{"report_id":"a757575c-2813-4190-a333-d369357b86b6","version":6,"status":"done","tags":[],"date":"2025-05-09T08:21:14Z","url":{"schema":"http","addr":"fortunepath.icu","fqdn":"fortunepath.icu","domain":"fortunepath.icu","tld":"icu"},"ip":{"addr":"35.237.130.38","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"fortunepath.icu/","fqdn":"fortunepath.icu","domain":"fortunepath.icu","tld":"icu"},"title":"404 Not Found"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-18T08:21:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"fortunepath.icu","ip":{"addr":"35.237.130.38","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2025-01-10","domain_rank":0,"first_seen":"2025-05-09T08:14:31.590842Z","last_seen":"2025-05-09T08:14:31.590842Z","alert_count":3,"request_count":3,"received_data":2712,"sent_data":1239,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-05-09T08:20:53Z","timestamp":1746778853,"ip_dst":{"addr":"35.237.130.38","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.13","port":57016,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2025-05-09T08:20:53.035616+0000\",\"flow_id\":1118610187902638,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":57016,\"dest_ip\":\"35.237.130.38\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"fortunepath.icu\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2810,\"start\":\"2025-05-09T08:20:52.810670+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-09","alert":"Sinkholed","trigger":"fortunepath.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-09","alert":"Sinkholed","trigger":"fortunepath.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-09","alert":"Sinkholed","trigger":"fortunepath.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"fortunepath.icu/favicon.ico","fqdn":"fortunepath.icu","domain":"fortunepath.icu","tld":"icu"},"ip":{"addr":"35.237.130.38","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"http://fortunepath.icu/","date":"2025-05-09T08:20:53.750Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: fortunepath.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://fortunepath.icu/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 09 May 2025 08:20:53 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 814\r\nConnection: keep-alive\r\nLast-Modified: Tue, 23 Apr 2024 05:28:37 GMT\r\nETag: \"66274705-32e\"\r\nExpires: Sun, 25 May 2025 17:45:16 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":814,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced","md5":"973e8dc3b11662098fc4ea0027feb1d7","sha1":"a458bc5e7fb5a9b4a61f8447026fc9b0d37af740","sha256":"4319df6394c456785fa2541669c7b83db2f658d43ab6610871d4487adf7b6c1c","sha512":"f20d7bbe2b38af33227913c809f2f058ca04c5764c011436183ebeca6270152cec36ddd2cdbf2881b501d3eb9d036537bc85683ada035bf54028368b5e5dacc1","ssdeep":"","tlshash":"a201caeb4ec91c06dd55b8bc551dd1c110f9900f5b3369477734d810323cf178c9a159","first_seen":"2023-11-18T20:21:53Z","last_seen":"2026-05-08T10:38:35.814227Z","times_seen":527,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-09","alert":"Sinkholed","trigger":"fortunepath.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fortunepath.icu/","fqdn":"fortunepath.icu","domain":"fortunepath.icu","tld":"icu"},"ip":{"addr":"35.237.130.38","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-09T08:20:52.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tracemonitorusa.life","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Apr 2025 02:47:49 GMT","end":"Wed, 09 Jul 2025 02:47:48 GMT"},"fingerprint":{"sha1":"24:B8:53:D2:05:44:F3:73:2A:9B:2C:15:4F:05:A1:3C:10:5F:3C:76","sha256":"45:07:E9:E7:93:FD:9C:14:ED:6F:0A:47:54:2A:1B:67:CE:88:74:2F:4A:65:B7:36:D2:10:66:AE:14:22:69:98"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: fortunepath.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Fri, 09 May 2025 08:20:53 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":562,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"0d46337758a1bfd324d034a6a913966b","sha1":"00a3686ca974c30b4a7dc5ccd5c037c7114055bd","sha256":"abcc0d6d68e0a466604e2dfba8e9e9508d15bb668502ec34b27b7aa57e007342","sha512":"ff37427397aa898f7363e0a1a83313af7306e79ec1ab486eab89a4cafd2e7c40f010bd30ec99a921627ad27286e56c386fac6a5a09a9f714870dc6216cc282e7","ssdeep":"","tlshash":"45f0f09f5f12287f2e238130f4c35168cf680a17fb9925e28748110f76ca04549f1fad","first_seen":"2023-04-21T15:43:40Z","last_seen":"2026-05-05T20:59:24.995854Z","times_seen":324,"resource_available":true,"data":null}},"time_used":720,"timings":{"blocked":275,"dns":1,"connect":111,"send":0,"wait":170,"receive":0,"ssl":161},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-09","alert":"Sinkholed","trigger":"fortunepath.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"fortunepath.icu/","fqdn":"fortunepath.icu","domain":"fortunepath.icu","tld":"icu"},"ip":{"addr":"35.237.130.38","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-09T08:20:53.365Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: fortunepath.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Fri, 09 May 2025 08:20:53 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":562,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"0d46337758a1bfd324d034a6a913966b","sha1":"00a3686ca974c30b4a7dc5ccd5c037c7114055bd","sha256":"abcc0d6d68e0a466604e2dfba8e9e9508d15bb668502ec34b27b7aa57e007342","sha512":"ff37427397aa898f7363e0a1a83313af7306e79ec1ab486eab89a4cafd2e7c40f010bd30ec99a921627ad27286e56c386fac6a5a09a9f714870dc6216cc282e7","ssdeep":"","tlshash":"45f0f09f5f12287f2e238130f4c35168cf680a17fb9925e28748110f76ca04549f1fad","first_seen":"2023-04-21T15:43:40Z","last_seen":"2026-05-05T20:59:24.995854Z","times_seen":324,"resource_available":true,"data":null}},"time_used":391,"timings":{"blocked":107,"dns":0,"connect":111,"send":0,"wait":172,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-09","alert":"Sinkholed","trigger":"fortunepath.icu","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}