| track.pairfitem.com/redirect?target=BASE64aHR0cHM6Ly9nby52b3J0eGNlLnh5ei90czM4NTktaW50ZXJuYXRpb25hbC1nZW5lcmFsJmNpZD13Ym1ua3RlcjM5NHRyNnMwajQyNjlsZ3EmdGhydT04Y2JjYjYyZS02OTFkLTRjMGItOWZhMy0xNWNjNzcxNWZiZjg&ts=1714141736856&hash=lD9Febw79gZ6hNKFZxr7dV0qgWUejvyzt1GlBCSdeuQ&rm=D |  18.195.174.160 | | 380 B |
URL track.pairfitem.com/redirect?target=BASE64aHR0cHM6Ly9nby52b3J0eGNlLnh5ei90czM4NTktaW50ZXJuYXRpb25hbC1nZW5lcmFsJmNpZD13Ym1ua3RlcjM5NHRyNnMwajQyNjlsZ3EmdGhydT04Y2JjYjYyZS02OTFkLTRjMGItOWZhMy0xNWNjNzcxNWZiZjg&ts=1714141736856&hash=lD9Febw79gZ6hNKFZxr7dV0qgWUejvyzt1GlBCSdeuQ&rm=D IP18.195.174.160:0
File typeHTML document, ASCII text, with very long lines (380), with no line terminators Hash4debddaa25e2555b3ba35c9e1c35fb9a 5820b37fdc9eb6cbb5ff0be9138d6b2bd196b418 31e4311933b7e56afe897d054dfe6dfd55a07e445a0c7442ce12ae97892f4b74
GET /redirect?target=BASE64aHR0cHM6Ly9nby52b3J0eGNlLnh5ei90czM4NTktaW50ZXJuYXRpb25hbC1nZW5lcmFsJmNpZD13Ym1ua3RlcjM5NHRyNnMwajQyNjlsZ3EmdGhydT04Y2JjYjYyZS02OTFkLTRjMGItOWZhMy0xNWNjNzcxNWZiZjg&ts=1714141736856&hash=lD9Febw79gZ6hNKFZxr7dV0qgWUejvyzt1GlBCSdeuQ&rm=D HTTP/1.1
Host: track.pairfitem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 14:28:57 GMT
content-type: text/html;charset=UTF-8
content-length: 380
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2
|
|
| go.vortxce.xyz/ts3859-international-general&cid=wbmnkter394tr6s0j4269lgq&thru=8cbcb62e-691d-4c0b-9fa3-15cc7715fbf8 |  179.43.178.76 | 302 Found | 0 B |
URL User Request GET HTTP/1.1go.vortxce.xyz/ts3859-international-general&cid=wbmnkter394tr6s0j4269lgq&thru=8cbcb62e-691d-4c0b-9fa3-15cc7715fbf8 IP179.43.178.76:443 ASN#51852 Private Layer INC
CertificateIssuerLet's Encrypt Subjectgo.vortxce.xyz FingerprintD5:7F:84:F6:88:95:D2:B4:6E:E8:F8:07:90:B7:26:18:A9:40:7C:BA ValidityTue, 27 Feb 2024 12:58:41 GMT - Mon, 27 May 2024 12:58:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ts3859-international-general&cid=wbmnkter394tr6s0j4269lgq&thru=8cbcb62e-691d-4c0b-9fa3-15cc7715fbf8 HTTP/1.1
Host: go.vortxce.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:57 GMT
Transfer-Encoding: chunked
Connection: close
Location: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
|
|
| securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 |  91.224.59.25 | 200 OK | 1.7 kB |
URL User Request GET HTTP/1.1securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typeHTML document, ASCII text Hash805c95976ff0d8168d66211961390cf0 8fd62db72c36d643549301940377576daa24e6c2 ddead6766f92963664f9177a61a85b8611aa18cf0b3bfada57a02699de0793c5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
|
|
| securityupdatesystem.com/av/lp2/src/css/style.css | 91.224.59.25 | 200 OK | 8.3 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/css/style.css IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typeASCII text, with CRLF line terminators Hashce9e3b3c913f2d1e45b754b23a7713c9 5e7b7e6c5f9f945bbdb44f0b7f54cc4d95423f0c 944086a0d1f0c20565f790d56b969ed888b288967811f402a017f6bc9239230b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/css/style.css HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: text/css
Content-Length: 8319
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-207f"
Accept-Ranges: bytes
|
|
| track.cornzself.com/2a18b4b0-b01a-4364-91c8-51616a654080?{var1}=txt1&{var2}=mz&{var3}=18025578237 | 18.195.174.160 | | 5.2 kB |
URL track.cornzself.com/2a18b4b0-b01a-4364-91c8-51616a654080?{var1}=txt1&{var2}=mz&{var3}=18025578237 IP18.195.174.160:0
File typeHTML document, ASCII text, with very long lines (5191), with no line terminators Hashdd6feeaad3b90c2a9a7b7cc3b775ed1f 401082a8ce6da145c74f9f9a7d6dc4949ef56f85 975b9b90b765a5ac5d1a2476725202933c42bf813647ed2a8a0f29fcd5e995e8
GET /2a18b4b0-b01a-4364-91c8-51616a654080?{var1}=txt1&{var2}=mz&{var3}=18025578237 HTTP/1.1
Host: track.cornzself.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 14:28:56 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: 2a18b4b0-b01a-4364-91c8-51616a654080-v4=2lblFajEwRdwlt6LEce3psXIocXfWfvfQQqKm89yVmc; Max-Age=86400; Expires=Sat, 27-Apr-2024 14:28:56 GMT; Domain=track.cornzself.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=TK788at8bjXiJV%2BKaxgDpLmv4D%2BinJ7W08YTfjUoNkX0Ybg6gdDqSAU5JvBjyloPUFsEB76c0WTnoFiG%2FEAm8dv9cq6YdOC43qE6HBD0vUuo4jRPVQGMoUXVq89V1tjvDdOJwoFgB4EGVrL4n7cSAA%3D%3D; Max-Age=31536000; Expires=Sat, 26-Apr-2025 14:28:56 GMT; Domain=track.cornzself.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
|
|
| securityupdatesystem.com/av/lp2/src/img/icon4.png | 91.224.59.25 | 200 OK | 5.0 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/icon4.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 67 x 47, 8-bit/color RGB, non-interlaced Hashad04ec96a1adfa3bf2b58ac7257be13b 14885846d898c73df94bff1f0c494286e103a426 06c2c59f0fd9ae92b15e5a33a2f22fc59ee42fd24f60a40973f505d45e40f6c0
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/icon4.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 4984
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-1378"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/ccleaner.png | 91.224.59.25 | 200 OK | 3.3 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/ccleaner.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 144 x 40, 8-bit colormap, non-interlaced Hasheca9c089d90f8b257f3dfadb242d1f8f 4fb858cc41b33e49305d53a8a720d35241723fc4 7a908bdb1f75f40bb02214185eca535bba50aa49bb974a1a2bdcec269b73c71d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/ccleaner.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 3292
Last-Modified: Fri, 26 Apr 2024 13:33:51 GMT
Connection: keep-alive
ETag: "662bad3f-cdc"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/pixel/t.js?v=1714141737 | 91.224.59.25 | 200 OK | 694 B |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/pixel/t.js?v=1714141737 IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typeASCII text, with very long lines (694), with no line terminators Hashe3ba066d8d221675e2f88d9a5fd8e006 25fdd6c4dc319913c09e4ddbc94453ea94d9f41d 5ae020e2884774376cb120f211482ffa74db792a7cbe95a8f14771d096d1cae9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/pixel/t.js?v=1714141737 HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: application/javascript
Content-Length: 694
Last-Modified: Thu, 14 Mar 2024 14:22:28 GMT
Connection: keep-alive
ETag: "65f30824-2b6"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/icon1.png | 91.224.59.25 | 200 OK | 5.5 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/icon1.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 59 x 58, 8-bit/color RGB, non-interlaced Hash1c8022933c336dcee699c8c02af195a3 947bc65cf0286bcccfa0ab75d572fd5cf493a012 8e4458cbede31818c7a1778de7032a67b99f6f4aa398b4f317aa681e3652d32f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/icon1.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 5523
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-1593"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/icon2.png | 91.224.59.25 | 200 OK | 4.5 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/icon2.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 38 x 61, 8-bit/color RGB, non-interlaced Hash87fda32b63c2fd90899ead0c197c816d 52a4620474a0970079e7599a0efd2987ff1c2248 b55ab4b13f9d2154195deb959dd47ceb2ce45673d9fac23b90e3a044bbc99ea7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/icon2.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 4507
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-119b"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/icon3.png | 91.224.59.25 | 200 OK | 4.9 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/icon3.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 62 x 58, 8-bit/color RGB, non-interlaced Hashd6e1e0576a3eb003c23b493bc22e48a8 9278373838efda04c00afde62205ae5a5329840b 57605c081ae05e4750fc8c5496e6ca0bb81510ca9fadb08a6bf38af2c0d0c86a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/icon3.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 4940
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-134c"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/ico_tray1.png | 91.224.59.25 | 200 OK | 224 B |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/ico_tray1.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hash73737cf692b98b0108062619f2e4c376 cba78652f41e1d341133063e04088b707d4aa0ff 456a92631c097bfcefdb86e75e3e3297d86efda422495a3fa2148dfbf6484b19
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/ico_tray1.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 224
Last-Modified: Mon, 12 Feb 2024 15:41:15 GMT
Connection: keep-alive
ETag: "65ca3c1b-e0"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/ico_tray2.gif | 91.224.59.25 | 200 OK | 377 B |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/ico_tray2.gif IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typeGIF image data, version 89a, 16 x 16 Hashc10bdec858cb0cf9e6cc5865d5925746 697c095ed5509e5a5af0c5ebf2380662aeffc531 b65b47a79e32335d9ca35ff59c6975d2b5808f84da0db88d11ce777b33e72ad9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/ico_tray2.gif HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/gif
Content-Length: 377
Last-Modified: Mon, 12 Feb 2024 15:39:58 GMT
Connection: keep-alive
ETag: "65ca3bce-179"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/secure.png | 91.224.59.25 | 200 OK | 24 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/secure.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced Hashc4e55728aa0160a80cf9057a862ea666 dd37c36c6613243b6346213301f5d3358ace2599 0496de5808febe4d7fdd0f00ef764684e8714cc90505ef06175b5e1015982810
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/secure.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 23695
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-5c8f"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/ico_tray3.gif | 91.224.59.25 | 200 OK | 234 B |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/ico_tray3.gif IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typeGIF image data, version 89a, 16 x 16 Hash9ce99ec458daf212f9812a90f3fadd13 9e3041bc91b79a17b52e0fbb6c2d0e2f905d98a1 b0d335401c9fd5fac9991ec92edaf7865ff3a491ebe390120936c69796c3b753
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/ico_tray3.gif HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/gif
Content-Length: 234
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-ea"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/ico_tray1.gif | 91.224.59.25 | 200 OK | 69 B |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/ico_tray1.gif IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typeGIF image data, version 89a, 16 x 16 Hash3ae573d079dcd1d2da4086f2c0c72c45 e7c9dabec81379373476ed23168dcecb9b8c56aa 9cce08ab28e94790cf78c87e37f8690acbc6c535e4b43ae7b38506b94538e107
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/ico_tray1.gif HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/gif
Content-Length: 69
Last-Modified: Mon, 12 Feb 2024 15:39:54 GMT
Connection: keep-alive
ETag: "65ca3bca-45"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/check-at.png | 91.224.59.25 | 200 OK | 589 B |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/check-at.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 100 x 82, 8-bit colormap, non-interlaced Hash7dc759a0167fa72ff540d84ce3f8eb9f 8668a63ba60918e561046a724941ee8d53d82716 b7569575aaf5dad64b37c838dfc5aa17e10f56a17d4cde7635118509ea62d9c5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/check-at.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 589
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-24d"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/red.png | 91.224.59.25 | 200 OK | 4.3 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/red.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 100 x 96, 8-bit/color RGBA, non-interlaced Hashff20c1bfa63cbc9b571ae114933d192b a7116b2f213b3c98dd911cfe3a9bb25374cb10ec 454d51082d26e83d36a4cafbde2268edead04aebcb0466906c3e629ece7fbf9b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/red.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 4285
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-10bd"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/yellow.png | 91.224.59.25 | 200 OK | 4.0 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/yellow.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 100 x 96, 8-bit/color RGBA, non-interlaced Hash42896b0be0ed4b67f3ed9812e4939b09 6aa07f596f7ae8fe85762ccd9b47ac2807fdb23b 10e5f1cd32666c89168131c9972666e2250857656d029159e6badb9fe32aedfb
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/yellow.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 3959
Last-Modified: Mon, 12 Feb 2024 15:37:56 GMT
Connection: keep-alive
ETag: "65ca3b54-f77"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/orange.png | 91.224.59.25 | 200 OK | 4.6 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/orange.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 100 x 96, 8-bit/color RGBA, non-interlaced Hashd01e42bbed83b48968019bc0b66cb7d6 ba16ff6d4ae3435ecd6b37973cc16535f3bc29b5 5cdde8c15502a3876ece91ca85ca190870293b623311a848ca78172f81438b5c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/orange.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 4635
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-121b"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/red_shield.jpg | 91.224.59.25 | 200 OK | 14 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/red_shield.jpg IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 192x232, components 3 Hash86112106f66cef0efe1139c9798a639f 885c12203789f765f64b75155e56ba440b45ed61 6c0405812a92b5cfdc090529a5ecd68aa77ec74702f34db509cf9f350e8b9e78
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/red_shield.jpg HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/jpeg
Content-Length: 14271
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-37bf"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/secure2.png | 91.224.59.25 | 200 OK | 24 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/secure2.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced Hashb540de4f4c7c7ab5a13571919bd61a91 392efc1b85067e92d6ccf40cf6004543ac30eb08 2480bad873452d6699c7e0eba80076ac9a4decd89fc47504f905fcfe23105d04
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/secure2.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 23908
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-5d64"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/loading.gif | 91.224.59.25 | 200 OK | 35 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/loading.gif IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typeGIF image data, version 89a, 480 x 480 Hash479ee3502382e102acdb60f4e0549e9b 6956c8efc907230e81629b4d6b169ae6859546a3 ceac51e89a2561897de693334c894ca96baf30bd22ec01c2d941a798dd58a2d9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/loading.gif HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/gif
Content-Length: 34681
Last-Modified: Mon, 12 Feb 2024 15:37:55 GMT
Connection: keep-alive
ETag: "65ca3b53-8779"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/pixel/?iS=1&offset=0 | 91.224.59.25 | 200 OK | 46 B |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/pixel/?iS=1&offset=0 IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typeASCII text, with no line terminators Hashbeedbb66afa711bc67b66078b01a7c67 c92ac7195025fae79c06316f32bb71f5f1f8394c 88e54a24bef5fd3472d12a1bc723b80f4c458a29ef4121af525bc479ff5de202
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/pixel/?iS=1&offset=0 HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
|
|
| securityupdatesystem.com/av/lp2/src/img/x.png | 91.224.59.25 | 200 OK | 81 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/x.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 2000 x 2000, 8-bit/color RGBA, non-interlaced Hashfb0479b32165743707b76faa661482cf f00b35b8a17a36f8e506a1ff23c1ac3dca0558bf ddc0f3d26a8b630f67ba0f2964419a3a76878947ddfcd3a43c10acae833f4dab
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/x.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 81174
Last-Modified: Mon, 12 Feb 2024 15:37:56 GMT
Connection: keep-alive
ETag: "65ca3b54-13d16"
Accept-Ranges: bytes
|
|
| securityupdatesystem.com/av/lp2/src/img/ccleaner2.png | 91.224.59.25 | 200 OK | 7.2 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/img/ccleaner2.png IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typePNG image data, 173 x 173, 8-bit colormap, non-interlaced Hashd86a3e4657a17a5ae2f05ef9be0761cb 3f958f563dbbf27aacffeb5055ba56b57237a227 ef6bf33540d0c34b752ebcbdf2f7054da694d19e216d61db32449e96fb81e013
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/img/ccleaner2.png HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: image/png
Content-Length: 7156
Last-Modified: Fri, 26 Apr 2024 13:33:51 GMT
Connection: keep-alive
ETag: "662bad3f-1bf4"
Accept-Ranges: bytes
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml |  35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=SGVNiWs5tJ8RjSF7MyUFfoBVIbAtnnvWJp1zGRv3wL_73kTRWapgBeekz2Z03bVoXLv51ZDpQ5cG5MfAoLtWa2FJ6O_nMD01wZqh4NCVfP9JDBK4xhsPfKgHtOpxKcrC
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Fri, 26 Apr 2024 14:29:05 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 10
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| securityupdatesystem.com/av/lp2/src/js/s.js | 91.224.59.25 | 200 OK | 4.6 kB |
URL GET HTTP/1.1securityupdatesystem.com/av/lp2/src/js/s.js IP91.224.59.25:443 ASN#50833 FIBER TELECOM s.r.o.
Requested byhttps://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2 CertificateIssuerLet's Encrypt Subjectsecurityupdatesystem.com Fingerprint02:71:13:69:C8:D8:4C:AE:AF:38:A9:A0:D4:6C:34:E0:4B:5A:20:34 ValidityWed, 10 Apr 2024 03:42:33 GMT - Tue, 09 Jul 2024 03:42:32 GMT
File typeJavaScript source, ASCII text, with very long lines (4645), with no line terminators Hashfebc17d1ae8543ad302a7f94865286ae 26e8cca7fb3fe685ca225cb5d3af774b9fa8088d 9edac09ba6deed73d7e6e295152e04142cdbe8b54bd43b69f45f8cb1519a0207
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /av/lp2/src/js/s.js HTTP/1.1
Host: securityupdatesystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://securityupdatesystem.com/av/lp2/?cusOfr=ccleaner&s1=hs55&s2=181420155&s3=ts3859-international-general&s4=92757&c=0.0&click=GVM1UCU1C7300GOR1ZKLS2A2
Cookie: PHPSESSID=aefft7hsv16psitgeqda62cs2v
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Fri, 26 Apr 2024 14:28:58 GMT
Content-Type: application/javascript
Content-Length: 4645
Last-Modified: Mon, 12 Feb 2024 15:37:56 GMT
Connection: keep-alive
ETag: "65ca3b54-1225"
Accept-Ranges: bytes
|
|