Report - ww12.przvgke.biz/jlsgstuyn?usid=19&utid=21836458883

Report Overview

Visited public
2025-04-25 06:01:19
Tags
Submit Tags
URL
ww12.przvgke.biz/jlsgstuyn?usid=19&utid=21836458883
Finishing URL
ww12.przvgke.biz/jlsgstuyn?usid=19&utid=21836458883
IP / ASN
76.223.26.96
#16509 AMAZON-02
Title
przvgke.biz

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ww12.przvgke.biz	unknown	2022-01-11	2024-01-11	2025-04-19	992 B	3.6 kB	13.248.148.254
parking3.parklogic.com	unknown	2007-02-28	2023-05-10	2025-04-24	1.1 kB	2.7 kB	172.232.7.47

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-24	medium	przvgke.biz	Sinkholed
2025-04-24	medium	przvgke.biz	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	ww12.przvgke.biz/jlsgstuyn?usid=19&utid=21836458883	ScriptElement	164 B	2025-03-03	2025-07-03
Pretty URL ww12.przvgke.biz/jlsgstuyn?usid=19&utid=21836458883 IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-03 19:06 Last Seen2025-07-03 06:31 Times Seen3156 Hash a721fadebac58116f06d5f8f84bcfe5a 413588bc107bd1be0cbd14345fb68c9b8ba14b38 912e5797a8e5f63052f4171a842ef7e90701101824c00a4dab15ce20f67605e0 Loading...

	parking3.parklogic.com/page/enhance.js?pcId=12&domain=przvgke.biz	ScriptElement	2.3 kB	2025-04-24	2025-07-03
Pretty URL parking3.parklogic.com/page/enhance.js?pcId=12&domain=przvgke.biz IP 172.232.7.47 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-24 22:46 Last Seen2025-07-03 04:41 Times Seen10 Hash d4a22f4cf0c813435374df4be8c80ca0 1cfc2dd868ac39ea9ddde00cd01c5978e273cb5b 0a2d822e44c27fc1d2a242dde5d7cb175319a2ece206c2f427138968ff8dd0ec Loading...

HTTP Transactions (4)

URL IP Response Size

GET ww12.przvgke.biz/jlsgstuyn?usid=19&utid=21836458883

13.248.148.254

200 OK

2.5 kB

URL User Request GET
ww12.przvgke.biz/jlsgstuyn?usid=19&utid=21836458883
IP
13.248.148.254:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectww12.przvgke.biz
Fingerprint12:68:BD:A0:C8:70:57:20:B3:AD:B8:C9:84:A2:1B:44:B2:90:BF:A5
ValidityWed, 19 Feb 2025 16:02:47 GMT - Tue, 20 May 2025 16:02:46 GMT

File type
HTML document, ASCII text
Size
2.5 kB (2481 bytes)
Hash
d29ce6257ba06be0dfc8ab326725c91f
2dd72cd8953bb959aef40df07e43fded412824ab
6bd475b85685247d8503048862670a24c5a0e83a15dec1b4f5c1af754e5143eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jlsgstuyn?usid=19&utid=21836458883 HTTP/1.1
Host: ww12.przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime: 30
alt-svc: h3=":50944"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 25 Apr 2025 06:00:58 GMT
server: Caddy, nginx
vary: Accept-Encoding
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_lc3m5reZAcHlfsiXBjGH0jmjf8vmhP/gVIJga41l6zkaXvu8KlvEBXTKWCS1OCDRv2b/KE05tahqzEYgMDm9oQ==
x-buckets: bucket003,bucket077
x-domain: przvgke.biz
x-language: norwegian
x-pcrew-blocked-reason: hosting network
x-pcrew-ip-organization: Blix Solutions
x-redirect: blank
x-subdomain: ww12
x-template: tpl_CleanPeppermintBlack_twoclick
content-length: 993
X-Firefox-Spdy: h2

GET parking3.parklogic.com/page/enhance.js?pcId=12&domain=przvgke.biz

172.232.7.47

200 OK

2.3 kB

URL GET
parking3.parklogic.com/page/enhance.js?pcId=12&domain=przvgke.biz
IP
172.232.7.47:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://ww12.przvgke.biz/jlsgstuyn?usid=19&utid=21836458883
Certificate
IssuerLet's Encrypt
Subjectenhance-lb01.parklogic.com
FingerprintA9:52:EB:46:72:F6:AB:43:E9:BC:07:14:2E:C8:58:DD:ED:1B:9A:51
ValidityMon, 31 Mar 2025 01:04:57 GMT - Sun, 29 Jun 2025 01:04:56 GMT

File type
JavaScript source, ASCII text, with very long lines (465)
Size
2.3 kB (2347 bytes)
Hash
d4a22f4cf0c813435374df4be8c80ca0
1cfc2dd868ac39ea9ddde00cd01c5978e273cb5b
0a2d822e44c27fc1d2a242dde5d7cb175319a2ece206c2f427138968ff8dd0ec

HTTP Headers

GET /page/enhance.js?pcId=12&domain=przvgke.biz HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.przvgke.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 25 Apr 2025 06:00:58 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET parking3.parklogic.com/page/scribe.php?pcId=12&domain=przvgke.biz&aId=261&pId=2447&usid=19&utid=21836458883&query=null&domainJs=ww12.przvgke.biz&path=/jlsgstuyn&ss=true&lp=1&tzB=UTC&wd=false&gpu=null

172.232.7.47

200 OK

0 B

URL GET
parking3.parklogic.com/page/scribe.php?pcId=12&domain=przvgke.biz&aId=261&pId=2447&usid=19&utid=21836458883&query=null&domainJs=ww12.przvgke.biz&path=/jlsgstuyn&ss=true&lp=1&tzB=UTC&wd=false&gpu=null
IP
172.232.7.47:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://ww12.przvgke.biz/jlsgstuyn?usid=19&utid=21836458883
Certificate
IssuerLet's Encrypt
Subjectenhance-lb01.parklogic.com
FingerprintA9:52:EB:46:72:F6:AB:43:E9:BC:07:14:2E:C8:58:DD:ED:1B:9A:51
ValidityMon, 31 Mar 2025 01:04:57 GMT - Sun, 29 Jun 2025 01:04:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /page/scribe.php?pcId=12&domain=przvgke.biz&aId=261&pId=2447&usid=19&utid=21836458883&query=null&domainJs=ww12.przvgke.biz&path=/jlsgstuyn&ss=true&lp=1&tzB=UTC&wd=false&gpu=null HTTP/1.1
Host: parking3.parklogic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww12.przvgke.biz/
Origin: https://ww12.przvgke.biz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 25 Apr 2025 06:00:59 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

GET ww12.przvgke.biz/favicon.ico

13.248.148.254

200 OK

0 B

URL GET
ww12.przvgke.biz/favicon.ico
IP
13.248.148.254:443
ASN
#16509 AMAZON-02

Requested by
https://ww12.przvgke.biz/jlsgstuyn?usid=19&utid=21836458883
Certificate
IssuerLet's Encrypt
Subjectww12.przvgke.biz
Fingerprint12:68:BD:A0:C8:70:57:20:B3:AD:B8:C9:84:A2:1B:44:B2:90:BF:A5
ValidityWed, 19 Feb 2025 16:02:47 GMT - Tue, 20 May 2025 16:02:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww12.przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.przvgke.biz/jlsgstuyn?usid=19&utid=21836458883
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
alt-svc: h3=":50944"; ma=2592000
content-type: image/x-icon
date: Fri, 25 Apr 2025 06:00:59 GMT
etag: "670f7248-0"
last-modified: Wed, 16 Oct 2024 07:59:04 GMT
server: Caddy, nginx
content-length: 0
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers