{"report_id":"0e238d36-67e2-4333-a250-d611df285261","version":6,"status":"done","tags":[],"date":"2026-03-29T13:29:19Z","url":{"schema":"http","addr":"kdjxcdn1.qingshangame.com/","fqdn":"kdjxcdn1.qingshangame.com","domain":"qingshangame.com","tld":"com"},"ip":{"addr":"61.160.192.99","port":0,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"final":{"url":{"schema":"http","addr":"kdjxcdn1.qingshangame.com/","fqdn":"kdjxcdn1.qingshangame.com","domain":"qingshangame.com","tld":"com"},"title":"403 Forbidden","dom":{"size":160,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"e6ce866ba9a901e02f77901f37d8b35c","sha1":"e6939a0cb797e723abae44e7b64056de5ebb6e59","sha256":"0afca865a39748140efd10412710463cec2e4be971e7b5c5e4bd346265f6de7a","sha512":"3d125b7826faeee79560d2ef8dbf4d34c431f19d62b2c515e88e721bebf66d4d95f59d4b1ea940d335c09e854353cbba9e39faac3bc2a8925d315a06e83ff023","ssdeep":"","tlshash":"83c08c46b86eac4def0323c40b87be80d988c2328cca4e009b82028770c712bc0c23a8","dom_hash":"domhash18da208b3b39949e9ba09528a720f5c0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"kdjxcdn1.qingshangame.com/","fqdn":"kdjxcdn1.qingshangame.com","domain":"qingshangame.com","tld":"com"},"ip":{"addr":"61.160.192.99","port":0,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-03T13:29:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":3,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-29T13:28:58Z","timestamp":1774790938,"ip_dst":{"addr":"Client IP","port":46208,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.99","port":443,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2026-03-29T13:28:58.132656+0000\",\"flow_id\":1135386031658473,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.99\",\"src_port\":443,\"dest_ip\":\"172.18.0.7\",\"dest_port\":46208,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"kdjxcdn1.qingshangame.com\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":837,\"bytes_toclient\":181,\"start\":\"2026-03-29T13:28:57.628201+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-29T13:28:58Z","timestamp":1774790938,"ip_dst":{"addr":"Client IP","port":46212,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.99","port":443,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2026-03-29T13:28:58.691859+0000\",\"flow_id\":612907555096795,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.99\",\"src_port\":443,\"dest_ip\":\"172.18.0.7\",\"dest_port\":46212,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"kdjxcdn1.qingshangame.com\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":753,\"bytes_toclient\":247,\"start\":\"2026-03-29T13:28:58.133339+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-29T13:28:58Z","timestamp":1774790938,"ip_dst":{"addr":"Client IP","port":46224,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"61.160.192.99","port":443,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2026-03-29T13:28:58.911663+0000\",\"flow_id\":266215647533734,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"61.160.192.99\",\"src_port\":443,\"dest_ip\":\"172.18.0.7\",\"dest_port\":46224,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"kdjxcdn1.qingshangame.com\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":753,\"bytes_toclient\":247,\"start\":\"2026-03-29T13:28:58.383654+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"kdjxcdn1.qingshangame.com","ip":{"addr":"61.160.192.99","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":3,"received_data":1367,"sent_data":1279,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"kdjxcdn1.qingshangame.com/","fqdn":"kdjxcdn1.qingshangame.com","domain":"qingshangame.com","tld":"com"},"ip":{"addr":"61.160.192.99","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-29T13:28:58.702Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: kdjxcdn1.qingshangame.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: Tengine\r\nContent-Type: text/html\r\nContent-Length: 168\r\nConnection: keep-alive\r\nDate: Sun, 29 Mar 2026 13:28:59 GMT\r\nVia: cache1.l2cn1816[28,27,403-1280,M], cache6.l2cn1816[29,0], kunlun4.cn6425[31,30,403-1280,M], kunlun5.cn6425[32,0]\r\nAli-Swift-Global-Savetime: 1774790939\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-Error: orig response 4XX error\r\nX-Swift-SaveTime: Sun, 29 Mar 2026 13:28:59 GMT\r\nX-Swift-CacheTime: 0\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00f17747909390452968e\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":168,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"f03f8f408232258992194a42b78a15eb","sha1":"ba58651216da47819e6c6a4d28b12748968b25c0","sha256":"5456f0942c771c6ae61e2765e946be23e11cdac04bcae5bdbb9e4906835c36d6","sha512":"78b34943a6d3aced299bf9ae7385ae85c5f0e2dc367031910585f4507858ecac9ac1977a28b05d06aabe3b25e9996213203db8935e4cad02643f76cf0c606262","ssdeep":"","tlshash":"7ac08c66791e7c4ddb9333b806c3aac0d196c3308eda1e008b80124370c711a8ac339a","first_seen":"2023-05-12T06:48:33Z","last_seen":"2026-03-29T13:29:27.361427Z","times_seen":21,"resource_available":true,"data":null}},"time_used":769,"timings":{"blocked":246,"dns":1,"connect":245,"send":0,"wait":277,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"kdjxcdn1.qingshangame.com/favicon.ico","fqdn":"kdjxcdn1.qingshangame.com","domain":"qingshangame.com","tld":"com"},"ip":{"addr":"61.160.192.99","port":80,"asn":140293,"as":"CHINATELECOM Jiangsu province Changzhou 5G network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://kdjxcdn1.qingshangame.com/","date":"2026-03-29T13:28:59.293Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: kdjxcdn1.qingshangame.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://kdjxcdn1.qingshangame.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: Tengine\r\nContent-Type: text/html\r\nContent-Length: 168\r\nConnection: keep-alive\r\nDate: Sun, 29 Mar 2026 13:28:59 GMT\r\nVia: cache8.l2cn1816[23,22,404-1280,M], cache31.l2cn1816[24,0], kunlun1.cn6425[25,25,404-1280,M], kunlun5.cn6425[26,0]\r\nAli-Swift-Global-Savetime: 1774790939\r\nX-Cache: MISS TCP_MISS dirn:-2:-2\r\nX-Swift-Error: orig response 4XX error\r\nX-Swift-SaveTime: Sun, 29 Mar 2026 13:28:59 GMT\r\nX-Swift-CacheTime: 1\r\nTiming-Allow-Origin: *\r\nEagleId: 3da0c00f17747909393883519e\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":168,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"1197f290bae092c70a6cf07a223ed8bc","sha1":"5e9a3cc80ea4d2b0b31d2a7e8750cd5f1ce16dc7","sha256":"4adb44b3cd6fe503d218067307302628c3a0a895acfe03998c24c8f3d561dd15","sha512":"7a7eb97dcec8fe01e4c24ce8be5e9a5509aea546e20130832bd943914e05b82a1bc02184b764bc60124e02240d780224fa0cddcef75440e53952071f60fca4b4","ssdeep":"","tlshash":"80c08c6d6913bd8dca53327826c3a4c0c19a832baaea4a110980914370cf2998ac23db","first_seen":"2023-04-15T00:29:43Z","last_seen":"2026-03-29T13:29:27.362858Z","times_seen":164,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kdjxcdn1.qingshangame.com/","fqdn":"kdjxcdn1.qingshangame.com","domain":"qingshangame.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-29T13:28:57.164Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: kdjxcdn1.qingshangame.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":969,"timings":{"blocked":969,"dns":0,"connect":277,"send":0,"wait":0,"receive":0,"ssl":282},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}