{"report_id":"b4c82634-2470-4cac-b556-c3fb609680f7","version":6,"status":"done","tags":["pdf"],"date":"2025-09-08T13:37:45Z","url":{"schema":"http","addr":"api.fundinfo.com/document/c24672d2ed73e8e51e243dbc90e03fcd_504071/SAR_LU_en_LU0172366956_YES_2025-06-30.pdf?apiKey=c648f673-fad7-4477-b298-38d81499b2e2","fqdn":"api.fundinfo.com","domain":"fundinfo.com","tld":"com"},"ip":{"addr":"104.18.37.122","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"api.fundinfo.com/document/c24672d2ed73e8e51e243dbc90e03fcd_504071/SAR_LU_en_LU0172366956_YES_2025-06-30.pdf?apiKey=c648f673-fad7-4477-b298-38d81499b2e2","fqdn":"api.fundinfo.com","domain":"fundinfo.com","tld":"com"},"title":"SAR_LU_en_LU0172366956_YES_2025-06-30.pdf"},"submit":{"url":{"schema":"http","addr":"api.fundinfo.com/document/c24672d2ed73e8e51e243dbc90e03fcd_504071/SAR_LU_en_LU0172366956_YES_2025-06-30.pdf?apiKey=c648f673-fad7-4477-b298-38d81499b2e2","fqdn":"api.fundinfo.com","domain":"fundinfo.com","tld":"com"},"ip":{"addr":"104.18.37.122","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-13T13:37:45Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-08T13:37:17Z","timestamp":1757338637,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":37540,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-09-08T13:37:17.116784+0000\",\"flow_id\":2102282790666108,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":37540,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"0b2pmd.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":585,\"bytes_toclient\":116,\"start\":\"2025-09-08T13:32:36.753532+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-08T13:37:27Z","timestamp":1757338647,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":37396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-09-08T13:37:27.192454+0000\",\"flow_id\":2249265161192013,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":37396,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"0b2pmd.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":465,\"bytes_toclient\":116,\"start\":\"2025-09-08T13:32:32.541261+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"api.fundinfo.com","ip":{"addr":"104.18.37.122","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2002-05-28","domain_rank":0,"first_seen":"2015-07-30T06:30:05Z","last_seen":"2025-08-20T12:16:00.27879Z","alert_count":0,"request_count":1,"received_data":504822,"sent_data":619,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"c24672d2ed73e8e51e243dbc90e03fcd","sha1":"3495bf77d1168697d0b2847136e0ce3125d80add","sha256":"6f4254813945d31bde5ad36807d182a0b22c46ce27d5757e5fb4ab2853d9878a","sha512":"0dad2df86c0110ebff87e30bdaf6e5fb33fd06e02e49d13884018395c620c98ca3c88b86bdf8f0ac64d3c884f3c57dcf9c46f3d3842a667084929ae1bb62d1ab","magic":"PDF document, version 1.7, 26 page(s)","size":504071,"url":{"schema":"https","addr":"api.fundinfo.com/document/c24672d2ed73e8e51e243dbc90e03fcd_504071/SAR_LU_en_LU0172366956_YES_2025-06-30.pdf?apiKey=c648f673-fad7-4477-b298-38d81499b2e2","fqdn":"api.fundinfo.com","domain":"fundinfo.com","tld":"com"},"ip":{"addr":"104.18.37.122","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":[{"url":{"schema":"https","addr":"api.fundinfo.com/document/c24672d2ed73e8e51e243dbc90e03fcd_504071/SAR_LU_en_LU0172366956_YES_2025-06-30.pdf?apiKey=c648f673-fad7-4477-b298-38d81499b2e2","fqdn":"api.fundinfo.com","domain":"fundinfo.com","tld":"com"},"ip":{"addr":"104.18.37.122","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"md5":"c24672d2ed73e8e51e243dbc90e03fcd","sha1":"3495bf77d1168697d0b2847136e0ce3125d80add","sha256":"6f4254813945d31bde5ad36807d182a0b22c46ce27d5757e5fb4ab2853d9878a","sha512":"0dad2df86c0110ebff87e30bdaf6e5fb33fd06e02e49d13884018395c620c98ca3c88b86bdf8f0ac64d3c884f3c57dcf9c46f3d3842a667084929ae1bb62d1ab","magic":"PDF document, version 1.7, 26 page(s)","size":504071,"meta":{"version":"1.7","author":"Hohlmann, Pierre","title":"","subject":"","producer":"Microsoft® Word for Microsoft 365","creator":"Microsoft® Word for Microsoft 365","page_count":26},"extracted_urls":[{"page":2,"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""}},{"page":2,"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""}},{"page":2,"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""}},{"page":2,"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""}},{"page":2,"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""}},{"page":2,"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""}},{"page":2,"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""}}],"alerts":{"urlquery":null,"analyzer":null}}],"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-08T13:37:17Z","timestamp":1757338637,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":37540,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-09-08T13:37:17.116784+0000\",\"flow_id\":2102282790666108,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":37540,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"0b2pmd.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":585,\"bytes_toclient\":116,\"start\":\"2025-09-08T13:32:36.753532+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-08T13:37:27Z","timestamp":1757338647,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.7","port":37396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-09-08T13:37:27.192454+0000\",\"flow_id\":2249265161192013,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":37396,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"0b2pmd.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":465,\"bytes_toclient\":116,\"start\":\"2025-09-08T13:32:32.541261+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"api.fundinfo.com/document/c24672d2ed73e8e51e243dbc90e03fcd_504071/SAR_LU_en_LU0172366956_YES_2025-06-30.pdf?apiKey=c648f673-fad7-4477-b298-38d81499b2e2","fqdn":"api.fundinfo.com","domain":"fundinfo.com","tld":"com"},"ip":{"addr":"104.18.37.122","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-08T13:37:18.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.fundinfo.com","organization":"FE FUNDINFO (UK) LIMITED"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 30 Oct 2024 00:00:00 GMT","end":"Wed, 05 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"7D:7A:9C:14:4B:CA:EF:4D:BB:7F:17:AA:7F:9D:42:66:8D:9E:78:14","sha256":"E0:AC:2E:ED:E3:24:2C:97:A9:F7:64:B4:33:7B:21:26:0C:4D:28:E1:41:02:74:99:9F:6B:2F:E2:EC:A6:DC:5B"}}},"request":{"raw":"GET /document/c24672d2ed73e8e51e243dbc90e03fcd_504071/SAR_LU_en_LU0172366956_YES_2025-06-30.pdf?apiKey=c648f673-fad7-4477-b298-38d81499b2e2 HTTP/1.1\r\nHost: api.fundinfo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 08 Sep 2025 13:37:18 GMT\r\ncontent-type: application/pdf\r\ncontent-length: 504071\r\nserver: cloudflare\r\ncf-ray: 97bed6f86badb50b-OSL\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=10\r\ncontent-disposition: inline; filename=\"SAR_LU_en_LU0172366956_YES_2025-06-30.pdf\"\r\netag: 0x8DDE485BF704A40\r\nexpires: Mon, 08 Sep 2025 17:37:18 GMT\r\nlast-modified: Tue, 26 Aug 2025 09:48:45 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccess-control-expose-headers: Content-Disposition\r\ncontent-md5: wkZy0u1z6OUeJD28kOA/zQ==\r\nx-content-type-options: nosniff\r\nx-robots-tag: noindex\r\nvary: Accept-Encoding\r\nx-country: NO\r\nx-fi-int: false\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":504071,"size_decoded":0,"mime_type":"application/pdf","magic":"PDF document, version 1.7, 26 page(s)","md5":"c24672d2ed73e8e51e243dbc90e03fcd","sha1":"3495bf77d1168697d0b2847136e0ce3125d80add","sha256":"6f4254813945d31bde5ad36807d182a0b22c46ce27d5757e5fb4ab2853d9878a","sha512":"0dad2df86c0110ebff87e30bdaf6e5fb33fd06e02e49d13884018395c620c98ca3c88b86bdf8f0ac64d3c884f3c57dcf9c46f3d3842a667084929ae1bb62d1ab","ssdeep":"6144:KxcUsXoYYE506WS2pMRTORbVVZhslcxU3fKNAIsQj6/P8JisNxpV:6cUEoYLW6WSeMqBYgMKWIp6/UJVzpV","tlshash":"8fb428a0849d7cefc78653c05b2f3d6e74ad3232f2c95b192328d741026867b6647a4f","first_seen":"2025-09-08T13:37:47.407669Z","last_seen":"2025-09-08T13:37:47.407669Z","times_seen":1,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":17,"dns":1,"connect":1,"send":0,"wait":164,"receive":21,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}