{"report_id":"d0500456-fd5a-49d5-a288-bddef597e998","version":6,"status":"done","tags":[],"date":"2026-03-28T02:41:45Z","url":{"schema":"http","addr":"ca.gov-mna.cfd/dmv","fqdn":"ca.gov-mna.cfd","domain":"gov-mna.cfd","tld":"cfd"},"ip":{"addr":"43.165.68.78","port":0,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"https","addr":"ca.gov-mna.cfd/dmv/","fqdn":"ca.gov-mna.cfd","domain":"gov-mna.cfd","tld":"cfd"},"title":"Access Denied","dom":{"size":1772,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"eaae9451d54c06c165e8f18e9fadf84a","sha1":"e09f50d1d566b2d6fd8bcde59e50935c986245b7","sha256":"f21004e892f1b7ec545bb63bb8bd0dc0d8bd29fb55aa643081f63b5039dbbf1d","sha512":"fe1fa49863f8169f0bd267de9e68b9713b98072f83e5e35f8490ee2c2e2d21cf4bd49d6828cabc74dc04360c3b4a2092577f4e85419bec88afccb1baa4def16d","ssdeep":"","tlshash":"3431cb87aae704067843e4546fb2a7022a84d917c25adf723f8c63a8cf869c48c9370c","dom_hash":"domhashb0edbcced89fac88c05e85c0f23b2eda","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ca.gov-mna.cfd/dmv","fqdn":"ca.gov-mna.cfd","domain":"gov-mna.cfd","tld":"cfd"},"ip":{"addr":"43.165.68.78","port":0,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-02T02:41:45Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"ca.gov-mna.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"ca.gov-mna.cfd","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ca.gov-mna.cfd","ip":{"addr":"43.165.68.78","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2026-03-26","domain_rank":0,"first_seen":"2026-03-26T21:35:44.388131Z","last_seen":"2026-03-26T21:35:44.388131Z","alert_count":6,"request_count":3,"received_data":4309,"sent_data":1412,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.29.2.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"ca.gov-mna.cfd/dmv","fqdn":"ca.gov-mna.cfd","domain":"gov-mna.cfd","tld":"cfd"},"ip":{"addr":"43.165.68.78","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-28T02:41:23.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ca.gov-mna.cfd","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:28:54 GMT","end":"Thu, 25 Jun 2026 11:28:53 GMT"},"fingerprint":{"sha1":"AE:1D:94:07:47:0A:3E:9D:F0:23:C8:95:94:05:30:5E:B4:0A:11:31","sha256":"AC:4F:E5:96:25:EE:B6:BB:E0:04:19:BB:CE:FB:55:33:F5:59:8E:ED:07:94:BA:73:2A:43:70:D6:59:AA:3B:1A"}}},"request":{"raw":"GET /dmv HTTP/1.1\r\nHost: ca.gov-mna.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nserver: openresty/1.29.2.1\r\ndate: Sat, 28 Mar 2026 02:41:23 GMT\r\ncontent-type: text/html\r\ncontent-length: 175\r\nlocation: https://ca.gov-mna.cfd/dmv/\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"OpenResty:1.29.2.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1789,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T21:09:45.625607Z","times_seen":16191656,"resource_available":true,"data":null}},"time_used":559,"timings":{"blocked":234,"dns":37,"connect":93,"send":0,"wait":92,"receive":0,"ssl":101},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"ca.gov-mna.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"ca.gov-mna.cfd","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ca.gov-mna.cfd/dmv/","fqdn":"ca.gov-mna.cfd","domain":"gov-mna.cfd","tld":"cfd"},"ip":{"addr":"43.165.68.78","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-28T02:41:24.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ca.gov-mna.cfd","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:28:54 GMT","end":"Thu, 25 Jun 2026 11:28:53 GMT"},"fingerprint":{"sha1":"AE:1D:94:07:47:0A:3E:9D:F0:23:C8:95:94:05:30:5E:B4:0A:11:31","sha256":"AC:4F:E5:96:25:EE:B6:BB:E0:04:19:BB:CE:FB:55:33:F5:59:8E:ED:07:94:BA:73:2A:43:70:D6:59:AA:3B:1A"}}},"request":{"raw":"GET /dmv/ HTTP/1.1\r\nHost: ca.gov-mna.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.29.2.1\r\ndate: Sat, 28 Mar 2026 02:41:24 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.29.2.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1789,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"8017582e7f945bc0ad37f9c523c8515e","sha1":"497eab1d30f47002d6284da79dd7143c1f6674a0","sha256":"2df2c07e3250c614962b139c6cff8ffa1e6adfc7e61443caff6f892dcfc28577","sha512":"a8b60d35fa3da891e5ec7ed38a7a910532676d190717ee7db9715599dce49f7bb9353d87863ab8b83a37ab46fdbe4b6969e9aaa525a411f05b15c2f36aeb4710","ssdeep":"","tlshash":"b731ab876ae704027843e4546fb267022a85da57c65adb623f8c63a88f869c48c9370c","first_seen":"2026-03-28T02:41:45.777715Z","last_seen":"2026-03-28T02:41:45.777715Z","times_seen":1,"resource_available":false,"data":null}},"time_used":826,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":826,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"ca.gov-mna.cfd","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"ca.gov-mna.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ca.gov-mna.cfd/favicon.ico","fqdn":"ca.gov-mna.cfd","domain":"gov-mna.cfd","tld":"cfd"},"ip":{"addr":"43.165.68.78","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ca.gov-mna.cfd/dmv/","date":"2026-03-28T02:41:25.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ca.gov-mna.cfd","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 11:28:54 GMT","end":"Thu, 25 Jun 2026 11:28:53 GMT"},"fingerprint":{"sha1":"AE:1D:94:07:47:0A:3E:9D:F0:23:C8:95:94:05:30:5E:B4:0A:11:31","sha256":"AC:4F:E5:96:25:EE:B6:BB:E0:04:19:BB:CE:FB:55:33:F5:59:8E:ED:07:94:BA:73:2A:43:70:D6:59:AA:3B:1A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ca.gov-mna.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ca.gov-mna.cfd/dmv/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty/1.29.2.1\r\ndate: Sat, 28 Mar 2026 02:41:25 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty:1.29.2.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"a6362fdf7b89ef682ac999be37962628","sha1":"f7b0aa3e1f989184042d276cff04f6cb8119fd9f","sha256":"da9f084f6ae275049c7ef113c1d67a63d0cd7cc23cabecc4fcb80bf93edd902e","sha512":"6b7b1fca60e7ace3cc3a8486c59fd7b0b369d6ead3e260946dced0819eb673d65ea9a225955c67dcaac3f9fd4d7ac9f424f065f5adc4c66060fe128548cba7bc","ssdeep":"","tlshash":"1dc02b2d64137c0c8663307676c370a0c1978337f57e41218440805730cf1998bc33ab","first_seen":"2026-02-28T20:19:07.990456Z","last_seen":"2026-06-02T13:45:38.764646Z","times_seen":386,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-28","alert":"Phishing Block","trigger":"ca.gov-mna.cfd","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-28","alert":"Sinkholed","trigger":"ca.gov-mna.cfd","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}