{"report_id":"9dcb5cc4-3a8b-4192-86d2-20bb3f74656b","version":6,"status":"done","tags":[],"date":"2025-05-14T17:34:15Z","url":{"schema":"http","addr":"int.dewrain.life","fqdn":"int.dewrain.life","domain":"dewrain.life","tld":"life"},"ip":{"addr":"34.160.223.119","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"int.dewrain.life/","fqdn":"int.dewrain.life","domain":"dewrain.life","tld":"life"},"title":"int.dewrain.life/"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-23T17:34:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"int.dewrain.life","ip":{"addr":"34.160.223.119","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2021-03-11","domain_rank":12266,"first_seen":"2025-05-14T17:34:15.717061Z","last_seen":"2025-05-14T17:34:15.717061Z","alert_count":3,"request_count":3,"received_data":1140,"sent_data":1243,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-05-14T17:33:54Z","timestamp":1747244034,"ip_dst":{"addr":"34.160.223.119","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.11","port":57316,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2025-05-14T17:33:54.836732+0000\",\"flow_id\":902775617779411,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.11\",\"src_port\":57316,\"dest_ip\":\"34.160.223.119\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"int.dewrain.life\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":19},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":673,\"bytes_toclient\":561,\"start\":\"2025-05-14T17:33:54.751315+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-05-14T17:33:55Z","timestamp":1747244035,"ip_dst":{"addr":"34.160.223.119","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.11","port":57316,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2025-05-14T17:33:55.000463+0000\",\"flow_id\":902775617779411,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.11\",\"src_port\":57316,\"dest_ip\":\"34.160.223.119\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"int.dewrain.life\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_refer\":\"http://int.dewrain.life/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":19},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1162,\"bytes_toclient\":1048,\"start\":\"2025-05-14T17:33:54.751315+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"int.dewrain.life/","fqdn":"int.dewrain.life","domain":"dewrain.life","tld":"life"},"ip":{"addr":"34.160.223.119","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-14T17:33:54.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"int.akisinn.info","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 06 Mar 2025 00:00:00 GMT","end":"Sun, 15 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7B:DF:25:1F:D9:66:4B:CA:13:6D:C8:8D:D0:B1:C9:17:8C:D3:A0:45","sha256":"A7:4C:B2:72:BC:60:31:8D:CC:0E:2B:57:45:BE:5C:8D:92:B2:74:0F:BC:E5:B4:48:D6:6B:A8:9E:28:70:8F:74"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: int.dewrain.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/plain; charset=utf-8\r\nvary: Origin\r\nx-content-type-options: nosniff\r\ndate: Wed, 14 May 2025 17:33:54 GMT\r\ncontent-length: 19\r\nx-envoy-upstream-service-time: 0\r\nserver: istio-envoy\r\nx-envoy-decorator-operation: mci-api-mcs-svc-b68iq0a0m2yu840s.kvinit.svc.cluster.local:80/*\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":19,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"595e88012a6521aae3e12cbebe76eb9e","sha1":"da3968197e7bf67aa45a77515b52ba2710c5fc34","sha256":"b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793","sha512":"fd13c580d15cc5e8b87d97ead633209930e00e85c113c776088e246b47f140efe99bdf6ab02070677445db65410f7e62ec23c71182f9f78e9d0e1b9f7fda0dc3","ssdeep":"","tlshash":"1270000c0a0202082020002822800020080802022a802220000aa00882008000800888","first_seen":"2023-04-05T03:13:11Z","last_seen":"2026-04-20T12:39:52.479925Z","times_seen":30613,"resource_available":true,"data":null}},"time_used":382,"timings":{"blocked":161,"dns":38,"connect":25,"send":0,"wait":59,"receive":0,"ssl":96},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-05-14T17:33:54Z","timestamp":1747244034,"ip_dst":{"addr":"34.160.223.119","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.11","port":57316,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2025-05-14T17:33:54.836732+0000\",\"flow_id\":902775617779411,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.11\",\"src_port\":57316,\"dest_ip\":\"34.160.223.119\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"int.dewrain.life\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":19},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":673,\"bytes_toclient\":561,\"start\":\"2025-05-14T17:33:54.751315+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"int.dewrain.life/","fqdn":"int.dewrain.life","domain":"dewrain.life","tld":"life"},"ip":{"addr":"34.160.223.119","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-14T17:33:54.755Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: int.dewrain.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\ncontent-type: text/plain; charset=utf-8\r\nvary: Origin\r\nx-content-type-options: nosniff\r\ndate: Wed, 14 May 2025 17:33:54 GMT\r\nContent-Length: 19\r\nx-envoy-upstream-service-time: 0\r\nserver: istio-envoy\r\nx-envoy-decorator-operation: mci-api-mcs-svc-b68iq0a0m2yu840s.kvinit.svc.cluster.local:80/*\r\nVia: 1.1 google\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":19,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"595e88012a6521aae3e12cbebe76eb9e","sha1":"da3968197e7bf67aa45a77515b52ba2710c5fc34","sha256":"b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793","sha512":"fd13c580d15cc5e8b87d97ead633209930e00e85c113c776088e246b47f140efe99bdf6ab02070677445db65410f7e62ec23c71182f9f78e9d0e1b9f7fda0dc3","ssdeep":"","tlshash":"1270000c0a0202082020002822800020080802022a802220000aa00882008000800888","first_seen":"2023-04-05T03:13:11Z","last_seen":"2026-04-20T12:39:52.479925Z","times_seen":30613,"resource_available":true,"data":null}},"time_used":107,"timings":{"blocked":22,"dns":0,"connect":26,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-05-14T17:33:54Z","timestamp":1747244034,"ip_dst":{"addr":"34.160.223.119","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.11","port":57316,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2025-05-14T17:33:54.836732+0000\",\"flow_id\":902775617779411,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.11\",\"src_port\":57316,\"dest_ip\":\"34.160.223.119\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"int.dewrain.life\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":19},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":673,\"bytes_toclient\":561,\"start\":\"2025-05-14T17:33:54.751315+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"int.dewrain.life/favicon.ico","fqdn":"int.dewrain.life","domain":"dewrain.life","tld":"life"},"ip":{"addr":"34.160.223.119","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"http://int.dewrain.life/","date":"2025-05-14T17:33:54.943Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: int.dewrain.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://int.dewrain.life/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\ncontent-type: text/plain; charset=utf-8\r\nvary: Origin\r\nx-content-type-options: nosniff\r\ndate: Wed, 14 May 2025 17:33:54 GMT\r\nContent-Length: 19\r\nx-envoy-upstream-service-time: 0\r\nserver: istio-envoy\r\nx-envoy-decorator-operation: mci-api-mcs-svc-b68iq0a0m2yu840s.kvinit.svc.cluster.local:80/*\r\nVia: 1.1 google\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":19,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"595e88012a6521aae3e12cbebe76eb9e","sha1":"da3968197e7bf67aa45a77515b52ba2710c5fc34","sha256":"b16e15764b8bc06c5c3f9f19bc8b99fa48e7894aa5a6ccdad65da49bbf564793","sha512":"fd13c580d15cc5e8b87d97ead633209930e00e85c113c776088e246b47f140efe99bdf6ab02070677445db65410f7e62ec23c71182f9f78e9d0e1b9f7fda0dc3","ssdeep":"","tlshash":"1270000c0a0202082020002822800020080802022a802220000aa00882008000800888","first_seen":"2023-04-05T03:13:11Z","last_seen":"2026-04-20T12:39:52.479925Z","times_seen":30613,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":64,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-05-14T17:33:55Z","timestamp":1747244035,"ip_dst":{"addr":"34.160.223.119","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.11","port":57316,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2025-05-14T17:33:55.000463+0000\",\"flow_id\":902775617779411,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.11\",\"src_port\":57316,\"dest_ip\":\"34.160.223.119\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"int.dewrain.life\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/plain\",\"http_refer\":\"http://int.dewrain.life/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":19},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1162,\"bytes_toclient\":1048,\"start\":\"2025-05-14T17:33:54.751315+0000\"}}"}],"analyzer":null,"urlquery":null}}]}