{"report_id":"6532bdf7-7e1e-4057-b096-5cfb7487c09d","version":6,"status":"done","tags":[],"date":"2026-03-01T00:27:13Z","url":{"schema":"http","addr":"dmv-ca.tudzk.icu","fqdn":"dmv-ca.tudzk.icu","domain":"tudzk.icu","tld":"icu"},"ip":{"addr":"172.67.197.142","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"dmv-ca.tudzk.icu/","fqdn":"dmv-ca.tudzk.icu","domain":"tudzk.icu","tld":"icu"},"title":"Welcome to OpenResty!","dom":{"size":128620,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (21701)","md5":"d3e91d61c0111eb95d17ed804d1b268a","sha1":"f0e9cc2f035e22aba4dedafde18af6097444722b","sha256":"278fcc893dc1eddb379f4e17d54d59682254b5afac0799b097558cafdf83efa9","sha512":"d27072849cf06d6793326c474651392a75d345da7c15f496d37cec112ac10c4f76e8a8d11502db70cd54f94c8c038ec949bac3faabdd6a959006e6bd6692979d","ssdeep":"3072:aI+edP2O+bkfAlfknyoC6CQGMEmGjwxTFO9AUVgiFgb1ech:2e1XKk4+y16tGErOAvcm1Lh","tlshash":"26c301f052e3290d5fd14462f8a46f8aae9b4a47dac29cb572cc4a4defdc898035f50d","dom_hash":"domhash4e172ad15285a069ca03b45c49097c90","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"dmv-ca.tudzk.icu","fqdn":"dmv-ca.tudzk.icu","domain":"tudzk.icu","tld":"icu"},"ip":{"addr":"172.67.197.142","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-05T00:27:13Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-01T00:26:49Z","timestamp":1772324809,"ip_dst":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56804,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2026-03-01T00:26:49.396248+0000\",\"flow_id\":1875584431549188,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.42\",\"src_port\":56804,\"dest_ip\":\"188.114.97.1\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"dmv-ca.tudzk.icu\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":918,\"bytes_toclient\":2678,\"start\":\"2026-03-01T00:26:49.387844+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"dmv-ca.tudzk.icu","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-27","domain_rank":0,"first_seen":"2026-02-27T22:28:30.92693Z","last_seen":"2026-02-27T22:28:30.92693Z","alert_count":0,"request_count":2,"received_data":130004,"sent_data":924,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"dmv-ca.tudzk.icu/","fqdn":"dmv-ca.tudzk.icu","domain":"tudzk.icu","tld":"icu"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-01T00:26:49.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tudzk.icu","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Feb 2026 12:10:02 GMT","end":"Thu, 28 May 2026 12:10:01 GMT"},"fingerprint":{"sha1":"88:EC:72:4A:AE:7E:77:69:1C:4B:9D:EE:7F:B7:BF:E7:73:3E:DC:83","sha256":"45:49:3D:26:D6:67:30:53:8E:33:D1:A4:A1:A5:9D:7E:6E:5D:74:38:73:C5:CF:62:51:43:B6:14:1A:AA:EE:29"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: dmv-ca.tudzk.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 01 Mar 2026 00:26:49 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 27 Feb 2026 09:33:53 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fL1NlUU79v6DIM9BpJO9AnaCRIic9K4hD74JDAoYztEuJueELYButnoXAc40PTj4sASsCoJMYnZEBSFUsywPMyPgvG99SXR87ctjP6f48FY%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9d54084acb310883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":128646,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (21703)","md5":"ea5d46b6f3e98c47da3c37f4fde94924","sha1":"837fd5e3bf8e56420333083d28ccf1c8ceb66a3c","sha256":"8d374d23d4bc454767b8d4eeda8c3020a4f878a29207e31d74f6a1e55d4b7c4b","sha512":"153f18f070bc285f7e40acf01270cf7ea412991237b1a8a05cd008f1defbb6bbe60f97d5672d1caee9b1a57d9f90efd10f691ea0a726d1573bb828b80c035a58","ssdeep":"3072:cI+eAP0O+bkftlfknyoC6CQGM3mGjwxTAO9nUVgiFgb1eco:weKJKkV+y16tGtrPnvcm1Lo","tlshash":"5cc301f052e3290d5fd14462f8a46f8abd9b4a87dac29cb572cc4a49efdc898035f50d","first_seen":"2024-02-26T17:39:06Z","last_seen":"2026-06-08T12:55:17.149226Z","times_seen":447,"resource_available":true,"data":null}},"time_used":355,"timings":{"blocked":54,"dns":38,"connect":1,"send":0,"wait":246,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmv-ca.tudzk.icu/favicon.ico","fqdn":"dmv-ca.tudzk.icu","domain":"tudzk.icu","tld":"icu"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dmv-ca.tudzk.icu/","date":"2026-03-01T00:26:49.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tudzk.icu","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Feb 2026 12:10:02 GMT","end":"Thu, 28 May 2026 12:10:01 GMT"},"fingerprint":{"sha1":"88:EC:72:4A:AE:7E:77:69:1C:4B:9D:EE:7F:B7:BF:E7:73:3E:DC:83","sha256":"45:49:3D:26:D6:67:30:53:8E:33:D1:A4:A1:A5:9D:7E:6E:5D:74:38:73:C5:CF:62:51:43:B6:14:1A:AA:EE:29"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: dmv-ca.tudzk.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dmv-ca.tudzk.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sun, 01 Mar 2026 00:26:50 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\nvary: Accept-Encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2IkzY37TYAR6AHLh3Zd%2FbJcfR%2FCTikD6nyL3KyGXSk2rXb8iQdZ7xJxC8BH7EqPqrRMHPrOjLkp%2FEt4mNdF%2F1zHxBDRKs9zABDsBOHWUcE8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9d54084e18e723eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"a6362fdf7b89ef682ac999be37962628","sha1":"f7b0aa3e1f989184042d276cff04f6cb8119fd9f","sha256":"da9f084f6ae275049c7ef113c1d67a63d0cd7cc23cabecc4fcb80bf93edd902e","sha512":"6b7b1fca60e7ace3cc3a8486c59fd7b0b369d6ead3e260946dced0819eb673d65ea9a225955c67dcaac3f9fd4d7ac9f424f065f5adc4c66060fe128548cba7bc","ssdeep":"","tlshash":"1dc02b2d64137c0c8663307676c370a0c1978337f57e41218440805730cf1998bc33ab","first_seen":"2026-02-28T20:19:07.990456Z","last_seen":"2026-06-02T13:45:38.764646Z","times_seen":386,"resource_available":true,"data":null}},"time_used":246,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}