{"report_id":"685089b0-2468-42e1-bc0f-8742836e7200","version":6,"status":"done","tags":[],"date":"2023-12-19T23:12:30Z","url":{"schema":"http","addr":"key123.vip/win/Stream-Dock-Installer_Windows.exe","fqdn":"key123.vip","domain":"key123.vip","tld":"vip"},"ip":{"addr":"47.106.243.57","port":0,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T07:17:59Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"key123.vip","ip":{"addr":"47.106.243.57","port":0,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":2,"received_data":4694,"sent_data":703,"comment":"","tags":null,"fingerprints":null},{"fqdn":"aus5.mozilla.org","ip":{"addr":"35.244.181.201","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1998-01-24","domain_rank":2548,"first_seen":"2015-10-27 08:06:24","last_seen":"2023-12-19 05:09:52","alert_count":0,"request_count":1,"received_data":1214,"sent_data":523,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ciscobinary.openh264.org","ip":{"addr":"62.115.252.115","port":0,"asn":1299,"as":"Telia Company AB","country":"Sweden","country_code":"SE"},"domain_registered":"2013-10-19","domain_rank":40822,"first_seen":"2014-10-07 07:43:56","last_seen":"2023-12-19 11:25:41","alert_count":0,"request_count":1,"received_data":512217,"sent_data":305,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.key123.vip","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":2,"received_data":821,"sent_data":970,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"152eda253e242e18443ef3282495bc7c","sha1":"ff0fa85565f21ec4931baad4573b4c0bd08c4019","sha256":"8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48","sha512":"94531e267314de661b2205c606283fb066d781e5c11027578f2a3c3aa353437c2289544074a28101b6b6f0179f0fe6bd890a0ae2bb6e1cf9053650472576366c","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":511815,"url":{"schema":"http","addr":"ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip","fqdn":"ciscobinary.openh264.org","domain":"openh264.org","tld":"org"},"ip":{"addr":"62.115.252.115","port":0,"asn":1299,"as":"Telia Company AB","country":"Sweden","country_code":"SE"},"archive":[{"path":"gmpopenh264.info","filename":"gmpopenh264.info","modified":"","Modified":"2019-03-02T16:47:07Z","magic":"ASCII text","size":116,"md5":"3d33cdc0b3d281e67dd52e14435dd04f","sha1":"4db88689282fd4f9e9e6ab95fcbb23df6e6485db","sha256":"f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b","sha512":"a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1","alerts":{"urlquery":null,"analyzer":null}},{"path":"libgmpopenh264.so","filename":"libgmpopenh264.so","modified":"","Modified":"2019-03-02T16:47:26Z","magic":"ELF 64-bit LSB shared object, x86-64, version 1 (SYSV)","size":1381690,"md5":"b2c1253e8a09cfe03b3d7f37de12dff7","sha1":"31835791d3f838d7b7b63e3f6d8a463388dd6b41","sha256":"990004dc8be970eb133c7bb9220c380ffbc19be991476bef446801e2c510640c","sha512":"121f154427c1176f5ab3b1b30b720a8dcc6345517f30e30c8b5598f297a744be0750b75bea6255e1eb653bc6ae2941eb1330d36b3150584caa93db76b2b76f5f","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-19T23:11:51Z","timestamp":1703027511,"ip_dst":{"addr":"47.106.243.57","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"ip_src":{"addr":"Client IP","port":51004,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016","source":"{\"timestamp\":\"2023-12-19T23:11:51.635654+0000\",\"flow_id\":44575908927316,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.96\",\"src_port\":51004,\"dest_ip\":\"47.106.243.57\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2022896,\"rev\":6,\"signature\":\"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2016_06_14\"],\"former_category\":[\"CURRENT_EVENTS\"],\"updated_at\":[\"2022_05_03\"]}},\"http\":{\"hostname\":\"key123.vip\",\"url\":\"/win/Stream-Dock-Installer_Windows.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://cdn.key123.vip/streamdock/Stream-Dock-Installer_Windows.exe\",\"length\":161},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":704,\"bytes_toclient\":608,\"start\":\"2023-12-19T23:11:51.104276+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-19T23:11:52Z","timestamp":1703027512,"ip_dst":{"addr":"Client IP","port":36540,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.246.44.138","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2023-12-19T23:11:52.005840+0000\",\"flow_id\":46689032798340,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"47.246.44.138\",\"src_port\":443,\"dest_ip\":\"10.70.215.96\",\"dest_port\":36540,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"cdn.key123.vip\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":826,\"bytes_toclient\":181,\"start\":\"2023-12-19T23:11:51.983172+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-19T23:11:52Z","timestamp":1703027512,"ip_dst":{"addr":"Client IP","port":36550,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.246.44.138","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2023-12-19T23:11:52.028173+0000\",\"flow_id\":462274363398479,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"47.246.44.138\",\"src_port\":443,\"dest_ip\":\"10.70.215.96\",\"dest_port\":36550,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"cdn.key123.vip\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":699,\"bytes_toclient\":181,\"start\":\"2023-12-19T23:11:52.006479+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-19T23:11:53Z","timestamp":1703027513,"ip_dst":{"addr":"47.246.44.138","port":80,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"ip_src":{"addr":"Client IP","port":55002,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016","source":"{\"timestamp\":\"2023-12-19T23:11:53.241567+0000\",\"flow_id\":1008392340027244,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.96\",\"src_port\":55002,\"dest_ip\":\"47.246.44.138\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2022896,\"rev\":6,\"signature\":\"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2016_06_14\"],\"former_category\":[\"CURRENT_EVENTS\"],\"updated_at\":[\"2022_05_03\"]}},\"http\":{\"hostname\":\"cdn.key123.vip\",\"url\":\"/streamdock/Stream-Dock-Installer_Windows.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":679,\"bytes_toclient\":1008,\"start\":\"2023-12-19T23:11:52.046956+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-19T23:11:53Z","timestamp":1703027513,"ip_dst":{"addr":"Client IP","port":55002,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.246.44.138","port":80,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"severity":"high","alert":"ET POLICY PE EXE or DLL Windows file download HTTP","source":"{\"timestamp\":\"2023-12-19T23:11:53.250372+0000\",\"flow_id\":1008392340027244,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"47.246.44.138\",\"src_port\":80,\"dest_ip\":\"10.70.215.96\",\"dest_port\":55002,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.Meterpreter.Receiving\",\"ET.http.binary\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018959,\"rev\":4,\"signature\":\"ET POLICY PE EXE or DLL Windows file download HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2014_08_19\"],\"former_category\":[\"POLICY\"],\"updated_at\":[\"2017_02_01\"]}},\"http\":{\"hostname\":\"cdn.key123.vip\",\"url\":\"/streamdock/Stream-Dock-Installer_Windows.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":43800},\"files\":[{\"filename\":\"/streamdock/Stream-Dock-Installer_Windows.exe\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":43800,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":34,\"bytes_toserver\":1867,\"bytes_toclient\":47942,\"start\":\"2023-12-19T23:11:52.046956+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"key123.vip/","fqdn":"key123.vip","domain":"key123.vip","tld":"vip"},"ip":{"addr":"47.106.243.57","port":0,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-12-19T23:11:50.993514223Z","timestamp":1703027510993,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: key123.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.14.1\r\nDate: Tue, 19 Dec 2023 23:12:08 GMT\r\nContent-Type: text/html\r\nContent-Length: 4057\r\nLast-Modified: Mon, 07 Oct 2019 21:16:24 GMT\r\nConnection: keep-alive\r\nETag: \"5d9bab28-fd9\"\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":4057,"size_decoded":4057,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"f483f4298e5a8cebc72d80166d4012ce","sha1":"df0852fb2555fcd7e8ea18a002564b9f71be6d34","sha256":"86e250af940be5e3d21ba9ffbb8bc4f55b6e86e6923e4fa476b959ce13cfc856","sha512":"cc23f4ccad8cab554d9cb87263f20d6928e4b900b4b8459a0e8ee6b040706e0490339d6bdfa99c61b0f20e40caf495b80fafb936a5af9b658ba2c18448ee7ddf","ssdeep":"","tlshash":"cf81511876d30213644e826477b2235d2710d0d7810bcfb9be9ca268cf8399965f338d","first_seen":"2023-04-19T15:34:03Z","last_seen":"2026-04-05T05:17:20.08363Z","times_seen":204,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"key123.vip/win/Stream-Dock-Installer_Windows.exe","fqdn":"key123.vip","domain":"key123.vip","tld":"vip"},"ip":{"addr":"47.106.243.57","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-19T23:11:51.097Z","timestamp":1703027511097,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /win/Stream-Dock-Installer_Windows.exe HTTP/1.1\r\nHost: key123.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx/1.14.1\r\nDate: Tue, 19 Dec 2023 23:12:09 GMT\r\nContent-Type: text/html\r\nContent-Length: 161\r\nConnection: keep-alive\r\nLocation: http://cdn.key123.vip/streamdock/Stream-Dock-Installer_Windows.exe\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":null,"data":{"size":161,"size_decoded":161,"mime_type":"","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"d01b5031e2995eb06c842472d1132628","sha1":"e33dbc810d96691f4ac0b572f9d9d7a84cbdc5f5","sha256":"2e1c150ef87fceb0d517eb491161de4774513dd4105746fb890c303938b09bc0","sha512":"844019dcfb1c8b4f93cf5137178f1f5be04965baab2ab44e46e55a0fa704593bb6160b18feca6e63078cbbac27c1c2f600ad4cdc81702ebe63aa9c95d01f71d6","ssdeep":"","tlshash":"f1c08cab6503bc8dc8e3363814c3a084c1d99622a7d845009280114370c32058ac2352","first_seen":"2023-04-27T11:15:28Z","last_seen":"2025-02-16T08:02:52.893434Z","times_seen":59,"resource_available":false,"data":null}},"time_used":812,"timings":{"blocked":273,"dns":7,"connect":266,"send":0,"wait":265,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-19T23:11:51Z","timestamp":1703027511,"ip_dst":{"addr":"47.106.243.57","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"ip_src":{"addr":"10.70.215.96","port":51004,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016","source":"{\"timestamp\":\"2023-12-19T23:11:51.635654+0000\",\"flow_id\":44575908927316,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.96\",\"src_port\":51004,\"dest_ip\":\"47.106.243.57\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2022896,\"rev\":6,\"signature\":\"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2016_06_14\"],\"former_category\":[\"CURRENT_EVENTS\"],\"updated_at\":[\"2022_05_03\"]}},\"http\":{\"hostname\":\"key123.vip\",\"url\":\"/win/Stream-Dock-Installer_Windows.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://cdn.key123.vip/streamdock/Stream-Dock-Installer_Windows.exe\",\"length\":161},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":704,\"bytes_toclient\":608,\"start\":\"2023-12-19T23:11:51.104276+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml","fqdn":"aus5.mozilla.org","domain":"mozilla.org","tld":"org"},"ip":{"addr":"35.244.181.201","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-12-19T23:12:06.69668848Z","timestamp":1703027526696,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1\r\nHost: aus5.mozilla.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\nrule-id: unknown\r\nrule-data-version: unknown\r\ncontent-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-01-19-16-42-22.chain; p384ecdsa=pu8MibamhrsHRoUimFGMB7gnkSIeoOWsNwvfkbjE_HL4y5Kimft25BTMJ-dvrsrZLj1muQTVYUGB7zUQFkM2oo4Tyu8wFi6lVlYi-9DrpqzTwLT8WYXzo1pgdLljSNG8\r\nstrict-transport-security: max-age=31536000;\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'none'; frame-ancestors 'none'\r\nx-proxy-cache-status: EXPIRED\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ncontent-length: 444\r\ndate: Tue, 19 Dec 2023 23:11:27 GMT\r\nage: 57\r\ncontent-type: text/xml; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: public,max-age=90\r\nalt-svc: clear\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":444,"size_decoded":721,"mime_type":"text/xml; charset=utf-8","magic":"XML 1.0 document, ASCII text, with very long lines (332)","md5":"3b324dec137a87ef7e24a30a65b13dd0","sha1":"c0faa95b2f1018e264b3a14aaf50d1003e6c27b3","sha256":"6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463","sha512":"eee5d0a6354c5cfafdba69236359dbb38be1d7cbfd841230c07617fa3d8982751d8ddbe4f3b9c533a277e836b28a2f483d8ddc79aa09573ca9d49fc16341c061","ssdeep":"","tlshash":"54011069bdb5f89100860aa76626c8015a232287e1541888b8df5fc04f9b9b4536f09d","first_seen":"2023-10-13T18:17:52Z","last_seen":"2025-06-20T01:29:36.566077Z","times_seen":185315,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip","fqdn":"ciscobinary.openh264.org","domain":"openh264.org","tld":"org"},"ip":{"addr":"62.115.252.115","port":0,"asn":1299,"as":"Telia Company AB","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-12-19T23:12:07.028418849Z","timestamp":1703027527028,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1\r\nHost: ciscobinary.openh264.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 16 Nov 2023 07:38:15 GMT\r\nETag: 152eda253e242e18443ef3282495bc7c\r\nContent-Length: 511815\r\nAccept-Ranges: bytes\r\nX-Timestamp: 1700120294.87662\r\nContent-Type: application/zip\r\nX-Trans-Id: tx15b69f172b404fa58b2bb-006555fb11dfw1\r\nCache-Control: public, max-age=51134\r\nExpires: Wed, 20 Dec 2023 13:24:38 GMT\r\nDate: Tue, 19 Dec 2023 23:12:24 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":511815,"size_decoded":511815,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"152eda253e242e18443ef3282495bc7c","sha1":"ff0fa85565f21ec4931baad4573b4c0bd08c4019","sha256":"8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48","sha512":"94531e267314de661b2205c606283fb066d781e5c11027578f2a3c3aa353437c2289544074a28101b6b6f0179f0fe6bd890a0ae2bb6e1cf9053650472576366c","ssdeep":"12288:tnLGiHK1hLMRqmDWebRbi9bh4FnQ72frEDZwin7rX3xWrSgvkRfDH:tqiK/M7Nli9bWdQ7sQ1vO5sRbH","tlshash":"fcb423d0eeb462b2fd70d1ba59465870184eb54beb5f322e731e103e28bbe59b35c064","first_seen":"2023-04-05T03:30:47Z","last_seen":"2025-03-24T20:26:10.792856Z","times_seen":32987,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"cdn.key123.vip/streamdock/Stream-Dock-Installer_Windows.exe","fqdn":"cdn.key123.vip","domain":"key123.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-19T23:11:52.046Z","timestamp":1703027512046,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /streamdock/Stream-Dock-Installer_Windows.exe HTTP/1.1\r\nHost: cdn.key123.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/octet-stream\r\nContent-Length: 129446960\r\nConnection: keep-alive\r\nSet-Cookie: acw_tc=2ff62c9917030275298775416e845926dda7da2bc7a84e4e8ca87e9838;path=/;HttpOnly;Max-Age=3600\ncdn_sec_tc=2ff62c9917030275298775416e845926dda7da2bc7a84e4e8ca87e9838;path=/;HttpOnly;Max-Age=3600\r\nAccept-Ranges: bytes\r\nContent-Md5: sIzE5Aymm7mYvGRNgsqTiA==\r\nDate: Tue, 19 Dec 2023 23:12:10 GMT\r\nEtag: \"B08CC4E40CA69BB998BC644D82CA9388\"\r\nLast-Modified: Tue, 19 Dec 2023 08:48:07 GMT\r\nX-Oss-Cdn-Auth: success\r\nX-Oss-Hash-Crc64ecma: 16223695079902437808\r\nX-Oss-Object-Type: Normal\r\nX-Oss-Request-Id: 6582234AE144DC32357F07E8\r\nX-Oss-Server-Time: 6\r\nX-Oss-Storage-Class: Standard\r\nVia: cache20.l2st4-5[10,0], cache5.se1[218,0]\r\nTiming-Allow-Origin: *\r\nEagleId: 2ff62c9917030275298775416e\r\n\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-05T20:09:54.588333Z","times_seen":14703811,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-19T23:11:53Z","timestamp":1703027513,"ip_dst":{"addr":"47.246.44.138","port":80,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"ip_src":{"addr":"10.70.215.96","port":55002,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016","source":"{\"timestamp\":\"2023-12-19T23:11:53.241567+0000\",\"flow_id\":1008392340027244,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.96\",\"src_port\":55002,\"dest_ip\":\"47.246.44.138\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2022896,\"rev\":6,\"signature\":\"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2016_06_14\"],\"former_category\":[\"CURRENT_EVENTS\"],\"updated_at\":[\"2022_05_03\"]}},\"http\":{\"hostname\":\"cdn.key123.vip\",\"url\":\"/streamdock/Stream-Dock-Installer_Windows.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":679,\"bytes_toclient\":1008,\"start\":\"2023-12-19T23:11:52.046956+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-19T23:11:53Z","timestamp":1703027513,"ip_dst":{"addr":"10.70.215.96","port":55002,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.246.44.138","port":80,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"severity":"high","alert":"ET POLICY PE EXE or DLL Windows file download HTTP","source":"{\"timestamp\":\"2023-12-19T23:11:53.250372+0000\",\"flow_id\":1008392340027244,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"47.246.44.138\",\"src_port\":80,\"dest_ip\":\"10.70.215.96\",\"dest_port\":55002,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.Meterpreter.Receiving\",\"ET.http.binary\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018959,\"rev\":4,\"signature\":\"ET POLICY PE EXE or DLL Windows file download HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2014_08_19\"],\"former_category\":[\"POLICY\"],\"updated_at\":[\"2017_02_01\"]}},\"http\":{\"hostname\":\"cdn.key123.vip\",\"url\":\"/streamdock/Stream-Dock-Installer_Windows.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":43800},\"files\":[{\"filename\":\"/streamdock/Stream-Dock-Installer_Windows.exe\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":43800,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":34,\"bytes_toserver\":1867,\"bytes_toclient\":47942,\"start\":\"2023-12-19T23:11:52.046956+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.key123.vip/streamdock/Stream-Dock-Installer_Windows.exe","fqdn":"cdn.key123.vip","domain":"key123.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-19T23:11:51.644Z","timestamp":1703027511644,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /streamdock/Stream-Dock-Installer_Windows.exe HTTP/1.1\r\nHost: cdn.key123.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-05T20:09:54.588333Z","times_seen":14703811,"resource_available":true,"data":null}},"time_used":362,"timings":{"blocked":362,"dns":0,"connect":8,"send":0,"wait":0,"receive":0,"ssl":14},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-19T23:11:53Z","timestamp":1703027513,"ip_dst":{"addr":"47.246.44.138","port":80,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"ip_src":{"addr":"10.70.215.96","port":55002,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016","source":"{\"timestamp\":\"2023-12-19T23:11:53.241567+0000\",\"flow_id\":1008392340027244,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.96\",\"src_port\":55002,\"dest_ip\":\"47.246.44.138\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2022896,\"rev\":6,\"signature\":\"ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"created_at\":[\"2016_06_14\"],\"former_category\":[\"CURRENT_EVENTS\"],\"updated_at\":[\"2022_05_03\"]}},\"http\":{\"hostname\":\"cdn.key123.vip\",\"url\":\"/streamdock/Stream-Dock-Installer_Windows.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":679,\"bytes_toclient\":1008,\"start\":\"2023-12-19T23:11:52.046956+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-19T23:11:53Z","timestamp":1703027513,"ip_dst":{"addr":"10.70.215.96","port":55002,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.246.44.138","port":80,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"severity":"high","alert":"ET POLICY PE EXE or DLL Windows file download HTTP","source":"{\"timestamp\":\"2023-12-19T23:11:53.250372+0000\",\"flow_id\":1008392340027244,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"47.246.44.138\",\"src_port\":80,\"dest_ip\":\"10.70.215.96\",\"dest_port\":55002,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"exe.no.referer\",\"ET.Meterpreter.Receiving\",\"ET.http.binary\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2018959,\"rev\":4,\"signature\":\"ET POLICY PE EXE or DLL Windows file download HTTP\",\"category\":\"Potential Corporate Privacy Violation\",\"severity\":1,\"metadata\":{\"created_at\":[\"2014_08_19\"],\"former_category\":[\"POLICY\"],\"updated_at\":[\"2017_02_01\"]}},\"http\":{\"hostname\":\"cdn.key123.vip\",\"url\":\"/streamdock/Stream-Dock-Installer_Windows.exe\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\",\"http_content_type\":\"application/octet-stream\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":43800},\"files\":[{\"filename\":\"/streamdock/Stream-Dock-Installer_Windows.exe\",\"sid\":[],\"gaps\":false,\"state\":\"TRUNCATED\",\"stored\":false,\"size\":43800,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":26,\"pkts_toclient\":34,\"bytes_toserver\":1867,\"bytes_toclient\":47942,\"start\":\"2023-12-19T23:11:52.046956+0000\"}}"}],"analyzer":null,"urlquery":null}}]}