{"report_id":"b277c7be-a6e4-4c7a-8f90-155d777a51c4","version":6,"status":"done","tags":[],"date":"2025-07-23T16:38:51Z","url":{"schema":"http","addr":"duavn.link/","fqdn":"duavn.link","domain":"duavn.link","tld":"link"},"ip":{"addr":"172.67.137.219","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"duavn.link/","fqdn":"duavn.link","domain":"duavn.link","tld":"link"},"title":"duavn.link/"},"submit":{"url":{"schema":"http","addr":"duavn.link/","fqdn":"duavn.link","domain":"duavn.link","tld":"link"},"ip":{"addr":"172.67.137.219","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-08-27T16:38:51Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"duavn.link","ip":{"addr":"172.67.137.219","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-14","domain_rank":0,"first_seen":"2025-07-23T16:38:51.187944Z","last_seen":"2025-07-23T16:38:51.187944Z","alert_count":3,"request_count":3,"received_data":1749,"sent_data":1219,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-23T16:38:29Z","timestamp":1753288709,"ip_dst":{"addr":"172.67.137.219","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.23","port":45400,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2025-07-23T16:38:29.314306+0000\",\"flow_id\":1643800217094247,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":45400,\"dest_ip\":\"172.67.137.219\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"duavn.link\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":109},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":890,\"start\":\"2025-07-23T16:38:29.231527+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-07-23T16:38:29Z","timestamp":1753288709,"ip_dst":{"addr":"172.67.137.219","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.23","port":45400,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2025-07-23T16:38:29.527067+0000\",\"flow_id\":1643800217094247,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":45400,\"dest_ip\":\"172.67.137.219\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"duavn.link\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://duavn.link/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":502,\"length\":68},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1210,\"bytes_toclient\":1527,\"start\":\"2025-07-23T16:38:29.231527+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"duavn.link/","fqdn":"duavn.link","domain":"duavn.link","tld":"link"},"ip":{"addr":"172.67.137.219","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-23T16:38:28.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"duavn.link","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Jun 2025 10:46:46 GMT","end":"Sun, 07 Sep 2025 11:44:15 GMT"},"fingerprint":{"sha1":"51:07:12:A9:4E:AE:61:DA:E0:4A:D5:4A:81:CA:4D:5A:DE:7C:CC:78","sha256":"F7:F2:08:46:63:9B:3E:0B:55:BA:4C:99:B1:62:90:2A:AF:11:17:BC:35:0C:83:14:E0:82:07:F1:0D:DA:49:1A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: duavn.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Wed, 23 Jul 2025 16:38:29 GMT\r\ncontent-type: text/html\r\ncache-control: no-cache\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d%2F%2Bkhj7MPi7kalYmNlRGJFSPzQccB%2BbbQJ8KS%2Bhcq%2BFMuUN4F6mUqtZaII%2FNcOHJ30ciwhrSPIeLVA%2Bo2omLuymeh9S7r9ak\"}]}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 963c9bbf3c2c56be-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":94,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"e96ddceb1c305b9ad21eaae42522c26f","sha1":"ad08ae39a71ed5ba992b8b5dabc450d046354696","sha256":"9221cfedfc5e03790f46c7890bca21fcc47c5788d89dab0aa0799c492b6ae78a","sha512":"1cc850f76467645447e9935f4de13ede698727b4fb598c7bd36de2779596d8b5a85cb94b0cf1fb2259ad1d988f1f199e3f4c310dfdc22fcdd378b8e773f0dbd5","ssdeep":"","tlshash":"bdb012cf360e0d0cbb9307d24dc71bb01c2e836c2c46001027859a333400075cda71cd","first_seen":"2023-04-09T07:10:46Z","last_seen":"2026-04-04T06:32:06.034532Z","times_seen":4585,"resource_available":true,"data":null}},"time_used":178,"timings":{"blocked":34,"dns":1,"connect":1,"send":0,"wait":109,"receive":0,"ssl":29},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-23T16:38:29Z","timestamp":1753288709,"ip_dst":{"addr":"172.67.137.219","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.23","port":45400,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2025-07-23T16:38:29.314306+0000\",\"flow_id\":1643800217094247,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":45400,\"dest_ip\":\"172.67.137.219\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"duavn.link\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":109},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":890,\"start\":\"2025-07-23T16:38:29.231527+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"duavn.link/","fqdn":"duavn.link","domain":"duavn.link","tld":"link"},"ip":{"addr":"172.67.137.219","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-07-23T16:38:29.232Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: duavn.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Wed, 23 Jul 2025 16:38:29 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\nCf-Cache-Status: DYNAMIC\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YMslqUJpyRqenmi3YUxSOyY1UJNX5r7%2Fcsj6S3v3UMPA%2BrARatpCzrgchlxAPJNGHjqmzWT780IOjBvTcGJ8PWKIfrCnctEf\"}]}\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 963c9bc0cf4cb4ee-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":null,"data":{"size":94,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"e96ddceb1c305b9ad21eaae42522c26f","sha1":"ad08ae39a71ed5ba992b8b5dabc450d046354696","sha256":"9221cfedfc5e03790f46c7890bca21fcc47c5788d89dab0aa0799c492b6ae78a","sha512":"1cc850f76467645447e9935f4de13ede698727b4fb598c7bd36de2779596d8b5a85cb94b0cf1fb2259ad1d988f1f199e3f4c310dfdc22fcdd378b8e773f0dbd5","ssdeep":"","tlshash":"bdb012cf360e0d0cbb9307d24dc71bb01c2e836c2c46001027859a333400075cda71cd","first_seen":"2023-04-09T07:10:46Z","last_seen":"2026-04-04T06:32:06.034532Z","times_seen":4585,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-23T16:38:29Z","timestamp":1753288709,"ip_dst":{"addr":"172.67.137.219","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.23","port":45400,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2025-07-23T16:38:29.314306+0000\",\"flow_id\":1643800217094247,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":45400,\"dest_ip\":\"172.67.137.219\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"duavn.link\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":109},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":667,\"bytes_toclient\":890,\"start\":\"2025-07-23T16:38:29.231527+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"duavn.link/favicon.ico","fqdn":"duavn.link","domain":"duavn.link","tld":"link"},"ip":{"addr":"172.67.137.219","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"http://duavn.link/","date":"2025-07-23T16:38:29.457Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: duavn.link\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://duavn.link/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 502 Bad Gateway\r\nDate: Wed, 23 Jul 2025 16:38:29 GMT\r\nContent-Length: 68\r\nConnection: keep-alive\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nReferrer-Policy: same-origin\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nProxy-Status: Cloudflare-Proxy;error=http_protocol_error\r\nCf-Ray: 963c9bc22949b4ee-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"502","status_text":"Bad Gateway","fingerprints":null,"data":{"size":68,"size_decoded":0,"mime_type":"image/x-icon","magic":"ASCII text, with no line terminators","md5":"0d179164365e7c0a74512a2ceb1a2b79","sha1":"8ee06c3541f05c81da1a728119d3ea40ae91ec53","sha256":"39a830002ceb6483fd6dcc942eaa1baaaec644357790b4c3d28a76bb18d914ba","sha512":"271cb68106f64bc80222c334e460a50d1e4fdb6d5c7113257c68cb1ec0ba0d8302158418ca6e160df6cd4c6149ddf87a1b229e9c6f6a32d34c3f05dd65cf3d3f","ssdeep":"","tlshash":"a1a0223222c202023ae8a08c3c0023a22ec0b808a320003228b2c03e23c083a203af23","first_seen":"2025-04-10T04:12:55.969891Z","last_seen":"2025-12-20T12:51:55.169003Z","times_seen":268,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-07-23T16:38:29Z","timestamp":1753288709,"ip_dst":{"addr":"172.67.137.219","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.23","port":45400,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.link domain","source":"{\"timestamp\":\"2025-07-23T16:38:29.527067+0000\",\"flow_id\":1643800217094247,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":45400,\"dest_ip\":\"172.67.137.219\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858678,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.link domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"duavn.link\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_refer\":\"http://duavn.link/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":502,\"length\":68},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1210,\"bytes_toclient\":1527,\"start\":\"2025-07-23T16:38:29.231527+0000\"}}"}],"analyzer":null,"urlquery":null}}]}