{"report_id":"d8ea3747-ab9a-443a-b8af-9758d9e759a4","version":6,"status":"done","tags":["dyndns"],"date":"2025-12-31T13:37:28Z","url":{"schema":"http","addr":"afxwd.ddns.net/","fqdn":"afxwd.ddns.net","domain":"afxwd.ddns.net","tld":"ddns.net"},"ip":{"addr":"103.8.27.52","port":0,"asn":132241,"as":"SKSA TECHNOLOGY SDN BHD","country":"Malaysia","country_code":"MY"},"final":{"url":{"schema":"http","addr":"afxwd.ddns.net/","fqdn":"afxwd.ddns.net","domain":"afxwd.ddns.net","tld":"ddns.net"},"title":"Web Server's Default Page","dom":{"size":16418,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (9128)","md5":"7d1c41472200e389eed60cc3f6f7a4ac","sha1":"2f55c47a64b5fbd5ea944eca832c2057ee701f3d","sha256":"d81731c135a3d034830f0069fb365174c4834e07d1dbe0622e815d23effaa91d","sha512":"37e810e8b13f6f6c5490a9dc328a409171a54587c0a3aaaf86fb6eaa15532e43d07355d4ee7910ef9117b20793569eb3e0477975493d3d636fa9c131a7067829","ssdeep":"192:XYxTUPp7YUd0xcP1bMW6XQ8Thb6nud3XOKxDVbidbv2OeKiUCrmCwl/EdVcdYITP:Vq9muRhilet6C/fcdDT","tlshash":"dd72c6729257956f0123c0d5fbb66740738d844be809c669b6dea36c6fcfaa0e49370c","dom_hash":"domhash82e8e9f58d72e2ccb81b0d8b81f5e277","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"afxwd.ddns.net/","fqdn":"afxwd.ddns.net","domain":"afxwd.ddns.net","tld":"ddns.net"},"ip":{"addr":"103.8.27.52","port":0,"asn":132241,"as":"SKSA TECHNOLOGY SDN BHD","country":"Malaysia","country_code":"MY"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-04T13:37:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":2,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-31T13:37:07Z","timestamp":1767188227,"ip_dst":{"addr":"103.8.27.52","port":80,"asn":132241,"as":"SKSA TECHNOLOGY SDN BHD","country":"Malaysia","country_code":"MY"},"ip_src":{"addr":"172.18.0.2","port":41528,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2025-12-31T13:37:07.380413+0000\",\"flow_id\":1514307338838229,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":41528,\"dest_ip\":\"103.8.27.52\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afxwd.ddns.net\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":444},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":635,\"bytes_toclient\":811,\"start\":\"2025-12-31T13:37:07.008405+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-31T13:37:07Z","timestamp":1767188227,"ip_dst":{"addr":"103.8.27.52","port":80,"asn":132241,"as":"SKSA TECHNOLOGY SDN BHD","country":"Malaysia","country_code":"MY"},"ip_src":{"addr":"172.18.0.2","port":41528,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2025-12-31T13:37:07.773432+0000\",\"flow_id\":1514307338838229,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":41528,\"dest_ip\":\"103.8.27.52\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afxwd.ddns.net\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://afxwd.ddns.net/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":3,\"bytes_toserver\":1150,\"bytes_toclient\":2271,\"start\":\"2025-12-31T13:37:07.008405+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"afxwd.ddns.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"afxwd.ddns.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"summary":[{"fqdn":"assets.plesk.com","ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"1999-06-13","domain_rank":2025050,"first_seen":"2016-07-25T13:41:51Z","last_seen":"2025-12-30T00:14:32.354239Z","alert_count":0,"request_count":9,"received_data":319335,"sent_data":4450,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"afxwd.ddns.net","ip":{"addr":"103.8.27.52","port":80,"asn":132241,"as":"SKSA TECHNOLOGY SDN BHD","country":"Malaysia","country_code":"MY"},"domain_registered":"2001-06-28","domain_rank":0,"first_seen":"2025-12-31T13:37:28.977235Z","last_seen":"2025-12-31T13:37:28.977235Z","alert_count":12,"request_count":3,"received_data":691,"sent_data":1235,"comment":"","tags":null,"fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}]},{"fqdn":"uat-proxy.plesk.com","ip":{"addr":"34.246.109.57","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"1999-06-13","domain_rank":0,"first_seen":"2025-08-21T20:20:46.51845Z","last_seen":"2025-12-25T02:14:35.678502Z","alert_count":0,"request_count":2,"received_data":2082,"sent_data":1844,"comment":"","tags":null,"fingerprints":[{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"assets.plesk.com/static/default-website-content/public/default-server-index.js","fqdn":"assets.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"c25f3348684ef804f9de41c40cddf238","sha1":"9aafe75f475257fef7a934b45b4153758b5ac248","sha256":"5c71b15ef13fea852882560f5ce7473e6d913aae99bcc23c3f34fc3010feca1d","sha512":"bcd047a0f515bbceda50960cfb14857ab9bfd2870476120a2c3fc29fbb9c328b92c2d500ab10124e56d0ff421320aa57d2e2a5bbe4bc6ceaf2a0a6ee4bae426a","ssdeep":"192:5la8j2rrxw0dAZ+hbXIK6XocTqW1ryoBBX/b4mebC1lnitlV/WDXHoRmE7kuFAiQ:50e/b4/GS7Ir9E7kar79XXdDQ","tlshash":"fec21756b243717d02538ae5f7fb1310733a7418d0194678f29de3ba0baf9a5c592b2c","size":26501,"data":"","first_seen":"2025-12-01T17:03:35.530941Z","last_seen":"2026-04-12T10:40:37.384334Z","times_seen":845,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.plesk.com/static/default-website-content/public/bundle.js","fqdn":"assets.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"418248ca70e0e378a5289313b78d5967","sha1":"687e6d4a68ad17620a952e73809958d13c76ddd9","sha256":"b4296480506218fe2a168fe18720dbbf8878ac67261a51eaa9cb1f93376abbcc","sha512":"fe9285161bf044e5a58f6e881d18f2971e51768f6d7f7f25eb7713a5693e712e493b690d0cdda8792b5507bdb5e76aa7336e02d1353c8a80923c6f369a3f3e8b","ssdeep":"3072:NEf7dr5lOVNatBvKbb7it+ZTebx8hAMbGqY1bO90d:u7RzOVL7it+Zibx8hAMbAGy","tlshash":"d3d32a9572d2f06203a715e2a43a2505e2391e18344d9458fbfddc9a7cf648bda33f3a","size":132164,"data":"","first_seen":"2025-10-31T14:17:45.058113Z","last_seen":"2026-04-12T10:40:37.383387Z","times_seen":1539,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"440f27b82fb37f1af916973c7426a8e4","sha1":"8134f7119265e832c6b06e2e953bf8991aac660e","sha256":"63b8010038c357d0c36a5994476a3b50470821df28125c398155282c81873503","sha512":"f42b4ee2e818dc24618e8d849cebf0dc0766a2994b3f415e39d319e425753f5c1871f2edbe15b333dd076f09b4cd598de4ec7a26509dc31d3d99d784594782c9","ssdeep":"192:0YxTUPp7YUd0xcP1bMW6XQ8Thb6nud3XOKxDVbidbv2UUx0iUCrP7wlc/xVDdYIq:iq9muRhi/UZb7ZrDdDq","tlshash":"f872b6729287956f0113c094fbb66740738d844be809c669b6dee36c6fcfaa1e49370d","size":16412,"data":"","first_seen":"2025-12-31T13:37:31.271081Z","last_seen":"2025-12-31T13:37:31.271081Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"assets.plesk.com/static/default-website-content/public/img/stars-6a8fd8.svg","fqdn":"assets.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://afxwd.ddns.net/","date":"2025-12-31T13:37:07.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1226552209.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 09 Nov 2025 10:38:07 GMT","end":"Sat, 07 Feb 2026 10:38:06 GMT"},"fingerprint":{"sha1":"AB:E3:19:8A:B7:4A:02:D1:0E:4E:74:87:5F:67:ED:F4:71:87:B6:63","sha256":"C4:15:B4:AB:D5:2B:66:94:03:3D:C8:51:61:DC:8F:FF:DA:91:A9:A2:71:F6:EC:65:78:BE:5C:BC:8F:AC:CF:4C"}}},"request":{"raw":"GET /static/default-website-content/public/img/stars-6a8fd8.svg HTTP/1.1\r\nHost: assets.plesk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afxwd.ddns.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 13:37:07 GMT\r\ncontent-type: image/svg+xml\r\nx-amz-id-2: fO4HDwxbVIkLMuVMTQ4pEJyuONLKzPQgM4DLXQ7/spWquocu4Kd8IvgNyojfx2/kdy1qn0FsI6eD9Wkxj9rZ7nKVcsLA/d8D\r\nx-amz-request-id: M8PTAV30TYGBJR2R\r\nlast-modified: Mon, 01 Dec 2025 09:47:29 GMT\r\nx-amz-version-id: bUbvbnTSC7VjMYOmpCjrIBrbQpKP69Vr\r\netag: W/\"18aa9407cb97208391f24bcef249457f\"\r\nx-77-nzt: EwwBX63NDQHXRgsIAAwBuUwKEwH3SwcAAAwBJRPCVwG3fAAAAA\r\nx-77-nzt-ray: 2a494a151d40c3082827556952db2626\r\nx-77-cache: HIT\r\nx-77-age: 527174\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":23587,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"18aa9407cb97208391f24bcef249457f","sha1":"c76eef71591d7d92fb30f51b49dadf16ae600a05","sha256":"30628c4c5254e81ed7f953bd449c6976ce87210089c4b221f00c3a7a5d597736","sha512":"2092a8b785ed8edf6e63312a7d70ca42932851f3b491604bb6e3fa861c05c82ffcd2b3461c7b17fa3af6e73351b70acfcc1e4e20bf2ae00606a565c6a2f1867e","ssdeep":"96:ruEAlHCq+7wX+MTntIRT1jTgNOHgWIl0a6IP+5bDTIjvPj5jBjF76ydRyuK:y0COXRhRVxsDZB93dQp","tlshash":"a1b28fbd1397d9ec7c02e990be7611e3e52fe2dd209c07d09079c6202bd26dae78e585","first_seen":"2023-04-30T21:16:24Z","last_seen":"2026-05-10T15:13:33.131101Z","times_seen":7645,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.plesk.com/static/default-website-content/public/img/robot-e712cf.svg","fqdn":"assets.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://afxwd.ddns.net/","date":"2025-12-31T13:37:07.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1226552209.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 09 Nov 2025 10:38:07 GMT","end":"Sat, 07 Feb 2026 10:38:06 GMT"},"fingerprint":{"sha1":"AB:E3:19:8A:B7:4A:02:D1:0E:4E:74:87:5F:67:ED:F4:71:87:B6:63","sha256":"C4:15:B4:AB:D5:2B:66:94:03:3D:C8:51:61:DC:8F:FF:DA:91:A9:A2:71:F6:EC:65:78:BE:5C:BC:8F:AC:CF:4C"}}},"request":{"raw":"GET /static/default-website-content/public/img/robot-e712cf.svg HTTP/1.1\r\nHost: assets.plesk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afxwd.ddns.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 13:37:07 GMT\r\ncontent-type: image/svg+xml\r\nx-amz-id-2: nOG3VBMcRnh0Rrxv+XFOnoHk6We52NiayJm7olc9zgYqAtEZ9g+d9NGPlzlTva5gF8OBCMpTaqBfAtfg3KG6Z9Sk5a6lqfcJ\r\nx-amz-request-id: F8NPPH1RR2T0FK4E\r\nlast-modified: Mon, 01 Dec 2025 09:47:29 GMT\r\nx-amz-version-id: 8Y6m3R.3QtKG4IhrxC3nU6PDlBxeZBmr\r\netag: W/\"a11790af7b8e734f7391d2695e96bfc8\"\r\nx-77-nzt: EwwBX63NDQH3HggIAAwBuUwKDAH3LBMAAAwBT3/Y+AG3bQAAAA\r\nx-77-nzt-ray: 2a494a151d40c3082827556992772a26\r\nx-77-cache: HIT\r\nx-77-age: 526366\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":89014,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a11790af7b8e734f7391d2695e96bfc8","sha1":"af73e0993f9a486721d75bc21d6eb6e17104ece9","sha256":"01084e18312cb2af2d6b89b7348a7f1e5ae8faf10c0bd9ce478dd38adb2955a3","sha512":"8251f0b56927fa275e73d87f0964e9d755ec9105f464ed41f8741906eb5a9a450396b70bc89e42c341faec469fd9ea00ea043f9b98c6594a7c1f403978b7acf9","ssdeep":"1536:1EGgXdRFhrpPC8OGcFIgpDeeNrNPdUYbzyP:todXzcGcF7lrsGyP","tlshash":"2d93002cc358a3bc9d5787f88b3560b0769e50eeb0e19328897dc5b063529d8d2ef8d5","first_seen":"2023-05-01T16:30:05Z","last_seen":"2026-05-10T15:13:33.117036Z","times_seen":7620,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.plesk.com/static/default-website-content/public/fonts/inter-v12-latin-700-54321e.woff2","fqdn":"assets.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://afxwd.ddns.net/","date":"2025-12-31T13:37:07.672Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1226552209.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 09 Nov 2025 10:38:07 GMT","end":"Sat, 07 Feb 2026 10:38:06 GMT"},"fingerprint":{"sha1":"AB:E3:19:8A:B7:4A:02:D1:0E:4E:74:87:5F:67:ED:F4:71:87:B6:63","sha256":"C4:15:B4:AB:D5:2B:66:94:03:3D:C8:51:61:DC:8F:FF:DA:91:A9:A2:71:F6:EC:65:78:BE:5C:BC:8F:AC:CF:4C"}}},"request":{"raw":"GET /static/default-website-content/public/fonts/inter-v12-latin-700-54321e.woff2 HTTP/1.1\r\nHost: assets.plesk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://afxwd.ddns.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afxwd.ddns.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 13:37:07 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 17784\r\nx-amz-id-2: gWjs8qPPcF38ip/4M2uRL/sK92mBwdAO8H96h85zaVJcawBr8KQIQjOvLOdH5QmV+k14PNHdXlA=\r\nx-amz-request-id: F8NTTMYN1QKWAHR1\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-max-age: 0\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method\r\nlast-modified: Mon, 01 Dec 2025 09:47:29 GMT\r\nx-amz-version-id: fR5BRNIdeneYGhReRTKVWmhWLyrKPBF8\r\netag: \"8d7a3f034881d1712b3325cc71425c10\"\r\nx-77-nzt: EwwBX63NDQHXRgsIAAwBuUwKAQH3QwUAAAwBT3/Y+AG3bQAAAA\r\nx-77-nzt-ray: 2a494a151d40c30828275569e5048326\r\nx-77-cache: HIT\r\nx-77-age: 527174\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":17784,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 17784, version 1.0","md5":"8d7a3f034881d1712b3325cc71425c10","sha1":"9594f24367800a20297a96c2d4f957e62c63e207","sha256":"ced2d8e02e2fbf08d2edec9b5f13648ed8348588a05f7181632f3c1dd6e1f5c3","sha512":"e7edbfcbb46c2df1de915c59bc6188d8b068bd5ec3c97ba73659829dc30c7db73de9d150db72621101e4f6a5b74c771bf5d624712c9cba391ddb04a9e7c91cb3","ssdeep":"384:ADWWIntFC5IYQXXkFENAQzkJj3r5dzt+eb7SOd:kWWIne5I3X0F0RK7vWW","tlshash":"c382d0eab27c8431fd1693390c48aad07dc72d5ec68e314c571890817a57297acdee63","first_seen":"2023-04-30T17:57:31Z","last_seen":"2026-05-10T15:28:25.540889Z","times_seen":10695,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"afxwd.ddns.net/","fqdn":"afxwd.ddns.net","domain":"afxwd.ddns.net","tld":"ddns.net"},"ip":{"addr":"103.8.27.52","port":80,"asn":132241,"as":"SKSA TECHNOLOGY SDN BHD","country":"Malaysia","country_code":"MY"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-31T13:37:07.008Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: afxwd.ddns.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nLast-Modified: Wed, 01 Feb 2023 17:49:22 GMT\r\nAccept-Ranges: bytes\r\nETag: \"07d19846536d91:0\"\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Wed, 31 Dec 2025 13:37:19 GMT\r\nContent-Length: 444\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":444,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"69951906288c392bad0ff3036482c426","sha1":"32792a1ea8c9e8b00dadc14c857685a788335b61","sha256":"1b7edab82fce31fb111e98a05a300eb498e681c4cda122bf6a4458ab7aa021f2","sha512":"910612144e0831405fb358c0e5420bd01aebd9626140b84a8dfd67e3395a0ffdbde9055056cb837c466259b9777013e4433b9784396a4dd4c9de45a5b5c8b258","ssdeep":"","tlshash":"0af0a3b753c5d44602b05977c9c1f2c6f6c3b40561976456f3cc20173fca151c987725","first_seen":"2023-04-26T18:57:58Z","last_seen":"2026-05-10T14:53:23.746488Z","times_seen":34,"resource_available":true,"data":null}},"time_used":559,"timings":{"blocked":186,"dns":1,"connect":185,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-31T13:37:07Z","timestamp":1767188227,"ip_dst":{"addr":"103.8.27.52","port":80,"asn":132241,"as":"SKSA TECHNOLOGY SDN BHD","country":"Malaysia","country_code":"MY"},"ip_src":{"addr":"172.18.0.2","port":41528,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2025-12-31T13:37:07.380413+0000\",\"flow_id\":1514307338838229,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":41528,\"dest_ip\":\"103.8.27.52\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afxwd.ddns.net\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":444},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":635,\"bytes_toclient\":811,\"start\":\"2025-12-31T13:37:07.008405+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"afxwd.ddns.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"afxwd.ddns.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"assets.plesk.com/static/default-website-content/public/default-server-index.js","fqdn":"assets.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://afxwd.ddns.net/","date":"2025-12-31T13:37:07.465Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1226552209.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 09 Nov 2025 10:38:07 GMT","end":"Sat, 07 Feb 2026 10:38:06 GMT"},"fingerprint":{"sha1":"AB:E3:19:8A:B7:4A:02:D1:0E:4E:74:87:5F:67:ED:F4:71:87:B6:63","sha256":"C4:15:B4:AB:D5:2B:66:94:03:3D:C8:51:61:DC:8F:FF:DA:91:A9:A2:71:F6:EC:65:78:BE:5C:BC:8F:AC:CF:4C"}}},"request":{"raw":"GET /static/default-website-content/public/default-server-index.js HTTP/1.1\r\nHost: assets.plesk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afxwd.ddns.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 13:37:07 GMT\r\ncontent-type: text/javascript\r\nx-amz-id-2: xV3c+C9+v8Ls5+JVo+upW3euYJNrgUw+tw+H86JvNP+OdyO57Dj3+WRviVARByC5UjpMjPmBIcSj9oXPPNn6xCBrQ37G1tjQxUSTrQbaLls=\r\nx-amz-request-id: 2XM4XXPWVHM3H8J1\r\nlast-modified: Mon, 01 Dec 2025 09:47:29 GMT\r\nx-amz-version-id: NeZpz1LHVeU1gJWdr3Y8qK0YiOWI5wEX\r\netag: W/\"c25f3348684ef804f9de41c40cddf238\"\r\nx-77-nzt: EwwBX63NDQHXWwsIAAwBuUwKDAH3nwcAAAwBWd59LgG3ZgAAAA\r\nx-77-nzt-ray: 2a494a151d40c308282755696761911d\r\nx-77-cache: HIT\r\nx-77-age: 527195\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":26501,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17206)","md5":"c25f3348684ef804f9de41c40cddf238","sha1":"9aafe75f475257fef7a934b45b4153758b5ac248","sha256":"5c71b15ef13fea852882560f5ce7473e6d913aae99bcc23c3f34fc3010feca1d","sha512":"bcd047a0f515bbceda50960cfb14857ab9bfd2870476120a2c3fc29fbb9c328b92c2d500ab10124e56d0ff421320aa57d2e2a5bbe4bc6ceaf2a0a6ee4bae426a","ssdeep":"192:5la8j2rrxw0dAZ+hbXIK6XocTqW1ryoBBX/b4mebC1lnitlV/WDXHoRmE7kuFAiQ:50e/b4/GS7Ir9E7kar79XXdDQ","tlshash":"fec21756b243717d02538ae5f7fb1310733a7418d0194678f29de3ba0baf9a5c592b2c","first_seen":"2025-12-01T17:03:35.530941Z","last_seen":"2026-04-12T10:40:37.384334Z","times_seen":845,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":32,"dns":20,"connect":1,"send":0,"wait":1,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.plesk.com/static/default-website-content/public/img/wpg-5879f3.svg","fqdn":"assets.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://afxwd.ddns.net/","date":"2025-12-31T13:37:07.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1226552209.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 09 Nov 2025 10:38:07 GMT","end":"Sat, 07 Feb 2026 10:38:06 GMT"},"fingerprint":{"sha1":"AB:E3:19:8A:B7:4A:02:D1:0E:4E:74:87:5F:67:ED:F4:71:87:B6:63","sha256":"C4:15:B4:AB:D5:2B:66:94:03:3D:C8:51:61:DC:8F:FF:DA:91:A9:A2:71:F6:EC:65:78:BE:5C:BC:8F:AC:CF:4C"}}},"request":{"raw":"GET /static/default-website-content/public/img/wpg-5879f3.svg HTTP/1.1\r\nHost: assets.plesk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afxwd.ddns.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 13:37:07 GMT\r\ncontent-type: image/svg+xml\r\nx-amz-id-2: QvFSO8hWX85pj7LdkGsZ6EQdgfFtzEo8H4G4G0/9KxlC25lX44x2jexs7psRqEkMfkkRocTwOseoeJKTIPZEb6+RdrVS7EOi\r\nx-amz-request-id: 2XMCFZH1043ZAA7X\r\nlast-modified: Mon, 01 Dec 2025 09:47:29 GMT\r\nx-amz-version-id: dgk21heznfrS8mPuIwzJaYWcPyRjt6a9\r\netag: W/\"67b7f0f50fe6837597cc7ea4ac4e3fa3\"\r\nx-77-nzt: EwwBX63NDQHXRgsIAAwBuUwKCQH3lwcAAAwBw7WvFwG3bgAAAA\r\nx-77-nzt-ray: 2a494a151d40c3082827556943c90326\r\nx-77-cache: HIT\r\nx-77-age: 527174\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1304,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"67b7f0f50fe6837597cc7ea4ac4e3fa3","sha1":"9aafb23c2c7b4466d0ab05e3e115c82757706762","sha256":"a205e44bdfd4d85a52d1412f0923f5cbdaae73050ac51529fb70b7a80c4d0b93","sha512":"dfe5a5097d639fe7cab87ea1c8691951b2b6a04959762aa0d2b2660eeecf184da057846fa08492ecc79102896db39aac1b817da7d8b371023aee95c1b7d5a23a","ssdeep":"","tlshash":"eb21f6a11979d86c0d970bf2cf7e85933b9fd0b9b21583ed55536170500a2cdc5c6d5c","first_seen":"2024-05-01T23:57:27Z","last_seen":"2026-05-10T15:13:33.133898Z","times_seen":5146,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.plesk.com/static/default-website-content/public/favicon-fc0691.ico","fqdn":"assets.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://afxwd.ddns.net/","date":"2025-12-31T13:37:07.690Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1226552209.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 09 Nov 2025 10:38:07 GMT","end":"Sat, 07 Feb 2026 10:38:06 GMT"},"fingerprint":{"sha1":"AB:E3:19:8A:B7:4A:02:D1:0E:4E:74:87:5F:67:ED:F4:71:87:B6:63","sha256":"C4:15:B4:AB:D5:2B:66:94:03:3D:C8:51:61:DC:8F:FF:DA:91:A9:A2:71:F6:EC:65:78:BE:5C:BC:8F:AC:CF:4C"}}},"request":{"raw":"GET /static/default-website-content/public/favicon-fc0691.ico HTTP/1.1\r\nHost: assets.plesk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afxwd.ddns.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 13:37:07 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\ncontent-length: 4286\r\nx-amz-id-2: VzJsoGOqdk/LD6g1xUjnjsF2CugVLi5y+BGludiOGlog3l8kuwQMp9fHjBQ/wuRoz9NFVULLXSo=\r\nx-amz-request-id: CVHSAMZW1D2Z2JPG\r\nlast-modified: Mon, 01 Dec 2025 09:47:29 GMT\r\nx-amz-version-id: JqcW_S9YcLEoN5iLWCRfb_rHRzI8nQ6W\r\netag: \"650b28c6cf1b473aed15ba26bad1da92\"\r\nx-77-nzt: EwwBX63NDQH3sAoIAAwBuUwKDAH3pwgAAAwBw7WvAgG3CgAAAA\r\nx-77-nzt-ray: 2a494a151d40c30828275569085b0129\r\nx-77-cache: HIT\r\nx-77-age: 527024\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"650b28c6cf1b473aed15ba26bad1da92","sha1":"63f99c1d32ab6387db0f981f242fcefcb875ac21","sha256":"1f7437e15be65fcfd977e547e957da7950167f957deeac877086e9b66c11be87","sha512":"ee3c937542bdb10fc5a2bdf41fc6c89bfe699a870a69368f276963af3efbb711827e916dd05aa7e653524770f2e0bd0d38ee6a5e3b6c7255cac1cd74930b7541","ssdeep":"48:QwL+ah0QWs3z1gL9LSJN798lyBbr9bgozxXoAOg81XAHoctUjpeqeDzTCZmNV:QHaDxAiWSbq0S2Igepe9DT/","tlshash":"8891f3ef98b48405e259463c81cdd99b3d3e8a3db0f1e28d3a516c69dc33943abc9532","first_seen":"2023-04-30T20:36:14Z","last_seen":"2026-05-10T15:13:33.119069Z","times_seen":5717,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uat-proxy.plesk.com/","fqdn":"uat-proxy.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"34.246.109.57","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://afxwd.ddns.net/","date":"2025-12-31T13:37:07.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"uat-proxy.plesk.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Fri, 01 Aug 2025 00:00:00 GMT","end":"Sun, 30 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C8:5B:6C:B7:19:D1:F4:7B:E1:8C:07:D2:A7:7E:84:36:29:07:F3:07","sha256":"4B:46:37:E8:81:F5:46:5D:48:54:2D:9C:36:A9:A2:1E:0E:BC:41:8C:54:04:8B:05:56:7D:21:4A:77:E1:C7:59"}}},"request":{"raw":"OPTIONS / HTTP/1.1\r\nHost: uat-proxy.plesk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: amz-sdk-invocation-id,amz-sdk-request,authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent\r\nReferer: http://afxwd.ddns.net/\r\nOrigin: http://afxwd.ddns.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 13:37:08 GMT\r\ncontent-length: 20\r\nset-cookie: AWSALB=6byYXGn/KQfszAkasSsy10h4ODvek1QSKD82YcFskCyi9Za1fYu8p4wpmNnNkk5EilXwFZuvLOyy6bX+3T9QcT5feeE94JsExu9y8qCdpCu8IlJzf++4QiEzR1mO; Expires=Wed, 07 Jan 2026 13:37:08 GMT; Path=/\nAWSALBCORS=6byYXGn/KQfszAkasSsy10h4ODvek1QSKD82YcFskCyi9Za1fYu8p4wpmNnNkk5EilXwFZuvLOyy6bX+3T9QcT5feeE94JsExu9y8qCdpCu8IlJzf++4QiEzR1mO; Expires=Wed, 07 Jan 2026 13:37:08 GMT; Path=/; SameSite=None; Secure\r\naccess-control-allow-headers: amz-sdk-invocation-id,amz-sdk-request,authorization,content-type,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent\r\naccess-control-allow-methods: POST\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-amz-request-id,x-amz-id-2,x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date\r\naccess-control-max-age: 172800\r\ncontent-encoding: gzip\r\nx-amzn-requestid: d4643b4a-1434-fa0b-b5ab-120ec0f37877\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":847,"timings":{"blocked":295,"dns":18,"connect":32,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uat-proxy.plesk.com/","fqdn":"uat-proxy.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"34.246.109.57","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://afxwd.ddns.net/","date":"2025-12-31T13:37:08.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"uat-proxy.plesk.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Fri, 01 Aug 2025 00:00:00 GMT","end":"Sun, 30 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C8:5B:6C:B7:19:D1:F4:7B:E1:8C:07:D2:A7:7E:84:36:29:07:F3:07","sha256":"4B:46:37:E8:81:F5:46:5D:48:54:2D:9C:36:A9:A2:1E:0E:BC:41:8C:54:04:8B:05:56:7D:21:4A:77:E1:C7:59"}}},"request":{"raw":"POST / HTTP/1.1\r\nHost: uat-proxy.plesk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://afxwd.ddns.net/\r\namz-sdk-invocation-id: 124d7fbe-e290-4e3a-808f-070fe40f8fb2\r\namz-sdk-request: attempt=1; max=3\r\nauthorization: AWS4-HMAC-SHA256 Credential=00000000000000000000/20251231/us-west-2/firehose/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-content-sha256;x-amz-date;x-amz-target;x-amz-user-agent, Signature=d421279dd069cbfcc7fefe7eb072b6c99d4ec41efa02ed88ba60bbd4ae5d62c8\r\ncontent-type: application/x-amz-json-1.1\r\nx-amz-content-sha256: ec1bc342315a69390c2ba3bb7e7a4477d76f634704f28a68d1ca156f03ff9d3c\r\nx-amz-date: 20251231T133707Z\r\nx-amz-target: Firehose_20150804.PutRecord\r\nx-amz-user-agent: aws-sdk-js/3.825.0 ua/2.1 os/Windows#NT-10.0 lang/js md/browser#Firefox_134.0 api/firehose#3.825.0 m/N,E,e\r\nContent-Length: 108\r\nOrigin: http://afxwd.ddns.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":108,"data":"{\"DeliveryStreamName\":\"default-page-stats\",\"Record\":{\"Data\":\"MjAyNS0xMi0zMVQxMzozNzowNy43NDFafFZJRVd8Cg==\"}}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 13:37:08 GMT\r\ncontent-type: application/x-amz-json-1.1\r\ncontent-length: 246\r\nset-cookie: AWSALB=oBcOaTRWNTh9hntZtiZxvrNbZkjIqQtjpbDmjiWQlVfwtI+LQoL6MP5KuqZuFlhMubTdRWPrDJTcLxjiIKJMOJI/w2JWBdQkpi46g6D92LOY7oziShhIyj+cIV4K; Expires=Wed, 07 Jan 2026 13:37:08 GMT; Path=/\nAWSALBCORS=oBcOaTRWNTh9hntZtiZxvrNbZkjIqQtjpbDmjiWQlVfwtI+LQoL6MP5KuqZuFlhMubTdRWPrDJTcLxjiIKJMOJI/w2JWBdQkpi46g6D92LOY7oziShhIyj+cIV4K; Expires=Wed, 07 Jan 2026 13:37:08 GMT; Path=/; SameSite=None; Secure\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-amz-request-id,x-amz-id-2,x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date\r\ncontent-encoding: gzip\r\nx-amz-id-2: 7L6IgyWQvyTi65tlEneQN7ry6EW4/IEjZi3dDs4/4mld9qu6wqpTls4wGvsIYy9kWRhjKDvCHZyziDiQ+a3vl8pyCo20e4Fk\r\nx-amzn-requestid: f19e4fc9-6746-c19e-9051-668d8da51eb0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]}],"data":{"size":257,"size_decoded":0,"mime_type":"application/x-amz-json-1.1","magic":"JSON text data","md5":"b4a967b78b3791a109f6b3bd81a49e45","sha1":"045a92be9e346d49c76f24ffad48723626e3e5f7","sha256":"5719dee2d4e44f0b2347c1f1a4b8c1783962bbcf83913c1d52701f8b1a6c8a7e","sha512":"841297fbd768ddc7c69de67cb6edf8b62c5ab73ab2f38acde620829d9e4a8c9c6e2f4616066c2fd5b5f98c680ab6f517ca20bd1d6ab28c641c9c8683b00c37d4","ssdeep":"","tlshash":"3bd02ba92a5c4412bb445cf368a956025a603aea300d8a8594868322f401a87429ca14","first_seen":"2025-12-31T13:37:31.262852Z","last_seen":"2025-12-31T13:37:31.262852Z","times_seen":1,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"afxwd.ddns.net/","fqdn":"afxwd.ddns.net","domain":"afxwd.ddns.net","tld":"ddns.net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-31T13:37:06.208Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: afxwd.ddns.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":393,"timings":{"blocked":393,"dns":0,"connect":197,"send":0,"wait":0,"receive":0,"ssl":198},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-31T13:37:07Z","timestamp":1767188227,"ip_dst":{"addr":"103.8.27.52","port":80,"asn":132241,"as":"SKSA TECHNOLOGY SDN BHD","country":"Malaysia","country_code":"MY"},"ip_src":{"addr":"172.18.0.2","port":41528,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2025-12-31T13:37:07.380413+0000\",\"flow_id\":1514307338838229,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":41528,\"dest_ip\":\"103.8.27.52\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afxwd.ddns.net\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":444},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":635,\"bytes_toclient\":811,\"start\":\"2025-12-31T13:37:07.008405+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"afxwd.ddns.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"afxwd.ddns.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"afxwd.ddns.net/favicon.ico","fqdn":"afxwd.ddns.net","domain":"afxwd.ddns.net","tld":"ddns.net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://afxwd.ddns.net/","date":"2025-12-31T13:37:07.587Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: afxwd.ddns.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afxwd.ddns.net/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-10T16:28:20.024999Z","times_seen":14962098,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-31T13:37:07Z","timestamp":1767188227,"ip_dst":{"addr":"103.8.27.52","port":80,"asn":132241,"as":"SKSA TECHNOLOGY SDN BHD","country":"Malaysia","country_code":"MY"},"ip_src":{"addr":"172.18.0.2","port":41528,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain","source":"{\"timestamp\":\"2025-12-31T13:37:07.773432+0000\",\"flow_id\":1514307338838229,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":41528,\"dest_ip\":\"103.8.27.52\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042806,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.ddns .net Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"afxwd.ddns.net\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://afxwd.ddns.net/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":3,\"bytes_toserver\":1150,\"bytes_toclient\":2271,\"start\":\"2025-12-31T13:37:07.008405+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"afxwd.ddns.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"afxwd.ddns.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"assets.plesk.com/static/default-website-content/public/img/logo-43316b.svg","fqdn":"assets.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://afxwd.ddns.net/","date":"2025-12-31T13:37:07.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1226552209.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 09 Nov 2025 10:38:07 GMT","end":"Sat, 07 Feb 2026 10:38:06 GMT"},"fingerprint":{"sha1":"AB:E3:19:8A:B7:4A:02:D1:0E:4E:74:87:5F:67:ED:F4:71:87:B6:63","sha256":"C4:15:B4:AB:D5:2B:66:94:03:3D:C8:51:61:DC:8F:FF:DA:91:A9:A2:71:F6:EC:65:78:BE:5C:BC:8F:AC:CF:4C"}}},"request":{"raw":"GET /static/default-website-content/public/img/logo-43316b.svg HTTP/1.1\r\nHost: assets.plesk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afxwd.ddns.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 13:37:07 GMT\r\ncontent-type: image/svg+xml\r\nx-amz-id-2: qaIsXdyxt/9o8TNHbkwv1P6r+HCna66ACrkAC6y+R9rlzT0R8KWDlg5jYnLnAk7aW6hy2v1C+ahYQOWN+HnTOD0qjOgw5UEr\r\nx-amz-request-id: 2XM36NMQT1F88RSG\r\nlast-modified: Mon, 01 Dec 2025 09:47:29 GMT\r\nx-amz-version-id: zTi0tD4rGzUh27dzpTmQJyYDlcqyO8XP\r\netag: W/\"50f16a34400340b368e0ac5a991997f4\"\r\nx-77-nzt: EwwBX63NDQHXRgsIAAwBuUwKEwH3GgcAAAwBw7WvBgG3bgAAAA\r\nx-77-nzt-ray: 2a494a151d40c308282755697896cf25\r\nx-77-cache: HIT\r\nx-77-age: 527174\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2099,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"50f16a34400340b368e0ac5a991997f4","sha1":"acba5b50993b1ac89f8ecf9531dd2561fb9d8038","sha256":"a459426d178bf696ac29aed37f5c2e73e24ee716d578678440b6513f54721b7e","sha512":"9bcf4b3b9895cdc5c0b795084f026e6f13996aadb3b00b1873cceb24e690f2143cec74e9dcab993be8f5fde96a98322ff586547e24d165d98a161a859e074cea","ssdeep":"","tlshash":"d741ce728618c5ac96078638ce7580f22b1fa8f73a5a13b8d2ffc77074439c5d252928","first_seen":"2023-05-09T02:17:30Z","last_seen":"2026-05-10T15:13:33.127234Z","times_seen":5162,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.plesk.com/static/default-website-content/public/fonts/inter-v12-latin-regular-be7cb1.woff2","fqdn":"assets.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://afxwd.ddns.net/","date":"2025-12-31T13:37:07.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1226552209.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 09 Nov 2025 10:38:07 GMT","end":"Sat, 07 Feb 2026 10:38:06 GMT"},"fingerprint":{"sha1":"AB:E3:19:8A:B7:4A:02:D1:0E:4E:74:87:5F:67:ED:F4:71:87:B6:63","sha256":"C4:15:B4:AB:D5:2B:66:94:03:3D:C8:51:61:DC:8F:FF:DA:91:A9:A2:71:F6:EC:65:78:BE:5C:BC:8F:AC:CF:4C"}}},"request":{"raw":"GET /static/default-website-content/public/fonts/inter-v12-latin-regular-be7cb1.woff2 HTTP/1.1\r\nHost: assets.plesk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://afxwd.ddns.net/\r\nOrigin: http://afxwd.ddns.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 13:37:07 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 16708\r\nx-amz-id-2: zQMm4Zau5tvywk+e7fwdXEO9N5GLKujvN8PxPUlcDYFVq/7LgeN5BShfugpvB1oQ9foQFovER+qrZyNq6i28q8kEC1x4/X+O\r\nx-amz-request-id: F8NH5PE2RG7594AE\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-max-age: 0\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method\r\nlast-modified: Mon, 01 Dec 2025 09:47:29 GMT\r\nx-amz-version-id: FLXzY1PkhMOuxxNBp3e3tQvF_ndGD7LC\r\netag: \"68c477c4c76baab3a8d1ef6a55aa986f\"\r\nx-77-nzt: EwwBX63NDQHXRgsIAAwBuUwKAQH3NQQAAAwBWd59LgG3bQAAAA\r\nx-77-nzt-ray: 2a494a15e52e430a28275569aca9d126\r\nx-77-cache: HIT\r\nx-77-age: 527174\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":16708,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16708, version 1.0","md5":"68c477c4c76baab3a8d1ef6a55aa986f","sha1":"4af50379e13514558dd53d123db8ea101ec5e24c","sha256":"0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac","sha512":"92b34fe3b7f82f10cf6de8027ac08f4a5b8764fb4e0b31c93da6e3d5bd08e0bc83b79fd70b8207a1066b689583e0b6976fa3c885b0c067ea343e6f2031d55d25","ssdeep":"384:Nd1nZ+hLc8g3/2AY8VL6UBP38Y1dDq6w9ZD:bJZpv3h1Z3x+9ZD","tlshash":"0572d092b7f2d6b84d28bdfe122b04099ca91d8729f113f25942362ba5b1c6484fd071","first_seen":"2023-04-09T06:32:51Z","last_seen":"2026-05-10T15:28:25.557614Z","times_seen":12544,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":11,"dns":1,"connect":1,"send":0,"wait":1,"receive":1,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.plesk.com/static/default-website-content/public/bundle.js","fqdn":"assets.plesk.com","domain":"plesk.com","tld":"com"},"ip":{"addr":"95.173.205.14","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://afxwd.ddns.net/","date":"2025-12-31T13:37:07.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1226552209.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 09 Nov 2025 10:38:07 GMT","end":"Sat, 07 Feb 2026 10:38:06 GMT"},"fingerprint":{"sha1":"AB:E3:19:8A:B7:4A:02:D1:0E:4E:74:87:5F:67:ED:F4:71:87:B6:63","sha256":"C4:15:B4:AB:D5:2B:66:94:03:3D:C8:51:61:DC:8F:FF:DA:91:A9:A2:71:F6:EC:65:78:BE:5C:BC:8F:AC:CF:4C"}}},"request":{"raw":"GET /static/default-website-content/public/bundle.js HTTP/1.1\r\nHost: assets.plesk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://afxwd.ddns.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 13:37:07 GMT\r\ncontent-type: text/javascript\r\nx-amz-id-2: rFE9YBD4cpQJX1yXTz47HFcs+83Cer3Va7IwbDpGk7JtzJ7xWBmZWfFeCC5BgBwApkREdx4MBeo=\r\nx-amz-request-id: 2XMA9ENZ3AR5GNHX\r\nlast-modified: Mon, 01 Dec 2025 09:47:30 GMT\r\nx-amz-version-id: fZRYBfi7ebJPuK6ddag9VAdJqWQTA2Ny\r\netag: W/\"418248ca70e0e378a5289313b78d5967\"\r\nx-77-nzt: EwwBX63NDQHXRgsIAAwBuUwKEwH38QYAAAwBw7WvAgG3bgAAAA\r\nx-77-nzt-ray: 2a494a151d40c308282755694fc60a26\r\nx-77-cache: HIT\r\nx-77-age: 527174\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":132164,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"418248ca70e0e378a5289313b78d5967","sha1":"687e6d4a68ad17620a952e73809958d13c76ddd9","sha256":"b4296480506218fe2a168fe18720dbbf8878ac67261a51eaa9cb1f93376abbcc","sha512":"fe9285161bf044e5a58f6e881d18f2971e51768f6d7f7f25eb7713a5693e712e493b690d0cdda8792b5507bdb5e76aa7336e02d1353c8a80923c6f369a3f3e8b","ssdeep":"3072:NEf7dr5lOVNatBvKbb7it+ZTebx8hAMbGqY1bO90d:u7RzOVL7it+Zibx8hAMbAGy","tlshash":"d3d32a9572d2f06203a715e2a43a2505e2391e18344d9458fbfddc9a7cf648bda33f3a","first_seen":"2025-10-31T14:17:45.058113Z","last_seen":"2026-04-12T10:40:37.383387Z","times_seen":1539,"resource_available":true,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}