{"report_id":"692f056d-f346-4f92-beb8-616e41494296","version":6,"status":"done","tags":[],"date":"2025-05-01T13:13:56Z","url":{"schema":"http","addr":"fortuneshero.click","fqdn":"fortuneshero.click","domain":"fortuneshero.click","tld":"click"},"ip":{"addr":"35.237.130.38","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"fortuneshero.click/","fqdn":"fortuneshero.click","domain":"fortuneshero.click","tld":"click"},"title":"404 Not Found"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-10T13:13:56Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"fortuneshero.click","ip":{"addr":"35.237.130.38","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2025-01-10","domain_rank":0,"first_seen":"2025-05-01T13:13:56.43316Z","last_seen":"2025-05-01T13:13:56.43316Z","alert_count":6,"request_count":3,"received_data":2712,"sent_data":1251,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-05-01T13:13:36Z","timestamp":1746105216,"ip_dst":{"addr":"35.237.130.38","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.23","port":50564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2025-05-01T13:13:36.283078+0000\",\"flow_id\":1825861254767064,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":50564,\"dest_ip\":\"35.237.130.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"fortuneshero.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":191},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":675,\"bytes_toclient\":639,\"start\":\"2025-05-01T13:13:35.975320+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-05-01T13:13:36Z","timestamp":1746105216,"ip_dst":{"addr":"35.237.130.38","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.23","port":50564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2025-05-01T13:13:36.487668+0000\",\"flow_id\":1825861254767064,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":50564,\"dest_ip\":\"35.237.130.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"fortuneshero.click\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://fortuneshero.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":814},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1168,\"bytes_toclient\":1891,\"start\":\"2025-05-01T13:13:35.975320+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-01","alert":"Sinkholed","trigger":"fortuneshero.click","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-01","alert":"Sinkholed","trigger":"fortuneshero.click","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-01","alert":"Sinkholed","trigger":"fortuneshero.click","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fortuneshero.click/","fqdn":"fortuneshero.click","domain":"fortuneshero.click","tld":"click"},"ip":{"addr":"35.237.130.38","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-01T13:13:35.293Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tracemonitorusa.life","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Apr 2025 02:47:49 GMT","end":"Wed, 09 Jul 2025 02:47:48 GMT"},"fingerprint":{"sha1":"24:B8:53:D2:05:44:F3:73:2A:9B:2C:15:4F:05:A1:3C:10:5F:3C:76","sha256":"45:07:E9:E7:93:FD:9C:14:ED:6F:0A:47:54:2A:1B:67:CE:88:74:2F:4A:65:B7:36:D2:10:66:AE:14:22:69:98"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: fortuneshero.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Thu, 01 May 2025 13:13:35 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":562,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"0d46337758a1bfd324d034a6a913966b","sha1":"00a3686ca974c30b4a7dc5ccd5c037c7114055bd","sha256":"abcc0d6d68e0a466604e2dfba8e9e9508d15bb668502ec34b27b7aa57e007342","sha512":"ff37427397aa898f7363e0a1a83313af7306e79ec1ab486eab89a4cafd2e7c40f010bd30ec99a921627ad27286e56c386fac6a5a09a9f714870dc6216cc282e7","ssdeep":"","tlshash":"45f0f09f5f12287f2e238130f4c35168cf680a17fb9925e28748110f76ca04549f1fad","first_seen":"2023-04-21T15:43:40Z","last_seen":"2026-06-13T06:39:40.438456Z","times_seen":361,"resource_available":true,"data":null}},"time_used":884,"timings":{"blocked":356,"dns":0,"connect":111,"send":0,"wait":172,"receive":0,"ssl":241},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-05-01T13:13:36Z","timestamp":1746105216,"ip_dst":{"addr":"35.237.130.38","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.23","port":50564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2025-05-01T13:13:36.283078+0000\",\"flow_id\":1825861254767064,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":50564,\"dest_ip\":\"35.237.130.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"fortuneshero.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":191},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":675,\"bytes_toclient\":639,\"start\":\"2025-05-01T13:13:35.975320+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-01","alert":"Sinkholed","trigger":"fortuneshero.click","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"fortuneshero.click/","fqdn":"fortuneshero.click","domain":"fortuneshero.click","tld":"click"},"ip":{"addr":"35.237.130.38","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-01T13:13:35.981Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: fortuneshero.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Thu, 01 May 2025 13:13:36 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":562,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"0d46337758a1bfd324d034a6a913966b","sha1":"00a3686ca974c30b4a7dc5ccd5c037c7114055bd","sha256":"abcc0d6d68e0a466604e2dfba8e9e9508d15bb668502ec34b27b7aa57e007342","sha512":"ff37427397aa898f7363e0a1a83313af7306e79ec1ab486eab89a4cafd2e7c40f010bd30ec99a921627ad27286e56c386fac6a5a09a9f714870dc6216cc282e7","ssdeep":"","tlshash":"45f0f09f5f12287f2e238130f4c35168cf680a17fb9925e28748110f76ca04549f1fad","first_seen":"2023-04-21T15:43:40Z","last_seen":"2026-06-13T06:39:40.438456Z","times_seen":361,"resource_available":true,"data":null}},"time_used":428,"timings":{"blocked":119,"dns":1,"connect":124,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-05-01T13:13:36Z","timestamp":1746105216,"ip_dst":{"addr":"35.237.130.38","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.23","port":50564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2025-05-01T13:13:36.283078+0000\",\"flow_id\":1825861254767064,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":50564,\"dest_ip\":\"35.237.130.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"fortuneshero.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":404,\"length\":191},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":675,\"bytes_toclient\":639,\"start\":\"2025-05-01T13:13:35.975320+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-01","alert":"Sinkholed","trigger":"fortuneshero.click","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"fortuneshero.click/favicon.ico","fqdn":"fortuneshero.click","domain":"fortuneshero.click","tld":"click"},"ip":{"addr":"35.237.130.38","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"http://fortuneshero.click/","date":"2025-05-01T13:13:36.364Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: fortuneshero.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://fortuneshero.click/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 01 May 2025 13:13:36 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 814\r\nConnection: keep-alive\r\nLast-Modified: Tue, 23 Apr 2024 05:28:37 GMT\r\nETag: \"66274705-32e\"\r\nExpires: Sun, 25 May 2025 17:45:16 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":814,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced","md5":"973e8dc3b11662098fc4ea0027feb1d7","sha1":"a458bc5e7fb5a9b4a61f8447026fc9b0d37af740","sha256":"4319df6394c456785fa2541669c7b83db2f658d43ab6610871d4487adf7b6c1c","sha512":"f20d7bbe2b38af33227913c809f2f058ca04c5764c011436183ebeca6270152cec36ddd2cdbf2881b501d3eb9d036537bc85683ada035bf54028368b5e5dacc1","ssdeep":"","tlshash":"a201caeb4ec91c06dd55b8bc551dd1c110f9900f5b3369477734d810323cf178c9a159","first_seen":"2023-11-18T20:21:53Z","last_seen":"2026-06-15T07:32:45.304464Z","times_seen":581,"resource_available":true,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-05-01T13:13:36Z","timestamp":1746105216,"ip_dst":{"addr":"35.237.130.38","port":80,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.23","port":50564,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2025-05-01T13:13:36.487668+0000\",\"flow_id\":1825861254767064,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.23\",\"src_port\":50564,\"dest_ip\":\"35.237.130.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"fortuneshero.click\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://fortuneshero.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":814},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1168,\"bytes_toclient\":1891,\"start\":\"2025-05-01T13:13:35.975320+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-01","alert":"Sinkholed","trigger":"fortuneshero.click","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}