{"report_id":"92ff495f-2216-48b8-85d1-29c78dda7f02","version":6,"status":"done","tags":["opendir"],"date":"2023-11-05T04:22:03Z","url":{"schema":"http","addr":"meritaculler.com/","fqdn":"meritaculler.com","domain":"meritaculler.com","tld":"com"},"ip":{"addr":"104.21.22.85","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"meritaculler.com/","fqdn":"meritaculler.com","domain":"meritaculler.com","tld":"com"},"title":"Index of /"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T15:45:26Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"meritaculler.com","ip":{"addr":"104.21.22.85","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-06-08","domain_rank":0,"first_seen":"2023-06-08 13:59:43","last_seen":"2023-10-23 11:11:07","alert_count":4,"request_count":3,"received_data":2687,"sent_data":1349,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-05","alert":"Sinkholed","trigger":"meritaculler.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-05","alert":"Sinkholed","trigger":"meritaculler.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-05","alert":"Sinkholed","trigger":"meritaculler.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Audit - Open directory","verdict":"none","severity":"audit","comment":"","tags":["opendir"],"meta":null}]},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"meritaculler.com/icons/blank.gif","fqdn":"meritaculler.com","domain":"meritaculler.com","tld":"com"},"ip":{"addr":"104.21.22.85","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://meritaculler.com/","date":"2023-11-05T04:21:46.613Z","timestamp":1699158106613,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"meritaculler.com","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Wed, 04 Oct 2023 13:33:53 GMT","end":"Tue, 02 Jan 2024 13:33:52 GMT"},"fingerprint":{"sha1":"B5:FD:8F:55:0F:2D:5F:93:C3:1C:65:63:6E:06:ED:86:71:9F:BE:F0","sha256":"7A:05:01:32:B2:08:36:C1:DF:EC:CE:AD:25:AA:6C:C2:A7:77:59:16:53:8C:5F:AB:45:41:D6:5E:64:D2:0A:5E"}}},"request":{"raw":"GET /icons/blank.gif HTTP/1.1\r\nHost: meritaculler.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://meritaculler.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 05 Nov 2023 04:21:46 GMT\r\ncontent-type: image/gif\r\ncontent-length: 148\r\nlast-modified: Sat, 20 Nov 2004 20:16:24 GMT\r\netag: \"94-3e9564c23b600\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=tWNvD0G%2F0y8jDWxOeeOzLaeV0v7EUec6DBNhRJ2iqSo1g00aLMdjbdxfXFbgAEsP60oHw3WXsCYDSCcTGvlZmOAVQvIZRUZxHp5ym2jTVQ8zkl0NSNKj49TfITnQm7hBqvTD\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 82124fd65bbb067b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":148,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 20 x 22\\012- data","md5":"19517fb39a31be6b8d7ccf53ad84908f","sha1":"ebbcfdc6acc99f7aac3bf7fe72bc55f07f03f7e9","sha256":"3cb0e54babf019703fe671a32fcc3947aab9079ec2871cf0f9639245cc12d878","sha512":"be752ff4c7aa3ab46fdbd93555a17e422e7c8b8661f40f899f51ec9393b510dcb2e66436a4f2c78a42af77dd95e01a3438c88cfaa3e0b02694c1912d5294ee16","ssdeep":"","tlshash":"80c02b4edec0e411c040553c0c0db7577702f1500b277108b482b3c72ef780258b2447","first_seen":"2023-05-02T00:24:31Z","last_seen":"2026-04-06T09:22:34.560201Z","times_seen":8394,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":198,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-05","alert":"Sinkholed","trigger":"meritaculler.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"meritaculler.com/","fqdn":"meritaculler.com","domain":"meritaculler.com","tld":"com"},"ip":{"addr":"104.21.22.85","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-11-05T04:21:46.082Z","timestamp":1699158106082,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"meritaculler.com","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Wed, 04 Oct 2023 13:33:53 GMT","end":"Tue, 02 Jan 2024 13:33:52 GMT"},"fingerprint":{"sha1":"B5:FD:8F:55:0F:2D:5F:93:C3:1C:65:63:6E:06:ED:86:71:9F:BE:F0","sha256":"7A:05:01:32:B2:08:36:C1:DF:EC:CE:AD:25:AA:6C:C2:A7:77:59:16:53:8C:5F:AB:45:41:D6:5E:64:D2:0A:5E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: meritaculler.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Nov 2023 04:21:46 GMT\r\ncontent-type: text/html;charset=ISO-8859-1\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=I4lu0CkgW47EPeCbyN6O0hB9H0LtGAmXHDw1x3ZNxUc7WM5pBf%2BXibAFxUgsf9me7C8qFqMwIpU%2F0fb95QZEL%2FcF1QCTbUQpjcF6kKtH%2FMoVZZFd3i7NbgHcgm%2BWG7TctSNv\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 82124fd32ece1c0e-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":481,"size_decoded":0,"mime_type":"text/html; charset=ISO-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (514), with no line terminators","md5":"56ec568d89ba18e4ba7c124548b89bb5","sha1":"c114f84cfd01905eeff29fa83823978e7191d141","sha256":"1b8a001de90dd65cafc01be90eb40dc9668572ce8d2da663cf24a4eb3c457ed7","sha512":"dc226c75e6f1bf875b6ada86365adaa1729692dcaeb893737a8ae3b8386b04fbd98b624c177d8130ff69f6fbda50240f895419c3f8379abe8061ccd7628a3815","ssdeep":"","tlshash":"bff0e94574d562a77890295e09623edd4cc2d1654ea1cef47d9eb07fc806e74842b0d5","first_seen":"2023-11-03T21:51:47Z","last_seen":"2025-03-04T19:35:45.590641Z","times_seen":19,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":18,"dns":1,"connect":1,"send":0,"wait":158,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-05","alert":"Sinkholed","trigger":"meritaculler.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Audit - Open directory","verdict":"none","severity":"audit","comment":"","tags":["opendir"],"meta":null}]}},{"url":{"schema":"https","addr":"meritaculler.com/favicon.ico","fqdn":"meritaculler.com","domain":"meritaculler.com","tld":"com"},"ip":{"addr":"104.21.22.85","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://meritaculler.com/","date":"2023-11-05T04:21:46.745Z","timestamp":1699158106745,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"meritaculler.com","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Wed, 04 Oct 2023 13:33:53 GMT","end":"Tue, 02 Jan 2024 13:33:52 GMT"},"fingerprint":{"sha1":"B5:FD:8F:55:0F:2D:5F:93:C3:1C:65:63:6E:06:ED:86:71:9F:BE:F0","sha256":"7A:05:01:32:B2:08:36:C1:DF:EC:CE:AD:25:AA:6C:C2:A7:77:59:16:53:8C:5F:AB:45:41:D6:5E:64:D2:0A:5E"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: meritaculler.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://meritaculler.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sun, 05 Nov 2023 04:21:46 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=IBF9L5uu92mSlMFCrHQaAZoqYphp2JAVoSlU2oYrwZuMU8EjDrUrZDEKlpnNRIeSqEMlmq0gAM0%2FE%2FLdkEzXs%2FdigYUTInwGLrTgqh%2Ftv2hzbT2WjqQXMTwhtQvA11BQt35D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 82124fd73bd3067b-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":209,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with no line terminators","md5":"8ace35f18ab1832bacfde13597767517","sha1":"22e4ee51bbdba11b19a2d6879bc60126dc89eecd","sha256":"f87134d32dc903f27ed9c905bfd824f31192dac9e05887b2dedbb1ca416d1280","sha512":"e3c3e4eae34d4abcd7b543e049c26b2e9ec2c1e71700e74d221186df3a91047b08a404d6097a749b8e64ced91bfd463ee73ea4db8f20cc8d259158c58ecf7934","ssdeep":"","tlshash":"ddd0239db453524e415218d02bc211d0454e43927d7902f53cc7544d751813dc8a7acd","first_seen":"2023-04-05T14:25:12Z","last_seen":"2025-04-06T19:50:22.293844Z","times_seen":2127,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-11-05","alert":"Sinkholed","trigger":"meritaculler.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}