{"report_id":"772c2ad4-dcaf-4122-a55d-8d99b34e39d8","version":6,"status":"done","tags":["malicious","clickfix"],"date":"2026-04-05T08:05:38Z","url":{"schema":"http","addr":"microbull.org","fqdn":"microbull.org","domain":"microbull.org","tld":"org"},"ip":{"addr":"104.21.73.242","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"microbull.org/","fqdn":"microbull.org","domain":"microbull.org","tld":"org"},"title":"MicroBull","dom":{"size":14627,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"8486d1b6e6368cd399cf44607a70e651","sha1":"baecb5e50fb40cae0d51645e0a06a7cce0d21411","sha256":"8838fd904a6f4da8f84bf0779a7c7af93f346e0e392f8588b3f75a195f810538","sha512":"97cbc7981cb0475611eabbd09f1328b0a1a8a70a3419012a3a4c0c0bf7681ea003803263a9370b48e3960bf828dd5cb76c85d0a48b0db64e929797fe04744ce5","ssdeep":"192:cDInns/NXfrQ2KRlDxTgB2rUjXf8JngIc7LEidEpG0fTMq3SHqqJ4C:cbBTax8UgIcc6EXb96","tlshash":"f062a61a26b305325617996433eb32857020a00bda06cc5d7f8edbe88fd9664e5d33df","dom_hash":"domhashda8bf2ad71e8f6aed1de8835454fcb23","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"microbull.org","fqdn":"microbull.org","domain":"microbull.org","tld":"org"},"ip":{"addr":"104.21.73.242","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-10T08:05:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null},{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]},"summary":[{"fqdn":"microbull.org","ip":{"addr":"104.21.73.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-08","domain_rank":0,"first_seen":"2026-04-05T08:05:38.702702Z","last_seen":"2026-04-05T08:05:38.702702Z","alert_count":1,"request_count":3,"received_data":153965,"sent_data":1349,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"microbull.org/","fqdn":"microbull.org","domain":"microbull.org","tld":"org"},"ip":{"addr":"104.21.73.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"64d8b31cb2fa0e6d5c0fefaf250c4e03","sha1":"d2146ce7637c5013c9aae36a334bb06028d85255","sha256":"4d6095f9a57f3bdf08d309afce3e45bb2e2962ac8cf9abfbf9492b473e6466be","sha512":"a47a7d40b2058602d7228f8a228a323dab7407c262f3b0ebca1affee15ee5ba4cc2c9aae0d71823dd2c8f7e446af258c59f9665e0e5934c303ea92875e9f5827","ssdeep":"96:fIczJ/9zl9Qvx2dse5YbpRVA3l6bfam1VmdHKWGSHqq600q5DI96M:fIc7LEidEpG0fTMq3SHqqJ4j","tlshash":"fd02544922770a318757ac69239b61847420300bed05dc8dbb9ecbe84fd9a64e4d7bdf","size":8869,"data":"","first_seen":"2026-01-19T22:20:55.103511Z","last_seen":"2026-04-05T08:05:39.659896Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"microbull.org/SUCAI@2x.png","fqdn":"microbull.org","domain":"microbull.org","tld":"org"},"ip":{"addr":"104.21.73.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://microbull.org/","date":"2026-04-05T08:05:17.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"microbull.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Apr 2026 06:09:37 GMT","end":"Sat, 04 Jul 2026 07:09:33 GMT"},"fingerprint":{"sha1":"6D:DC:23:E5:D6:2D:C9:09:B0:5A:1C:81:A4:E9:C1:A2:57:F5:AF:C9","sha256":"0F:A2:60:6D:86:A5:0D:06:E0:AD:B5:75:19:FB:B8:23:96:A5:43:4D:3B:F4:AE:88:9D:C6:53:93:7E:75:5F:81"}}},"request":{"raw":"GET /SUCAI@2x.png HTTP/1.1\r\nHost: microbull.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://microbull.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Apr 2026 08:05:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 05 Dec 2025 14:34:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6932ed64-21249\"\r\nexpires: Tue, 05 May 2026 08:05:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W4TYn2Kge%2B83AyhQiUoUVTCvKf3wUXxahTaXBcHLN1L%2FGkUrLes4sGGcxDw3BIpRdDiBuPFkk1OSTKR%2BubIsa2681VPBAn%2B19a15ADrV1MiCBVY1Vt7dNCP7DP9hrIcM\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e770c036d6b712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":135753,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 466 x 334, 8-bit/color RGBA, non-interlaced","md5":"987a94da6ec7a60b5aac4356eba22cec","sha1":"31b394409c3e632c98ce11c4d843b0af9ae09adf","sha256":"8a39c1a7a40a4e7c08c2a6db66659299ab868447d73af85b1bfb5720a99bdbf3","sha512":"44f09d1860f4a25c14c32cb1c294622e712661049dcdc3a013ecdb52d7e12e78b94809a1fb76af49863a3b9befb3068fb8889c41521bf04ecf81d1ffa5c303c6","ssdeep":"3072:DWX8WTdiWSd/LqrXFXYm9Ugo6sk/iOm6uRWT8wT13lz:yMWTCz4VolK/iEtTh53x","tlshash":"28d312ff846092445d9895985f98d2bc7cf5cf84c288977b81d8ee6f198db28ec94c83","first_seen":"2026-01-19T22:20:55.097642Z","last_seen":"2026-04-05T08:05:39.65161Z","times_seen":13,"resource_available":false,"data":null}},"time_used":1082,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":727,"receive":355,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"microbull.org/favicon.ico","fqdn":"microbull.org","domain":"microbull.org","tld":"org"},"ip":{"addr":"104.21.73.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://microbull.org/","date":"2026-04-05T08:05:18.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"microbull.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Apr 2026 06:09:37 GMT","end":"Sat, 04 Jul 2026 07:09:33 GMT"},"fingerprint":{"sha1":"6D:DC:23:E5:D6:2D:C9:09:B0:5A:1C:81:A4:E9:C1:A2:57:F5:AF:C9","sha256":"0F:A2:60:6D:86:A5:0D:06:E0:AD:B5:75:19:FB:B8:23:96:A5:43:4D:3B:F4:AE:88:9D:C6:53:93:7E:75:5F:81"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: microbull.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://microbull.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Apr 2026 08:05:18 GMT\r\ncontent-type: image/x-icon\r\npriority: u=6,i=?0\r\nlast-modified: Sun, 07 Dec 2025 14:54:58 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"69359542-2fb\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NGtPI2l%2BrNkGozhocgmA6YoXKq9JWGAMR2D7yJdmhVk5Oz8La3h0AVmLSHk6nXlt5dKPziMElSFTdbVhWEWzascy0716rmyAMRP%2FvdiCKvjF7pDMmMcWPlwS9oJmDklL\"}]}\r\ncf-ray: 9e770c042d6f712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":763,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"996606dae85a825c83632a2e7602197e","sha1":"76a4b5d1d6467008ebe382feec65dc992a2bed37","sha256":"01d579db80504a99bf746383f34c3302cd719e334bb12c29d52f77779dc3bfff","sha512":"d3fe1e141cbdc37742c09e11436a0c9aa0fef13a7fded2048be66f3a2b13f68f3a7c22b0f7174959f66c585f75cb36b300b736e6b868c339eddcc860a020422e","ssdeep":"","tlshash":"210165cf750c4cec955b4496c537980ac2e4a45c4e61d718b900d0e12b6886fb03876d","first_seen":"2026-01-19T22:20:55.100811Z","last_seen":"2026-04-05T08:05:39.654382Z","times_seen":13,"resource_available":false,"data":null}},"time_used":572,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":572,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"microbull.org/","fqdn":"microbull.org","domain":"microbull.org","tld":"org"},"ip":{"addr":"104.21.73.242","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T08:05:17.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"microbull.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Apr 2026 06:09:37 GMT","end":"Sat, 04 Jul 2026 07:09:33 GMT"},"fingerprint":{"sha1":"6D:DC:23:E5:D6:2D:C9:09:B0:5A:1C:81:A4:E9:C1:A2:57:F5:AF:C9","sha256":"0F:A2:60:6D:86:A5:0D:06:E0:AD:B5:75:19:FB:B8:23:96:A5:43:4D:3B:F4:AE:88:9D:C6:53:93:7E:75:5F:81"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: microbull.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Apr 2026 08:05:17 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Sun, 07 Dec 2025 20:02:08 GMT\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BTa5O4djnOli4OF%2FOaRWlmelPZEZTmd%2Fzo3oPuavobC2%2BQ8Uq9rlIfmh2HBfzU%2BVj7RfFSzpJUf6wf5Nz9MnjxZmEY%2BXuombooHpCBTohlkU%2Bh%2FIGYFjRb8L%2FGGllC%2Bw\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9e770bfe6cfcb1b8-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15283,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"0d3f56fd571b52983cf57f07a87535b9","sha1":"c4395f10ad1fae76cab32d0f43d90234d098dd65","sha256":"83a63639bbbc759e5980c57b7f024961998fa10e2ac4e85271dd7ba18a967227","sha512":"eb42b8523ea8238c8fd8a0765cc788978dae587935580f5c34e8009a0c213507474284bef0fb7085f007d5e2676e12c80aededde372db601e2ea00e4e09c815a","ssdeep":"192:pmy2AFPXArO8pDGhgBByUKN/M4QtuOpAkNsDiA1:pLvEPGOK/M4QtuHjp","tlshash":"c062951a221115318a379b647b636249fb60601bc302c1a97b9edba94ff1660d1d3fdf","first_seen":"2026-01-19T22:20:55.094321Z","last_seen":"2026-04-05T08:05:39.657342Z","times_seen":13,"resource_available":true,"data":null}},"time_used":665,"timings":{"blocked":35,"dns":17,"connect":1,"send":0,"wait":595,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Malicious - Copy/Paste Social Engineering (ClickFix)","verdict":"malicious","severity":"medium","comment":"","tags":["malicious","clickfix"],"meta":null}]}}]}