urlquery - report: przvgke.biz/fbtjdwlnfgcgig

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP	Comment
przvgke.biz (2)	0	2022-01-11 16:52:06	2023-05-25 07:56:28	746	244	167.99.35.88

Fully Qualifying Domain Name

Rank

First Seen

Last Seen

Sent bytes

Received bytes

Comment

przvgke.biz (2)

2022-01-11 16:52:06

2023-05-25 07:56:28

746

244

167.99.35.88

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-26 04:26:48 UTC	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-26 04:26:48 UTC	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-26 04:26:48 UTC	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-26 04:26:48 UTC	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-26 04:26:51 UTC	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .biz TLD
2023-05-26 04:27:01 UTC	high	167.99.35.88	Client IP	ET MALWARE Known Sinkhole Response Header

Timestamp

Severity

Source IP

Destination IP

Alert

2023-05-26 04:26:48 UTC

medium

Client IP

Internal IP

ET INFO Observed DNS Query to .biz TLD

2023-05-26 04:26:48 UTC

medium

Client IP

Internal IP

ET INFO Observed DNS Query to .biz TLD

2023-05-26 04:26:48 UTC

medium

Client IP

Internal IP

ET INFO Observed DNS Query to .biz TLD

2023-05-26 04:26:48 UTC

medium

Client IP

Internal IP

ET INFO Observed DNS Query to .biz TLD

2023-05-26 04:26:51 UTC

medium

Client IP

Internal IP

ET INFO Observed DNS Query to .biz TLD

2023-05-26 04:27:01 UTC

high

167.99.35.88

Client IP

ET MALWARE Known Sinkhole Response Header

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	przvgke.biz/fbtjdwlnfgcgig	Malware
2023-05-26	medium	przvgke.biz/	Malware

Scan Date

Severity

Indicator

Comment

2023-05-26

medium

przvgke.biz/fbtjdwlnfgcgig

Malware

2023-05-26

medium

przvgke.biz/

Malware

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	przvgke.biz	Sinkholed
2023-05-26	medium	przvgke.biz	Sinkholed

Scan Date

Severity

Indicator

Comment

2023-05-26

medium

przvgke.biz

Sinkholed

2023-05-26

medium

przvgke.biz

Sinkholed

Scan Date	Severity	Indicator	Comment
2023-05-26	medium	przvgke.biz	Sinkholed
2023-05-26	medium	przvgke.biz	Sinkholed

Scan Date

Severity

Indicator

Comment

2023-05-26

medium

przvgke.biz

Sinkholed

2023-05-26

medium

przvgke.biz

Sinkholed

Date	UQ / IDS / BL	URL	IP
2023-06-03 21:00:52 UTC	3 - 5 - 0	utbidet-ugeas.biz/d/N?02224A98D8224A98D8134AB (...)	167.99.35.88
2023-06-03 20:48:59 UTC	3 - 5 - 0	utbidet-ugeas.biz/d/N?029802794298027942B6025 (...)	167.99.35.88
2023-06-03 19:48:39 UTC	3 - 5 - 4	przvgke.biz/ieayn	167.99.35.88
2023-06-03 17:58:40 UTC	3 - 6 - 0	utbidet-ugeas.biz/d/N?0249F1A60A49F1A60A67F18 (...)	167.99.35.88
2023-06-03 16:24:20 UTC	3 - 5 - 4	przvgke.biz/doonyqyqgs	167.99.35.88

Date

UQ / IDS / BL

URL

2023-06-03 21:00:52 UTC

3 - 5 - 0

utbidet-ugeas.biz/d/N?02224A98D8224A98D8134AB (...)

167.99.35.88

2023-06-03 20:48:59 UTC

3 - 5 - 0

utbidet-ugeas.biz/d/N?029802794298027942B6025 (...)

167.99.35.88

2023-06-03 19:48:39 UTC

3 - 5 - 4

przvgke.biz/ieayn

167.99.35.88

2023-06-03 17:58:40 UTC

3 - 6 - 0

utbidet-ugeas.biz/d/N?0249F1A60A49F1A60A67F18 (...)

167.99.35.88

2023-06-03 16:24:20 UTC

3 - 5 - 4

przvgke.biz/doonyqyqgs

167.99.35.88

Date	UQ / IDS / BL	URL	IP
2023-06-03 23:56:32 UTC	0 - 2 - 4	advisorycouncil.top/	167.99.137.250
2023-06-03 23:52:05 UTC	3 - 0 - 9	bafybeidalcgaj4ol4ls5exxbksgv6xhwguxgjfgt3pjr (...)	167.99.28.56
2023-06-03 23:45:47 UTC	0 - 6 - 0	lactans.serveo.net/	159.89.214.31
2023-06-03 23:20:39 UTC	0 - 10 - 0	tiny.cc/tdbank016?06	157.245.113.153
2023-06-03 23:20:30 UTC	0 - 12 - 0	tiny.cc/tdbank0016?33	157.245.113.153

Date

UQ / IDS / BL

URL

2023-06-03 23:56:32 UTC

0 - 2 - 4

advisorycouncil.top/

167.99.137.250

2023-06-03 23:52:05 UTC

3 - 0 - 9

bafybeidalcgaj4ol4ls5exxbksgv6xhwguxgjfgt3pjr (...)

167.99.28.56

2023-06-03 23:45:47 UTC

0 - 6 - 0

lactans.serveo.net/

159.89.214.31

2023-06-03 23:20:39 UTC

0 - 10 - 0

tiny.cc/tdbank016?06

157.245.113.153

2023-06-03 23:20:30 UTC

0 - 12 - 0

tiny.cc/tdbank0016?33

157.245.113.153

Date	UQ / IDS / BL	URL	IP
2023-06-03 19:48:39 UTC	3 - 5 - 4	przvgke.biz/ieayn	167.99.35.88
2023-06-03 16:24:20 UTC	3 - 5 - 4	przvgke.biz/doonyqyqgs	167.99.35.88
2023-06-03 07:13:53 UTC	3 - 6 - 4	przvgke.biz/jjahbxgbmyddqas	167.99.35.88
2023-06-03 06:19:12 UTC	3 - 5 - 4	przvgke.biz/ysjiaihuo	167.99.35.88
2023-06-02 15:14:01 UTC	3 - 5 - 4	przvgke.biz/uwbgakhicokx	167.99.35.88

Date

UQ / IDS / BL

URL

2023-06-03 19:48:39 UTC

3 - 5 - 4

przvgke.biz/ieayn

167.99.35.88

2023-06-03 16:24:20 UTC

3 - 5 - 4

przvgke.biz/doonyqyqgs

167.99.35.88

2023-06-03 07:13:53 UTC

3 - 6 - 4

przvgke.biz/jjahbxgbmyddqas

167.99.35.88

2023-06-03 06:19:12 UTC

3 - 5 - 4

przvgke.biz/ysjiaihuo

167.99.35.88

2023-06-02 15:14:01 UTC

3 - 5 - 4

przvgke.biz/uwbgakhicokx

167.99.35.88

Date	UQ / IDS / BL	URL	IP
2023-06-04 00:05:37 UTC	0 - 2 - 1	141.98.6.149/bins/vcimanagement.arm6	141.98.6.149
2023-06-04 00:05:36 UTC	0 - 3 - 1	141.98.6.149/bins/vcimanagement.arm7	141.98.6.149
2023-06-04 00:05:33 UTC	0 - 2 - 1	141.98.6.149/bins/vcimanagement.arm5	141.98.6.149
2023-06-04 00:05:34 UTC	0 - 2 - 1	141.98.6.149/bins/vcimanagement.m68k	141.98.6.149
2023-06-04 00:05:28 UTC	0 - 2 - 1	141.98.6.149/bins/vcimanagement.ppc	141.98.6.149

Date

UQ / IDS / BL

URL

2023-06-04 00:05:37 UTC

0 - 2 - 1

141.98.6.149/bins/vcimanagement.arm6

141.98.6.149

2023-06-04 00:05:36 UTC

0 - 3 - 1

141.98.6.149/bins/vcimanagement.arm7

141.98.6.149

2023-06-04 00:05:33 UTC

0 - 2 - 1

141.98.6.149/bins/vcimanagement.arm5

141.98.6.149

2023-06-04 00:05:34 UTC

0 - 2 - 1

141.98.6.149/bins/vcimanagement.m68k

141.98.6.149

2023-06-04 00:05:28 UTC

0 - 2 - 1

141.98.6.149/bins/vcimanagement.ppc

141.98.6.149

HTTP Transactions (2)

Request	Response
GET /fbtjdwlnfgcgig HTTP/1.1 Host: przvgke.biz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache	167.99.35.88 HTTP/1.1 204 No Content Server: nginx Date: Fri, 26 May 2023 04:26:49 GMT Connection: keep-alive X-Sinkhole: Malware --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 urlquery: - Malware - Sinkholed domain Blocklists: - fortinet: Malware - mnemonic_dns: Sinkholed - quad9: Sinkholed
GET / HTTP/1.1 Host: przvgke.biz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	167.99.35.88 HTTP/1.1 204 No Content Server: nginx Date: Fri, 26 May 2023 04:26:52 GMT Connection: keep-alive X-Sinkhole: Malware --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 urlquery: - Malware - Sinkholed domain Blocklists: - fortinet: Malware - mnemonic_dns: Sinkholed - quad9: Sinkholed IDS: - ET MALWARE Known Sinkhole Response Header

Request

Response

                                        
                                            GET /fbtjdwlnfgcgig HTTP/1.1 

                                        
                                            
Host: przvgke.biz

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate, br 

                                        
                                            
DNT: 1 

                                        
                                            
Upgrade-Insecure-Requests: 1 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Sec-Fetch-Dest: document 

                                        
                                            
Sec-Fetch-Mode: navigate 

                                        
                                            
Sec-Fetch-Site: cross-site 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             167.99.35.88

                                            
                                                HTTP/1.1 204 No Content

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Fri, 26 May 2023 04:26:49 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
X-Sinkhole: Malware 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Malware - Sinkholed domain 

                                                
                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Malware

                                                
                                                      - mnemonic_dns: Sinkholed

                                                
                                                      - quad9: Sinkholed

                                        
                                            GET / HTTP/1.1 

                                        
                                            
Host: przvgke.biz

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 

                                        
                                            
Accept: */* 

                                        
                                            
Accept-Language: en-US,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip, deflate 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Pragma: no-cache 

                                        
                                            
Cache-Control: no-cache

                                        
                                             167.99.35.88

                                            
                                                HTTP/1.1 204 No Content

                                            

                                            
                                                
Server: nginx 

                                            
                                                
Date: Fri, 26 May 2023 04:26:52 GMT 

                                            
                                                
Connection: keep-alive 

                                            
                                                
X-Sinkhole: Malware 

                                            
                                                
 

                                            
                                            
                                                

                                                --- Additional Info ---

                                                Magic:  

                                                Size:   0

                                                Md5:    d41d8cd98f00b204e9800998ecf8427e

                                                Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        

                                        
                                            

                                            
                                                urlquery:

                                                
                                                      - Malware - Sinkholed domain 

                                                
                                            

                                            
                                                Blocklists:

                                                
                                                      - fortinet: Malware

                                                
                                                      - mnemonic_dns: Sinkholed

                                                
                                                      - quad9: Sinkholed

                                                
                                            
                                            
                                            
                                                IDS:

                                                
                                                          - ET MALWARE Known Sinkhole Response Header

URL	przvgke.biz/fbtjdwlnfgcgig
IP	167.99.35.88 (Netherlands)
ASN	#14061 DIGITALOCEAN-ASN
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access	public
Report completed	2023-05-26 04:27:06 UTC
Status	Loading report..
IDS alerts	6
Blocklist alert	6
urlquery alerts	3 Malware - Sinkholed domain
Tags	sinkhole malware

Overview

Domain Summary (1)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 167.99.35.88

Last 5 reports on ASN: DIGITALOCEAN-ASN

Last 5 reports on domain: przvgke.biz

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (2)

Overview

Domain Summary (1)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 167.99.35.88

Last 5 reports on ASN: DIGITALOCEAN-ASN

Last 5 reports on domain: przvgke.biz

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (2)

Network Intrusion Detection Systems