":99,"receive":0,"ssl":115},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/.within.website/x/xess/xess.min.css?cachebuster=v1.19.1","fqdn":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","domain":"sususuwhydaruz.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"104.243.45.193","port":443,"asn":23470,"as":"RELIABLESITE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/","date":"2025-08-04T05:21:45.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 02:41:55 GMT","end":"Sun, 02 Nov 2025 02:41:54 GMT"},"fingerprint":{"sha1":"12:76:93:57:E2:B5:BB:E1:9A:F2:86:27:CA:50:7C:56:A7:B3:83:5C","sha256":"62:BD:8D:7D:11:9E:64:23:0E:4B:27:FB:80:A0:4F:D1:61:E5:BA:11:29:53:A8:D0:32:89:3B:DB:A1:C5:7C:44"}}},"request":{"raw":"GET /.within.website/x/xess/xess.min.css?cachebuster=v1.19.1 HTTP/1.1\r\nHost: nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/\r\nCookie: techaro.lol-anubis-cookie-test-if-you-block-this-anubis-wont-work=fb0fd94f9c7252cadd5d139583bf20efc8917aaf4c91730a4644dd2939163ffd\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css; charset=utf-8\r\ndate: Mon, 04 Aug 2025 05:21:45 GMT\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\ncache-control: public, max-age=31536000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":194738,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"a9e69d61c3045b743c78ea21f2b93311","sha1":"7175e89fc9d4adfb0fc9e157986e2002ba257de0","sha256":"53a8bc5522ae89ec349b798a66d8ea4e601eaafb3d7f3799164d449043cd3326","sha512":"576600c79e223d573d256503c0648ca1febac48e4ef2ef8c57f49e88d96ca40689bf866bdbd561e9817851b3439a1d8f869e9d025d5d08445c64369593ceaebb","ssdeep":"3072:bT/CnLcADCsqeTsgEnWqKmuY40Vv6lo+64dGObyzO/k9IlU0wixc9gtrbNd3Z/k4:bunLcIUeT/EnImT0oopmzO+WU0wDQrbF","tlshash":"4f1412e02c7a784740b86ff660aff41f3d2d9ae1c644327b8c6a56f60a51b5705231b7","first_seen":"2025-05-27T00:00:30.01608Z","last_seen":"2026-04-05T11:42:29.768432Z","times_seen":478,"resource_available":false,"data":null}},"time_used":357,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":256,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/.within.website/x/cmd/anubis/static/img/pensive.webp?cacheBuster=v1.19.1","fqdn":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","domain":"sususuwhydaruz.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"104.243.45.193","port":443,"asn":23470,"as":"RELIABLESITE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/","date":"2025-08-04T05:21:45.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 02:41:55 GMT","end":"Sun, 02 Nov 2025 02:41:54 GMT"},"fingerprint":{"sha1":"12:76:93:57:E2:B5:BB:E1:9A:F2:86:27:CA:50:7C:56:A7:B3:83:5C","sha256":"62:BD:8D:7D:11:9E:64:23:0E:4B:27:FB:80:A0:4F:D1:61:E5:BA:11:29:53:A8:D0:32:89:3B:DB:A1:C5:7C:44"}}},"request":{"raw":"GET /.within.website/x/cmd/anubis/static/img/pensive.webp?cacheBuster=v1.19.1 HTTP/1.1\r\nHost: nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/\r\nCookie: techaro.lol-anubis-cookie-test-if-you-block-this-anubis-wont-work=fb0fd94f9c7252cadd5d139583bf20efc8917aaf4c91730a4644dd2939163ffd\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nvia: 1.1 Caddy\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000\r\ncontent-length: 28904\r\ncontent-type: image/webp\r\ndate: Mon, 04 Aug 2025 05:21:45 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28904,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"889699cb1bfa4f9aa658f3e3905bf4fd","sha1":"7b6be940864db4ab2a617804a4d814a0a1a2a899","sha256":"4f11b78f18a8306296d8f1dedc9a80ee7c6971aee8c3ec761546ee8e555ce3c5","sha512":"fc021497cfecbf7f11d7346f1834f492c84dcd4e48b802acc0ff2db5712b969f518b476c9b9bab6392d48fbdd3d2f068d604dd1c927767c371d6f95c5b409bd7","ssdeep":"768:X+W834bZmMeB+a2XtKpk7C7XWI6t25vvVs6VtaLf4jfw:X+W5mpB92XtSk7DIXVPVAco","tlshash":"72d2e136ad65a038cbe56e0bc9c3de778c0fc16c5ad6cea85b204ae4d02c3d76a57514","first_seen":"2025-04-14T12:39:56.201646Z","last_seen":"2026-04-05T11:54:52.585742Z","times_seen":464,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":123,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/.within.website/x/cmd/anubis/static/js/main.mjs?cacheBuster=v1.19.1","fqdn":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","domain":"sususuwhydaruz.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"104.243.45.193","port":443,"asn":23470,"as":"RELIABLESITE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/","date":"2025-08-04T05:21:45.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 02:41:55 GMT","end":"Sun, 02 Nov 2025 02:41:54 GMT"},"fingerprint":{"sha1":"12:76:93:57:E2:B5:BB:E1:9A:F2:86:27:CA:50:7C:56:A7:B3:83:5C","sha256":"62:BD:8D:7D:11:9E:64:23:0E:4B:27:FB:80:A0:4F:D1:61:E5:BA:11:29:53:A8:D0:32:89:3B:DB:A1:C5:7C:44"}}},"request":{"raw":"GET /.within.website/x/cmd/anubis/static/js/main.mjs?cacheBuster=v1.19.1 HTTP/1.1\r\nHost: nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/\r\nCookie: techaro.lol-anubis-cookie-test-if-you-block-this-anubis-wont-work=fb0fd94f9c7252cadd5d139583bf20efc8917aaf4c91730a4644dd2939163ffd\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\ndate: Mon, 04 Aug 2025 05:21:45 GMT\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\ncontent-length: 3453\r\ncache-control: public, max-age=31536000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7401,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (6113)","md5":"124419a0c510299d4ebb5f3f368b963c","sha1":"e87d5eeb766ddf32dcf2e2da30cc0462d61b3079","sha256":"61c5cb91194a9f4882494a0abfa3cee4c30080d185751d4d064b4ba0c51a9eef","sha512":"a1c44bab5d9be06090b7a2922143950930a74266860e5583003da4bedc16def2db3d843457e47c9258966d4a0a7edc8f5e43cb5a44b68e7227426a630c4aaa2c","ssdeep":"192:gGLQHTVomeN/tQor8uvVsgq2b5tpAFlibyfchyC2:gGL6Vo9VQor8uvygqS5tpAKbyfchyC2","tlshash":"36e13b9b7204ab7707eb93a3b0b8a2c7b13580880d8a6244516dd5253328dd992f7ff8","first_seen":"2025-07-08T00:13:28.263685Z","last_seen":"2026-01-15T11:20:46.245833Z","times_seen":15,"resource_available":true,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/.within.website/x/cmd/anubis/static/img/happy.webp?cacheBuster=v1.19.1","fqdn":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","domain":"sususuwhydaruz.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"104.243.45.193","port":443,"asn":23470,"as":"RELIABLESITE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/","date":"2025-08-04T05:21:45.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 02:41:55 GMT","end":"Sun, 02 Nov 2025 02:41:54 GMT"},"fingerprint":{"sha1":"12:76:93:57:E2:B5:BB:E1:9A:F2:86:27:CA:50:7C:56:A7:B3:83:5C","sha256":"62:BD:8D:7D:11:9E:64:23:0E:4B:27:FB:80:A0:4F:D1:61:E5:BA:11:29:53:A8:D0:32:89:3B:DB:A1:C5:7C:44"}}},"request":{"raw":"GET /.within.website/x/cmd/anubis/static/img/happy.webp?cacheBuster=v1.19.1 HTTP/1.1\r\nHost: nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/\r\nCookie: techaro.lol-anubis-cookie-test-if-you-block-this-anubis-wont-work=fb0fd94f9c7252cadd5d139583bf20efc8917aaf4c91730a4644dd2939163ffd\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Aug 2025 05:21:45 GMT\r\naccept-ranges: bytes\r\nvia: 1.1 Caddy\r\ncache-control: public, max-age=31536000\r\ncontent-length: 30584\r\ncontent-type: image/webp\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30584,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"bbbb61f590a7ea79f8baea4c5cd4cd91","sha1":"48e8d2436fce0dca568610473c9260fab0b8986b","sha256":"7eaf5ecd666f0a53978c93eb2693e1f95aeb1ff610715b0e89b433f6b214a713","sha512":"56c3be3e9b5b24585e51320878f72e633788dceb1a2f49afe15754ea05e3bfe34dc2f09b0caf381db444127b1b3c729026d204efd3c5dd899b4ff4370ab51d87","ssdeep":"768:uTABTrVboaJ6bx21hPnfXwk6PAHLa5OSTnrWWQO463xxKmziz:Tf9AxiPnv97m5JTnKfD6KYiz","tlshash":"c8d2e1516be220d4811c9afc93eaa3ebc7e3c30891e88749e19532dd8179ce19c5c7da","first_seen":"2025-04-14T12:39:56.203258Z","last_seen":"2026-04-05T11:54:52.58913Z","times_seen":420,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":142,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/favicon.ico","fqdn":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","domain":"sususuwhydaruz.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"104.243.45.193","port":443,"asn":23470,"as":"RELIABLESITE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/","date":"2025-08-04T05:21:45.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 Aug 2025 02:41:55 GMT","end":"Sun, 02 Nov 2025 02:41:54 GMT"},"fingerprint":{"sha1":"12:76:93:57:E2:B5:BB:E1:9A:F2:86:27:CA:50:7C:56:A7:B3:83:5C","sha256":"62:BD:8D:7D:11:9E:64:23:0E:4B:27:FB:80:A0:4F:D1:61:E5:BA:11:29:53:A8:D0:32:89:3B:DB:A1:C5:7C:44"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nghykduf.login.mangxqnj.bigdata.sususuwhydaruz.duckdns.org/\r\nCookie: techaro.lol-anubis-cookie-test-if-you-block-this-anubis-wont-work=fb0fd94f9c7252cadd5d139583bf20efc8917aaf4c91730a4644dd2939163ffd\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nvia: 1.1 Caddy\r\nx-powered-by: Express\r\ncontent-length: 1268\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=0\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Mon, 04 Aug 2025 05:21:45 GMT\r\naccess-control-allow-origin: *\r\netag: W/\"14ac-19853e5ed70\"\r\nlast-modified: Tue, 29 Jul 2025 01:57:14 GMT\r\ncontent-encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":5292,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"f9015a055df44b88590d64fb17b040c3","sha1":"fb70e8eca8b4b81a1e504b7732b8f57e8c818382","sha256":"371a15810231f4f01940e71aab672f77fa2744a828eab2bbb3291da56d997c1f","sha512":"30b69fcf822d32066ca803d97dcb4b9b3343fe122c9e7ead4fa605c99112cc1394764e84f07cadc91d2f415656e63015a804a7726810798165b20baaac80be2e","ssdeep":"48:0ebmSZGzm9Q1mjNl+qRU9GAIeBIAZV10iPGWJD+benB3o+0Rtu4SJZgM:Jq+G65ZRUgidBqs9JCM","tlshash":"fcb1df0b5df5943711523076187ea604a860928b8e2dbc787aac82381f1d68df4fffe4","first_seen":"2025-08-04T03:48:14.447722Z","last_seen":"2025-08-04T08:36:19.540879Z","times_seen":5,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}