{"report_id":"20166ea7-439d-48a4-8f09-812a98b8377a","version":6,"status":"done","tags":[],"date":"2026-04-18T10:06:45Z","url":{"schema":"http","addr":"track.extdl.icu/","fqdn":"track.extdl.icu","domain":"extdl.icu","tld":"icu"},"ip":{"addr":"168.119.211.149","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"http","addr":"track.extdl.icu/","fqdn":"track.extdl.icu","domain":"extdl.icu","tld":"icu"},"title":"track.extdl.icu/","dom":{"size":18477,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (18477), with no line terminators","md5":"c5fe9fd613f87fb1be0229f5d19deda1","sha1":"4ef454ff2fe7b494ebee216ce693b79d351ca63c","sha256":"df4946a3c42c2a316ebfa3b98568b293914a32055babae790b3c0fcbfc106a24","sha512":"9f3ff5340da19634cbeba4566c9249bcfa3652192f1941d91200d0d8ce4c52f575264b86c3a15569f0134fe481fdd4f93c6f1d70eb567f76d64b3924d8456209","ssdeep":"96:H5rFrLDjV+CZXUgpk5POtQw07/4P4lHFjSyD5ST2GuGMSTCOu:LDj9X04P4lHFjU4SO","tlshash":"94829fe17dd28c38f58516c8f0b1ee29a1d3f69bdce3d884e9d411f827caa94750d1a8","dom_hash":"domhash7ab352d6692773eeabe8bdf1dbd49c38","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"track.extdl.icu/","fqdn":"track.extdl.icu","domain":"extdl.icu","tld":"icu"},"ip":{"addr":"168.119.211.149","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-23T10:06:45Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-18T10:06:23Z","timestamp":1776506783,"ip_dst":{"addr":"5.9.5.210","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":60166,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2026-04-18T10:06:23.065846+0000\",\"flow_id\":2208956837409205,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.4\",\"src_port\":60166,\"dest_ip\":\"5.9.5.210\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"track.extdl.icu\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":917,\"bytes_toclient\":4368,\"start\":\"2026-04-18T10:06:22.995765+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"track.extdl.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"track.extdl.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"track.extdl.icu","ip":{"addr":"5.9.5.210","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":2,"received_data":768,"sent_data":884,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"track.extdl.icu/","fqdn":"track.extdl.icu","domain":"extdl.icu","tld":"icu"},"ip":{"addr":"5.9.5.210","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-18T10:06:22.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"track.extdl.icu","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Feb 2026 00:00:00 GMT","end":"Fri, 29 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"22:95:16:A4:CD:CC:30:A4:F1:94:28:F1:E4:3B:15:E1:F6:9B:7F:9D","sha256":"C6:71:33:F3:16:04:CF:8C:F5:7A:E1:97:52:7B:15:7F:4D:B2:E0:DC:70:33:E8:EB:C1:D4:7A:C1:39:A8:71:68"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: track.extdl.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 401 Unauthorized\r\nexpires: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\nx-xss-protection: 1; mode=block\r\npragma: no-cache\r\nx-frame-options: DENY\r\ndate: Sat, 18 Apr 2026 10:06:23 GMT\r\nvary: Access-Control-Request-Headers\r\nx-content-type-options: nosniff\r\ncontent-type: application/json\r\ncontent-length: 37\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"401","status_text":"Unauthorized","fingerprints":null,"data":{"size":37,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view","magic":"JSON text data","md5":"fa1df00da0ca1949694153fb5a81408d","sha1":"63ff4384d93e7e483a864be2cc35465fb7015782","sha256":"ac3c46eeb781b95872d344623860f0f75c2f3c37bb1abd9ba5294decfe1d279b","sha512":"5e15763648cc40d8c52a932550b3161a0f144b81490985809e0484d535b5afc7d4a7a2278d5f51a7884772051bf1ffd13649af32e1a2f1c951e92c5f6890a9ef","ssdeep":"","tlshash":"7180040005051d3ff3170115310c101544d5407cc14014534c1c433c41434c41003710","first_seen":"2023-05-06T05:24:59Z","last_seen":"2026-04-18T10:07:19.793286Z","times_seen":2223,"resource_available":true,"data":null}},"time_used":611,"timings":{"blocked":285,"dns":115,"connect":34,"send":0,"wait":40,"receive":0,"ssl":134},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"track.extdl.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"track.extdl.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"track.extdl.icu/","fqdn":"track.extdl.icu","domain":"extdl.icu","tld":"icu"},"ip":{"addr":"5.9.5.210","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-18T10:06:23.306Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: track.extdl.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 401 Unauthorized\r\nexpires: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\nx-xss-protection: 1; mode=block\r\npragma: no-cache\r\nx-frame-options: DENY\r\ndate: Sat, 18 Apr 2026 10:06:23 GMT\r\nvary: Access-Control-Request-Headers\r\nx-content-type-options: nosniff\r\ncontent-type: application/json\r\ncontent-length: 37\r\n\r\n","headers":null,"cookies":null,"status_code":"401","status_text":"Unauthorized","fingerprints":null,"data":{"size":37,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view","magic":"JSON text data","md5":"fa1df00da0ca1949694153fb5a81408d","sha1":"63ff4384d93e7e483a864be2cc35465fb7015782","sha256":"ac3c46eeb781b95872d344623860f0f75c2f3c37bb1abd9ba5294decfe1d279b","sha512":"5e15763648cc40d8c52a932550b3161a0f144b81490985809e0484d535b5afc7d4a7a2278d5f51a7884772051bf1ffd13649af32e1a2f1c951e92c5f6890a9ef","ssdeep":"","tlshash":"7180040005051d3ff3170115310c101544d5407cc14014534c1c433c41434c41003710","first_seen":"2023-05-06T05:24:59Z","last_seen":"2026-04-18T10:07:19.793286Z","times_seen":2223,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":30,"dns":1,"connect":34,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"track.extdl.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"track.extdl.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}