{"report_id":"ba7467b1-d4e5-437f-8172-bd412de84db2","version":6,"status":"done","tags":["dyndns"],"date":"2026-03-01T14:19:04Z","url":{"schema":"http","addr":"afuhejhbee.duckdns.org/","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":0,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"final":{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"title":"赛格GPS车辆云平台登录_GPS车辆管理系统_车辆调度系统_企业车辆管理系统","dom":{"size":511560,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (60067)","md5":"aee599214097943ebe22fdc5b966469a","sha1":"0d4468a1d044fbe3117166c59ed00d7c47a5e700","sha256":"3dcf5431e136b27d6ca527eb0eae3eb52b7cd5b877828352ecea8a09a7c90f21","sha512":"83efa6aff720762537542d97f1b8210f488574fbc209d0445926d24a0fb764742a66f44f78473cee6bfb9842bee9b8ecfd6392837a7fedf1ca3cee5bd9fa0b70","ssdeep":"6144:sAtuTqtB3yPuDHnbwcfjUduK2Z6Esg87JMQmub7SNGEfX5y712WrT8T:sAtusB7n5jUI2EsTJMQmI7jmXsICT8T","tlshash":"d2b4f1d88f245e6c874e87adfafd18d42d1d63ebb5c08d98a29d1e6497d3c4098c2cc9","dom_hash":"domhash6d8500d78054df312e388879bfa2b5fe","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":0,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-05T14:19:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":9,"urlquery":2,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:39Z","timestamp":1772374719,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":33296,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:39.868163+0000\",\"flow_id\":900801924926767,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33296,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1079},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":679,\"bytes_toclient\":4682,\"start\":\"2026-03-01T14:18:39.298287+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":33308,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.013941+0000\",\"flow_id\":1030121242715021,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33308,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/css/chunk-libs.e4c084d6.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1091},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":657,\"bytes_toclient\":1654,\"start\":\"2026-03-01T14:18:39.549773+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":33322,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.277074+0000\",\"flow_id\":607281712471898,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33322,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/css/app.c7eeb1ca.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1090},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":650,\"bytes_toclient\":6196,\"start\":\"2026-03-01T14:18:40.728922+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":33296,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.598082+0000\",\"flow_id\":900801924926767,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33296,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/css/SearchInfoWindow_min.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2542},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":310,\"pkts_toclient\":342,\"bytes_toserver\":21261,\"bytes_toclient\":512221,\"start\":\"2026-03-01T14:18:39.298287+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":33326,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.600827+0000\",\"flow_id\":982949617006152,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33326,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/css/DrawingManager_min.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1094},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":656,\"bytes_toclient\":1839,\"start\":\"2026-03-01T14:18:40.980552+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":33334,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.861727+0000\",\"flow_id\":1311800230530522,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33334,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/js/html2canvas.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1066},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":636,\"bytes_toclient\":6196,\"start\":\"2026-03-01T14:18:41.314842+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":33308,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.878181+0000\",\"flow_id\":1030121242715021,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33308,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/js/jquery-1.8.3.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2515},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":49,\"pkts_toclient\":64,\"bytes_toserver\":3992,\"bytes_toclient\":93086,\"start\":\"2026-03-01T14:18:39.549773+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:42Z","timestamp":1772374722,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":33308,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:42.671516+0000\",\"flow_id\":1030121242715021,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33308,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/code.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1742},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":83,\"pkts_toclient\":130,\"bytes_toserver\":6602,\"bytes_toclient\":189781,\"start\":\"2026-03-01T14:18:39.549773+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:43Z","timestamp":1772374723,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":33322,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:43.012282+0000\",\"flow_id\":607281712471898,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33322,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":184,\"pkts_toclient\":210,\"bytes_toserver\":12945,\"bytes_toclient\":313157,\"start\":\"2026-03-01T14:18:40.728922+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"summary":[{"fqdn":"afuhejhbee.duckdns.org","ip":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"domain_registered":"2013-04-12","domain_rank":0,"first_seen":"2026-03-01T14:19:05.205757Z","last_seen":"2026-03-01T14:19:05.205757Z","alert_count":40,"request_count":10,"received_data":1196771,"sent_data":3941,"comment":"","tags":null,"fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:1.8.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"html2canvas","description":"Screenshots with JavaScript.","website":"https://html2canvas.hertzen.com/","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/static/js/html2canvas.min.js","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"d7530aa0b7587e627484c49fdf8f13f2","sha1":"b987dc0cc6cfcdc2e34499375f505470c5adb891","sha256":"e87e550794322e574a1fda0c1549a3c70dae5a93d9113417a429016838eab8cb","sha512":"04d6914276096223d2a871c36f9f01d3268f7c2bbe5a076cf06a7f814df792a06d80d4b8b523c7b8689bca87aa315fd326548a75ae855f3a04c981a34defaf5c","ssdeep":"1536:dLkw5M8eKEsqi5xpg+n1sPMecC9JmgxBQSFkkZQRlNM7IgeXzh:dLUtZSpg+aZmabZQz9","tlshash":"121457b46ba71cde0a7ef49b00172d838d981b67117fd1e8f24aada62d70702ceb1574","size":198689,"data":"","first_seen":"2023-03-08T20:20:59Z","last_seen":"2026-04-05T13:40:43.944258Z","times_seen":4563,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33334,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.861727+0000\",\"flow_id\":1311800230530522,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33334,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/js/html2canvas.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1066},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":636,\"bytes_toclient\":6196,\"start\":\"2026-03-01T14:18:41.314842+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"164c97ebca40bac412d3a318ec5fdcd9","sha1":"ee65dd5165bcb36b1767d3013d270a35852fee04","sha256":"26f44c0c3aae8c6c62cc1e7734a3bd83ab3621c676cbe9597865d46bb9f7092b","sha512":"70b62cc9c1571c2b828f3349384aea87db56d6b75a14c897abcad8efc4a8e24ebbe01b878f92bb1417b9a1f2e9ca2932d6baf846a695f04bd9a90febe4b7f9e6","ssdeep":"","tlshash":"eaf027d9f75d4c4790b2e094583f11cc603c20b265a08e5ffc1562d03c9833d12635bc","size":459,"data":"","first_seen":"2025-08-12T17:47:54.017212Z","last_seen":"2026-04-05T12:05:35.867042Z","times_seen":183,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:39Z","timestamp":1772374719,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33296,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:39.868163+0000\",\"flow_id\":900801924926767,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33296,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1079},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":679,\"bytes_toclient\":4682,\"start\":\"2026-03-01T14:18:39.298287+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/static/js/jquery-1.8.3.min.js","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"69ecd99e201c97170d8b1735877c5c6f","sha1":"acbbbf3197c7ae19982ce6ef9ff6932593ea85d8","sha256":"ef45c2b4676161897f63a84bddd4a8d7e33e98d5477e8bda3ca8173b222b8a9c","sha512":"3d97dca1cf3e459586b63a2cf49d9bafd54ff56001bc44d3963f2bf2ae1fc0ffbd260aea09986e37ebb00e969f4b95502f37f654fd97a49a40ae0a97a720ecb9","ssdeep":"1536:ln6I5cEDlV0YjGaWQb6u6xvkT4ys33lt4WXgVInEG0vd007pNTbyT+SAy+uu49Jg:Z/Yi6Jnys3PN+RwFj2ShosS9","tlshash":"9293f7edb3c6717243ab31a910af650ff2366869284d8410f138e8f4bc75a499277e7d","size":94213,"data":"","first_seen":"2023-03-07T01:06:41Z","last_seen":"2026-04-05T12:05:35.86307Z","times_seen":1243,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33308,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.878181+0000\",\"flow_id\":1030121242715021,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33308,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/js/jquery-1.8.3.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2515},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":49,\"pkts_toclient\":64,\"bytes_toserver\":3992,\"bytes_toclient\":93086,\"start\":\"2026-03-01T14:18:39.549773+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/code.php","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://afuhejhbee.duckdns.org/","date":"2026-03-01T14:18:41.299Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /code.php HTTP/1.1\r\nHost: afuhejhbee.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afuhejhbee.duckdns.org/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 01 Mar 2026 14:18:42 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/7.4.33\r\nSet-Cookie: PHPSESSID=hiv4pivs8jsvbcs4pk43s1b19r; path=/\r\nExpires: -1\r\nCache-Control: no-store, private, post-check=0, pre-check=0, max-age=0\r\nPragma: no-cache\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1735,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 160 x 60, 8-bit/color RGB, non-interlaced","md5":"7acb5a369ed6e7a0030348636519da78","sha1":"37bd1ca60e2cefc6864d10f9c2a6658e50327951","sha256":"9f6013163bbefd4c3822a5055ac045e211b86daca18fb691e96b3348781a2199","sha512":"62a223a9d36ad2d84f1f609b9f215e287bf4a4842918556747174b4504e463ee2a56deda3925037a3a369d54c0aa5a228bbe416cae6ea24c1c0237c3aeee36d2","ssdeep":"","tlshash":"7031b84d857044754c2cb5a7772303318603869ab9807bc6b1bfdd58f96bb6d7407d39","first_seen":"2026-03-01T14:19:07.842086Z","last_seen":"2026-03-01T14:19:07.842086Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1372,"timings":{"blocked":1080,"dns":0,"connect":0,"send":0,"wait":292,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:42Z","timestamp":1772374722,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33308,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:42.671516+0000\",\"flow_id\":1030121242715021,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33308,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/code.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/png\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1742},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":83,\"pkts_toclient\":130,\"bytes_toserver\":6602,\"bytes_toclient\":189781,\"start\":\"2026-03-01T14:18:39.549773+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/favicon.ico","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://afuhejhbee.duckdns.org/","date":"2026-03-01T14:18:42.738Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: afuhejhbee.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afuhejhbee.duckdns.org/\r\nCookie: PHPSESSID=hiv4pivs8jsvbcs4pk43s1b19r\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 01 Mar 2026 14:18:42 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 0\r\nConnection: keep-alive\r\nLast-Modified: Tue, 25 Nov 2025 11:45:09 GMT\r\nETag: \"692596c5-0\"\r\nCache-Control: public, max-age=3600\r\nExpires: Sunday, 01-Mar-2026 14:18:42 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:43Z","timestamp":1772374723,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33322,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:43.012282+0000\",\"flow_id\":607281712471898,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33322,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":184,\"pkts_toclient\":210,\"bytes_toserver\":12945,\"bytes_toclient\":313157,\"start\":\"2026-03-01T14:18:40.728922+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"afuhejhbee.duckdns.org/","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-01T14:18:38.533Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: afuhejhbee.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":749,"timings":{"blocked":0,"dns":115,"connect":297,"send":0,"wait":0,"receive":0,"ssl":334},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:39Z","timestamp":1772374719,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33296,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:39.868163+0000\",\"flow_id\":900801924926767,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33296,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1079},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":679,\"bytes_toclient\":4682,\"start\":\"2026-03-01T14:18:39.298287+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-01T14:18:39.300Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: afuhejhbee.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 01 Mar 2026 14:18:39 GMT\r\nContent-Type: text/html\r\nContent-Length: 511806\r\nConnection: keep-alive\r\nLast-Modified: Tue, 25 Nov 2025 11:45:08 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: \"692596c4-7cf3e\"\r\nCache-Control: public, max-age=3600\r\nExpires: Sunday, 01-Mar-2026 14:18:39 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:1.8.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"html2canvas","description":"Screenshots with JavaScript.","website":"https://html2canvas.hertzen.com/","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]}],"data":{"size":511806,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (60051)","md5":"bb4921b785e3fce7ebd84c703c528f29","sha1":"d577642ecba42bfe9e029dcb3142ba85fbd81c7f","sha256":"5a54428e1ee404bd2091a72a0957a41bf169c37761b4e68a8cf888a2ca38128f","sha512":"a834905d7e488fd92855f0a712d54263e1feb1a0ce981cb7d63074eb06b7a502e77433cd83bf779062be2984bad84cf8ecf9873490e9a80d48fb18f04bcd6107","ssdeep":"6144:qAtuTqtB3yPuDHnbwcfjUduK2Z6Esg87JMQmub7SNGEfX5y712WrT8T:qAtusB7n5jUI2EsTJMQmI7jmXsICT8T","tlshash":"deb4f1d88f245e6c874e87adfafd18d42d1d63ebb5c08d98a29d1e6497d3c4098c2cc9","first_seen":"2025-08-12T17:47:54.015031Z","last_seen":"2026-04-05T12:05:35.864163Z","times_seen":183,"resource_available":true,"data":null}},"time_used":2288,"timings":{"blocked":283,"dns":1,"connect":284,"send":0,"wait":286,"receive":1434,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:39Z","timestamp":1772374719,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33296,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:39.868163+0000\",\"flow_id\":900801924926767,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33296,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1079},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":679,\"bytes_toclient\":4682,\"start\":\"2026-03-01T14:18:39.298287+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/static/css/DrawingManager_min.css","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://afuhejhbee.duckdns.org/","date":"2026-03-01T14:18:41.314Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/DrawingManager_min.css HTTP/1.1\r\nHost: afuhejhbee.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afuhejhbee.duckdns.org/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 01 Mar 2026 14:18:41 GMT\r\nContent-Type: text/css\r\nContent-Length: 1213\r\nConnection: keep-alive\r\nLast-Modified: Tue, 25 Nov 2025 11:45:09 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: \"692596c5-4bd\"\r\nExpires: Mon, 02 Mar 2026 02:18:41 GMT\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1213,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1211), with CRLF line terminators","md5":"10bef2d0cad7e027a9b2c35d79f23bda","sha1":"28575d9078a92e8c4b2d9bd360ed9f01b68367a4","sha256":"f1ba3f81477e0795a52b0b4291e84ae070943a42ea817f2ad127227e812c09a8","sha512":"a8ecfd30491f4f2f502dbd6920c13cb841d43e61c0198cf65c72f61a4625d0e6499e7c2509b7718411f1748db0d7041057289726b687ccc42be84e7c95e816de","ssdeep":"","tlshash":"5e21d612848b179ff4bb92656d780ac4003a0d2ac7e21b3c71bf3b6715431ec6476e9a","first_seen":"2023-10-16T13:04:14Z","last_seen":"2026-04-05T12:05:35.862395Z","times_seen":207,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":289,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33326,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.600827+0000\",\"flow_id\":982949617006152,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33326,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/css/DrawingManager_min.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1094},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":656,\"bytes_toclient\":1839,\"start\":\"2026-03-01T14:18:40.980552+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/static/css/SearchInfoWindow_min.css","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://afuhejhbee.duckdns.org/","date":"2026-03-01T14:18:41.317Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/SearchInfoWindow_min.css HTTP/1.1\r\nHost: afuhejhbee.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afuhejhbee.duckdns.org/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 01 Mar 2026 14:18:41 GMT\r\nContent-Type: text/css\r\nContent-Length: 3176\r\nConnection: keep-alive\r\nLast-Modified: Tue, 25 Nov 2025 11:45:09 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: \"692596c5-c68\"\r\nExpires: Mon, 02 Mar 2026 02:18:41 GMT\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3176,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (3166), with CRLF line terminators","md5":"55598ef78904563989d48203f0aefc7c","sha1":"7225cc516fe4cfa85bbcd7a341a16fd81fbbdabd","sha256":"82cccfd39f79cda9d2032f6570d7f9fb87a90db37b4bb25033c82144f2a93117","sha512":"d0670a23477ec965267a507e85867cdfbb1166627a1d667bf78a03a774818945b3cf40d98b900dde6d6ed009f3cbfc904f1b41773220ea0628dbd668d4e63fba","ssdeep":"","tlshash":"a861dc1051333a9fb43f8910add3afd82926d05fc463ed09b5b8bf53d941aee1465788","first_seen":"2023-10-18T06:25:09Z","last_seen":"2026-04-05T12:05:35.865984Z","times_seen":186,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33296,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.598082+0000\",\"flow_id\":900801924926767,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33296,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/css/SearchInfoWindow_min.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2542},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":310,\"pkts_toclient\":342,\"bytes_toserver\":21261,\"bytes_toclient\":512221,\"start\":\"2026-03-01T14:18:39.298287+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/static/js/html2canvas.min.js","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://afuhejhbee.duckdns.org/","date":"2026-03-01T14:18:41.319Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/html2canvas.min.js HTTP/1.1\r\nHost: afuhejhbee.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afuhejhbee.duckdns.org/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 01 Mar 2026 14:18:41 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 198689\r\nConnection: keep-alive\r\nLast-Modified: Tue, 25 Nov 2025 11:45:09 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: \"692596c5-30821\"\r\nCache-Control: public, max-age=3600\r\nExpires: Sunday, 01-Mar-2026 14:18:41 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":198689,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64372)","md5":"d7530aa0b7587e627484c49fdf8f13f2","sha1":"b987dc0cc6cfcdc2e34499375f505470c5adb891","sha256":"e87e550794322e574a1fda0c1549a3c70dae5a93d9113417a429016838eab8cb","sha512":"04d6914276096223d2a871c36f9f01d3268f7c2bbe5a076cf06a7f814df792a06d80d4b8b523c7b8689bca87aa315fd326548a75ae855f3a04c981a34defaf5c","ssdeep":"1536:dLkw5M8eKEsqi5xpg+n1sPMecC9JmgxBQSFkkZQRlNM7IgeXzh:dLUtZSpg+aZmabZQz9","tlshash":"121457b46ba71cde0a7ef49b00172d838d981b67117fd1e8f24aada62d70702ceb1574","first_seen":"2023-03-08T20:20:59Z","last_seen":"2026-04-05T13:40:43.944258Z","times_seen":4563,"resource_available":true,"data":null}},"time_used":1643,"timings":{"blocked":269,"dns":1,"connect":273,"send":0,"wait":274,"receive":826,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33334,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.861727+0000\",\"flow_id\":1311800230530522,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33334,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/js/html2canvas.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1066},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":636,\"bytes_toclient\":6196,\"start\":\"2026-03-01T14:18:41.314842+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/static/js/jquery-1.8.3.min.js","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://afuhejhbee.duckdns.org/","date":"2026-03-01T14:18:41.320Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/jquery-1.8.3.min.js HTTP/1.1\r\nHost: afuhejhbee.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afuhejhbee.duckdns.org/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 01 Mar 2026 14:18:41 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 94213\r\nConnection: keep-alive\r\nLast-Modified: Tue, 25 Nov 2025 11:45:09 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: \"692596c5-17005\"\r\nCache-Control: public, max-age=3600\r\nExpires: Sunday, 01-Mar-2026 14:18:41 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":94213,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65481), with CRLF line terminators","md5":"69ecd99e201c97170d8b1735877c5c6f","sha1":"acbbbf3197c7ae19982ce6ef9ff6932593ea85d8","sha256":"ef45c2b4676161897f63a84bddd4a8d7e33e98d5477e8bda3ca8173b222b8a9c","sha512":"3d97dca1cf3e459586b63a2cf49d9bafd54ff56001bc44d3963f2bf2ae1fc0ffbd260aea09986e37ebb00e969f4b95502f37f654fd97a49a40ae0a97a720ecb9","ssdeep":"1536:ln6I5cEDlV0YjGaWQb6u6xvkT4ys33lt4WXgVInEG0vd007pNTbyT+SAy+uu49Jg:Z/Yi6Jnys3PN+RwFj2ShosS9","tlshash":"9293f7edb3c6717243ab31a910af650ff2366869284d8410f138e8f4bc75a499277e7d","first_seen":"2023-03-07T01:06:41Z","last_seen":"2026-04-05T12:05:35.86307Z","times_seen":1243,"resource_available":true,"data":null}},"time_used":846,"timings":{"blocked":271,"dns":0,"connect":0,"send":0,"wait":287,"receive":288,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33308,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.878181+0000\",\"flow_id\":1030121242715021,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33308,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/js/jquery-1.8.3.min.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2515},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":49,\"pkts_toclient\":64,\"bytes_toserver\":3992,\"bytes_toclient\":93086,\"start\":\"2026-03-01T14:18:39.549773+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/static/css/chunk-libs.e4c084d6.css","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://afuhejhbee.duckdns.org/","date":"2026-03-01T14:18:40.728Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/chunk-libs.e4c084d6.css HTTP/1.1\r\nHost: afuhejhbee.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afuhejhbee.duckdns.org/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 01 Mar 2026 14:18:40 GMT\r\nContent-Type: text/css\r\nContent-Length: 84153\r\nConnection: keep-alive\r\nLast-Modified: Tue, 25 Nov 2025 11:45:09 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: \"692596c5-148b9\"\r\nExpires: Mon, 02 Mar 2026 02:18:40 GMT\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":84153,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (63053)","md5":"42ee3d1636cb87e25a7df09657c9ca3d","sha1":"bec96c90aec0da3771228c2e9a9f636b60a11aa2","sha256":"b6a5e832a636628fd955cb72a07db796d53545eb6d3259285626f57b5c7ce800","sha512":"d30a287dc9dea040e12c5c151bc6bdf2a0fe449b9fd033aff78d40e04150697a3130e7f448071008584fe0c5120713ef5e0ef5257f1207cd6020afc40e386d9f","ssdeep":"1536:00SgUQciKDtkkC9ZblbaEDWAfXYb1nE9OJyzT:00SbW9ZAEDWAfXYb1nE9ay/","tlshash":"1b83d773b010a5f8913fcc0bddc0a7159e2df423d56528ebe5137a1e8edb34666a3286","first_seen":"2025-08-12T17:47:54.011452Z","last_seen":"2026-04-05T12:05:35.864751Z","times_seen":182,"resource_available":false,"data":null}},"time_used":863,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":286,"receive":577,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33308,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.013941+0000\",\"flow_id\":1030121242715021,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33308,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/css/chunk-libs.e4c084d6.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1091},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":657,\"bytes_toclient\":1654,\"start\":\"2026-03-01T14:18:39.549773+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"afuhejhbee.duckdns.org/static/css/app.c7eeb1ca.css","fqdn":"afuhejhbee.duckdns.org","domain":"afuhejhbee.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://afuhejhbee.duckdns.org/","date":"2026-03-01T14:18:40.730Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/app.c7eeb1ca.css HTTP/1.1\r\nHost: afuhejhbee.duckdns.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afuhejhbee.duckdns.org/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sun, 01 Mar 2026 14:18:41 GMT\r\nContent-Type: text/css\r\nContent-Length: 298614\r\nConnection: keep-alive\r\nLast-Modified: Tue, 25 Nov 2025 11:45:09 GMT\r\nVary: Accept-Encoding, Accept-Encoding\r\nETag: \"692596c5-48e76\"\r\nExpires: Mon, 02 Mar 2026 02:18:41 GMT\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":298614,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"f7ed0daa7a73b23cc456ab96b465c155","sha1":"7bb8f9c9eb15383b63ca6f118662b2e2ddf81cb6","sha256":"5f1b408842ff73fcf40020fc2c00d24132a96a3ecb7e22a44ad67e1b3b1d3e8a","sha512":"03415bdbb7725f3a1175c5140b3a9ba0477fb66a37df730f18739db4029f43e86b70d0afdd2922f31f10b7afd3f81c12ed11655bc9ac5220bb3399ed2877e024","ssdeep":"1536:c28Y7SrW3YeWXA1u9w4HCe/l492gW9cMEutb7OO6iZkW1Yu8e+3SNZ5fhIc6u9Gi:lRwt5nfkuKtDSPEcSFYQWsJhfc","tlshash":"bb54c9219b57212b612bda6db6c0ba896f28c323d4720bbbfd51741dcbd35891163b0f","first_seen":"2025-08-12T17:47:54.010215Z","last_seen":"2026-04-05T12:05:35.865282Z","times_seen":183,"resource_available":false,"data":null}},"time_used":1924,"timings":{"blocked":273,"dns":1,"connect":274,"send":0,"wait":274,"receive":1102,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T14:18:41Z","timestamp":1772374721,"ip_dst":{"addr":"211.174.59.154","port":80,"asn":3786,"as":"LG DACOM Corporation","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.50","port":33322,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2026-03-01T14:18:41.277074+0000\",\"flow_id\":607281712471898,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.50\",\"src_port\":33322,\"dest_ip\":\"211.174.59.154\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afuhejhbee.duckdns.org\",\"url\":\"/static/css/app.c7eeb1ca.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://afuhejhbee.duckdns.org/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1090},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":650,\"bytes_toclient\":6196,\"start\":\"2026-03-01T14:18:40.728922+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-01","alert":"Sinkholed","trigger":"afuhejhbee.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}