{"report_id":"0ff42fa0-66bb-4eab-abfa-21837bad7c1c","version":6,"status":"done","tags":["malicious","clickfix"],"date":"2026-02-19T14:36:59Z","url":{"schema":"https","addr":"mztyw.com/","fqdn":"mztyw.com","domain":"mztyw.com","tld":"com"},"ip":{"addr":"172.67.221.229","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"mztyw.com/","fqdn":"mztyw.com","domain":"mztyw.com","tld":"com"},"title":"MicroBull","dom":{"size":14627,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"8486d1b6e6368cd399cf44607a70e651","sha1":"baecb5e50fb40cae0d51645e0a06a7cce0d21411","sha256":"8838fd904a6f4da8f84bf0779a7c7af93f346e0e392f8588b3f75a195f810538","sha512":"97cbc7981cb0475611eabbd09f1328b0a1a8a70a3419012a3a4c0c0bf7681ea003803263a9370b48e3960bf828dd5cb76c85d0a48b0db64e929797fe04744ce5","ssdeep":"192:cDInns/NXfrQ2KRlDxTgB2rUjXf8JngIc7LEidEpG0fTMq3SHqqJ4C:cbBTax8UgIcc6EXb96","tlshash":"f062a61a26b305325617996433eb32857020a00bda06cc5d7f8edbe88fd9664e5d33df","dom_hash":"domhashda8bf2ad71e8f6aed1de8835454fcb23","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"mztyw.com/","fqdn":"mztyw.com","domain":"mztyw.com","tld":"com"},"ip":{"addr":"172.67.221.229","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-26T14:36:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null},{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]},"summary":[{"fqdn":"mztyw.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-18","domain_rank":0,"first_seen":"2026-02-19T14:36:59.336505Z","last_seen":"2026-02-19T14:36:59.336505Z","alert_count":1,"request_count":3,"received_data":153886,"sent_data":1329,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"mztyw.com/","fqdn":"mztyw.com","domain":"mztyw.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"64d8b31cb2fa0e6d5c0fefaf250c4e03","sha1":"d2146ce7637c5013c9aae36a334bb06028d85255","sha256":"4d6095f9a57f3bdf08d309afce3e45bb2e2962ac8cf9abfbf9492b473e6466be","sha512":"a47a7d40b2058602d7228f8a228a323dab7407c262f3b0ebca1affee15ee5ba4cc2c9aae0d71823dd2c8f7e446af258c59f9665e0e5934c303ea92875e9f5827","ssdeep":"96:fIczJ/9zl9Qvx2dse5YbpRVA3l6bfam1VmdHKWGSHqq600q5DI96M:fIc7LEidEpG0fTMq3SHqqJ4j","tlshash":"fd02544922770a318757ac69239b61847420300bed05dc8dbb9ecbe84fd9a64e4d7bdf","size":8869,"data":"","first_seen":"2026-01-19T22:20:55.103511Z","last_seen":"2026-04-05T08:05:39.659896Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mztyw.com/","fqdn":"mztyw.com","domain":"mztyw.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-19T14:36:34.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mztyw.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 15 Feb 2026 15:39:04 GMT","end":"Sat, 16 May 2026 16:37:36 GMT"},"fingerprint":{"sha1":"36:AD:BB:5D:10:C8:0D:BE:D3:6E:F3:7E:1C:D9:E8:94:25:1C:77:C2","sha256":"4B:54:BC:FA:3D:02:A7:C1:B1:15:20:45:C5:A7:8D:7A:49:51:8F:87:1C:88:5C:5D:FC:C4:45:A1:8D:76:15:A4"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mztyw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 19 Feb 2026 14:36:34 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Sun, 07 Dec 2025 20:02:08 GMT\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=n%2BycTavZFox0fIxJmOB5ni3Va%2BM0W5iyXnBaEGQiM0%2FPE6UEXPQwmiIUwQ9b%2BTdEQQf3kHYZyJRQG64yNOTA9firvRn0Bkus1A%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9d067f49dc48c3b8-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15283,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"0d3f56fd571b52983cf57f07a87535b9","sha1":"c4395f10ad1fae76cab32d0f43d90234d098dd65","sha256":"83a63639bbbc759e5980c57b7f024961998fa10e2ac4e85271dd7ba18a967227","sha512":"eb42b8523ea8238c8fd8a0765cc788978dae587935580f5c34e8009a0c213507474284bef0fb7085f007d5e2676e12c80aededde372db601e2ea00e4e09c815a","ssdeep":"192:pmy2AFPXArO8pDGhgBByUKN/M4QtuOpAkNsDiA1:pLvEPGOK/M4QtuHjp","tlshash":"c062951a221115318a379b647b636249fb60601bc302c1a97b9edba94ff1660d1d3fdf","first_seen":"2026-01-19T22:20:55.094321Z","last_seen":"2026-04-05T08:05:39.657342Z","times_seen":13,"resource_available":true,"data":null}},"time_used":693,"timings":{"blocked":80,"dns":53,"connect":8,"send":0,"wait":526,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]}},{"url":{"schema":"https","addr":"mztyw.com/SUCAI@2x.png","fqdn":"mztyw.com","domain":"mztyw.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mztyw.com/","date":"2026-02-19T14:36:34.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mztyw.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 15 Feb 2026 15:39:04 GMT","end":"Sat, 16 May 2026 16:37:36 GMT"},"fingerprint":{"sha1":"36:AD:BB:5D:10:C8:0D:BE:D3:6E:F3:7E:1C:D9:E8:94:25:1C:77:C2","sha256":"4B:54:BC:FA:3D:02:A7:C1:B1:15:20:45:C5:A7:8D:7A:49:51:8F:87:1C:88:5C:5D:FC:C4:45:A1:8D:76:15:A4"}}},"request":{"raw":"GET /SUCAI@2x.png HTTP/1.1\r\nHost: mztyw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mztyw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 19 Feb 2026 14:36:35 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 05 Dec 2025 14:34:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6932ed64-21249\"\r\nexpires: Sat, 21 Mar 2026 14:36:35 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6Q9AQxDGjZf9%2FD6oEhvIRqEnw34Vet2ggTPauZDimLT1KBDhWZjwZK8wWZnExb4uHwr4gVwGUoa68qPucP93A93SBFV3add81Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d067f4e3d17618c-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":135753,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 466 x 334, 8-bit/color RGBA, non-interlaced","md5":"987a94da6ec7a60b5aac4356eba22cec","sha1":"31b394409c3e632c98ce11c4d843b0af9ae09adf","sha256":"8a39c1a7a40a4e7c08c2a6db66659299ab868447d73af85b1bfb5720a99bdbf3","sha512":"44f09d1860f4a25c14c32cb1c294622e712661049dcdc3a013ecdb52d7e12e78b94809a1fb76af49863a3b9befb3068fb8889c41521bf04ecf81d1ffa5c303c6","ssdeep":"3072:DWX8WTdiWSd/LqrXFXYm9Ugo6sk/iOm6uRWT8wT13lz:yMWTCz4VolK/iEtTh53x","tlshash":"28d312ff846092445d9895985f98d2bc7cf5cf84c288977b81d8ee6f198db28ec94c83","first_seen":"2026-01-19T22:20:55.097642Z","last_seen":"2026-04-05T08:05:39.65161Z","times_seen":13,"resource_available":false,"data":null}},"time_used":1046,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":702,"receive":344,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mztyw.com/favicon.ico","fqdn":"mztyw.com","domain":"mztyw.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mztyw.com/","date":"2026-02-19T14:36:35.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mztyw.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 15 Feb 2026 15:39:04 GMT","end":"Sat, 16 May 2026 16:37:36 GMT"},"fingerprint":{"sha1":"36:AD:BB:5D:10:C8:0D:BE:D3:6E:F3:7E:1C:D9:E8:94:25:1C:77:C2","sha256":"4B:54:BC:FA:3D:02:A7:C1:B1:15:20:45:C5:A7:8D:7A:49:51:8F:87:1C:88:5C:5D:FC:C4:45:A1:8D:76:15:A4"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mztyw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mztyw.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 19 Feb 2026 14:36:35 GMT\r\ncontent-type: image/x-icon\r\nserver: cloudflare\r\nlast-modified: Sun, 07 Dec 2025 14:54:58 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9fHNVCT3xLfGH5XQSwATFrawYoGHLEkMFWxOVPlPbcXvC%2FD%2BvPkkUD7EARkv22cq81okoX%2BFKuSU%2BaeSDS6Qo7j8sPSLOGkKRg%3D%3D\"}]}\r\netag: W/\"69359542-2fb\"\r\ncontent-encoding: br\r\ncf-ray: 9d067f4edeeb618c-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":763,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"996606dae85a825c83632a2e7602197e","sha1":"76a4b5d1d6467008ebe382feec65dc992a2bed37","sha256":"01d579db80504a99bf746383f34c3302cd719e334bb12c29d52f77779dc3bfff","sha512":"d3fe1e141cbdc37742c09e11436a0c9aa0fef13a7fded2048be66f3a2b13f68f3a7c22b0f7174959f66c585f75cb36b300b736e6b868c339eddcc860a020422e","ssdeep":"","tlshash":"210165cf750c4cec955b4496c537980ac2e4a45c4e61d718b900d0e12b6886fb03876d","first_seen":"2026-01-19T22:20:55.100811Z","last_seen":"2026-04-05T08:05:39.654382Z","times_seen":13,"resource_available":false,"data":null}},"time_used":544,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":543,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}