Report - uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513

Report Overview

Submitted URL
uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
IP
212.117.190.104
ASN
#7979 SERVERS-COM
Submitted
2024-04-17 03:02:24
Access
public
Website Title
Answer and Get a Reward!
Final URL
uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513#
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
uiyy3clcm.com	unknown	2024-02-28	2024-02-28	2024-04-16	28 kB	378 kB	212.117.190.104
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-16	430 B	2.4 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed
2024-04-17	medium	uiyy3clcm.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	uiyy3clcm.com/paysite-black-dirty/js/main.js	4.3 kB	2024-04-14	2024-04-24
Pretty URL uiyy3clcm.com/paysite-black-dirty/js/main.js IP 212.117.190.104 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-14 21:18:13 Last Seen2024-04-24 05:07:11 Times Seen14 Hash 5ad821f55e04182af0c47540a68f4198 d528dfec0f3e7c7b39f8c4f976af709d1c52d7ab a9c443b8a2293fdc28d6838cd1f8d6829507b67eb5bde2038949587a8ac06468 Loading...

HTTP Transactions (18)

URL IP Response Size

uiyy3clcm.com/paysite-black-dirty/images/logo.svg

212.117.190.104

200 OK

11 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/images/logo.svg
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
SVG Scalable Vector Graphics image
Size
11 kB (11184 bytes)
Hash
5a827de9d012ab99e84552481bd76ec2
6724af6e7f4d1755ceba0c8c1655bf65cf930f96
983469599f0cbfa613824842eb563e6e631de479ef215ea08aa76ec9a209ef37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/images/logo.svg HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: image/svg+xml
content-length: 11184
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-2bb0"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/images/step-small-boobs.jpg?m=2

212.117.190.104

200 OK

29 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/images/step-small-boobs.jpg?m=2
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x400, components 3
Size
29 kB (29399 bytes)
Hash
dd1267ef94996400f7603b3ef988b012
ec83cf9121310282e4fa3145080ea389c9e4efeb
bcf75463244e49a197a6a20bc2825a88d5d07787e6cc9e32ce00c4685b25bb22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/images/step-small-boobs.jpg?m=2 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: image/jpeg
content-length: 29399
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-72d7"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/images/step-big-boobs.jpg?m=2

212.117.190.104

200 OK

24 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/images/step-big-boobs.jpg?m=2
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x400, components 3
Size
24 kB (24065 bytes)
Hash
c9683b90b72fd85bcda1e8b30630353c
388f10ac81c307fdc1384c97dd4192fb450b72c5
940357c6b7a7eacd0b37cf9cc50a9449b5096690a1e15f9b122e71e9dbb25c73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/images/step-big-boobs.jpg?m=2 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: image/jpeg
content-length: 24065
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-5e01"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/images/step-huge-boobs.jpg?m=2

212.117.190.104

200 OK

28 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/images/step-huge-boobs.jpg?m=2
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x400, components 3
Size
28 kB (28342 bytes)
Hash
6af63e4157ab0d5c6ad84902091c01c1
9bd1b089198022958136cf4302c05c8bbcf46f32
0f825f36169e35ae14e55622c4ae51eac41921f17ba1c33559d5f5c7bddeb844

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/images/step-huge-boobs.jpg?m=2 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: image/jpeg
content-length: 28342
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-6eb6"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/images/step-small-ass.jpg?m=2

212.117.190.104

200 OK

17 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/images/step-small-ass.jpg?m=2
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x400, components 3
Size
17 kB (16596 bytes)
Hash
a96a4fdc64a928f3f6985ca1cf0ef37d
936b5a0dfd9da34d167399baa21c0493bc820862
dfc00397b03688cabc592dd782f10c54a1945115d49c05bfbf710b8fc5079ab5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/images/step-small-ass.jpg?m=2 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: image/jpeg
content-length: 16596
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-40d4"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/images/step-big-ass.jpg?m=2

212.117.190.104

200 OK

35 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/images/step-big-ass.jpg?m=2
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x400, components 3
Size
35 kB (34609 bytes)
Hash
61f8102d883bb8c47d51797b20de34e8
c17ddca695c2d8db74a2517e9886f7bbefc693fe
c59f09bc1f152aff55a523f1b71fd9b23920f24b0ba44d8363dfbd2467e0f7d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/images/step-big-ass.jpg?m=2 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: image/jpeg
content-length: 34609
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-8731"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/images/step-huge-ass.jpg?m=2

212.117.190.104

200 OK

18 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/images/step-huge-ass.jpg?m=2
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x400, components 3
Size
18 kB (18385 bytes)
Hash
6972ff3f093ae42b631436ab29ea4a5c
f87885b2f0ef26e238e96b09bdc0ba2d4af17b58
5b3122eda7568e8a27b7e8ee55484a01cc232be45656f27b618f88d75d4bf329

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/images/step-huge-ass.jpg?m=2 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: image/jpeg
content-length: 18385
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-47d1"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/images/step-nobush.jpg?m=2

212.117.190.104

200 OK

24 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/images/step-nobush.jpg?m=2
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x400, components 3
Size
24 kB (23773 bytes)
Hash
717b1ff55392706e7f31043f89d0ec1f
9ea2ce5afdc9c3e8d49c3e530fbe0549b3ed33ab
92417aa0853b709420a0497b49f1ecc3cb18602ab7150f3a4896b67b8754f942

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/images/step-nobush.jpg?m=2 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: image/jpeg
content-length: 23773
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-5cdd"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/images/step-landing-strip.jpg?m=2

212.117.190.104

200 OK

22 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/images/step-landing-strip.jpg?m=2
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x400, components 3
Size
22 kB (21536 bytes)
Hash
01f122cc4801381e31d023168de004d6
5c1fc67a6853dacddc0b390e87c78aff150de199
78ce3307852b135fc7e17b7adce71f736dae053ea0246ac016fde04b37f4fdb7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/images/step-landing-strip.jpg?m=2 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: image/jpeg
content-length: 21536
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-5420"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/images/step-bush.jpg?m=2

212.117.190.104

200 OK

24 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/images/step-bush.jpg?m=2
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x400, components 3
Size
24 kB (24546 bytes)
Hash
6044b83f42f85709183d17b3024221ed
d151b74ef542e25c156499c32489159d78768396
10dcd382e815120fa37a99c08327aed537e73cf3a809ff3d61deaaac78889c29

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/images/step-bush.jpg?m=2 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: image/jpeg
content-length: 24546
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-5fe2"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/images/gift.png?

212.117.190.104

200 OK

34 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/images/gift.png?
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
PNG image data, 1600 x 1600, 8-bit/color RGBA, non-interlaced
Size
34 kB (34363 bytes)
Hash
fcfea1705a4e373a41565b041940efc9
3bec61d9e469f2137ec2c7bef39d76cd989bd79e
11dfda7706efd5c09013bf001eda8f727ea3cd116e5acdb22fc9f3a427613906

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/images/gift.png? HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: image/png
content-length: 34363
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-863b"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/fonts/Arial-Black.woff2

212.117.190.104

200 OK

55 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/fonts/Arial-Black.woff2
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 54724, version 5.0
Size
55 kB (54724 bytes)
Hash
414a8dd50f6ec569cf81502c9686eb43
23da67cfcabcb106aa174919c446ca70d98d4419
5cbc84e81c921d3c7d78d2dc4822794c112c0eaac61b3add8a2d866919807509

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/fonts/Arial-Black.woff2 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/css/styles.min.css?m=2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:59 GMT
content-type: application/octet-stream
content-length: 54724
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-d5c4"
expires: Thu, 18 Apr 2024 03:01:59 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/fonts/BebasNeue-Bold.woff2

212.117.190.104

200 OK

13 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/fonts/BebasNeue-Bold.woff2
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13104, version 1.0
Size
13 kB (13104 bytes)
Hash
8398ae6d3a986e6b14f90693e03d80e6
d7af7572da7cd55eb9e5bcf9efff95e3e04fb6f0
22fa9713f7b5fbe3ebbfd4a9bb7326b5c7856937d245e6b97432c852359d2847

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/fonts/BebasNeue-Bold.woff2 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/css/styles.min.css?m=2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:59 GMT
content-type: application/octet-stream
content-length: 13104
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
etag: "661e9a2e-3330"
expires: Thu, 18 Apr 2024 03:01:59 GMT
cache-control: max-age=86400
accept-ranges: bytes
X-Firefox-Spdy: h2

uiyy3clcm.com/favicon.ico

212.117.190.104

204 No Content

0 B

URL GET HTTP/2
uiyy3clcm.com/favicon.ico
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Wed, 17 Apr 2024 03:01:59 GMT
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/css/styles.min.css?m=2

212.117.190.104

200 OK

28 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/css/styles.min.css?m=2
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
ASCII text, with very long lines (870)
Size
28 kB (28015 bytes)
Hash
8681d21f8c5bd0610179fbc3b5109d14
c96ecb99c7ac96589bd1471ae9ceb6d243099698
ba94b462de689ab250b9e882d8952e080a466eca13e0c9b6894999e5fa9b4637

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/css/styles.min.css?m=2 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: text/css
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
vary: Accept-Encoding
etag: W/"661e9a2e-6d6f"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
content-encoding: gzip
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513

212.117.190.104

200 OK

5.8 kB

URL User Request GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
HTML document, ASCII text, with very long lines (6153), with no line terminators
Size
5.8 kB (5773 bytes)
Hash
8ed61bb17e647e508069f659d9d706df
63698cb9c26df98a6c06970adbc1877b762efd95
5718922294840313d88df83f762d569a77315973278012c9ceb35dd8450d0c71

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513 HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: text/html
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
vary: Accept-Encoding
etag: W/"661e9a2e-168d"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Oswald:300

142.250.74.106

200 OK

1.7 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Oswald:300
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (1780), with no line terminators
Size
1.7 kB (1740 bytes)
Hash
61e9d3d5f023adaab43aa6a0551940e7
59c5c618ac57c909fe394912abe880426e2205fd
732295cb1be1a40cc181fe6fd8504e225f8d6bc83e84757e3becb6219f6989ca

HTTP Headers

GET /css?family=Oswald:300 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 17 Apr 2024 03:01:58 GMT
date: Wed, 17 Apr 2024 03:01:58 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

uiyy3clcm.com/paysite-black-dirty/js/main.js

212.117.190.104

200 OK

4.3 kB

URL GET HTTP/2
uiyy3clcm.com/paysite-black-dirty/js/main.js
IP
212.117.190.104:443
ASN
#7979 SERVERS-COM

Requested by
https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Certificate
IssuerLet's Encrypt
Subjectuiyy3clcm.com
Fingerprint76:02:6A:BA:50:94:99:76:98:42:2A:0D:ED:10:8C:AD:C3:85:9D:E7
ValidityWed, 28 Feb 2024 04:45:14 GMT - Tue, 28 May 2024 04:45:13 GMT

File type
JavaScript source, ASCII text, with very long lines (4476), with no line terminators
Size
4.3 kB (4336 bytes)
Hash
66dbe5c3a55383d4c1b31a79e5bc967b
0892f975c6f369d221dcd9d912a56df4fad0cf76
18948e4ef2dcc3dc2beeb957390d7c914ee995e99cd2b8a671f3dccc9b86bc55

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /paysite-black-dirty/js/main.js HTTP/1.1
Host: uiyy3clcm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://uiyy3clcm.com/paysite-black-dirty/?dd=g8bb6j5pn.com&lang=en&prpsrc=hKFtzgA8scyhes4AHtiJoWceoXIf&pxl=https://osfagtfipand.com/sunny.gif?zoneid=2021513&t=0&y=911&eclog=0&im=1&chv=15.0.0&pb=3d9994c3b3e15a6a2caf6ac79d2b405a1713320590&cnvs=1&ls=1&cd=24&vcv=Google+Inc.+(NVIDIA)&vcn=ANGLE+(NVIDIA,+NVIDIA+GeForce+RTX+3060+(0x00002504)+Direct3D11+vs_5_0+ps_5_0,+D3D11)&md=0&chb=64&os=-600&pf=Win32&freq=2&wgl=1&lang=en-GB&tz=Australia/Sydney&bb=0&cti=0&abvar=0&ss=1&plu=PDF+Viewer::Chrome+PDF+Viewer::Chromium+PDF+Viewer::Microsoft+Edge+PDF+Viewer::WebKit+built-in+PDF&cha=x86&id=2021513&wcks=1&ix=0&x=1920&afid=4334408356993024&chm=false&ab=5&nojs=0&febuild=1.0.221&chp=Windows&psp=EBj2MTCA9IQULYQKDREZE7Inoqjb193AAOLWqkNis3NflVbT0TQ8qgymICdaXfVvY3cQq86gtB9yR34HD_Ne2tAzYoankAo15qP6vPTks1UhBtHo6Vbn0keRS9EJt8Yu9cguTJffNYDqlwrowhDp93vWvZe6512W5EW-UKumqrektLlsope-GfuarwZVb-S6vsjRyu9n3DEW_cVv9VonhLPpgtQ8qugtbMwyM5g5pqbCg_2QqrRX-uK1dp4GwzyRG2grn2ApqXWbNL1xDmvsyU7a6dlGnhceLpqi-mcQkxi9QFTRpLdtLKvleANt486d92Tb_lHtXRXbJyoljNT3DJQfcLZGzNxq56z_vcOgavZwRhy_DGKW3BUHi7-m5ixKqfrbVEf33sDYE8N-5L4tPEg9Tkoadr7KVkEifutlKuwT7OGOy34QCp3HEOmL4SIsUEOr5-31V2nRcoGYsME17XXEghFtruyXG9XvJkHEf2KPOx_-qD9XXUBRakSGfrznvIM4cYGytJkffC93LgdAYMeoBppdIIUJ8Oxcl9O5kMzaDyTQSF0-_G-Wa9WYn2u4ZhC_EfdMSHOBjuIeP2Dvk6_g-al8kA==&s=24041619236915961c399742febdafde99bc&z=2021513
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 03:01:58 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 15:33:02 GMT
vary: Accept-Encoding
etag: W/"661e9a2e-10f0"
expires: Thu, 18 Apr 2024 03:01:58 GMT
cache-control: max-age=86400
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (18)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type