{"report_id":"e38d0261-95a3-4fbd-9c44-aafc106e41bd","version":6,"status":"done","tags":["dyndns"],"date":"2025-07-19T04:44:27Z","url":{"schema":"http","addr":"vn.zcr25.dedyn.io/dcabc1ad-9713-4c32-9559-597308a8f635?sub\u0026IP_URL=https://raw.githubusercontent.com/kevzcr/am-cf-tunnel/main/ipUrl.txt","fqdn":"vn.zcr25.dedyn.io","domain":"zcr25.dedyn.io","tld":"dedyn.io"},"ip":{"addr":"172.66.47.147","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"vn.zcr25.dedyn.io/dcabc1ad-9713-4c32-9559-597308a8f635?sub\u0026IP_URL=https://raw.githubusercontent.com/kevzcr/am-cf-tunnel/main/ipUrl.txt","fqdn":"vn.zcr25.dedyn.io","domain":"zcr25.dedyn.io","tld":"dedyn.io"},"title":"vn.zcr25.dedyn.io/dcabc1ad-9713-4c32-9559-597308a8f635?sub\u0026IP_URL=https://raw.githubusercontent.com/kevzcr/am-cf-tunnel/main/ipUrl.txt"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-08-23T04:44:27Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"vn.zcr25.dedyn.io","ip":{"addr":"172.66.44.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-06-05","domain_rank":0,"first_seen":"2025-05-28T09:41:45.779873Z","last_seen":"2025-07-13T15:23:13.163231Z","alert_count":2,"request_count":2,"received_data":477282,"sent_data":1177,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"vn.zcr25.dedyn.io/favicon.ico","fqdn":"vn.zcr25.dedyn.io","domain":"zcr25.dedyn.io","tld":"dedyn.io"},"ip":{"addr":"172.66.44.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://vn.zcr25.dedyn.io/dcabc1ad-9713-4c32-9559-597308a8f635?sub\u0026IP_URL=https://raw.githubusercontent.com/kevzcr/am-cf-tunnel/main/ipUrl.txt","date":"2025-07-19T04:43:52.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vn.zcr25.dedyn.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Jun 2025 10:42:49 GMT","end":"Mon, 08 Sep 2025 11:42:37 GMT"},"fingerprint":{"sha1":"8C:47:AC:90:C9:AB:AF:89:51:5E:7C:BA:32:B3:D2:14:C0:77:B2:67","sha256":"3D:C4:7C:53:28:3E:E6:D3:2B:79:9A:0C:CC:76:9C:84:71:D1:7D:CF:45:AF:D0:1E:10:38:BF:85:50:F3:AE:B6"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: vn.zcr25.dedyn.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://vn.zcr25.dedyn.io/dcabc1ad-9713-4c32-9559-597308a8f635?sub\u0026IP_URL=https://raw.githubusercontent.com/kevzcr/am-cf-tunnel/main/ipUrl.txt\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 19 Jul 2025 04:43:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: br\r\nreferer: https://www.google.com/search?q=AM%E7%A7%91%E6%8A%80\r\npriority: u=6,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=tQ5JME0dhB1B6AdgQSLrrFDCS0tIYbNtgw5hvuYDgJ9gnIfCRgHeCB3vRYJHRL2Uk9g6NH3TZAQTgKPEOi48tRKZ4pfGeT21il0g3mzYAkv6xwYNqJtA1PyUvT%2F%2BePTfrnH2rw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 96178f734c8c56bd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=7042\u0026min_rtt=5076\u0026rtt_var=3308\u0026sent=12\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=4087\u0026recv_bytes=1299\u0026delivery_rate=423543\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=4ca531b6fd99a1ca\u0026ts=293\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":637,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"3565d4fa312c227cc669f86887a21c3b","sha1":"e51cf53ac9baa10e07eb6b29745cdac14a5e1e14","sha256":"97949ec09d6af012717b2be77e504911f35b15f3677bfef9ca2643721008fe4d","sha512":"0d569fb6b9e3a1135f547b52fdb2ff0340f05d53ec5f499c7b3e8c587d85b0852317be3fbbff7579e32ee4bc5ceae911f31d8f90c2a538e1b3b86357ac1c7a33","ssdeep":"","tlshash":"67f02d5fa3052613b5c2430128baa6683aa403e90388db2164871dc6fe22105e1136f8","first_seen":"2025-05-28T09:38:25.16557Z","last_seen":"2025-12-10T10:09:58.844105Z","times_seen":35,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"vn.zcr25.dedyn.io/dcabc1ad-9713-4c32-9559-597308a8f635?sub\u0026IP_URL=https://raw.githubusercontent.com/kevzcr/am-cf-tunnel/main/ipUrl.txt","fqdn":"vn.zcr25.dedyn.io","domain":"zcr25.dedyn.io","tld":"dedyn.io"},"ip":{"addr":"172.66.44.109","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-19T04:43:50.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vn.zcr25.dedyn.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Jun 2025 10:42:49 GMT","end":"Mon, 08 Sep 2025 11:42:37 GMT"},"fingerprint":{"sha1":"8C:47:AC:90:C9:AB:AF:89:51:5E:7C:BA:32:B3:D2:14:C0:77:B2:67","sha256":"3D:C4:7C:53:28:3E:E6:D3:2B:79:9A:0C:CC:76:9C:84:71:D1:7D:CF:45:AF:D0:1E:10:38:BF:85:50:F3:AE:B6"}}},"request":{"raw":"GET /dcabc1ad-9713-4c32-9559-597308a8f635?sub\u0026IP_URL=https://raw.githubusercontent.com/kevzcr/am-cf-tunnel/main/ipUrl.txt HTTP/1.1\r\nHost: vn.zcr25.dedyn.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 19 Jul 2025 04:43:51 GMT\r\ncontent-type: text/html;charset=utf-8\r\ncontent-encoding: br\r\nprofile-update-interval: 6\r\nsubscription-userinfo: upload=239185341148; download=239185341148; total=111464090777419780; expire=4102329600\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=qyJlPhsHg11938mWaqZp7HTr41XMOzYt97YLzeZ6jkHKNTCMnPBzJnc1%2BqlJBDXsT%2FdRraeEaESI9gL%2Bh4ACfRuKWYHD%2FJi7BQ4GSDMfjW%2FaX%2FYKT9u78p9imlkN2yhBx2VL9Q%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 96178f6b4a0156c1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=6322\u0026min_rtt=498\u0026rtt_var=11664\u0026sent=7\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3192\u0026recv_bytes=1219\u0026delivery_rate=7133004\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=6bbe6a3b84b888bc\u0026ts=1044\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":474836,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"b9b015f2e95e342799d49d472651a2d4","sha1":"6845739494ed2992df189b986676f179439ff4d9","sha256":"0c5c72839b65be59430922994a68a2c87aac4c024b5824c3770d46f97b5ebd77","sha512":"31b6e37a03291dcf1dae3605bb990a8a0867158ed57d73fe3abc7e3cf275d1f08b30d1b649c30838637ab07852bbc360d676d30ed46f687eea6ec2158f6c394e","ssdeep":"6144:qLHxPKCAzHy+11ZK25qWiyUzaR1ICuyt/XPyWEVwtEAKCvaoqtv6GOe6wzkgQBHv:rVD1","tlshash":"a2a484e326e11f46fc0015eabce60d680691864c7bd1f3b169d5b46abfcd2d609f920e","first_seen":"2025-05-28T09:41:46.360528Z","last_seen":"2025-11-22T18:28:17.664778Z","times_seen":7,"resource_available":false,"data":null}},"time_used":1135,"timings":{"blocked":56,"dns":29,"connect":1,"send":0,"wait":1021,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}