{"report_id":"9bf26ed6-49cc-44be-9c98-64b8b642a90c","version":6,"status":"done","tags":[],"date":"2023-09-24T05:34:07Z","url":{"schema":"http","addr":"qoutacalosa.click/?param=wow+cataclysm+4.3+4+quest+helper+addon+download","fqdn":"qoutacalosa.click","domain":"qoutacalosa.click","tld":"click"},"ip":{"addr":"172.67.218.185","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"1tartsuehbna1.com/45rKM39bbf57063672b8d756402eeb00c23a5f04f622a?q=wow+cataclysm+4.3+4+quest+helper+addon+download","fqdn":"1tartsuehbna1.com","domain":"1tartsuehbna1.com","tld":"com"},"title":"Check"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T21:47:58Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"qoutacalosa.click","ip":{"addr":"104.21.45.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-09-14","domain_rank":0,"first_seen":"2023-09-20 06:33:46","last_seen":"2023-09-23 21:13:27","alert_count":0,"request_count":1,"received_data":277079,"sent_data":530,"comment":"","tags":null,"fingerprints":null},{"fqdn":"1tartsuehbna1.com","ip":{"addr":"188.72.236.34","port":80,"asn":35415,"as":"Webzilla B.V.","country":"Netherlands","country_code":"NL"},"domain_registered":"2023-08-15","domain_rank":0,"first_seen":"2023-08-15 16:30:19","last_seen":"2023-09-22 14:31:08","alert_count":3,"request_count":3,"received_data":553357,"sent_data":1496,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-24","alert":"Sinkholed","trigger":"1tartsuehbna1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-24","alert":"Sinkholed","trigger":"1tartsuehbna1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-24","alert":"Sinkholed","trigger":"1tartsuehbna1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"1tartsuehbna1.com/45rKM39bbf57063672b8d756402eeb00c23a5f04f622a?q=wow+cataclysm+4.3+4+quest+helper+addon+download","fqdn":"1tartsuehbna1.com","domain":"1tartsuehbna1.com","tld":"com"},"ip":{"addr":"188.72.236.34","port":80,"asn":35415,"as":"Webzilla B.V.","country":"Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"af26fdbeeba2f69a961e37e84e0015c0","sha1":"caec18ecf7537f537df1c2d77ac62f3c7d3c70c9","sha256":"f801eee38ddd9da936f573bb5e846d62fa01f2568e2002ab52fc39c5f151cd39","sha512":"6997df8da602bb035def35ea6a901343aa5e46b89d6635aa92864221bcd1e48c783e6e3cc138018d8d7fcdf1a13d2bf721256d9e82aba3cd167029528d570ad2","ssdeep":"","tlshash":"2e3178ae87d40971ba67a51e5f8fe84ba730504309408c847e9d8b047b967b668f37c4","size":1527,"data":"","first_seen":"2023-03-07T21:22:00Z","last_seen":"2024-08-21T09:35:35.452628Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"1tartsuehbna1.com/45rKM39bbf57063672b8d756402eeb00c23a5f04f622a?q=wow+cataclysm+4.3+4+quest+helper+addon+download","fqdn":"1tartsuehbna1.com","domain":"1tartsuehbna1.com","tld":"com"},"ip":{"addr":"188.72.236.34","port":80,"asn":35415,"as":"Webzilla B.V.","country":"Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-24T05:33:51.045Z","timestamp":1695533631045,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /45rKM39bbf57063672b8d756402eeb00c23a5f04f622a?q=wow+cataclysm+4.3+4+quest+helper+addon+download HTTP/1.1\r\nHost: 1tartsuehbna1.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 24 Sep 2023 05:33:50 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":276397,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (45954)","md5":"c59da26d6a2b56f04f1864acbba8fe34","sha1":"1c2fa6d3e32ea547ad5e4cc1a9840c9797cd71d7","sha256":"269271c9bf4bf44dbced9ecf3ac72ba2913332681d9b18fa7e4e4a5ab1cf7714","sha512":"caed419ec33d65176aa23cc73c357957128a0c6589a49b43113fe752854de319013f83f91ff997e40174411fcdc37d1fa30750bde22f0890d0a9681862d18757","ssdeep":"6144:xsyBgRCBfU93zc73sRx73LkNNyzEjov68I17omIAbXx:FByCBM93zc7V7a691M1Ad","tlshash":"734412367b817606faa2a4ac458b17c46f3e84079704dda9be4d63f23fc16051af635c","first_seen":"2023-04-08T01:30:27Z","last_seen":"2023-12-11T15:12:43Z","times_seen":43,"resource_available":false,"data":null}},"time_used":346,"timings":{"blocked":19,"dns":0,"connect":22,"send":0,"wait":195,"receive":110,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-24","alert":"Sinkholed","trigger":"1tartsuehbna1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1tartsuehbna1.com/45rKM39bbf57063672b8d756402eeb00c23a5f04f622a?q=wow+cataclysm+4.3+4+quest+helper+addon+download","fqdn":"1tartsuehbna1.com","domain":"1tartsuehbna1.com","tld":"com"},"ip":{"addr":"188.72.236.34","port":80,"asn":35415,"as":"Webzilla B.V.","country":"Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-24T05:33:51.045Z","timestamp":1695533631045,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /45rKM39bbf57063672b8d756402eeb00c23a5f04f622a?q=wow+cataclysm+4.3+4+quest+helper+addon+download HTTP/1.1\r\nHost: 1tartsuehbna1.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 24 Sep 2023 05:33:51 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":276397,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, ASCII text, with very long lines (45954)","md5":"c59da26d6a2b56f04f1864acbba8fe34","sha1":"1c2fa6d3e32ea547ad5e4cc1a9840c9797cd71d7","sha256":"269271c9bf4bf44dbced9ecf3ac72ba2913332681d9b18fa7e4e4a5ab1cf7714","sha512":"caed419ec33d65176aa23cc73c357957128a0c6589a49b43113fe752854de319013f83f91ff997e40174411fcdc37d1fa30750bde22f0890d0a9681862d18757","ssdeep":"6144:xsyBgRCBfU93zc73sRx73LkNNyzEjov68I17omIAbXx:FByCBM93zc7V7a691M1Ad","tlshash":"734412367b817606faa2a4ac458b17c46f3e84079704dda9be4d63f23fc16051af635c","first_seen":"2023-04-08T01:30:27Z","last_seen":"2023-12-11T15:12:43Z","times_seen":43,"resource_available":false,"data":null}},"time_used":346,"timings":{"blocked":19,"dns":0,"connect":22,"send":0,"wait":195,"receive":110,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-24","alert":"Sinkholed","trigger":"1tartsuehbna1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1tartsuehbna1.com/favicon.ico","fqdn":"1tartsuehbna1.com","domain":"1tartsuehbna1.com","tld":"com"},"ip":{"addr":"188.72.236.34","port":80,"asn":35415,"as":"Webzilla B.V.","country":"Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1tartsuehbna1.com/45rKM39bbf57063672b8d756402eeb00c23a5f04f622a?q=wow+cataclysm+4.3+4+quest+helper+addon+download","date":"2023-09-24T05:33:51.505Z","timestamp":1695533631505,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 1tartsuehbna1.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1tartsuehbna1.com/45rKM39bbf57063672b8d756402eeb00c23a5f04f622a?q=wow+cataclysm+4.3+4+quest+helper+addon+download\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 24 Sep 2023 05:33:51 GMT\r\nContent-Type: image/gif\r\nContent-Length: 43\r\nLast-Modified: Mon, 28 Sep 1970 06:00:00 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1\\012- data","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-25T15:55:46.7731Z","times_seen":340481,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-09-24","alert":"Sinkholed","trigger":"1tartsuehbna1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"qoutacalosa.click/?param=wow+cataclysm+4.3+4+quest+helper+addon+download","fqdn":"qoutacalosa.click","domain":"qoutacalosa.click","tld":"click"},"ip":{"addr":"104.21.45.200","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-09-24T05:33:50.420Z","timestamp":1695533630420,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qoutacalosa.click","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Wed, 13 Sep 2023 23:44:39 GMT","end":"Tue, 12 Dec 2023 23:44:38 GMT"},"fingerprint":{"sha1":"1B:0F:CC:B4:7E:7C:D6:07:A7:C4:56:03:DA:A2:5C:C5:0C:B5:C4:A6","sha256":"D0:DC:D2:80:EC:A2:D0:3F:AC:84:06:39:FB:37:76:3C:6F:9D:01:B7:4E:70:2A:C6:02:F9:CB:F0:A0:06:CB:E4"}}},"request":{"raw":"GET /?param=wow+cataclysm+4.3+4+quest+helper+addon+download HTTP/1.1\r\nHost: qoutacalosa.click\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Sun, 24 Sep 2023 05:33:50 GMT\r\ncontent-type: text/html\r\nlocation: https://1tartsuehbna1.com/45rKM39bbf57063672b8d756402eeb00c23a5f04f622a?q=wow+cataclysm+4.3+4+quest+helper+addon+download\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=DH7vCVvq9aU3lpW7cWPC5gKtRPLWxpubx7uWk%2FwKn4b0huJ28thboi967RipL7CS48bngqu8VQD2TYlvKJu6K%2B32nE4q4w20onn3jstlFdjydqqbBFmecG0uG58z3TsGLlugjQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 80b8a7a4bd2e56c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":276397,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T15:55:26.931181Z","times_seen":14184276,"resource_available":true,"data":null}},"time_used":127,"timings":{"blocked":23,"dns":1,"connect":1,"send":0,"wait":80,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}