{"report_id":"970b23f0-4be8-4782-935f-3fdf85cd56dd","version":6,"status":"done","tags":[],"date":"2025-02-21T14:16:02Z","url":{"schema":"https","addr":"yako.red/","fqdn":"yako.red","domain":"yako.red","tld":"red"},"ip":{"addr":"156.244.19.196","port":0,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"South Korea","country_code":"KR"},"final":{"url":{"schema":"http","addr":"yakored3.net/","fqdn":"yakored3.net","domain":"yakored3.net","tld":"net"},"title":"404 Not Found"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-05-02T14:16:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"yako.red","ip":{"addr":"156.244.19.196","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"South Korea","country_code":"KR"},"domain_registered":"2023-12-02","domain_rank":0,"first_seen":"2023-12-17T15:06:32Z","last_seen":"2024-11-23T14:01:29.635823Z","alert_count":0,"request_count":1,"received_data":500,"sent_data":475,"comment":"","tags":null,"fingerprints":null},{"fqdn":"yakored3.net","ip":{"addr":"104.17.39.51","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-11-16","domain_rank":0,"first_seen":"2025-01-08T06:51:31.912052Z","last_seen":"2025-02-08T04:43:05.20386Z","alert_count":0,"request_count":2,"received_data":3755,"sent_data":742,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-02-21T14:15:39Z","timestamp":1740147339,"ip_dst":{"addr":"172.18.0.26","port":35046,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.16.237.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2025-02-21T14:15:39.772141+0000\",\"flow_id\":520281777745271,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.16.237.41\",\"src_port\":443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":35046,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"yakored3.net\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":848,\"bytes_toclient\":213,\"start\":\"2025-02-21T14:15:39.765303+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-02-21T14:15:39Z","timestamp":1740147339,"ip_dst":{"addr":"172.18.0.26","port":35048,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"104.16.237.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO TLS Handshake Failure","source":"{\"timestamp\":\"2025-02-21T14:15:39.778367+0000\",\"flow_id\":336534486895292,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"104.16.237.41\",\"src_port\":443,\"dest_ip\":\"172.18.0.26\",\"dest_port\":35048,\"proto\":\"TCP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029340,\"rev\":2,\"signature\":\"ET INFO TLS Handshake Failure\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2020_01_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2020_01_30\"]}},\"tls\":{\"sni\":\"yakored3.net\",\"version\":\"UNDETERMINED\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":3,\"bytes_toserver\":723,\"bytes_toclient\":213,\"start\":\"2025-02-21T14:15:39.772796+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"yako.red/","fqdn":"yako.red","domain":"yako.red","tld":"red"},"ip":{"addr":"156.244.19.196","port":443,"asn":138915,"as":"Kaopu Cloud HK Limited","country":"South Korea","country_code":"KR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-02-21T14:15:38.660Z","timestamp":1740147338660,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yako.red","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 08 Jan 2025 00:00:00 GMT","end":"Thu, 08 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6C:76:B6:24:D3:1A:4B:09:89:E5:DD:AF:1D:FF:EA:BB:81:50:7C:C4","sha256":"6D:E7:E9:8C:26:F3:34:5F:D1:C1:BB:B7:07:5E:0D:51:E1:F7:20:B1:1C:46:EA:21:7A:AB:20:6F:3A:D8:E3:7A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: yako.red\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Fri, 21 Feb 2025 14:15:39 GMT\r\nServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k\r\nLocation: https://yakored3.net/\r\nContent-Length: 229\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":229,"size_decoded":229,"mime_type":"","magic":"HTML document, ASCII text","md5":"6a74d4bee8a1f97fd3ee4fedd17c712c","sha1":"78684f49fb088ae409fd7f73188add8b72d656ab","sha256":"49f59cb6ec250bd2e7dfdc664ad13b7f3e73dd952a71837ec43b1b587c8455dc","sha512":"f79f3dd85ac0032d2efb461b2546cb520ae6a56c7072b61613c080c055415ce0e3ae695425ac9961332b50e179a28760cd5bb3be5a7c6b012166b5d1fcaaef98","ssdeep":"","tlshash":"b1d023fc974320c1b0433740b8c120d0205e00f066c984ef25eb2c84e00c0734cce0cc","first_seen":"2025-02-21T14:16:03.006321Z","last_seen":"2025-02-21T14:16:03.006321Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1828,"timings":{"blocked":745,"dns":1,"connect":330,"send":0,"wait":330,"receive":0,"ssl":419},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"yakored3.net/","fqdn":"yakored3.net","domain":"yakored3.net","tld":"net"},"ip":{"addr":"104.17.39.51","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-02-21T14:15:39.874Z","timestamp":1740147339874,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: yakored3.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Fri, 21 Feb 2025 14:15:40 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=JH6u1SA8vhs2vMWkUjJstC5hS7bH0oHrh6qlkfnCn0E9G%2BHWiMdtjjgNmcBQEzQnmXRmidoRl48Jwo1hCD3pq4DIK7Vh4%2Ft6%2F8ZFmt2NyNOg1qROUalYguMUpzXSMBo%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 9157598a3bf1568d-OSL\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=490\u0026min_rtt=490\u0026rtt_var=245\u0026sent=1\u0026recv=3\u0026lost=0\u0026retrans=0\u0026sent_bytes=0\u0026recv_bytes=397\u0026delivery_rate=0\u0026cwnd=243\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":179,"size_decoded":196,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T21:37:02.795767Z","times_seen":90091,"resource_available":true,"data":null}},"time_used":397,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":395,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"yakored3.net/favicon.ico","fqdn":"yakored3.net","domain":"yakored3.net","tld":"net"},"ip":{"addr":"104.17.39.51","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://yakored3.net/","date":"2025-02-21T14:15:40.360Z","timestamp":1740147340360,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: yakored3.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://yakored3.net/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 21 Feb 2025 14:15:40 GMT\r\nContent-Type: image/x-icon\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Wed, 08 Jan 2025 05:40:26 GMT\r\nCache-Control: public, max-age=31536000\r\nCF-Cache-Status: HIT\r\nAge: 19303\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=o5mRu8a%2B%2BLAXfeUUfwnUJgG7T7n7QyWnpdXee89IEeOPWPOGR43MudVoFDz1hwa8uODF8AN71UFimoMQfhf3NegL2RQBJLysX%2F8snu1S%2BCYXbsL3BV8Z7m2uumnU%2BgU%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9157598d39d2568d-OSL\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=495\u0026min_rtt=490\u0026rtt_var=145\u0026sent=4\u0026recv=6\u0026lost=0\u0026retrans=0\u0026sent_bytes=998\u0026recv_bytes=746\u0026delivery_rate=5199281\u0026cwnd=245\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1858,"size_decoded":15086,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"59446e50fbb39f37d4bc8d36b7c61216","sha1":"132e81bc69f73aed85089e577a4aa80ad81f2186","sha256":"b8382d40a5a02e1f58aa9c95d385b856698b0c40de6c67aa88a11e2f858ec950","sha512":"e2df82db34e81fce4b092c73d4caeb1f9ec3c2cfd35f1abd51177b3727e8f7af5e1c98330668ca017a0f471132e79fb912586c04a36b3f225a3e85e1cb0d8890","ssdeep":"48:jg+++++++++++++++++++++++++++++++++++++++++++++K+a0gL1tij87VsBtV:jg+yDGicOpBG5guQKSelH","tlshash":"39621dcef6a55134c97cee314d3688fa69befe80c891ce9a001bba54b53634761c206d","first_seen":"2023-05-08T13:39:02Z","last_seen":"2025-02-21T14:16:03.008448Z","times_seen":37,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}