{"report_id":"6358812b-66f3-45eb-841a-3de2692e4b4d","version":6,"status":"done","tags":[],"date":"2025-10-18T09:42:43Z","url":{"schema":"http","addr":"hdhub4u.mov/","fqdn":"hdhub4u.mov","domain":"hdhub4u.mov","tld":"mov"},"ip":{"addr":"104.21.52.148","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"hdhub4u.mov/","fqdn":"hdhub4u.mov","domain":"hdhub4u.mov","tld":"mov"},"title":"Access denied | hdhub4u.mov used Cloudflare to restrict access | hdhub4u.mov | Cloudflare"},"submit":{"url":{"schema":"http","addr":"hdhub4u.mov/","fqdn":"hdhub4u.mov","domain":"hdhub4u.mov","tld":"mov"},"ip":{"addr":"104.21.52.148","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-22T09:42:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":3,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.671405+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":715},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":668,\"bytes_toclient\":3388,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.799850+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/cdn-cgi/styles/main.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://hdhub4u.mov/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":926},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1350,\"bytes_toclient\":6296,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.909298+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://hdhub4u.mov/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":709},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":12,\"bytes_toserver\":1961,\"bytes_toclient\":9480,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"hdhub4u.mov","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"performance.radar.cloudflare.com","ip":{"addr":"104.18.31.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":418040,"first_seen":"2022-06-29T10:44:51Z","last_seen":"2025-10-13T00:19:46.79027Z","alert_count":0,"request_count":1,"received_data":10626,"sent_data":395,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"hdhub4u.mov","ip":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-09-07T18:30:38.83282Z","last_seen":"2025-09-07T18:30:38.83282Z","alert_count":8,"request_count":4,"received_data":32330,"sent_data":1575,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.671405+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":715},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":668,\"bytes_toclient\":3388,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.799850+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/cdn-cgi/styles/main.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://hdhub4u.mov/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":926},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1350,\"bytes_toclient\":6296,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.909298+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://hdhub4u.mov/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":709},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":12,\"bytes_toserver\":1961,\"bytes_toclient\":9480,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"hdhub4u.mov/","fqdn":"hdhub4u.mov","domain":"hdhub4u.mov","tld":"mov"},"ip":{"addr":"104.21.52.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"08fa6c3619c19376c3ad609b9a95fac2","sha1":"ee08588e8d3ce0e677e0bdd4da7d83ba3223cd2a","sha256":"b7047c13eed2190824190765dc6ef9f81bd125fc326f1b1f9d180b6f1afb94a2","sha512":"e63992070338970b76cb1cd05469559e7ae36b95074198e6bd6618592027d771d32c336fc357c10e00011f8c329ed8c6364831998b09a57aa42b3266ad0b31f5","ssdeep":"","tlshash":"7611eda7f988193612cff6bb513bd3a431f920923c2004f35c168ca5096dec6d976785","size":967,"data":"","first_seen":"2025-06-21T07:35:06.382827Z","last_seen":"2026-04-02T14:30:22.681519Z","times_seen":105,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.671405+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":715},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":668,\"bytes_toclient\":3388,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"hdhub4u.mov/","fqdn":"hdhub4u.mov","domain":"hdhub4u.mov","tld":"mov"},"ip":{"addr":"104.21.52.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"56df91490fa1984fa82b297dcb23c22d","sha1":"2050f127b73f50d21eb9b0a2a3f2aea7d4372ba9","sha256":"275407540ae2d5516300e4027ce994e1c97f958d464e137d0fff116d7acf0f24","sha512":"537ac565ea049803015a3b15881913d8179eafc11f95ac99dfe0ee842ac3d496ea3c6e1c167274357b7443e32ea9efab72400b95798479c5a5c81c9aabc88e8b","ssdeep":"","tlshash":"bbe0dfbbbb192e3906efa67771aee74a3676c091acc05560092ccc940b3fec4d03a1d4","size":375,"data":"","first_seen":"2023-03-07T01:03:09Z","last_seen":"2026-04-04T21:40:39.178512Z","times_seen":396881,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.671405+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":715},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":668,\"bytes_toclient\":3388,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"hdhub4u.mov/","fqdn":"hdhub4u.mov","domain":"hdhub4u.mov","tld":"mov"},"ip":{"addr":"104.21.52.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"16f6161217e242dffadf4241d174abcc","sha1":"304832d02caf7b8a45ea29c321993d7eba48be67","sha256":"390eefa5af21228aaab4bb7eb68043b2468a645b3c861aaba17b226cc8c05d95","sha512":"886e6c321c801fa26a1363e65eb9ddd6f15617044d57f2b458d235cb396119dbc35e216178258e47ed6a73ad9a6f558e12605621bb3bae8e463c56ae6f9f6d18","ssdeep":"","tlshash":"869004534011730005710337175555403335501310314c0437cdc1153f51f57cf05340","size":46,"data":"","first_seen":"2025-03-04T09:24:28.966015Z","last_seen":"2026-04-04T21:39:55.082599Z","times_seen":210784,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.671405+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":715},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":668,\"bytes_toclient\":3388,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"performance.radar.cloudflare.com/beacon.js","fqdn":"performance.radar.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.31.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2719363f6a6795ef0d76d94dcbc5f1eb","sha1":"31552c49af8e0c9bdd7bc95715cbfbb49cf7894f","sha256":"02003584efb71c4827497cff0b714fd5b076bef0bd6db7da9c406d918dabaa43","sha512":"47d2bc06ae9de769665e7e779ee9f80430934b48a369a986ff9c30b66c15760d26967e0faaac2080ea8c8f6f5099f62bc6ac135d03a6bbf4ab32b951b98eb8ba","ssdeep":"192:qWTavxSxKBV/oRks10BINTAPAWVZb7+VWRLvTlHD/V7D/Y/D/jD/KIDqFvjBy/TY:q0avxSxKBV/0ks6usZW4RLvTpD/RD/Yw","tlshash":"d0121db677e61657c78702d70469f32f7225f6860ac2d21eb31ecc2a330c6463967b55","size":9797,"data":"","first_seen":"2025-10-18T09:42:46.55618Z","last_seen":"2025-10-18T09:42:46.55618Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"performance.radar.cloudflare.com/beacon.js","fqdn":"performance.radar.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.31.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://hdhub4u.mov/","date":"2025-10-18T09:42:21.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 21:15:49 GMT","end":"Tue, 13 Jan 2026 22:15:46 GMT"},"fingerprint":{"sha1":"12:69:5B:90:83:B7:EB:E6:E9:C2:E7:8E:D9:16:EB:A7:1D:BB:35:D1","sha256":"BE:BF:9E:3A:6B:32:8A:B0:C4:B1:C2:1B:A1:80:AB:0A:8B:19:A8:01:EE:D3:0F:1C:4E:1A:2C:AF:CA:5F:EC:2D"}}},"request":{"raw":"GET /beacon.js HTTP/1.1\r\nHost: performance.radar.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Oct 2025 09:42:21 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: br\r\naccess-control-allow-origin: *\r\ncache-control: no-store, max-age=0\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nreferrer-policy: no-referrer\r\ntiming-allow-origin: *\r\nset-cookie: __cf_bm=HQlB5BKwLoWVvd.6TQ2kN6r0EId0RRhTvUkTGYdiIkM-1760780541-1.0.1.1-saWE7RjlA4qU3hStuEwdFXXkMC0r8fR3M7DqPTaHx90MDBGYblPBfSN2rYxUViLvSIZTlStXFcBRn_gtiyTCWU_SGPFmt53ddLUJAT_I.78; path=/; expires=Sat, 18-Oct-25 10:12:21 GMT; domain=.radar.cloudflare.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 990715d25eab1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9797,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (9796)","md5":"2719363f6a6795ef0d76d94dcbc5f1eb","sha1":"31552c49af8e0c9bdd7bc95715cbfbb49cf7894f","sha256":"02003584efb71c4827497cff0b714fd5b076bef0bd6db7da9c406d918dabaa43","sha512":"47d2bc06ae9de769665e7e779ee9f80430934b48a369a986ff9c30b66c15760d26967e0faaac2080ea8c8f6f5099f62bc6ac135d03a6bbf4ab32b951b98eb8ba","ssdeep":"192:qWTavxSxKBV/oRks10BINTAPAWVZb7+VWRLvTlHD/V7D/Y/D/jD/KIDqFvjBy/TY:q0avxSxKBV/0ks6usZW4RLvTpD/RD/Yw","tlshash":"d0121db677e61657c78702d70469f32f7225f6860ac2d21eb31ecc2a330c6463967b55","first_seen":"2025-10-18T09:42:46.55618Z","last_seen":"2025-10-18T09:42:46.55618Z","times_seen":1,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":25,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"hdhub4u.mov/favicon.ico","fqdn":"hdhub4u.mov","domain":"hdhub4u.mov","tld":"mov"},"ip":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://hdhub4u.mov/","date":"2025-10-18T09:42:21.916Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: hdhub4u.mov\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://hdhub4u.mov/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Sat, 18 Oct 2025 09:42:21 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nReferrer-Policy: same-origin\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nX-Frame-Options: SAMEORIGIN\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yc%2FCjsfOtmKXBe%2FotVuuT0dNSGZTDBzXFF1iZ%2Fz7Aov76p7aZrGJPiz3gC5g73oxR2t6ReOyJsl0EHR992VKlkRVqHCWM8dIVZU2\"}]}\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 990715d2efca1a30-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7206,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (507)","md5":"86f76e0f91c543ebd4a5f3154562f904","sha1":"1c3f5b02e6c40a39c75fd87298bd0384028ce867","sha256":"5c72e3818ddaff128ece1dbf2a3abb39aa4611c1948ec53f33c8b064783eefec","sha512":"fad2c7727ae6c7d471ef9c6d1c4e88a78b9c040cb13010cb1409af2bb17e38161da86df0194b8ac11c39f6e2ef14904aabfbf5e2d7bffada7ff6ea0c2f5ead49","ssdeep":"192:Vj9jhjOHTK/OaaRl8gziz4Zm89K71lCeNA:Yu//m/ZNK71lCeG","tlshash":"c8e1a967f5f925fa11978172317a77197ee48013ea6604a576edc1720f8df80ee07284","first_seen":"2025-10-18T09:42:46.559653Z","last_seen":"2025-10-18T09:42:46.559653Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.909298+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://hdhub4u.mov/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":709},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":13,\"pkts_toclient\":12,\"bytes_toserver\":1961,\"bytes_toclient\":9480,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"hdhub4u.mov","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hdhub4u.mov/","fqdn":"hdhub4u.mov","domain":"hdhub4u.mov","tld":"mov"},"ip":{"addr":"104.21.52.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-18T09:42:21.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hdhub4u.mov","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 Aug 2025 21:20:40 GMT","end":"Sat, 29 Nov 2025 22:19:05 GMT"},"fingerprint":{"sha1":"EF:78:1B:8E:B5:8A:33:60:FE:F9:3B:6C:95:7A:96:93:C7:9D:2E:F0","sha256":"64:A4:3F:89:C3:95:41:B3:67:04:D6:94:EC:38:09:3E:2F:5B:B1:E9:DE:5D:19:89:63:05:AD:16:11:3F:B4:69"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: hdhub4u.mov\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Sat, 18 Oct 2025 09:42:21 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-frame-options: SAMEORIGIN\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2By4JQ%2FcJjiTwYvqjXKwbQxwC4uPg%2BcdYw8hSg5UCCXTvV3xQQ7GPBu1w70%2BRRV6dqmfOPqI8jI7wwUlhGlIq5S8xBHbcbjhsT5Nj\"}]}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 990715d0c94c8be6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7206,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (507)","md5":"d18201bc23a3767779410c541f80a9e6","sha1":"7497cd4be1bbc0b74e326b13df3a117572951a4b","sha256":"9a510a842892fb9a429bf745d8a0e1390365c465a500db71091574cab8a9c80e","sha512":"59d0885784c4903218ffdc7e4650ae6db6a50b4b50014d489b8311366a0bb8ff415ac35462a80de76e26a69cc765bbe4a5d6545b2dd08c09c19afc6dc07fa17f","ssdeep":"192:Vj9jhjOHTK/OaaRl8gzaz4Zm89271lCeNA:Yu//mnZN271lCeG","tlshash":"90e1a963f9f925fa11978172317a77197ee48013ea6604a576edc1720f8df80ee07284","first_seen":"2025-10-18T09:42:46.562993Z","last_seen":"2025-10-18T09:42:46.562993Z","times_seen":1,"resource_available":false,"data":null}},"time_used":458,"timings":{"blocked":226,"dns":27,"connect":1,"send":0,"wait":5,"receive":0,"ssl":197},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.671405+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":715},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":668,\"bytes_toclient\":3388,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"hdhub4u.mov","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"hdhub4u.mov/","fqdn":"hdhub4u.mov","domain":"hdhub4u.mov","tld":"mov"},"ip":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-18T09:42:21.661Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: hdhub4u.mov\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Sat, 18 Oct 2025 09:42:21 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nReferrer-Policy: same-origin\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nX-Frame-Options: SAMEORIGIN\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c6svySN1uK7ESUeYKe3UhAF0H80Ly7IUGkdurl9yGfVaz4yUlGvPoOt5xe9bBmJC7Wc040eIAgk4dxGJlMCXJsv3bbgPkwPep05C\"}]}\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 990715d15c6c1a30-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7206,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (507)","md5":"425419d970de88aec45bf55188fa51e4","sha1":"6ba169e057eef1d52eee9bd7b044f2e6dad8c259","sha256":"8ab4c66c916a3edcbad08aac4b0be2bbef372068654d9b77af859cba8bf8dd20","sha512":"fd41bdfd53d03a83fadabb113e756f767dd471d47f6c8f3e405edf638578a625c72ab86e624dd771c77ba7880be1aea505d4c0a7f436c8042e22da3d0a4063f5","ssdeep":"192:Vj9jhjOHTK/OaaRl8gzxLz4Zm89aK71lCeNA:Yu//mLIZNaK71lCeG","tlshash":"28e1a963f5f925fa1197817331ba77197ee48013eaa604a576edc1720f8df44ee07284","first_seen":"2025-10-18T09:42:46.566262Z","last_seen":"2025-10-18T09:42:46.566262Z","times_seen":1,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.671405+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":715},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":668,\"bytes_toclient\":3388,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"hdhub4u.mov","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"hdhub4u.mov/cdn-cgi/styles/main.css","fqdn":"hdhub4u.mov","domain":"hdhub4u.mov","tld":"mov"},"ip":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://hdhub4u.mov/","date":"2025-10-18T09:42:21.799Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/styles/main.css HTTP/1.1\r\nHost: hdhub4u.mov\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://hdhub4u.mov/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 18 Oct 2025 09:42:21 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qjJxoUPTAUf%2BZCnYkFL5kL2D5zSlY5flolhNeVj6aL%2FeIrfeYXlQn21O4V7hsHuGe6XB%2Bom6dRnXOcGaF%2FDQI%2FQEePVRqtvEA4bT\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 990715d23e661a30-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8013,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8012)","md5":"ff26f59e28a5fe6ea4ab23586415696b","sha1":"4182675484d175e363cd34b43041b7b1af93d0cd","sha256":"d30b4ea6f68456672f5abb35e9dcf7d54226372b66e9d60a7ee26b7a52568e74","sha512":"92c58eef6d1f885806450acd2927c57ebea2e8762c98b0826192555674bd4478e42add192834285d5934c0a76db8eac5eee1a65dc34b6f69246fad6c91a5fba4","ssdeep":"96:1jMh3JNJinvaE5TQRGxfldudududEtCbnaimpSpIplDO6bU6b16bE6bb6bNdkd94:1jMFJiva655dimwqjlP0/mGTZxRbC","tlshash":"75f1851bbf49104e3023886ae2c5a78d912dd282ee535bfff7173561cbc52fa1552b24","first_seen":"2023-04-05T04:39:40Z","last_seen":"2026-04-04T21:40:39.173927Z","times_seen":73300,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-18T09:42:21Z","timestamp":1760780541,"ip_dst":{"addr":"104.21.52.148","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.6","port":60974,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain","source":"{\"timestamp\":\"2025-10-18T09:42:21.799850+0000\",\"flow_id\":2228668747026958,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.6\",\"src_port\":60974,\"dest_ip\":\"104.21.52.148\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2045976,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.mov Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_05_31\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_05_31\"]}},\"http\":{\"hostname\":\"hdhub4u.mov\",\"url\":\"/cdn-cgi/styles/main.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://hdhub4u.mov/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":926},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":9,\"pkts_toclient\":9,\"bytes_toserver\":1350,\"bytes_toclient\":6296,\"start\":\"2025-10-18T09:42:21.659982+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"hdhub4u.mov","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}