maia.crimew.gay Open in urlscan Pro
144.24.243.235 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://maia.crimew.gay/posts/nebita-malware/
Submission: On October 24 via manual (October 24th 2023, 11:26:10 am UTC) from GB — Scanned from CH

Summary HTTP 40 Redirects Links 36 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 40 HTTP transactions. The main IP is 144.24.243.235, located in Zurich, Switzerland and belongs to ORACLE-BMC-31898, US. The main domain is maia.crimew.gay.
TLS certificate: Issued by R3 on September 2nd 2023. Valid for: 3 months.

This is the only time maia.crimew.gay was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
36	144.24.243.235 144.24.243.235	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
2	2a01:4f8:c010... 2a01:4f8:c010:4162::	24940 (HETZNER-AS) (HETZNER-AS)
2	147.182.173.25 147.182.173.25	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
40	3

36 144.24.243.235 (Zurich, Switzerland)

ASN31898 (ORACLE-BMC-31898, US)

maia.crimew.gay	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
umami.crimew.gay	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:c010:4162:: (Germany)

ASN24940 (HETZNER-AS, DE)

lavender.software	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.182.173.25 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

sleepy.zone	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	crimew.gay maia.crimew.gay umami.crimew.gay	1 MB
2	sleepy.zone sleepy.zone	3 KB
2	lavender.software lavender.software	3 KB
40	3

	Domain	Requested by
33	maia.crimew.gay	maia.crimew.gay
3	umami.crimew.gay	maia.crimew.gay umami.crimew.gay
2	sleepy.zone	maia.crimew.gay sleepy.zone
2	lavender.software	maia.crimew.gay lavender.software
40	4

This site contains links to these domains. Also see Links.

Domain
convinci.ng
webca.ge
nebita.com
github.com
en.wikipedia.org
ko-fi.com
nyancrimew.tumblr.com
crimew.gay
soundcloud.com
last.fm
git.lavender.software
reddit.com
umami.crimew.gay
twitter.com
cyber.dabamos.de
archlinux.org
versary.town
goop.house
oat.zone
sinewave.cyou
utsuho.rocks
ilwag.com
lavender.software
easrng.net
sleepy.zone
tayxm.neocities.org
sadgirlsclub.wtf

Subject Issuer	Validity	Valid
maia.crimew.gay R3	`2023-09-02` - `2023-12-01`	3 months	crt.sh
umami.crimew.gay R3	`2023-09-16` - `2023-12-15`	3 months	crt.sh
lavender.software R3	`2023-08-26` - `2023-11-24`	3 months	crt.sh
sleepy.zone R3	`2023-10-12` - `2024-01-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://maia.crimew.gay/posts/nebita-malware/
Frame ID: BD528B554BB02EA0194C8D5E7B583A0A
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

analyzing simple, real world PHP malware

Page Statistics

40
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

1449 kB
Transfer

1481 kB
Size

0
Cookies

36 Outgoing links

These are links going to different origins than the main page.

URL: https://convinci.ng/
Title: convincing

Search URL Search Domain Scan URL

URL: https://webca.ge/
Title: webcage

Search URL Search Domain Scan URL

URL: https://nebita.com/
Title: website of webcage member nebita

Search URL Search Domain Scan URL

URL: https://github.com/deletescape/nebita.com-samples/blob/main/index.php#L1
Title: the start of the file

Search URL Search Domain Scan URL

URL: https://github.com/deletescape/nebita.com-samples/blob/main/main.js#L63
Title: appended at the end

Search URL Search Domain Scan URL

URL: https://github.com/deletescape/nebita.com-samples/blob/main/2nd%20script/index.php
Title: another PHP file

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Web_shell
Title: webshell

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/ROT13
Title: rot13

Search URL Search Domain Scan URL

URL: https://github.com/deletescape/nebita.com-samples/blob/main/2nd%20script/decoded.php
Title: unobfuscated version of the script

Search URL Search Domain Scan URL

URL: https://github.com/deletescape/nebita.com-samples/blob/main/decoded.php
Title: this, now super clean, script

Search URL Search Domain Scan URL

URL: https://github.com/deletescape/nebita.com-samples/
Title: GitHub repository here

Search URL Search Domain Scan URL

URL: https://ko-fi.com/nyancrimew
Title: if you enjoyed this or any of my other work feel free to support me on my ko-fi. this is my only real source of income so anything goes a long way, and monthly contributions help tremendously with budgeting.

Search URL Search Domain Scan URL

URL: https://nyancrimew.tumblr.com/
Title: tumblr

Search URL Search Domain Scan URL

URL: https://crimew.gay/maia
Title: fedded verse

Search URL Search Domain Scan URL

URL: https://soundcloud.com/nyancrimew
Title: sounded cloud

Search URL Search Domain Scan URL

URL: https://last.fm/user/nyancrimew
Title: last dot federated states of micronesia

Search URL Search Domain Scan URL

URL: https://github.com/nyancrimew
Title: gitted hub

Search URL Search Domain Scan URL

URL: https://git.lavender.software/nyancrimew
Title: gitted tea

Search URL Search Domain Scan URL

URL: https://reddit.com/u/nyancrimew
Title: reddit

Search URL Search Domain Scan URL

URL: https://umami.crimew.gay/share/M77OUJ83Q4qBcOjZ/maia.crimew.gay
Title: analytics

Search URL Search Domain Scan URL

URL: https://twitter.com/vai5000_
Title: vai5000

Search URL Search Domain Scan URL

URL: https://twitter.com/_Anunnery
Title: A. Marmot

Search URL Search Domain Scan URL

URL: https://github.com/adryd325/oneko.js
Title: adryd325/oneko.js

Search URL Search Domain Scan URL

URL: https://cyber.dabamos.de/88x31

Search URL Search Domain Scan URL

URL: https://archlinux.org/

Search URL Search Domain Scan URL

URL: https://versary.town/

Search URL Search Domain Scan URL

URL: https://goop.house/

Search URL Search Domain Scan URL

URL: https://oat.zone/

Search URL Search Domain Scan URL

URL: https://sinewave.cyou/

Search URL Search Domain Scan URL

URL: https://utsuho.rocks/

Search URL Search Domain Scan URL

URL: https://ilwag.com/

Search URL Search Domain Scan URL

URL: https://lavender.software/
Title: lavender.software

Search URL Search Domain Scan URL

URL: https://easrng.net/
Title: easrng

Search URL Search Domain Scan URL

URL: http://sleepy.zone/
Title: sleepy.zone

Search URL Search Domain Scan URL

URL: https://tayxm.neocities.org/
Title: tayxm

Search URL Search Domain Scan URL

URL: https://sadgirlsclub.wtf/
Title: sadgirlsclub

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

40 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
maia.crimew.gay/posts/nebita-malware/ 38 KB
8 KB 150ms
17ms Document
text/html 144.24.243.235
ORACLE-BMC-31898

General

maia.crimew.gay Open in urlscan Pro 144.24.243.235 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

40 Requests

100 %HTTPS

33 %IPv6

3 Domains

4 Subdomains

3 IPs

3 Countries

1449 kBTransfer

1481 kBSize

0 Cookies

36 Outgoing links

Redirected requests

40 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

maia.crimew.gay Open in urlscan Pro
144.24.243.235 Public Scan

Screenshot
Live screenshot

Full Image

40
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

1449 kB
Transfer

1481 kB
Size

0
Cookies

40 HTTP transactions
0 data transactions