{"report_id":"f64b8cda-e514-4835-a8e9-2557810aa77c","version":6,"status":"done","tags":[],"date":"2024-05-23T03:55:01Z","url":{"schema":"http","addr":"download.kflmgzs.com/upfile/%E6%B0%B8%E5%B1%85%E8%AF%81%E9%80%9A%E7%94%A8%E8%AF%BB%E5%8D%A1%E7%A8%8B%E5%BA%8F/hsDll/license.dat","fqdn":"download.kflmgzs.com","domain":"kflmgzs.com","tld":"com"},"ip":{"addr":"139.159.140.66","port":0,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T15:57:08Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"download.kflmgzs.com","ip":{"addr":"139.159.140.66","port":80,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":2224,"sent_data":497,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-05-23T03:54:34Z","timestamp":1716436474,"ip_dst":{"addr":"192.169.69.25","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":48316,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2024-05-23T03:54:34.069412+0000\",\"flow_id\":1818363486251350,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":48316,\"dest_ip\":\"192.169.69.25\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"office365update.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":462,\"bytes_toclient\":116,\"start\":\"2024-05-23T03:53:15.043350+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-23T03:54:41Z","timestamp":1716436481,"ip_dst":{"addr":"192.169.69.25","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":48266,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2024-05-23T03:54:41.260415+0000\",\"flow_id\":654092341455441,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":48266,\"dest_ip\":\"192.169.69.25\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"office365update.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":462,\"bytes_toclient\":116,\"start\":\"2024-05-23T03:53:13.043601+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-05-23T03:54:50Z","timestamp":1716436490,"ip_dst":{"addr":"192.169.69.25","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":48350,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2024-05-23T03:54:50.186203+0000\",\"flow_id\":842413772692491,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.21\",\"src_port\":48350,\"dest_ip\":\"192.169.69.25\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"office365update.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":582,\"bytes_toclient\":116,\"start\":\"2024-05-23T03:53:16.973835+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"download.kflmgzs.com/upfile/%E6%B0%B8%E5%B1%85%E8%AF%81%E9%80%9A%E7%94%A8%E8%AF%BB%E5%8D%A1%E7%A8%8B%E5%BA%8F/hsDll/license.dat","fqdn":"download.kflmgzs.com","domain":"kflmgzs.com","tld":"com"},"ip":{"addr":"139.159.140.66","port":80,"asn":55990,"as":"Huawei Cloud Service data center","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-23T03:54:36.412Z","timestamp":1716436476412,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /upfile/%E6%B0%B8%E5%B1%85%E8%AF%81%E9%80%9A%E7%94%A8%E8%AF%BB%E5%8D%A1%E7%A8%8B%E5%BA%8F/hsDll/license.dat HTTP/1.1\r\nHost: download.kflmgzs.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.0\r\nDate: Thu, 23 May 2024 03:54:36 GMT\r\nContent-Length: 2048\r\nConnection: keep-alive\r\nContent-Disposition: attachment;filename=license.dat\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2048,"size_decoded":2048,"mime_type":"text/plain","magic":"ASCII text, with very long lines (2048), with no line terminators","md5":"1142856b87b970379b862d0d51efed3d","sha1":"f938b1fc25f16e456329c041f6ec74c7f6ed8197","sha256":"f17ff96267bec46238bb65876f151d27a670ed9ca39e5adb9df3fe5e7671676f","sha512":"5747a53965f2ab0b3527b85d3c73e183ba18d06b0ba1c29fb30d9aeb6ccc9fa470b4b630e97ff4d5311495dfdf0f7d88f9941d8c29db1dbbddd601b7e3ce546d","ssdeep":"","tlshash":"6041e87d28051053551faa2ae95e34db83f607926ee2c4531ce2ded100737f9ee2ae40","first_seen":"2024-08-19T22:09:09.683403Z","last_seen":"2024-08-19T22:09:09.683403Z","times_seen":1,"resource_available":false,"data":null}},"time_used":777,"timings":{"blocked":252,"dns":1,"connect":262,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}