{"report_id":"1b31ea25-32b7-482f-9e5f-f85162b55b5d","version":6,"status":"done","tags":["malicious","clickfix"],"date":"2026-04-18T14:05:52Z","url":{"schema":"http","addr":"iucim.com","fqdn":"iucim.com","domain":"iucim.com","tld":"com"},"ip":{"addr":"172.67.201.84","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"iucim.com/","fqdn":"iucim.com","domain":"iucim.com","tld":"com"},"title":"MicroBull","dom":{"size":14623,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"ec4d22bf5d57ed4abd19dd74786973c0","sha1":"5411a4fdb7e3f5946b87ead791117665adadd75a","sha256":"46b2f1253b260f8b9018ecf6ca934240b5ec7e7b54a65eaea6164a02bb3c5f3b","sha512":"6ea0da387848943346d250397d9702e005bda8c2b62042457d92bae906a5115f49f1a915862baf9cab11d552df526eb782a94fdd6942a7a8813d4a93e555bdda","ssdeep":"192:cDInns/NXfrQ2KRlDxTgB2rUjXf8JnNc7LEidEpG0fTMq3SHqqJ4C:cbBTax8UNcc6EXb96","tlshash":"1e62965a26b305325617996433eb32857020a00bda06cc5d7f8edbe88fd9664e5d33df","dom_hash":"domhashda8bf2ad71e8f6aed1de8835454fcb23","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"iucim.com","fqdn":"iucim.com","domain":"iucim.com","tld":"com"},"ip":{"addr":"172.67.201.84","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-23T14:05:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null},{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]},"summary":[{"fqdn":"iucim.com","ip":{"addr":"104.21.52.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":3,"received_data":153458,"sent_data":1329,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"iucim.com/","fqdn":"iucim.com","domain":"iucim.com","tld":"com"},"ip":{"addr":"104.21.52.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"068eac7d3c8aa076531d63b0ef7c1904","sha1":"7fce521060ce25100e2b6b8d4b28711f7c67da0b","sha256":"361b59bd31549e035c5e5ad9193a3335e0be1fa92bdb46eb8b31d632cb54225d","sha512":"4d13ff4405a3fdb71b690c8086a6fae302fa92901ae258fe04c7a6846ff565496b5fd71976570ad1b2f369683fb7506fc9445ceff35c5c794b8e0648ce5df3da","ssdeep":"96:8czJ/9zl9Qvx2dse5YbpRVA3l6bfam1VmdHKWGSHqq600q5DI96M:8c7LEidEpG0fTMq3SHqqJ4j","tlshash":"0a02654922770a318757ac69239b61847420300bed05dc8dbb9ecbe84fd9a64e4d7bdf","size":8865,"data":"","first_seen":"2026-04-18T14:05:56.824Z","last_seen":"2026-04-18T15:46:07.76008Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"iucim.com/","fqdn":"iucim.com","domain":"iucim.com","tld":"com"},"ip":{"addr":"104.21.52.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-18T14:05:30.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"iucim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Apr 2026 21:45:08 GMT","end":"Tue, 14 Jul 2026 22:43:42 GMT"},"fingerprint":{"sha1":"60:12:46:B6:05:18:1C:69:D4:C6:01:D9:BC:50:27:F7:13:28:4C:1B","sha256":"C5:BE:32:94:3F:59:E1:62:51:C1:41:9B:D0:16:A3:49:B8:02:41:98:51:62:01:19:71:4A:80:65:C1:C7:E3:A4"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: iucim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 14:05:31 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 16 Apr 2026 00:59:08 GMT\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A3IVOWXgwXOaMn0XiTuS4r5jlA%2B2eKstLtdkMtnyyQ3iQ5zJaR5vlqEGV1mr9hjtgz%2FV5qiSTA1MzrmcPq4wmj82MNfytMALeDTNjaV0bZ%2FgTaGkSi4j39Mv9JA%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9ee4398c985956cb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14794,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"b0479f323b7b8a8347d42d6214eba0e4","sha1":"fba4e67151fc28a55848f06eeed1fb28d9e5f6ac","sha256":"42214202cf08de1ce281f2d263eff9cb19e0b8ef86fb20f6726f3cf5eb191ad5","sha512":"c0f8925d929ac8131a07cb9511997003d2cbaae4a33673288e9269970986ec232720eb53921a36be454cac4ee3fb88cd8bdf3482ff562073811ff31e0691d7b9","ssdeep":"192:yaRnns/NXfrQ2KRlDxTgB2rUjXf8JnOc7LEidEpG0fTMq3SHqqJ4q:yNBTax8UOcc6EXb9C","tlshash":"9962a55a26b305325617996433eb32857020a00bda06cc6d7f8edbe88fd9664e5d33df","first_seen":"2026-04-18T14:05:56.820409Z","last_seen":"2026-04-18T15:46:07.754682Z","times_seen":6,"resource_available":true,"data":null}},"time_used":671,"timings":{"blocked":42,"dns":16,"connect":2,"send":0,"wait":587,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]}},{"url":{"schema":"https","addr":"iucim.com/SUCAI@2x.png","fqdn":"iucim.com","domain":"iucim.com","tld":"com"},"ip":{"addr":"104.21.52.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iucim.com/","date":"2026-04-18T14:05:31.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"iucim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Apr 2026 21:45:08 GMT","end":"Tue, 14 Jul 2026 22:43:42 GMT"},"fingerprint":{"sha1":"60:12:46:B6:05:18:1C:69:D4:C6:01:D9:BC:50:27:F7:13:28:4C:1B","sha256":"C5:BE:32:94:3F:59:E1:62:51:C1:41:9B:D0:16:A3:49:B8:02:41:98:51:62:01:19:71:4A:80:65:C1:C7:E3:A4"}}},"request":{"raw":"GET /SUCAI@2x.png HTTP/1.1\r\nHost: iucim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iucim.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 14:05:32 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 05 Dec 2025 14:34:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6932ed64-21249\"\r\nexpires: Mon, 18 May 2026 14:05:32 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e%2F3tEqe0UXCXotG%2BHKD1rysMsYu%2F159DLFIj%2B6srVinUVW5yQBt3KO32I0tvtj6QBxEclzFs6WXIhuU5tdhXzFz%2BRwodzMapjm7iACYoSSRa6KCOyoOIHuWjcu0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ee43991d91c783d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":135753,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 466 x 334, 8-bit/color RGBA, non-interlaced","md5":"987a94da6ec7a60b5aac4356eba22cec","sha1":"31b394409c3e632c98ce11c4d843b0af9ae09adf","sha256":"8a39c1a7a40a4e7c08c2a6db66659299ab868447d73af85b1bfb5720a99bdbf3","sha512":"44f09d1860f4a25c14c32cb1c294622e712661049dcdc3a013ecdb52d7e12e78b94809a1fb76af49863a3b9befb3068fb8889c41521bf04ecf81d1ffa5c303c6","ssdeep":"3072:DWX8WTdiWSd/LqrXFXYm9Ugo6sk/iOm6uRWT8wT13lz:yMWTCz4VolK/iEtTh53x","tlshash":"28d312ff846092445d9895985f98d2bc7cf5cf84c288977b81d8ee6f198db28ec94c83","first_seen":"2026-01-19T22:20:55.097642Z","last_seen":"2026-04-18T15:46:07.756653Z","times_seen":19,"resource_available":false,"data":null}},"time_used":1138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":764,"receive":374,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"iucim.com/favicon.ico","fqdn":"iucim.com","domain":"iucim.com","tld":"com"},"ip":{"addr":"104.21.52.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iucim.com/","date":"2026-04-18T14:05:31.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"iucim.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Apr 2026 21:45:08 GMT","end":"Tue, 14 Jul 2026 22:43:42 GMT"},"fingerprint":{"sha1":"60:12:46:B6:05:18:1C:69:D4:C6:01:D9:BC:50:27:F7:13:28:4C:1B","sha256":"C5:BE:32:94:3F:59:E1:62:51:C1:41:9B:D0:16:A3:49:B8:02:41:98:51:62:01:19:71:4A:80:65:C1:C7:E3:A4"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: iucim.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iucim.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 14:05:32 GMT\r\ncontent-type: image/x-icon\r\npriority: u=6,i=?0\r\nlast-modified: Sun, 07 Dec 2025 14:54:58 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"69359542-2fb\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fEYhoU4JNqwpBfpvq1A2wKp15LS6mW%2BRN49JUrhLL0U%2BCsPZzix0LtdHstAL10ZR6LAu1NTpU43iWis2Im2idEoXGe7BsLCSzLqLulOrVbreHwqBu9K25GKKPWg%3D\"}]}\r\ncf-ray: 9ee43992892d783d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":763,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"996606dae85a825c83632a2e7602197e","sha1":"76a4b5d1d6467008ebe382feec65dc992a2bed37","sha256":"01d579db80504a99bf746383f34c3302cd719e334bb12c29d52f77779dc3bfff","sha512":"d3fe1e141cbdc37742c09e11436a0c9aa0fef13a7fded2048be66f3a2b13f68f3a7c22b0f7174959f66c585f75cb36b300b736e6b868c339eddcc860a020422e","ssdeep":"","tlshash":"210165cf750c4cec955b4496c537980ac2e4a45c4e61d718b900d0e12b6886fb03876d","first_seen":"2026-01-19T22:20:55.100811Z","last_seen":"2026-04-18T15:46:07.758317Z","times_seen":19,"resource_available":false,"data":null}},"time_used":562,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":562,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}