{"report_id":"63ee8296-4ad9-4917-b5e9-5c41a3e803a7","version":6,"status":"done","tags":["dyndns"],"date":"2024-05-21T04:11:26Z","url":{"schema":"http","addr":"gregdsgfh.dns04.com/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja","fqdn":"gregdsgfh.dns04.com","domain":"dns04.com","tld":"com"},"ip":{"addr":"198.55.123.185","port":0,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja","fqdn":"gregdsgfh.dns04.com","domain":"dns04.com","tld":"com"},"title":"Fox News World RSS Feed - essejmxyc.octagram.eu.com"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T16:11:05Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"feeds.foxnews.com","ip":{"addr":"151.101.194.132","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"1995-06-21","domain_rank":160382,"first_seen":"2012-05-24 21:32:56","last_seen":"2024-04-18 14:10:59","alert_count":0,"request_count":1,"received_data":556,"sent_data":440,"comment":"","tags":null,"fingerprints":null},{"fqdn":"moxie.foxnews.com","ip":{"addr":"23.52.23.45","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Sweden","country_code":"SE"},"domain_registered":"1995-06-21","domain_rank":868145,"first_seen":"2022-02-24 13:15:58","last_seen":"2024-05-14 16:41:26","alert_count":0,"request_count":1,"received_data":47010,"sent_data":431,"comment":"","tags":null,"fingerprints":null},{"fqdn":"gregdsgfh.dns04.com","ip":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"domain_registered":"2001-03-20","domain_rank":0,"first_seen":"2023-06-15 03:24:13","last_seen":"2023-06-15 20:36:34","alert_count":9,"request_count":3,"received_data":4459,"sent_data":1731,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:02Z","timestamp":1716264662,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:02.250866+0000\",\"flow_id\":389871878628872,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":308,\"redirect\":\"/news?q=Invalid url! /auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"length\":258},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":848,\"bytes_toclient\":950,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:02Z","timestamp":1716264662,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:02.250866+0000\",\"flow_id\":1336401066288648,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":308,\"redirect\":\"/news?q=Invalid url! /auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"length\":258},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":848,\"bytes_toclient\":950,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:03Z","timestamp":1716264663,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:03.123667+0000\",\"flow_id\":1336401066288648,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1189},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1581,\"bytes_toclient\":2530,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:03Z","timestamp":1716264663,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:03.123667+0000\",\"flow_id\":389871878628872,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1189},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1581,\"bytes_toclient\":2530,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:03Z","timestamp":1716264663,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:03.534206+0000\",\"flow_id\":389871878628872,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/plain\",\"http_refer\":\"http://gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":8,\"bytes_toserver\":2405,\"bytes_toclient\":5020,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:03Z","timestamp":1716264663,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:03.534206+0000\",\"flow_id\":1336401066288648,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/plain\",\"http_refer\":\"http://gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":8,\"bytes_toserver\":2405,\"bytes_toclient\":5020,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"http","addr":"gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja","fqdn":"gregdsgfh.dns04.com","domain":"dns04.com","tld":"com"},"ip":{"addr":"198.55.123.185","port":0,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T04:33:11.740054Z","times_seen":15092762,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:03Z","timestamp":1716264663,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:03.123667+0000\",\"flow_id\":1336401066288648,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1189},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1581,\"bytes_toclient\":2530,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:03Z","timestamp":1716264663,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:03.123667+0000\",\"flow_id\":389871878628872,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1189},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1581,\"bytes_toclient\":2530,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"gregdsgfh.dns04.com/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja","fqdn":"gregdsgfh.dns04.com","domain":"dns04.com","tld":"com"},"ip":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-21T04:11:01.618Z","timestamp":1716264661618,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja HTTP/1.1\r\nHost: gregdsgfh.dns04.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 308 Permanent Redirect\r\nContent-Type: text/html; charset=utf-8\r\nLocation: /news?q=Invalid url! /auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\r\nX-Address: gin_throttle_mw_7200000000_91.90.42.154\r\nX-Ratelimit-Limit: 500\r\nX-Ratelimit-Remaining: 493\r\nX-Ratelimit-Reset: 1716267829\r\nDate: Tue, 21 May 2024 04:11:02 GMT\r\nContent-Length: 258\r\n","headers":null,"cookies":null,"status_code":"308","status_text":"Permanent Redirect","fingerprints":null,"data":{"size":258,"size_decoded":258,"mime_type":"","magic":"HTML document, ASCII text","md5":"7f912a71316d411d91aa2943786d4667","sha1":"f1ab5e037c9c701935d74a61e9b6d4dfef3e7e01","sha256":"cf56d626ba88bab89c6c2dcc42b5f64190a1d7019d95b6630a5c1fd655b44095","sha512":"0cf6df602eb1668ea5b348016bbf38693601a8a0d78b9060270c8859bc9ca53fa4f58009a9a225a194590da2849189d4c2d092149ff1436530260580074d1b28","ssdeep":"","tlshash":"4ad02b9108aba857069986d4b04176e628e050a0219155b13ab92394fcf211b830e8e2","first_seen":"2024-05-20T17:11:46Z","last_seen":"2024-08-19T22:24:59.995487Z","times_seen":159,"resource_available":false,"data":null}},"time_used":801,"timings":{"blocked":165,"dns":1,"connect":168,"send":0,"wait":467,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:02Z","timestamp":1716264662,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:02.250866+0000\",\"flow_id\":389871878628872,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":308,\"redirect\":\"/news?q=Invalid url! /auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"length\":258},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":848,\"bytes_toclient\":950,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:02Z","timestamp":1716264662,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:02.250866+0000\",\"flow_id\":1336401066288648,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":308,\"redirect\":\"/news?q=Invalid url! /auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"length\":258},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":848,\"bytes_toclient\":950,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja","fqdn":"gregdsgfh.dns04.com","domain":"dns04.com","tld":"com"},"ip":{"addr":"198.55.123.185","port":0,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-21T04:11:02.258Z","timestamp":1716264662258,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja HTTP/1.1\r\nHost: gregdsgfh.dns04.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nX-Address: gin_throttle_mw_7200000000_91.90.42.154\r\nX-Ratelimit-Limit: 500\r\nX-Ratelimit-Remaining: 492\r\nX-Ratelimit-Reset: 1716267829\r\nDate: Tue, 21 May 2024 04:11:03 GMT\r\nTransfer-Encoding: chunked\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":3204,"size_decoded":3204,"mime_type":"","magic":"HTML document, ASCII text","md5":"0917f13dfc49319220e3fd5368020384","sha1":"76deb4f83bc76695a2641c8878bf2e6b9965618f","sha256":"516bdec259d7df77592cd168e3d21331564bfd2debe7ffead0c2a636f80f86ba","sha512":"6243460fcc20fc3e333ab4520251d68b887b1d37455c7f22ad3854469aa7798457be337961b621ce3abac93d10be1cef84b7abe12abf338883e2f764667a98f9","ssdeep":"","tlshash":"3e612d1528b7802495dfb05e27e3a2883260841bf884de993f8cc644dfc5792daf36cc","first_seen":"2024-05-20T17:11:46Z","last_seen":"2024-08-19T22:24:59.996147Z","times_seen":163,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":336,"dns":0,"connect":170,"send":0,"wait":0,"receive":0,"ssl":175},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:03Z","timestamp":1716264663,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:03.123667+0000\",\"flow_id\":1336401066288648,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1189},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1581,\"bytes_toclient\":2530,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:03Z","timestamp":1716264663,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:03.123667+0000\",\"flow_id\":389871878628872,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1189},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1581,\"bytes_toclient\":2530,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"feeds.foxnews.com/foxnews/world","fqdn":"feeds.foxnews.com","domain":"foxnews.com","tld":"com"},"ip":{"addr":"151.101.194.132","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja","date":"2024-05-21T04:11:03.212Z","timestamp":1716264663212,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.foxnews.com","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Sat, 23 Mar 2024 06:26:40 GMT","end":"Fri, 21 Jun 2024 06:26:39 GMT"},"fingerprint":{"sha1":"BC:A6:C4:45:B6:50:28:54:62:5F:42:C0:C4:BC:61:D1:08:00:31:26","sha256":"34:9D:4A:1D:94:86:99:67:13:15:9D:7B:84:7D:A9:F9:F1:2E:67:E6:44:89:6D:8C:31:C3:99:3E:3F:CC:18:01"}}},"request":{"raw":"GET /foxnews/world HTTP/1.1\r\nHost: feeds.foxnews.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://gregdsgfh.dns04.com/\r\nOrigin: http://gregdsgfh.dns04.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nretry-after: 0\r\nlocation: https://moxie.foxnews.com/google-publisher/world.xml\r\naccept-ranges: bytes\r\ndate: Tue, 21 May 2024 04:11:03 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-hel1410027-HEL\r\nx-cache: HIT\r\nx-cache-hits: 0\r\nx-timer: S1716264663.257768,VS0,VE0\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,HEAD,POST,OPTIONS\r\naccess-control-allow-headers: *\r\naccess-control-allow-credentials: false\r\naccess-control-max-age: 86400\r\naccess-control-expose-headers: etag\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T04:33:11.740054Z","times_seen":15092762,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":36,"dns":2,"connect":13,"send":0,"wait":13,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"moxie.foxnews.com/google-publisher/world.xml","fqdn":"moxie.foxnews.com","domain":"foxnews.com","tld":"com"},"ip":{"addr":"23.52.23.45","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja","date":"2024-05-21T04:11:03.267Z","timestamp":1716264663267,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wildcard.foxnews.com","organization":"Fox News Network, LLC"},"issuer":{"commonName":"DigiCert TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 06 May 2024 00:00:00 GMT","end":"Tue, 06 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"92:A8:54:5C:8C:E0:75:4A:F7:00:F0:F3:11:9C:A7:9B:3F:E8:BA:BE","sha256":"22:24:23:FD:A9:1D:C4:31:FF:90:A0:33:40:D1:3C:88:19:68:AE:D5:EE:79:EF:DB:84:59:21:3C:90:F4:28:E6"}}},"request":{"raw":"GET /google-publisher/world.xml HTTP/1.1\r\nHost: moxie.foxnews.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: null\r\nReferer: http://gregdsgfh.dns04.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 45869\r\nx-amzn-trace-id: Root=1-664c0779-4b4c016e57e0e62034d16037;Parent=53d7a83a495b3490;Sampled=0;lineage=c27b69c6:0\r\nmoxie-uptime: 55.52ms\r\nx-robots-tag: noindex, nofollow\r\nmoxie-version: 1.0\r\nx-amzn-requestid: 99a20205-ef39-4487-98a2-4c1a68afe8f9\r\nx-amz-cf-id: naP-Y5-dWcnVt_4vJPVTuINNvf1Xc1fDFKnybdVk-j-hXHepjdLbUA==\r\netag: 92cf670828f1a0cb0492cde72e6d8c53\r\ncontent-type: text/xml;charset=utf-8\r\nx-amz-cf-pop: IAD55-P5\r\nx-amz-apigw-id: YGYbGFNmIAMEUmg=\r\ncontent-encoding: gzip\r\nx-debug-path: /prod/fn/google-publisher/world.xml\r\nx-origin: prod_moxie\r\naccept-ranges: bytes\r\nx-served-by: cache-iad-kiad7000170-IAD, cache-iad-kiad7000170-IAD, cache-bma1622-BMA\r\nx-cache-hits: 0, 27, 1\r\nx-timer: S1716264540.988661,VS0,VE1\r\ncache-control: must-revalidate, max-age=29\r\nexpires: Tue, 21 May 2024 04:11:32 GMT\r\ndate: Tue, 21 May 2024 04:11:03 GMT\r\nvary: Accept-Encoding\r\naccess-control-allow-credentials: false\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 86400\r\nx-forwarded-host: moxie.foxnews.com\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45869,"size_decoded":180462,"mime_type":"text/xml; charset=utf-8","magic":"XML 1.0 document, Unicode text, UTF-8 text, with very long lines (8743)","md5":"92cf670828f1a0cb0492cde72e6d8c53","sha1":"155922a01a70e1ecc3b25cd05d7b3eddc5dd2410","sha256":"273c51daded3f0b91480d674b0d2531b9bb2b9f5286a04adf47507847835f916","sha512":"7c99928797b15c6adf8fbc61882369b714d8835ac6dfa66efffb0ad41eff8aef455da691b72d3915f51fdf0a421a3e16337612ea60a5bac29cfcc3f67254f244","ssdeep":"3072:2t/BhFDusbwQWC9xQsHrj8zjGOwFWM5zr/JJlTQFyKejegJ1yyO0xpoVvaJBXfWf:2t/BhFDusbwQWC9xQsHrj8zjGRFWM5vW","tlshash":"6f04e92961fe23ed064a3150329733edf517da3a9306afc0745ed6a83b80d14b97b2d6","first_seen":"2024-05-21T04:34:52Z","last_seen":"2024-08-19T22:21:08.962796Z","times_seen":92,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":87,"dns":60,"connect":8,"send":0,"wait":29,"receive":11,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"gregdsgfh.dns04.com/favicon.ico","fqdn":"gregdsgfh.dns04.com","domain":"dns04.com","tld":"com"},"ip":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja","date":"2024-05-21T04:11:03.366Z","timestamp":1716264663366,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gregdsgfh.dns04.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nContent-Type: text/plain; charset=utf-8\r\nX-Address: gin_throttle_mw_7200000000_91.90.42.154\r\nX-Ratelimit-Limit: 500\r\nX-Ratelimit-Remaining: 491\r\nX-Ratelimit-Reset: 1716267829\r\nDate: Tue, 21 May 2024 04:11:03 GMT\r\nContent-Length: 0\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T04:33:11.740054Z","times_seen":15092762,"resource_available":true,"data":null}},"time_used":168,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":168,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:03Z","timestamp":1716264663,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:03.534206+0000\",\"flow_id\":389871878628872,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/plain\",\"http_refer\":\"http://gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":8,\"bytes_toserver\":2405,\"bytes_toclient\":5020,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-21T04:11:03Z","timestamp":1716264663,"ip_dst":{"addr":"198.55.123.185","port":80,"asn":8100,"as":"ASN-QUADRANET-GLOBAL","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":35414,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain","source":"{\"timestamp\":\"2024-05-21T04:11:03.534206+0000\",\"flow_id\":1336401066288648,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":35414,\"dest_ip\":\"198.55.123.185\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2804341,\"rev\":4,\"signature\":\"ETPRO INFO DYNAMIC_DNS HTTP Request to a *.dns04.com Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"created_at\":[\"2012_01_20\"],\"updated_at\":[\"2020_04_21\"]}},\"http\":{\"hostname\":\"gregdsgfh.dns04.com\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/plain\",\"http_refer\":\"http://gregdsgfh.dns04.com/news?q=Invalid%20url!%20/auth.php?screen/na/authorize?response_type=code\u0026client_id=zc001\u0026state=\u0026scope=openid\u0026_gl=11li7pmi_gamtc0njiwmte2ni4xnjy5mzy5mdg0_ga_bkkp87cx6tmty3nze1ndeync4xljaumty3nze1ndeyni41oc4wlja\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":8,\"bytes_toserver\":2405,\"bytes_toclient\":5020,\"start\":\"2024-05-21T04:11:01.615944+0000\"}}"}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}