{"report_id":"8a177419-3864-4e7a-91e1-de32438bf3d6","version":6,"status":"done","tags":["dyndns"],"date":"2025-10-21T10:49:13Z","url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":0,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"final":{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/main","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"title":"お客様のApple ID - Appleを管理"},"submit":{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":0,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-25T10:49:13Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":14,"urlquery":2,"analyzer":4}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:53Z","timestamp":1761043733,"ip_dst":{"addr":"172.18.0.16","port":35146,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 19","source":"{\"timestamp\":\"2025-10-21T10:48:53.891329+0000\",\"flow_id\":354935645755769,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.80.134.11\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":35146,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400018,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 19\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":66,\"start\":\"2025-10-21T10:48:53.612729+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:54Z","timestamp":1761043734,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35146,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:54.173259+0000\",\"flow_id\":354935645755769,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35146,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/en/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":523,\"bytes_toclient\":334,\"start\":\"2025-10-21T10:48:53.612729+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:54Z","timestamp":1761043734,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35162,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:54.474743+0000\",\"flow_id\":807605871390449,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35162,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/en/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":526,\"bytes_toclient\":1080,\"start\":\"2025-10-21T10:48:53.863985+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35174,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.134870+0000\",\"flow_id\":751292407802346,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35174,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":646,\"bytes_toclient\":504,\"start\":\"2025-10-21T10:48:54.584170+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35174,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.497450+0000\",\"flow_id\":751292407802346,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35174,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/card.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":4,\"bytes_toserver\":1180,\"bytes_toclient\":1414,\"start\":\"2025-10-21T10:48:54.584170+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35184,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.504060+0000\",\"flow_id\":560853557886909,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35184,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/card.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":592,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:54.835517+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35194,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.793801+0000\",\"flow_id\":947716294666552,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35194,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/polyfills.a4a2a7ca07c738452bb4.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":611,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:55.223544+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35206,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.798570+0000\",\"flow_id\":2062460023958886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35206,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/main.6d85a567c47ccf2a9ce3.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":606,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:55.224614+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35190,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.804054+0000\",\"flow_id\":2008027755931318,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35190,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/styles.2b2408b28c6b13bb450e.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":624,\"bytes_toclient\":400,\"start\":\"2025-10-21T10:48:55.222902+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35200,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.807918+0000\",\"flow_id\":947239553297437,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35200,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/runtime.156de516a7ba9208026b.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":609,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:55.224285+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:57Z","timestamp":1761043737,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35190,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:57.454465+0000\",\"flow_id\":2008027755931318,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35190,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/logo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/main\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1246},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":23,\"bytes_toserver\":2033,\"bytes_toclient\":30852,\"start\":\"2025-10-21T10:48:55.222902+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:57Z","timestamp":1761043737,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35194,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:57.461018+0000\",\"flow_id\":947716294666552,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35194,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/jt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/main\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1247},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":17,\"bytes_toserver\":1748,\"bytes_toclient\":22378,\"start\":\"2025-10-21T10:48:55.223544+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:57Z","timestamp":1761043737,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35184,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:57.464952+0000\",\"flow_id\":560853557886909,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35184,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/apple.f843c50675ae358ea181.svg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/svg+xml\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/main\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1243},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":16,\"bytes_toserver\":1746,\"bytes_toclient\":19150,\"start\":\"2025-10-21T10:48:54.835517+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:57Z","timestamp":1761043737,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35200,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:57.474417+0000\",\"flow_id\":947239553297437,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35200,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/image_small.1771014580291c90faaa.svg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/svg+xml\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/main\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":898},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":4,\"bytes_toserver\":1175,\"bytes_toclient\":2790,\"start\":\"2025-10-21T10:48:55.224285+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"summary":[{"fqdn":"vcuwxklltt.duckdns.org","ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"domain_registered":"2013-04-12","domain_rank":0,"first_seen":"2025-10-20T09:53:57.560324Z","last_seen":"2025-10-20T09:53:57.560324Z","alert_count":82,"request_count":14,"received_data":1177246,"sent_data":5462,"comment":"","tags":null,"fingerprints":[{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:53Z","timestamp":1761043733,"ip_dst":{"addr":"172.18.0.16","port":35146,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 19","source":"{\"timestamp\":\"2025-10-21T10:48:53.891329+0000\",\"flow_id\":354935645755769,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"103.80.134.11\",\"src_port\":80,\"dest_ip\":\"172.18.0.16\",\"dest_port\":35146,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400018,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 19\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":66,\"start\":\"2025-10-21T10:48:53.612729+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:54Z","timestamp":1761043734,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35146,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:54.173259+0000\",\"flow_id\":354935645755769,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35146,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"/en/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":523,\"bytes_toclient\":334,\"start\":\"2025-10-21T10:48:53.612729+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:54Z","timestamp":1761043734,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35162,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:54.474743+0000\",\"flow_id\":807605871390449,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35162,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/en/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":526,\"bytes_toclient\":1080,\"start\":\"2025-10-21T10:48:53.863985+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35174,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.134870+0000\",\"flow_id\":751292407802346,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35174,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":646,\"bytes_toclient\":504,\"start\":\"2025-10-21T10:48:54.584170+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35174,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.497450+0000\",\"flow_id\":751292407802346,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35174,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/card.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":4,\"bytes_toserver\":1180,\"bytes_toclient\":1414,\"start\":\"2025-10-21T10:48:54.584170+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35184,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.504060+0000\",\"flow_id\":560853557886909,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35184,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/card.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":592,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:54.835517+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35194,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.793801+0000\",\"flow_id\":947716294666552,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35194,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/polyfills.a4a2a7ca07c738452bb4.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":611,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:55.223544+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35206,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.798570+0000\",\"flow_id\":2062460023958886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35206,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/main.6d85a567c47ccf2a9ce3.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":606,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:55.224614+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35190,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.804054+0000\",\"flow_id\":2008027755931318,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35190,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/styles.2b2408b28c6b13bb450e.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":624,\"bytes_toclient\":400,\"start\":\"2025-10-21T10:48:55.222902+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35200,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.807918+0000\",\"flow_id\":947239553297437,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35200,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/runtime.156de516a7ba9208026b.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":609,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:55.224285+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:57Z","timestamp":1761043737,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35190,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:57.454465+0000\",\"flow_id\":2008027755931318,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35190,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/logo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/main\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1246},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":23,\"bytes_toserver\":2033,\"bytes_toclient\":30852,\"start\":\"2025-10-21T10:48:55.222902+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:57Z","timestamp":1761043737,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35194,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:57.461018+0000\",\"flow_id\":947716294666552,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35194,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/jt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/main\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1247},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":17,\"bytes_toserver\":1748,\"bytes_toclient\":22378,\"start\":\"2025-10-21T10:48:55.223544+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:57Z","timestamp":1761043737,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35184,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:57.464952+0000\",\"flow_id\":560853557886909,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35184,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/apple.f843c50675ae358ea181.svg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/svg+xml\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/main\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1243},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":16,\"bytes_toserver\":1746,\"bytes_toclient\":19150,\"start\":\"2025-10-21T10:48:54.835517+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:57Z","timestamp":1761043737,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35200,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:57.474417+0000\",\"flow_id\":947239553297437,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35200,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/image_small.1771014580291c90faaa.svg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/svg+xml\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/main\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":898},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":4,\"bytes_toserver\":1175,\"bytes_toclient\":2790,\"start\":\"2025-10-21T10:48:55.224285+0000\"}}"}]}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/assets/card.js","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"7aa76d18dd3e3598ac9561adf01f3882","sha1":"26d9fcdd2b6bee0b3f1b96b015f3703b5fbd49e0","sha256":"6d5516bbbebba2d51878f1e791b642f3b2944270b8e84770f15a16376b202213","sha512":"ca7fad2d70c38030e1ae8ce0c66e3ebcc988df9f693d784b51c050b9fbe0a04a1125198cd602f616bb9002d0190b50847f0f83f7a53963d6e8c0b755bec9e1fe","ssdeep":"768:CGYeJShtejcjhtA0bhtsslHopQr67fgXkO0LracW7FUmBM:tyTjhxbh7HFdk1pvmBM","tlshash":"3d43b469f082e0bde223856a10db5bce727dca17d607056cf263b0cd6e52bcd9169b0c","size":58699,"data":"","first_seen":"2024-03-27T17:58:11Z","last_seen":"2026-02-08T11:08:58.929059Z","times_seen":2144,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35184,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.504060+0000\",\"flow_id\":560853557886909,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35184,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/card.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":592,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:54.835517+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/runtime.156de516a7ba9208026b.js","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"5a7226fe34bbd2f4bc8e3efd61b1514d","sha1":"1dac8efbc10708fa3f85c9197872ef306e94614e","sha256":"dd2081b259070d03d9e00286802dae0a8f1585152dda71b52213d64a99a04f52","sha512":"da6b5e472226476b3895f427a15161a80586127a0c5de2507ee8d3055f542694ab0652a44c4e3de08e098a6579298d8b5aa9a8d001b8d38a5174e684ae3d28be","ssdeep":"","tlshash":"ae41d6d833a4f9b98382686c043fa826f1791c22543ee4f0c349d8f5bd34c49806afa6","size":2278,"data":"","first_seen":"2024-04-22T06:32:24Z","last_seen":"2026-01-19T01:56:13.608496Z","times_seen":205,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35200,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.807918+0000\",\"flow_id\":947239553297437,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35200,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/runtime.156de516a7ba9208026b.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":609,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:55.224285+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/polyfills.a4a2a7ca07c738452bb4.js","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"4794c42590c7158a1a334801f7068376","sha1":"63e0e06b459566123ab988af6258369ba5b181dd","sha256":"073c634b2120ecfe1b6b98e45f44d807088bd437e757eb3b049867a615e6a49d","sha512":"8336d904ffee8c2e4fa92b82fe1946081f790878ebdfd2dde8eb411f1dcb93735652b044399d7ff59b0a5e257f7b0b32deff995b50afc7765c09dbf23ae678c0","ssdeep":"384:Z1BuYg4fyZYXsbaGbjZXyxRt2/Zn9gCydU/i2FD0PBL4IFahaTRu51lOo4a7PuaO:fXad/aU/iPL4SIggpDkgHtOT/pcC","tlshash":"a52307c97781b8b69bf76275847f410be23b25a1bc9c89a4f111d4e46c7a10c853bf2e","size":45945,"data":"","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.935977Z","times_seen":2144,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35194,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.793801+0000\",\"flow_id\":947716294666552,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35194,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/polyfills.a4a2a7ca07c738452bb4.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":611,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:55.223544+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/main.6d85a567c47ccf2a9ce3.js","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"afe125c938dc31b1cdc707fd5d63832f","sha1":"3134dd4435e4c4034bdcd780065550174fa4350d","sha256":"048dfe433680e8f34bc3156767b771fc74f83bd33afd7ce5ee019aae06073ce7","sha512":"7ed17dce2f4ebc5817f064b4187c3aa30e3cd0a48a6dccb4d682c98edbc5978ece4027d890b45f9b067358c66312ebe6fbb5810e01bafa4b938f3486cb17bf5a","ssdeep":"6144:1cfw/eW73chdaLB1thGKCuQ1JmfZKhK0ExeGV3quomj4/8MS6vtaNdB:4daLBLhG0Q1JS2K0ELom0/pStd","tlshash":"7305a39873c2f061479761b5443f110ff27a2885288ec458e235d8e9aeb8e4db277f79","size":840113,"data":"","first_seen":"2024-04-22T06:32:24Z","last_seen":"2026-01-19T01:56:13.609494Z","times_seen":204,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35206,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.798570+0000\",\"flow_id\":2062460023958886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35206,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/main.6d85a567c47ccf2a9ce3.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":606,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:55.224614+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/image_small.1771014580291c90faaa.svg","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vcuwxklltt.duckdns.org/ja/","date":"2025-10-21T10:48:57.185Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/image_small.1771014580291c90faaa.svg HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vcuwxklltt.duckdns.org/ja/main\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 898\r\nContent-Type: image/svg+xml\r\nDate: Tue, 21 Oct 2025 10:48:56 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nETag: \"1d9fe46b7dcb202\"\r\nLast-Modified: Sat, 14 Oct 2023 02:32:47 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":898,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4dc220ff2f9395c2cd7c34de8776a6e7","sha1":"9dfcb00873e24be99f2965c6447e393b71cd6fc1","sha256":"c18d99c87523f8ef73e5dc2e86aa5917da37e5564a7f591cb43bc32049f76d88","sha512":"63b9f7c68e063d8e49e6eaf2741f5f46e0c30f8c5727a5119a64351e9e8dc3879da34d7d39c3101d7de22ea61e31d4c44cf039c7193541a267afde57bc6c6605","ssdeep":"","tlshash":"6b110c38cb89db3d62114a107b786287f33022ca624b79e8e5736c75f0700f19d1cae4","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.934568Z","times_seen":2085,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:57Z","timestamp":1761043737,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35200,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:57.474417+0000\",\"flow_id\":947239553297437,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35200,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/image_small.1771014580291c90faaa.svg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/svg+xml\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/main\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":898},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":4,\"bytes_toserver\":1175,\"bytes_toclient\":2790,\"start\":\"2025-10-21T10:48:55.224285+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-21T10:48:54.591Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/ HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nDate: Tue, 21 Oct 2025 10:48:53 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d9fe46b9a676a5\"\r\nLast-Modified: Sat, 14 Oct 2023 02:32:50 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\nX-Rate-Limit-Limit: 24h\r\nX-Rate-Limit-Remaining: 97\r\nX-Rate-Limit-Reset: 2025-10-22T10:48:54.0344082Z\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":933,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"b2984bb3d8f94426f4c6c6824f8a1928","sha1":"2bceeda031a1d79155e584482d84ae260710739f","sha256":"2f8fade3314267e26eaa7c716451d489c411b01dcbb38c7fa8e12b80fd776111","sha512":"c3b6a894b4b7e98f47bfd61f81f0babce5389aa7bba89fd29042e2c38a40d4fbf4cdccb7953c24c0efd9684037dc8ccc1c3b2d38756e64e3178afdd9291fed4f","ssdeep":"","tlshash":"5b112f4b8d02c146a2201dee7b72f78d41c9cc0b5670ed5838ef5639cf40b9c8897a2c","first_seen":"2024-04-22T06:32:24Z","last_seen":"2026-01-19T01:56:13.610483Z","times_seen":196,"resource_available":true,"data":null}},"time_used":820,"timings":{"blocked":268,"dns":0,"connect":275,"send":0,"wait":276,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35174,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.134870+0000\",\"flow_id\":751292407802346,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35174,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":646,\"bytes_toclient\":504,\"start\":\"2025-10-21T10:48:54.584170+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/assets/card.js","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vcuwxklltt.duckdns.org/ja/","date":"2025-10-21T10:48:55.225Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/assets/card.js HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vcuwxklltt.duckdns.org/ja/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/javascript\r\nDate: Tue, 21 Oct 2025 10:48:54 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d7d7f3614aa44b\"\r\nLast-Modified: Fri, 12 Nov 2021 18:30:34 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]}],"data":{"size":58699,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (51786)","md5":"7aa76d18dd3e3598ac9561adf01f3882","sha1":"26d9fcdd2b6bee0b3f1b96b015f3703b5fbd49e0","sha256":"6d5516bbbebba2d51878f1e791b642f3b2944270b8e84770f15a16376b202213","sha512":"ca7fad2d70c38030e1ae8ce0c66e3ebcc988df9f693d784b51c050b9fbe0a04a1125198cd602f616bb9002d0190b50847f0f83f7a53963d6e8c0b755bec9e1fe","ssdeep":"768:CGYeJShtejcjhtA0bhtsslHopQr67fgXkO0LracW7FUmBM:tyTjhxbh7HFdk1pvmBM","tlshash":"3d43b469f082e0bde223856a10db5bce727dca17d607056cf263b0cd6e52bcd9169b0c","first_seen":"2024-03-27T17:58:11Z","last_seen":"2026-02-08T11:08:58.929059Z","times_seen":2144,"resource_available":true,"data":null}},"time_used":569,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":283,"receive":286,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35184,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.504060+0000\",\"flow_id\":560853557886909,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35184,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/card.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":592,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:54.835517+0000\"}}"}],"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/assets/card.css","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://vcuwxklltt.duckdns.org/ja/","date":"2025-10-21T10:48:55.227Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/assets/card.css HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vcuwxklltt.duckdns.org/ja/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/css\r\nDate: Tue, 21 Oct 2025 10:48:54 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d7d7f36c04bfc4\"\r\nLast-Modified: Fri, 12 Nov 2021 18:30:52 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":27076,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (27071)","md5":"8c10638062fc10e7800b5f041d66cbe1","sha1":"94a8f282dc29814af277016d8741fc857b49304d","sha256":"96712b90b0eb91764af520996a42c0bff93e823e5e825e2544d1ef4723d625d3","sha512":"190330f2f4cb1c230618a98960c3d60bfd8ebb762a229d62f9c24dd0d162d1fa19eee7ec4d0b845edbbf50e9bd0199aae84d2bca9057e08a5701ab2abec66a7d","ssdeep":"192:oeXBhpkkhRXBhnpXBh6u4PXBhpkkhRXBhnpXBhgu4aajLZ3TPHD59A3G3yjHin33:nl3vekiKb75IKKghPnn5Jejcjhtjp","tlshash":"1fc2a829d042d1bde233ca5765c7a7ee757cc613a643196df663308eae433ce91a820d","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.929905Z","times_seen":2100,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":276,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35174,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.497450+0000\",\"flow_id\":751292407802346,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35174,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/card.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":4,\"bytes_toserver\":1180,\"bytes_toclient\":1414,\"start\":\"2025-10-21T10:48:54.584170+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/styles.2b2408b28c6b13bb450e.css","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://vcuwxklltt.duckdns.org/ja/","date":"2025-10-21T10:48:55.228Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/styles.2b2408b28c6b13bb450e.css HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vcuwxklltt.duckdns.org/ja/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/css\r\nDate: Tue, 21 Oct 2025 10:48:54 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d9fe46b7debecf\"\r\nLast-Modified: Sat, 14 Oct 2023 02:32:47 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":134991,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"c739cee2deb86082090e380beec5b7a0","sha1":"f54b118cf0b048e09c70ad1ecf661a21b1a47406","sha256":"0697729b655b3fadc015ce16eecd8cbd3b48a9e34e3c2a3e8b6ad0f8053887d2","sha512":"fbc598084815add336917f2ce627dbc8b27efe5d00b0173cb1c19a912b3e0a43eff9c45b184db437795ed0e19bc54b8035da3d45fabb2764911f476a760a3624","ssdeep":"768:uBNxxmV/5rcEO2Ep5z0rXznwh4lmCynNMP7SE81g6q6YaRPHcut3o2w05zps:2e5rcEO/p5zSnSgVYPcue2l5zy","tlshash":"04d3a4391911221d763be533a8d0674e21edc186f5332dbfb6855218cb8aec463b7ec9","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.931057Z","times_seen":2144,"resource_available":false,"data":null}},"time_used":1160,"timings":{"blocked":284,"dns":1,"connect":289,"send":0,"wait":292,"receive":294,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35190,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.804054+0000\",\"flow_id\":2008027755931318,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35190,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/styles.2b2408b28c6b13bb450e.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":624,\"bytes_toclient\":400,\"start\":\"2025-10-21T10:48:55.222902+0000\"}}"}],"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/assets/menu.png","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vcuwxklltt.duckdns.org/ja/","date":"2025-10-21T10:48:57.161Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/assets/menu.png HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vcuwxklltt.duckdns.org/ja/main\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 687\r\nContent-Type: image/png\r\nDate: Tue, 21 Oct 2025 10:48:56 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nETag: \"1d9ab7df8593f2f\"\r\nLast-Modified: Fri, 30 Jun 2023 18:09:11 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]}],"data":{"size":687,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 49 x 48, 8-bit/color RGBA, non-interlaced","md5":"da0b0fdd44746082b7f978a5f70f0e78","sha1":"69a6755ecad7defee0b3de296d1352dae7cae626","sha256":"00543da96852706a4d679197d06a00385869a5ce868c2687e7ab23a5f83fe4e4","sha512":"c6fc47f41ba60d685101fe92b3eba676f83a6aed53e69f3f99af9b3c7926bdeef19e0f4f0a17484ec5d66136271962fd7dc6ee84629ced7cd369e2ea88fb99fd","ssdeep":"","tlshash":"a60183f1e120a9ac166315abe679f097acbc01d70212b47cbe2a78952359c2ccf4e603","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.933809Z","times_seen":2123,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":286,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/assets/logo.png","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vcuwxklltt.duckdns.org/ja/","date":"2025-10-21T10:48:57.165Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/assets/logo.png HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vcuwxklltt.duckdns.org/ja/main\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 34355\r\nContent-Type: image/png\r\nDate: Tue, 21 Oct 2025 10:48:56 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nETag: \"1d9ab83779dc633\"\r\nLast-Modified: Fri, 30 Jun 2023 18:48:32 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]}],"data":{"size":34355,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 720 x 721, 8-bit colormap, non-interlaced","md5":"4852c60ddb8653928e43fa9d24b911b3","sha1":"e037ce421215511dbce720d6f6503e8fa9b8ea9d","sha256":"07126b04b6559c56df43d120f4c5487f1ca9e335428b3d82c2d2d24459990561","sha512":"53e66088724cf7fcb03961b11ed030d5648fa8abdafd63a9c724e930e7402f49fe1110195ba87f298dad0df8303a86f492dfeafc26f939791bb6db708c9b63ea","ssdeep":"768:8F8XpwbfwRWs8Td7I6Oj+1wuw2bkHQ/KtwMeZ9leVXvCK:g85wbfkgTd7I6z4oX/ewMeHlE","tlshash":"eff2e18dc166b6a368dc91f6a96d4d3eb5f304214bd049bb315fddaf7c46018f088a86","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.936716Z","times_seen":2117,"resource_available":false,"data":null}},"time_used":292,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":290,"receive":2,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:57Z","timestamp":1761043737,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35190,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:57.454465+0000\",\"flow_id\":2008027755931318,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35190,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/logo.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/main\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1246},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":23,\"pkts_toclient\":23,\"bytes_toserver\":2033,\"bytes_toclient\":30852,\"start\":\"2025-10-21T10:48:55.222902+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/assets/jt.png","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vcuwxklltt.duckdns.org/ja/","date":"2025-10-21T10:48:57.177Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/assets/jt.png HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vcuwxklltt.duckdns.org/ja/main\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 4129\r\nContent-Type: image/png\r\nDate: Tue, 21 Oct 2025 10:48:56 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nETag: \"1d5318f817f9521\"\r\nLast-Modified: Wed, 03 Jul 2019 11:07:30 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":4129,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced","md5":"a64f3508282fa585f502c7283cfc853a","sha1":"c266d5102a4fd1d5d9980799a51a345390b5d533","sha256":"ff3323d9098ef10b0d36ef5c9219481d03afb2d307a5144a6ff3f509b31110f4","sha512":"f1006995f5ed36241621fafc67db952dc0157f9dd007dd4b6a2debccd23b8c800ea942e77882d79700f6fcef4710957eacf4c2c36e86111c6602b096bbb3ecfd","ssdeep":"96:6Q0LDnbmHuOZejR0NNb0egL49Qiam5t2Ir7ON8A/3mKrggNV:6Q0HnKVamz0e79QJm5cI3O6A/22jNV","tlshash":"6c817f5d79289df3fe8431b6879c0280676ebd12e96a4c301d40efe9b6275dd2c57382","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.937437Z","times_seen":2122,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:57Z","timestamp":1761043737,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35194,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:57.461018+0000\",\"flow_id\":947716294666552,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35194,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/assets/jt.png\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/main\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1247},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":17,\"bytes_toserver\":1748,\"bytes_toclient\":22378,\"start\":\"2025-10-21T10:48:55.223544+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/favicon.ico","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vcuwxklltt.duckdns.org/ja/","date":"2025-10-21T10:48:57.512Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/favicon.ico HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vcuwxklltt.duckdns.org/ja/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 22382\r\nContent-Type: image/x-icon\r\nDate: Tue, 21 Oct 2025 10:48:56 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nETag: \"1d71ee1f8b7af6e\"\r\nLast-Modified: Mon, 22 Mar 2021 06:09:52 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":22382,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"891e510219786f543ca998282ed99f45","sha1":"19fe2ff6a2418bcb44b02308b998cef84199ee08","sha256":"e4bdf72e2f803f7e19907c12f407ac7f7cd5f1f94bfd730b9be24b0d49191b48","sha512":"e6729e7e1ed1909297317e249adb7af6c230b2a7082ea792c7776fa5037c8ed8aaf02bcc4015334b6c439732f965ce19291ffe863126d0c20bed9a0c89c4a95b","ssdeep":"48:sSY37LOM5M80I15CEARV/acnFNOpaF/vXE:sSw7LOekI1EE+fPOpaF30","tlshash":"4ea290bf6358f8d5d25d4ee0c91d82fc16196e20f8e0858f2a303e7d76b9ee28401617","first_seen":"2023-04-12T07:52:52Z","last_seen":"2026-04-04T23:49:28.050608Z","times_seen":14585,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":286,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"vcuwxklltt.duckdns.org/ja/","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-21T10:48:50.626Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/ HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35174,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.134870+0000\",\"flow_id\":751292407802346,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35174,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":646,\"bytes_toclient\":504,\"start\":\"2025-10-21T10:48:54.584170+0000\"}}"}],"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/runtime.156de516a7ba9208026b.js","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vcuwxklltt.duckdns.org/ja/","date":"2025-10-21T10:48:55.230Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/runtime.156de516a7ba9208026b.js HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vcuwxklltt.duckdns.org/ja/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/javascript\r\nDate: Tue, 21 Oct 2025 10:48:54 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d9fe46b7dcb966\"\r\nLast-Modified: Sat, 14 Oct 2023 02:32:47 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]}],"data":{"size":2278,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (2278), with no line terminators","md5":"5a7226fe34bbd2f4bc8e3efd61b1514d","sha1":"1dac8efbc10708fa3f85c9197872ef306e94614e","sha256":"dd2081b259070d03d9e00286802dae0a8f1585152dda71b52213d64a99a04f52","sha512":"da6b5e472226476b3895f427a15161a80586127a0c5de2507ee8d3055f542694ab0652a44c4e3de08e098a6579298d8b5aa9a8d001b8d38a5174e684ae3d28be","ssdeep":"","tlshash":"ae41d6d833a4f9b98382686c043fa826f1791c22543ee4f0c349d8f5bd34c49806afa6","first_seen":"2024-04-22T06:32:24Z","last_seen":"2026-01-19T01:56:13.608496Z","times_seen":205,"resource_available":true,"data":null}},"time_used":870,"timings":{"blocked":285,"dns":1,"connect":290,"send":0,"wait":293,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35200,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.807918+0000\",\"flow_id\":947239553297437,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35200,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/runtime.156de516a7ba9208026b.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":609,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:55.224285+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/polyfills.a4a2a7ca07c738452bb4.js","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vcuwxklltt.duckdns.org/ja/","date":"2025-10-21T10:48:55.231Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/polyfills.a4a2a7ca07c738452bb4.js HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vcuwxklltt.duckdns.org/ja/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/javascript\r\nDate: Tue, 21 Oct 2025 10:48:54 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d9fe46b7dc02f9\"\r\nLast-Modified: Sat, 14 Oct 2023 02:32:47 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":45945,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (45945), with no line terminators","md5":"4794c42590c7158a1a334801f7068376","sha1":"63e0e06b459566123ab988af6258369ba5b181dd","sha256":"073c634b2120ecfe1b6b98e45f44d807088bd437e757eb3b049867a615e6a49d","sha512":"8336d904ffee8c2e4fa92b82fe1946081f790878ebdfd2dde8eb411f1dcb93735652b044399d7ff59b0a5e257f7b0b32deff995b50afc7765c09dbf23ae678c0","ssdeep":"384:Z1BuYg4fyZYXsbaGbjZXyxRt2/Zn9gCydU/i2FD0PBL4IFahaTRu51lOo4a7PuaO:fXad/aU/iPL4SIggpDkgHtOT/pcC","tlshash":"a52307c97781b8b69bf76275847f410be23b25a1bc9c89a4f111d4e46c7a10c853bf2e","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.935977Z","times_seen":2144,"resource_available":true,"data":null}},"time_used":1133,"timings":{"blocked":276,"dns":1,"connect":284,"send":0,"wait":287,"receive":285,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35194,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.793801+0000\",\"flow_id\":947716294666552,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35194,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/polyfills.a4a2a7ca07c738452bb4.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":611,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:55.223544+0000\"}}"}],"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/main.6d85a567c47ccf2a9ce3.js","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://vcuwxklltt.duckdns.org/ja/","date":"2025-10-21T10:48:55.232Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/main.6d85a567c47ccf2a9ce3.js HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vcuwxklltt.duckdns.org/ja/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/javascript\r\nDate: Tue, 21 Oct 2025 10:48:54 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nContent-Encoding: gzip\r\nETag: \"1d9fe46b9010f31\"\r\nLast-Modified: Sat, 14 Oct 2023 02:32:49 GMT\r\nTransfer-Encoding: chunked\r\nVary: Accept-Encoding\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":840113,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (63941)","md5":"afe125c938dc31b1cdc707fd5d63832f","sha1":"3134dd4435e4c4034bdcd780065550174fa4350d","sha256":"048dfe433680e8f34bc3156767b771fc74f83bd33afd7ce5ee019aae06073ce7","sha512":"7ed17dce2f4ebc5817f064b4187c3aa30e3cd0a48a6dccb4d682c98edbc5978ece4027d890b45f9b067358c66312ebe6fbb5810e01bafa4b938f3486cb17bf5a","ssdeep":"6144:1cfw/eW73chdaLB1thGKCuQ1JmfZKhK0ExeGV3quomj4/8MS6vtaNdB:4daLBLhG0Q1JS2K0ELom0/pStd","tlshash":"7305a39873c2f061479761b5443f110ff27a2885288ec458e235d8e9aeb8e4db277f79","first_seen":"2024-04-22T06:32:24Z","last_seen":"2026-01-19T01:56:13.609494Z","times_seen":204,"resource_available":true,"data":null}},"time_used":2007,"timings":{"blocked":278,"dns":1,"connect":285,"send":0,"wait":288,"receive":1154,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:55Z","timestamp":1761043735,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35206,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:55.798570+0000\",\"flow_id\":2062460023958886,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35206,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/main.6d85a567c47ccf2a9ce3.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/javascript\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":606,\"bytes_toclient\":407,\"start\":\"2025-10-21T10:48:55.224614+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"vcuwxklltt.duckdns.org/ja/apple.f843c50675ae358ea181.svg","fqdn":"vcuwxklltt.duckdns.org","domain":"vcuwxklltt.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://vcuwxklltt.duckdns.org/ja/","date":"2025-10-21T10:48:57.183Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ja/apple.f843c50675ae358ea181.svg HTTP/1.1\r\nHost: vcuwxklltt.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://vcuwxklltt.duckdns.org/ja/main\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Length: 1484\r\nContent-Type: image/svg+xml\r\nDate: Tue, 21 Oct 2025 10:48:56 GMT\r\nServer: Kestrel\r\nAccept-Ranges: bytes\r\nETag: \"1d9fe46b7dcb44c\"\r\nLast-Modified: Sat, 14 Oct 2023 02:32:47 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Kestrel","description":"","website":"https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel","common_platform_enumeration":"","icon":"kestrel.svg","categories":["Web servers"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":1484,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"26cbb4bfb27dd56b0ed09a961f28145b","sha1":"b8e84ed32f81f41251c815e0132fed0fba3489f1","sha256":"c21d714e92269a3dcf05c24db9aec96171671d0dcd59b867c2acb953d3cb551a","sha512":"c028c6a3815e2fe59845ebd2cc3b4447aacf0815fee15faea8ae11e5089bae61738da048e404c4c9a93f166dd0b255b82e30f242fad0252335b26315537a4c67","ssdeep":"","tlshash":"6631301bc31cdb5d755b0681da6322c22265e1c2a389d29cf64fac02e04a5f08039bfd","first_seen":"2024-03-27T17:58:12Z","last_seen":"2026-02-08T11:08:58.938138Z","times_seen":2085,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":283,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-21T10:48:57Z","timestamp":1761043737,"ip_dst":{"addr":"103.80.134.11","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.16","port":35184,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-10-21T10:48:57.464952+0000\",\"flow_id\":560853557886909,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.16\",\"src_port\":35184,\"dest_ip\":\"103.80.134.11\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"vcuwxklltt.duckdns.org\",\"url\":\"/ja/apple.f843c50675ae358ea181.svg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/svg+xml\",\"http_refer\":\"http://vcuwxklltt.duckdns.org/ja/main\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1243},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":18,\"pkts_toclient\":16,\"bytes_toserver\":1746,\"bytes_toclient\":19150,\"start\":\"2025-10-21T10:48:54.835517+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-21","alert":"Sinkholed","trigger":"vcuwxklltt.duckdns.org","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}