{"report_id":"2c73d3ae-28e5-42be-8a87-236c4b21bd98","version":6,"status":"done","tags":[],"date":"2026-03-03T00:27:38Z","url":{"schema":"http","addr":"dmv-ca.dycpu.icu","fqdn":"dmv-ca.dycpu.icu","domain":"dycpu.icu","tld":"icu"},"ip":{"addr":"104.21.95.246","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"dmv-ca.dycpu.icu/","fqdn":"dmv-ca.dycpu.icu","domain":"dycpu.icu","tld":"icu"},"title":"Welcome to OpenResty!","dom":{"size":128620,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (21701)","md5":"d3e91d61c0111eb95d17ed804d1b268a","sha1":"f0e9cc2f035e22aba4dedafde18af6097444722b","sha256":"278fcc893dc1eddb379f4e17d54d59682254b5afac0799b097558cafdf83efa9","sha512":"d27072849cf06d6793326c474651392a75d345da7c15f496d37cec112ac10c4f76e8a8d11502db70cd54f94c8c038ec949bac3faabdd6a959006e6bd6692979d","ssdeep":"3072:aI+edP2O+bkfAlfknyoC6CQGMEmGjwxTFO9AUVgiFgb1ech:2e1XKk4+y16tGErOAvcm1Lh","tlshash":"26c301f052e3290d5fd14462f8a46f8aae9b4a47dac29cb572cc4a4defdc898035f50d","dom_hash":"domhash4e172ad15285a069ca03b45c49097c90","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"dmv-ca.dycpu.icu","fqdn":"dmv-ca.dycpu.icu","domain":"dycpu.icu","tld":"icu"},"ip":{"addr":"104.21.95.246","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-07T00:27:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-03T00:27:17Z","timestamp":1772497637,"ip_dst":{"addr":"104.21.95.246","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":35966,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2026-03-03T00:27:17.192304+0000\",\"flow_id\":2044965645832086,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.48\",\"src_port\":35966,\"dest_ip\":\"104.21.95.246\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"dmv-ca.dycpu.icu\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":918,\"bytes_toclient\":2678,\"start\":\"2026-03-03T00:27:17.184214+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"dmv-ca.dycpu.icu","ip":{"addr":"104.21.95.246","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-03-02","domain_rank":0,"first_seen":"2026-03-03T00:07:19.954197Z","last_seen":"2026-03-03T00:07:19.954197Z","alert_count":0,"request_count":2,"received_data":130010,"sent_data":924,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"dmv-ca.dycpu.icu/","fqdn":"dmv-ca.dycpu.icu","domain":"dycpu.icu","tld":"icu"},"ip":{"addr":"104.21.95.246","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-03T00:27:17.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dycpu.icu","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Mar 2026 11:10:27 GMT","end":"Sun, 31 May 2026 11:10:26 GMT"},"fingerprint":{"sha1":"68:91:0A:80:7B:19:32:B2:93:81:6C:24:F9:6D:A6:38:20:44:DE:F4","sha256":"9D:9A:66:41:B3:E4:BC:04:13:EF:5D:64:7A:C2:65:A5:83:40:73:75:3F:95:01:02:7F:74:7B:76:E2:EE:E3:CE"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: dmv-ca.dycpu.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 03 Mar 2026 00:27:17 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Feb 2026 09:33:53 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0aT9FAxnkeLpi9ZAWhdaUbFkoxksaM5lkNiXsoYDSSz27cAUzlkLLCNUf%2FFb653e2ahE%2BaGpehTXs6vlN%2BfgEZpwwibjNbwahel%2BZU6iiEg%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9d6483b87a0b0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":128646,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (21703)","md5":"ea5d46b6f3e98c47da3c37f4fde94924","sha1":"837fd5e3bf8e56420333083d28ccf1c8ceb66a3c","sha256":"8d374d23d4bc454767b8d4eeda8c3020a4f878a29207e31d74f6a1e55d4b7c4b","sha512":"153f18f070bc285f7e40acf01270cf7ea412991237b1a8a05cd008f1defbb6bbe60f97d5672d1caee9b1a57d9f90efd10f691ea0a726d1573bb828b80c035a58","ssdeep":"3072:cI+eAP0O+bkftlfknyoC6CQGM3mGjwxTAO9nUVgiFgb1eco:weKJKkV+y16tGtrPnvcm1Lo","tlshash":"5cc301f052e3290d5fd14462f8a46f8abd9b4a87dac29cb572cc4a49efdc898035f50d","first_seen":"2024-02-26T17:39:06Z","last_seen":"2026-06-08T12:55:17.149226Z","times_seen":447,"resource_available":true,"data":null}},"time_used":308,"timings":{"blocked":36,"dns":20,"connect":1,"send":0,"wait":235,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmv-ca.dycpu.icu/favicon.ico","fqdn":"dmv-ca.dycpu.icu","domain":"dycpu.icu","tld":"icu"},"ip":{"addr":"104.21.95.246","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dmv-ca.dycpu.icu/","date":"2026-03-03T00:27:17.696Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dycpu.icu","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Mar 2026 11:10:27 GMT","end":"Sun, 31 May 2026 11:10:26 GMT"},"fingerprint":{"sha1":"68:91:0A:80:7B:19:32:B2:93:81:6C:24:F9:6D:A6:38:20:44:DE:F4","sha256":"9D:9A:66:41:B3:E4:BC:04:13:EF:5D:64:7A:C2:65:A5:83:40:73:75:3F:95:01:02:7F:74:7B:76:E2:EE:E3:CE"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: dmv-ca.dycpu.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dmv-ca.dycpu.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Tue, 03 Mar 2026 00:27:17 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mtn4jNyUVXs%2Fxj1K4ozDEl9g6SQRLZnTctZuvQEhxLFVuBooSg5PYzxjgxC11S0tH5TaHVr%2FDRV6iv2ZMYV6X6tnczpgxb6kIRe%2B2di8ESs%3D\"}]}\r\npriority: u=6,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d6483bb9c220731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"a6362fdf7b89ef682ac999be37962628","sha1":"f7b0aa3e1f989184042d276cff04f6cb8119fd9f","sha256":"da9f084f6ae275049c7ef113c1d67a63d0cd7cc23cabecc4fcb80bf93edd902e","sha512":"6b7b1fca60e7ace3cc3a8486c59fd7b0b369d6ead3e260946dced0819eb673d65ea9a225955c67dcaac3f9fd4d7ac9f424f065f5adc4c66060fe128548cba7bc","ssdeep":"","tlshash":"1dc02b2d64137c0c8663307676c370a0c1978337f57e41218440805730cf1998bc33ab","first_seen":"2026-02-28T20:19:07.990456Z","last_seen":"2026-06-02T13:45:38.764646Z","times_seen":386,"resource_available":true,"data":null}},"time_used":239,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":239,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}