{"report_id":"3239bb6f-7a7e-4a64-907d-ee3f77550ed2","version":6,"status":"done","tags":[],"date":"2023-08-30T11:07:39Z","url":{"schema":"http","addr":"s1.de54light.cf/stream/9b878b1af34d0d277b7c1ed0b25b94b5/video.m3u8?token=fe54c19ca96fd583d9f8f21281d6c7fb9747079a289d73ef085e014c709a833bd360593053d3d6f4b46029fc9c5ca7b99a550a7e2c26b54bd28afbe7885d16a95cd44e4fb1ddfa16c5a750d251ccc24220947bcd","fqdn":"s1.de54light.cf","domain":"de54light.cf","tld":"cf"},"ip":{"addr":"104.21.233.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"s1.de54light.cf/stream/9b878b1af34d0d277b7c1ed0b25b94b5/video.m3u8?token=fe54c19ca96fd583d9f8f21281d6c7fb9747079a289d73ef085e014c709a833bd360593053d3d6f4b46029fc9c5ca7b99a550a7e2c26b54bd28afbe7885d16a95cd44e4fb1ddfa16c5a750d251ccc24220947bcd","fqdn":"s1.de54light.cf","domain":"de54light.cf","tld":"cf"},"title":"Streaming server"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-28T08:11:13Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"s1.de54light.cf","ip":{"addr":"104.21.233.196","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2023-08-30 13:02:47","last_seen":"2023-08-30 13:02:47","alert_count":0,"request_count":3,"received_data":9813,"sent_data":1878,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-08-30T11:07:11Z","timestamp":1693393631,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59085,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DNS Query for Suspicious .cf Domain","source":"{\"timestamp\":\"2023-08-30T11:07:11.621482+0000\",\"flow_id\":1311984244980650,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.157\",\"src_port\":59085,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025107,\"rev\":6,\"signature\":\"ET INFO DNS Query for Suspicious .cf Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"created_at\":[\"2017_12_03\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":30043,\"rrname\":\"s1.de54light.cf\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":86,\"bytes_toclient\":0,\"start\":\"2023-08-30T11:07:11.621482+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-08-30T11:07:11Z","timestamp":1693393631,"ip_dst":{"addr":"104.21.233.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44434,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Suspicious Domain (*.cf) in TLS SNI","source":"{\"timestamp\":\"2023-08-30T11:07:11.815330+0000\",\"flow_id\":1442087394343165,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.157\",\"src_port\":44434,\"dest_ip\":\"104.21.233.196\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025111,\"rev\":6,\"signature\":\"ET INFO Suspicious Domain (*.cf) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"created_at\":[\"2017_12_03\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"sni\":\"s1.de54light.cf\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":917,\"bytes_toclient\":5653,\"start\":\"2023-08-30T11:07:11.719101+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"s1.de54light.cf/stream/9b878b1af34d0d277b7c1ed0b25b94b5/video.m3u8?token=fe54c19ca96fd583d9f8f21281d6c7fb9747079a289d73ef085e014c709a833bd360593053d3d6f4b46029fc9c5ca7b99a550a7e2c26b54bd28afbe7885d16a95cd44e4fb1ddfa16c5a750d251ccc24220947bcd","fqdn":"s1.de54light.cf","domain":"de54light.cf","tld":"cf"},"ip":{"addr":"104.21.233.196","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-08-30T11:07:13.427Z","timestamp":1693393633427,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /stream/9b878b1af34d0d277b7c1ed0b25b94b5/video.m3u8?token=fe54c19ca96fd583d9f8f21281d6c7fb9747079a289d73ef085e014c709a833bd360593053d3d6f4b46029fc9c5ca7b99a550a7e2c26b54bd28afbe7885d16a95cd44e4fb1ddfa16c5a750d251ccc24220947bcd HTTP/1.1\r\nHost: s1.de54light.cf\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Wed, 30 Aug 2023 11:07:23 GMT\r\ncontent-length: 1147\r\nx-route-time: 15415\r\nx-run-time: 299\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, PUT, DELETE, OPTIONS\r\naccess-control-expose-headers: Server, range, X-Run-Time, X-Sid, Content-Length, Location\r\naccess-control-allow-headers: x-vsaas-session, x-no-redirect, origin, authorization, accept, range, content-type, x-add-effective, session, x-originator, x-sid\r\nx-deny-reason: deny_backend\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZX4lvsAHdQ3nBOdGwkkRT18oYbiWlRe7MJ3TB%2B0U40I1uv1UzUYRcefmkzQ%2BAl4QH60ohbY4GdfOuDeNDfQXw6%2BUqsBy9m3uSkQ470a%2F%2FDinCIEyjNxrlGKW5IorljqL5cY%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 7fec91d82dc17701-LHR\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":1147,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"6d3c09bd749f73a470e74e55cf8506eb","sha1":"ff434da9a713e4cc7f58a2901d080468324e066d","sha256":"3a57e25822748ef4b215231d4d371c154dc77ca28cb86f5dfc1b6cf37dcd8537","sha512":"bfee7eae0522fe754e9e29e5c4554f7debd5ca630bce0ea0906ee04b76e50d29b2b9a356d372b985afec9b4e90ab511eb358f483237a241a12c6d90edd34d0be","ssdeep":"","tlshash":"ae21f35b8f00551da05214ac7992be653b89c627934ecee02ac0f4aefedc3e0885378c","first_seen":"2023-04-15T17:53:38Z","last_seen":"2026-04-19T12:59:12.685665Z","times_seen":275,"resource_available":true,"data":null}},"time_used":2141,"timings":{"blocked":25,"dns":0,"connect":30,"send":0,"wait":2086,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"s1.de54light.cf/stream/9b878b1af34d0d277b7c1ed0b25b94b5/video.m3u8?token=fe54c19ca96fd583d9f8f21281d6c7fb9747079a289d73ef085e014c709a833bd360593053d3d6f4b46029fc9c5ca7b99a550a7e2c26b54bd28afbe7885d16a95cd44e4fb1ddfa16c5a750d251ccc24220947bcd","fqdn":"s1.de54light.cf","domain":"de54light.cf","tld":"cf"},"ip":{"addr":"104.21.233.196","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-08-30T11:07:13.427Z","timestamp":1693393633427,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /stream/9b878b1af34d0d277b7c1ed0b25b94b5/video.m3u8?token=fe54c19ca96fd583d9f8f21281d6c7fb9747079a289d73ef085e014c709a833bd360593053d3d6f4b46029fc9c5ca7b99a550a7e2c26b54bd28afbe7885d16a95cd44e4fb1ddfa16c5a750d251ccc24220947bcd HTTP/1.1\r\nHost: s1.de54light.cf\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Wed, 30 Aug 2023 11:07:25 GMT\r\nContent-Length: 1147\r\nConnection: keep-alive\r\nX-Route-Time: 401\r\nX-Run-Time: 430\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, PUT, DELETE, OPTIONS\r\nAccess-Control-Expose-Headers: Server, range, X-Run-Time, X-Sid, Content-Length, Location\r\nAccess-Control-Allow-Headers: x-vsaas-session, x-no-redirect, origin, authorization, accept, range, content-type, x-add-effective, session, x-originator, x-sid\r\nX-Deny-Reason: deny_backend\r\nCF-Cache-Status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lTwBfhpaFFlIOSbq0%2BxlILKb%2BBLXGrC%2B21HCmflpSeXTEU60NoM4U4gf7uaWdQdKpz5sFFznXV2%2BbKeirbaBj5tRaY1DJFObgQ3xMCAd8z0gSSowRC%2FPi9wkULzH1PDsdmo%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 7fec91e25b707725-LHR\r\nalt-svc: h2=\":443\"; ma=60\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":1147,"size_decoded":0,"mime_type":"text/html","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"6d3c09bd749f73a470e74e55cf8506eb","sha1":"ff434da9a713e4cc7f58a2901d080468324e066d","sha256":"3a57e25822748ef4b215231d4d371c154dc77ca28cb86f5dfc1b6cf37dcd8537","sha512":"bfee7eae0522fe754e9e29e5c4554f7debd5ca630bce0ea0906ee04b76e50d29b2b9a356d372b985afec9b4e90ab511eb358f483237a241a12c6d90edd34d0be","ssdeep":"","tlshash":"ae21f35b8f00551da05214ac7992be653b89c627934ecee02ac0f4aefedc3e0885378c","first_seen":"2023-04-15T17:53:38Z","last_seen":"2026-04-19T12:59:12.685665Z","times_seen":275,"resource_available":true,"data":null}},"time_used":2141,"timings":{"blocked":25,"dns":0,"connect":30,"send":0,"wait":2086,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"s1.de54light.cf/favicon.ico","fqdn":"s1.de54light.cf","domain":"de54light.cf","tld":"cf"},"ip":{"addr":"104.21.233.196","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://s1.de54light.cf/stream/9b878b1af34d0d277b7c1ed0b25b94b5/video.m3u8?token=fe54c19ca96fd583d9f8f21281d6c7fb9747079a289d73ef085e014c709a833bd360593053d3d6f4b46029fc9c5ca7b99a550a7e2c26b54bd28afbe7885d16a95cd44e4fb1ddfa16c5a750d251ccc24220947bcd","date":"2023-08-30T11:07:15.641Z","timestamp":1693393635641,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: s1.de54light.cf\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://s1.de54light.cf/stream/9b878b1af34d0d277b7c1ed0b25b94b5/video.m3u8?token=fe54c19ca96fd583d9f8f21281d6c7fb9747079a289d73ef085e014c709a833bd360593053d3d6f4b46029fc9c5ca7b99a550a7e2c26b54bd28afbe7885d16a95cd44e4fb1ddfa16c5a750d251ccc24220947bcd\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 30 Aug 2023 11:07:27 GMT\r\nContent-Type: image/x-icon\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 15 Dec 2022 18:48:13 GMT\r\nETag: W/\"639b6bed-423e\"\r\nCache-Control: max-age=14400\r\nCF-Cache-Status: MISS\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=XlrIP4DvLj5Tzbl6rvPHEVhyMCWgf3tJMSmshVtDwH3wbdWiW4TtaruBxNX2ZySK9J6pQB4W8AUS3Jp6RAIrPclZG1JZORP9Zen8k1Sojw6630SVBiJ4LyMcFQczSN7pTBo%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 7fec91efeace7725-LHR\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4929,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel\\012- data","md5":"62d5a42896b63c4fefad76841e94a1ed","sha1":"a3a45fc4960807a6553d6d1ca1b9af396c4b033e","sha256":"4a0d7a5a4aa43eeb967dff70c899de820cb725c74841a5b5eea37cea78ca1d42","sha512":"dfca1eb13dea1ba0769dd323176e966b3bccdbfafe2adc85404cd3c12b96f8f79c7200a14711806a31835255d09400a678f10637a70e9f72aba63de6d823d1ce","ssdeep":"192:hZ9sgF6EfDG0aAI2c2n0xVYk+pj4+3qsjeBzqQ8QMZn+uGL4SF:hczLA7gmqxqIK+uo","tlshash":"48728e298972c5a9ef3894f1a03f06f42e985680417a6df74f8f7cead97b018718d439","first_seen":"2023-05-01T15:10:53Z","last_seen":"2026-01-25T12:16:51.274593Z","times_seen":150,"resource_available":false,"data":null}},"time_used":1366,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1365,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}