{"report_id":"3de9e410-faf4-40d7-9975-5ad4d4a7f3ac","version":6,"status":"done","tags":[],"date":"2025-05-17T09:42:05Z","url":{"schema":"http","addr":"zfeed-video-mcloud-mpl-s12.social-dl-z.com/","fqdn":"zfeed-video-mcloud-mpl-s12.social-dl-z.com","domain":"social-dl-z.com","tld":"com"},"ip":{"addr":"49.213.103.20","port":0,"asn":38244,"as":"VNG Corporation","country":"Vietnam","country_code":"VN"},"final":{"url":{"schema":"http","addr":"mcloud-mpl-12-zfeed-video-aka.zdn.vn/","fqdn":"mcloud-mpl-12-zfeed-video-aka.zdn.vn","domain":"zdn.vn","tld":"vn"},"title":"Error"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-26T09:42:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"zfeed-video-mcloud-mpl-s12.social-dl-z.com","ip":{"addr":"49.213.103.20","port":443,"asn":38244,"as":"VNG Corporation","country":"Vietnam","country_code":"VN"},"domain_registered":"2025-04-22","domain_rank":0,"first_seen":"2025-05-17T09:42:05.996344Z","last_seen":"2025-05-17T09:42:05.996344Z","alert_count":0,"request_count":1,"received_data":493,"sent_data":511,"comment":"","tags":null,"fingerprints":null},{"fqdn":"mcloud-mpl-12-zfeed-video-aka.zdn.vn","ip":{"addr":"23.36.76.200","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-05-17T09:42:05.997654Z","last_seen":"2025-05-17T09:42:05.997654Z","alert_count":0,"request_count":3,"received_data":1640,"sent_data":1323,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-05-17T09:41:44Z","timestamp":1747474904,"ip_dst":{"addr":"172.18.0.13","port":56294,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"49.213.103.20","port":443,"asn":38244,"as":"VNG Corporation","country":"Vietnam","country_code":"VN"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2025-05-17T09:41:44.880008+0000\",\"flow_id\":727571114783401,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"49.213.103.20\",\"src_port\":443,\"dest_ip\":\"172.18.0.13\",\"dest_port\":56294,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=*.social-dl-z.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL RSA Domain Secure Site CA\",\"serial\":\"1A:8B:94:56:06:BC:2A:D2:D1:11:B1:AE:C3:09:E2:A3\",\"fingerprint\":\"70:89:ce:33:4b:57:e8:4f:a6:d3:b1:6d:63:58:a6:77:aa:34:72:b5\",\"sni\":\"zfeed-video-mcloud-mpl-s12.social-dl-z.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2025-04-22T00:00:00\",\"notafter\":\"2026-04-22T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"263c859c5391203d774bc0599793d915\",\"string\":\"771,49200,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1080,\"bytes_toclient\":4442,\"start\":\"2025-05-17T09:41:44.160425+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"zfeed-video-mcloud-mpl-s12.social-dl-z.com/","fqdn":"zfeed-video-mcloud-mpl-s12.social-dl-z.com","domain":"social-dl-z.com","tld":"com"},"ip":{"addr":"49.213.103.20","port":443,"asn":38244,"as":"VNG Corporation","country":"Vietnam","country_code":"VN"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-17T09:41:43.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.social-dl-z.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 22 Apr 2025 00:00:00 GMT","end":"Wed, 22 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"70:89:CE:33:4B:57:E8:4F:A6:D3:B1:6D:63:58:A6:77:AA:34:72:B5","sha256":"C2:13:18:66:61:27:8F:A1:DF:86:99:8A:82:F2:62:CE:AC:7E:0A:B0:CE:9B:69:FC:A6:16:B5:37:0D:50:95:17"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: zfeed-video-mcloud-mpl-s12.social-dl-z.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Sat, 17 May 2025 09:41:44 GMT\r\nlocation: https://mcloud-mpl-12-zfeed-video-aka.zdn.vn/\r\naccess-control-allow-origin: *\r\nx-server: ZDN-redirect_6.112\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":282,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T02:31:02.170255Z","times_seen":13313751,"resource_available":true,"data":null}},"time_used":2350,"timings":{"blocked":1054,"dns":334,"connect":237,"send":0,"wait":242,"receive":0,"ssl":480},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mcloud-mpl-12-zfeed-video-aka.zdn.vn/","fqdn":"mcloud-mpl-12-zfeed-video-aka.zdn.vn","domain":"zdn.vn","tld":"vn"},"ip":{"addr":"23.36.76.200","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-17T09:41:45.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zdn.vn","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Mar 2025 07:51:17 GMT","end":"Thu, 05 Jun 2025 07:51:16 GMT"},"fingerprint":{"sha1":"54:72:B4:23:2D:0D:17:0C:25:B7:BE:5F:62:B5:46:A5:CC:B7:28:80","sha256":"45:D0:5A:94:46:7E:7D:DF:96:A9:4D:71:15:08:FF:5F:2A:20:41:F5:2C:08:2F:2B:BE:6E:97:88:E4:58:F8:69"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mcloud-mpl-12-zfeed-video-aka.zdn.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: AkamaiGHost\r\nMime-Version: 1.0\r\nContent-Type: text/html\r\nContent-Length: 282\r\nExpires: Sat, 17 May 2025 09:41:45 GMT\r\nDate: Sat, 17 May 2025 09:41:45 GMT\r\nConnection: keep-alive\r\nCache-Control: max-age=7776000,no-transform\r\nX-N: S\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":282,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"0bb362581a301ebd0a8710c9108468cb","sha1":"93a07b0a8dde76589717b5d1b1a5434a1447ebf4","sha256":"3e417aca654bdb7cd80b97e0384d52d0e6f37d4dc81ec993db78e8dc54d79d64","sha512":"6da21918799add4f25451e5f03fb5a3c98284b2a4db9b8c17244e3aba0e9ca8c15fa93fb3c3b19b726a2be9741ffb7eed32137ef2c3102bacc25c85f1693115e","ssdeep":"","tlshash":"e9d02bb788372167cb4827785a169b3d2b8362d141ae73b14c69a31624c38610742493","first_seen":"2025-05-17T09:42:13.441608Z","last_seen":"2025-05-17T09:42:13.441608Z","times_seen":1,"resource_available":false,"data":null}},"time_used":817,"timings":{"blocked":407,"dns":388,"connect":1,"send":0,"wait":2,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mcloud-mpl-12-zfeed-video-aka.zdn.vn/","fqdn":"mcloud-mpl-12-zfeed-video-aka.zdn.vn","domain":"zdn.vn","tld":"vn"},"ip":{"addr":"23.36.76.194","port":80,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-17T09:41:45.830Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: mcloud-mpl-12-zfeed-video-aka.zdn.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: AkamaiGHost\r\nMime-Version: 1.0\r\nContent-Type: text/html\r\nContent-Length: 280\r\nExpires: Sat, 17 May 2025 09:41:45 GMT\r\nDate: Sat, 17 May 2025 09:41:45 GMT\r\nConnection: keep-alive\r\nCache-Control: max-age=7776000,no-transform\r\nX-N: S\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":280,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"c1fb1066a4c44c8ce79ce51d2644d38a","sha1":"db839ff75c1c3d62eb2739fe8b384eab0b72b9f4","sha256":"a65c48e05c87286acafd249caa7c03f361428ebbaf8aa25f96d7748298f84877","sha512":"8a1701fa968ac97c75fe31c475312f65a7c4be3e0f9c5e521fe566006bacfbe224c90ba60536283a0ed2b78937da5a693921187a0e4d1bec4ffd37a8ed892f4c","ssdeep":"","tlshash":"65d02beb94362177c74c337859254f3f274341d142aa73604d63e79a68c34694b86493","first_seen":"2025-05-17T09:42:13.443165Z","last_seen":"2025-05-17T09:42:13.443165Z","times_seen":1,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"mcloud-mpl-12-zfeed-video-aka.zdn.vn/favicon.ico","fqdn":"mcloud-mpl-12-zfeed-video-aka.zdn.vn","domain":"zdn.vn","tld":"vn"},"ip":{"addr":"23.36.76.194","port":80,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"http://mcloud-mpl-12-zfeed-video-aka.zdn.vn/","date":"2025-05-17T09:41:45.929Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mcloud-mpl-12-zfeed-video-aka.zdn.vn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://mcloud-mpl-12-zfeed-video-aka.zdn.vn/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: AkamaiGHost\r\nMime-Version: 1.0\r\nContent-Type: text/html\r\nContent-Length: 280\r\nExpires: Sat, 17 May 2025 09:41:45 GMT\r\nDate: Sat, 17 May 2025 09:41:45 GMT\r\nConnection: keep-alive\r\nCache-Control: max-age=7776000,no-transform\r\nX-N: S\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":280,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"2d59888f859225a7d01c3cfb3f4512cc","sha1":"11934a3bec2d50edd7d83ddf1b8a2a9756b842ea","sha256":"9cf508174791507434bac5749b034c94d31d91ae6b56741f0d6b49f9b99045b5","sha512":"4477330173863fb35d55c2246bcc7a96f768d73093e1b16c4df8cb98568f9733d1799daf763955ae17249acef27ee3685aab08121c8736475d71271b3a28d438","ssdeep":"","tlshash":"b7d02beb943611b7c74c33795a254f3f274341d142ab73604d72e39a28c34654b46493","first_seen":"2025-05-17T09:42:13.444378Z","last_seen":"2025-05-17T09:42:13.444378Z","times_seen":1,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}