{"report_id":"fb91f7ae-e180-407a-a207-7d58642ce8f5","version":6,"status":"done","tags":["dyndns"],"date":"2026-03-22T04:52:11Z","url":{"schema":"http","addr":"rx5o1.v6.navy/","fqdn":"rx5o1.v6.navy","domain":"v6.navy","tld":"navy"},"ip":{"addr":"118.194.249.109","port":0,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"final":{"url":{"schema":"http","addr":"rx5o1.v6.navy/","fqdn":"rx5o1.v6.navy","domain":"v6.navy","tld":"navy"},"title":"rx5o1.v6.navy/","dom":{"size":54,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"c04e3c09e3175a6dd231aa178d5ef509","sha1":"905b4a5f1f8a68eae75224396f076b4d7e8848d6","sha256":"a926d991aeff40ede9a0c08311cbd873a8c3eea73799a0f1d113d6275e18ac8a","sha512":"1a8a32a07d58157e015a29cda131bd27b645f7cb390f61e198b90fbd4774178273c25b3d63ae2bf85569750a954b6775900e5e68b756db84b6c708fa57d7e403","ssdeep":"","tlshash":"a99002f990d100455c203d8d1dc116455c286295200549042581b4fcc4086598a521c4","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"rx5o1.v6.navy/","fqdn":"rx5o1.v6.navy","domain":"v6.navy","tld":"navy"},"ip":{"addr":"118.194.249.109","port":0,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-26T04:52:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":2,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T04:51:50Z","timestamp":1774155110,"ip_dst":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":34434,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .navy Domain","source":"{\"timestamp\":\"2026-03-22T04:51:50.578670+0000\",\"flow_id\":1151407539764487,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":34434,\"dest_ip\":\"118.194.249.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042836,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .navy Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"rx5o1.v6.navy\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":670,\"bytes_toclient\":409,\"start\":\"2026-03-22T04:51:50.081159+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T04:51:50Z","timestamp":1774155110,"ip_dst":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"Client IP","port":34434,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .navy Domain","source":"{\"timestamp\":\"2026-03-22T04:51:50.966583+0000\",\"flow_id\":1151407539764487,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":34434,\"dest_ip\":\"118.194.249.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042836,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .navy Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"rx5o1.v6.navy\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://rx5o1.v6.navy/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":299},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":1153,\"bytes_toclient\":1080,\"start\":\"2026-03-22T04:51:50.081159+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"rx5o1.v6.navy","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"rx5o1.v6.navy","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"rx5o1.v6.navy","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"summary":[{"fqdn":"rx5o1.v6.navy","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2020-08-27","domain_rank":0,"first_seen":"2026-03-22T04:52:11.809723Z","last_seen":"2026-03-22T04:52:11.809723Z","alert_count":15,"request_count":3,"received_data":808,"sent_data":1231,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server:2.4.58","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"OpenSSL:3.1.3","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"rx5o1.v6.navy/","fqdn":"rx5o1.v6.navy","domain":"v6.navy","tld":"navy"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-22T04:51:49.487Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: rx5o1.v6.navy\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-28T00:37:42.509893Z","times_seen":15799495,"resource_available":true,"data":null}},"time_used":308,"timings":{"blocked":308,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T04:51:50Z","timestamp":1774155110,"ip_dst":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.2","port":34434,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .navy Domain","source":"{\"timestamp\":\"2026-03-22T04:51:50.578670+0000\",\"flow_id\":1151407539764487,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":34434,\"dest_ip\":\"118.194.249.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042836,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .navy Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"rx5o1.v6.navy\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":670,\"bytes_toclient\":409,\"start\":\"2026-03-22T04:51:50.081159+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"rx5o1.v6.navy","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"rx5o1.v6.navy","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"rx5o1.v6.navy","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"rx5o1.v6.navy/","fqdn":"rx5o1.v6.navy","domain":"v6.navy","tld":"navy"},"ip":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-22T04:51:50.085Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: rx5o1.v6.navy\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 22 Mar 2026 04:51:50 GMT\r\nServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12\r\nX-Powered-By: PHP/8.2.12\r\nContent-Length: 15\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2.4.58","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"OpenSSL:3.1.3","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":15,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"55bb6a6ce01aba5e2540c67d766fb8f8","sha1":"32a4fd9837338a46a5cdc1bfe3149fbec30fed69","sha256":"e5bd74ceee37fce5805dfdd7dd38df39411f4997fdcc7ab223b0589840111669","sha512":"a26fde7c9d73ebc8a408b125aed494a37bacf630f60168375beeff2b11431441dd388de2b10b6679053721ec2417556c4857b0d45de0df38dd23ad7b56e49873","ssdeep":"","tlshash":"1360000000c000c00c000c0f03000c00fc3c30c3000c00003000c0fcc00cfc003300c0","first_seen":"2024-08-19T20:32:23.828023Z","last_seen":"2026-04-23T13:13:10.145379Z","times_seen":89,"resource_available":true,"data":null}},"time_used":741,"timings":{"blocked":243,"dns":0,"connect":246,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T04:51:50Z","timestamp":1774155110,"ip_dst":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.2","port":34434,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .navy Domain","source":"{\"timestamp\":\"2026-03-22T04:51:50.578670+0000\",\"flow_id\":1151407539764487,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":34434,\"dest_ip\":\"118.194.249.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042836,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .navy Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"rx5o1.v6.navy\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":15},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":2,\"bytes_toserver\":670,\"bytes_toclient\":409,\"start\":\"2026-03-22T04:51:50.081159+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"rx5o1.v6.navy","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"rx5o1.v6.navy","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"rx5o1.v6.navy","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"http","addr":"rx5o1.v6.navy/favicon.ico","fqdn":"rx5o1.v6.navy","domain":"v6.navy","tld":"navy"},"ip":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://rx5o1.v6.navy/","date":"2026-03-22T04:51:50.671Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rx5o1.v6.navy\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://rx5o1.v6.navy/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sun, 22 Mar 2026 04:51:50 GMT\r\nServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12\r\nContent-Length: 299\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server:2.4.58","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"OpenSSL:3.1.3","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":299,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"6a3c2a766e6b4bc06aa223a05bce2e52","sha1":"51f6f37ec3549511b224fba4f8aa1c439c6ff68e","sha256":"bea6e4a2b7579e8229dba6922ae99f93bbbf002a3a534c5a0c6bbdcf30a6258f","sha512":"a623b29acd5ca46de7ca6c51768c4a267d886eedbda385ba657a9f619790b076cc2ced93890340bd828544536892053de2f1ebb48e8e7b9b60d0267f9da571ed","ssdeep":"","tlshash":"dfe0e75d404333c7080201d075c511d1134813f5b07953ec6d82d087575443ddd871c8","first_seen":"2026-03-22T04:52:12.85174Z","last_seen":"2026-03-22T04:52:12.85174Z","times_seen":1,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-22T04:51:50Z","timestamp":1774155110,"ip_dst":{"addr":"118.194.249.109","port":80,"asn":135377,"as":"UCLOUD INFORMATION TECHNOLOGY HK LIMITED","country":"South Korea","country_code":"KR"},"ip_src":{"addr":"172.18.0.2","port":34434,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .navy Domain","source":"{\"timestamp\":\"2026-03-22T04:51:50.966583+0000\",\"flow_id\":1151407539764487,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.2\",\"src_port\":34434,\"dest_ip\":\"118.194.249.109\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042836,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.v6 .navy Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_14\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"rx5o1.v6.navy\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://rx5o1.v6.navy/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":299},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":4,\"bytes_toserver\":1153,\"bytes_toclient\":1080,\"start\":\"2026-03-22T04:51:50.081159+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-22","alert":"Phishing Block","trigger":"rx5o1.v6.navy","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"rx5o1.v6.navy","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"rx5o1.v6.navy","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}