Report - 1levitranow.com/

Report Overview

Visited public
2025-06-07 05:30:02
Tags
Submit Tags
URL
1levitranow.com/
Finishing URL
dpuplet.net/go/1556731?ext_click_id=8479568195965130653_1556731NO&subid1=663998__1191224
IP / ASN
172.233.219.49
#63949 Akamai Connected Cloud
Title
dpuplet.net/go/1556731?ext_click_id=8479568195965130653_1556731NO&subid1=663998__1191224

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xml-v4.springtides.xyz	unknown	2025-03-14	2025-05-31	2025-06-07	547 B	197 B	198.134.116.30
14k4.com	unknown	2024-08-06	2025-05-11	2025-06-02	571 B	2.8 kB	172.67.150.68
dpuplet.net	unknown	2024-08-10	2024-12-01	2025-06-02	1.1 kB	599 B	178.63.248.53
1levitranow.com	unknown	unknown	No data	No data	921 B	5.1 kB	172.233.219.49
router.parklogic.com	unknown	2007-02-28	2025-03-19	2025-06-01	500 B	198 B	172.234.216.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-06-07 05:29:42	medium	198.134.116.30	Client IP	ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	1levitranow.com/	ScriptElement	4.2 kB	2025-06-07	2025-06-07
Pretty URL 1levitranow.com/ IP 172.233.219.49 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-07 05:30 Last Seen2025-06-07 05:30 Times Seen1 Hash 2e15bbc9d0fd44c61c805f6d5a3329d9 93e92e220bdec56124cd44b4bb27ee23c371de6b f70546a8ae4bf95cb4186b99b5d0de1046cbe2ca59f3072102ad3cef72c6bb72 Loading...

	reyeshehadtwobri.com/?Tnk2V=1020654	ScriptElement	142 B	2025-06-07	2025-06-07
Pretty URL reyeshehadtwobri.com/?Tnk2V=1020654 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-07 05:30 Last Seen2025-06-07 05:30 Times Seen1 Hash 488f290cfa1b432f9a9c866eb2b3139c 5b87689136b92ad005ca6c4307dfe549ca9bc71a c40c81a87bbb92394decdabbe7e7d788699565dedf04f8e0ca2f78bc978eb86f Loading...

	dpuplet.net/go/1556731?ext_click_id=8479568195965130653_1556731NO&subid1=663998__1191224	ScriptElement	14 B	2024-08-21	2025-07-01
Pretty URL dpuplet.net/go/1556731?ext_click_id=8479568195965130653_1556731NO&subid1=663998__1191224 IP 178.63.248.53 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 23:41 Last Seen2025-07-01 16:56 Times Seen72 Hash 5585caa5e515433059ab2202ac75f756 03c28f367af3f8d6d7878b4b60a0b034f90f77cd 8eac6dbc39016d1025f47a6abfaf1674d3a279ea60f2d25262ed71232ef34f7e Loading...

HTTP Transactions (7)

	URL	IP	Response	Size
	GET 14k4.com/sm_tds4_o67w.html?zoneid=1556731&ymid=8479568195965130653&sourceid=663998__1191224&geo=NO&tt=2	172.67.150.68	200 OK	1.8 kB
URL User Request GET 14k4.com/sm_tds4_o67w.html?zoneid=1556731&ymid=8479568195965130653&sourceid=663998__1191224&geo=NO&tt=2 IP 172.67.150.68:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subject14k4.com Fingerprint17:5D:25:D7:FD:F4:2E:9E:C5:A4:80:2D:D1:8F:CF:D4:84:02:F4:00 ValidityTue, 13 May 2025 07:45:03 GMT - Mon, 11 Aug 2025 08:43:33 GMT File type HTML document, ASCII text, with very long lines (1786), with no line terminators Size 1.8 kB (1786 bytes) Hash 10520a65a5b17039c815c7b40e20aec2 348c85d4a3eed4b1e04bd862e2c04bc713accb46 8de798d5a23c7c6fdf80608880fcce795475ae9ec4d1efc96a99286dd1c5e156 HTTP Headers GET /sm_tds4_o67w.html?zoneid=1556731&ymid=8479568195965130653&sourceid=663998__1191224&geo=NO&tt=2 HTTP/1.1 Host: 14k4.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Sat, 07 Jun 2025 05:29:42 GMT content-type: text/html content-encoding: br last-modified: Tue, 03 Jun 2025 15:18:06 GMT age: 308397 cache-control: max-age=2678400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lh9wxlmugAYKcxdt8mFGufWdezPmDsII0qUqmZ2jtOmvwP2xJj%2FhAZ12sFmGUXWYdKev92011xHVpxnhnNV9pLDclaYYvM1NM1pW%2BclDYVDK7Zs2QfE1R7wShQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding referrer-policy: no-referrer set-cookie: id=a3fWa; Max-Age=112592000; Path=/; Domain=.14k4.com; server: cloudflare cf-ray: 94bdc0db9b0b712e-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=539&min_rtt=441&rtt_var=209&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3190&recv_bytes=1189&delivery_rate=6454680&cwnd=253&unsent_bytes=0&cid=1838f2d3287ecf90&ts=34&x=0" X-Firefox-Spdy: h2

	GET dpuplet.net/go/1556731?ext_click_id=8479568195965130653_1556731NO&subid1=663998__1191224	178.63.248.53	200 OK	31 B
URL User Request GET dpuplet.net/go/1556731?ext_click_id=8479568195965130653_1556731NO&subid1=663998__1191224 IP 178.63.248.53:443 ASN #24940 Hetzner Online GmbH Certificate IssuerLet's Encrypt Subjectdpuplet.net FingerprintAD:96:FF:DE:73:70:DB:5B:A7:70:BC:CB:3A:51:C0:6C:BE:F0:E1:F1 ValidityMon, 28 Apr 2025 03:36:26 GMT - Sun, 27 Jul 2025 03:36:25 GMT File type HTML document, ASCII text, with no line terminators Size 31 B (31 bytes) Hash dc5de10ca1b5b874b954745fa1b61b5f 64689a89ad96e188715f49f8187490c742bc935d f91b1662285405dce2af5446855f3c6c4aea3ddd4fe238e7ef97c362afbe3ca2 HTTP Headers GET /go/1556731?ext_click_id=8479568195965130653_1556731NO&subid1=663998__1191224 HTTP/1.1 Host: dpuplet.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: Angie date: Sat, 07 Jun 2025 05:29:43 GMT content-type: text/html; charset=utf-8 content-length: 31 accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64 set-cookie: rauid=TTDDKyk8TGea2P_seF-Lsw; expires=Sun, 07 Jun 2026 05:29:43 GMT; path=/; secure; SameSite=None X-Firefox-Spdy: h2`

	GET dpuplet.net/favicon.ico	178.63.248.53	204 No Content	0 B
URL GET dpuplet.net/favicon.ico IP 178.63.248.53:443 ASN #24940 Hetzner Online GmbH Requested by https://dpuplet.net/go/1556731?ext_click_id=8479568195965130653_1556731NO&subid1=663998__1191224 Certificate IssuerLet's Encrypt Subjectdpuplet.net FingerprintAD:96:FF:DE:73:70:DB:5B:A7:70:BC:CB:3A:51:C0:6C:BE:F0:E1:F1 ValidityMon, 28 Apr 2025 03:36:26 GMT - Sun, 27 Jul 2025 03:36:25 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /favicon.ico HTTP/1.1 Host: dpuplet.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://dpuplet.net/go/1556731?ext_click_id=8479568195965130653_1556731NO&subid1=663998__1191224 Cookie: rauid=TTDDKyk8TGea2P_seF-Lsw Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 204 No Content server: Angie date: Sat, 07 Jun 2025 05:29:43 GMT X-Firefox-Spdy: h2`

	GET 1levitranow.com/	172.233.219.49	200 OK	4.3 kB
URL User Request GET 1levitranow.com/ IP 172.233.219.49:443 ASN #63949 Akamai Connected Cloud Certificate IssuerLet's Encrypt Subject1levitranow.com Fingerprint63:13:73:39:4E:B2:8B:27:A8:AF:88:92:E0:7F:F1:16:CA:C8:61:40 ValidityWed, 21 May 2025 02:01:05 GMT - Tue, 19 Aug 2025 02:01:04 GMT File type JavaScript source, ASCII text, with very long lines (4271), with no line terminators Size 4.3 kB (4271 bytes) Hash 0a5caff04eb2687937b58bc109cc2daa 12208c5d0a30031744a8acb45a1d414736e9949e a1b24522126157f4e15051dc2a6babced8c49f311364df466fe57b325bf1169c HTTP Headers `GET / HTTP/1.1 Host: 1levitranow.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sat, 07 Jun 2025 05:29:40 GMT content-type: text/html cache-control: no-store, max-age=0 accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64 permissions-policy: ch-ua=(self "https://.parklogic.com"), ch-ua-arch=(self "https://.parklogic.com"), ch-ua-bitness=(self "https://.parklogic.com"), ch-ua-full-version=(self "https://.parklogic.com"), ch-ua-full-version-list=(self "https://.parklogic.com"), ch-ua-mobile=(self "https://.parklogic.com"), ch-ua-model=(self "https://.parklogic.com"), ch-ua-platform=(self "https://.parklogic.com"), ch-ua-platform-version=(self "https://.parklogic.com"), ch-ua-wow64=(self "https://.parklogic.com") content-encoding: gzip X-Firefox-Spdy: h2

	GET 1levitranow.com/favicon.ico	0.0.0.0		0 B
URL GET 1levitranow.com/favicon.ico IP 0.0.0.0:0 ASN #0 Requested by https://1levitranow.com/ Certificate IssuerLet's Encrypt Subject1levitranow.com Fingerprint63:13:73:39:4E:B2:8B:27:A8:AF:88:92:E0:7F:F1:16:CA:C8:61:40 ValidityWed, 21 May 2025 02:01:05 GMT - Tue, 19 Aug 2025 02:01:04 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: 1levitranow.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1levitranow.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache`

	POST router.parklogic.com/	172.234.216.100	200 OK	52 B
URL POST router.parklogic.com/ IP 172.234.216.100:443 ASN #63949 Akamai Connected Cloud Requested by https://1levitranow.com/ Certificate IssuerLet's Encrypt Subjectrouter-lb01.parklogic.com FingerprintF3:F4:E5:93:6E:2E:88:F7:76:2A:C5:7C:FC:83:E7:EA:5F:A8:33:FA ValidityTue, 29 Apr 2025 10:34:22 GMT - Mon, 28 Jul 2025 10:34:21 GMT File type ASCII text, with no line terminators Size 52 B (52 bytes) Hash d2c1741be3f19750dd5bad71ad96d246 dba940c978381db5e3337c43d764cd03d9bd9e3e 9439c9cb6c88576f07673bd91598720622f0cf8201b47678746b874c61511cb8 HTTP Headers `POST / HTTP/1.1 Host: router.parklogic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain;charset=UTF-8 Content-Length: 346 Origin: https://1levitranow.com DNT: 1 Connection: keep-alive Referer: https://1levitranow.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK date: Sat, 07 Jun 2025 05:29:41 GMT content-type: text/html; charset=UTF-8 access-control-allow-origin: * X-Firefox-Spdy: h2`

	GET xml-v4.springtides.xyz/click?i=cIDDFLbI4K8_0	198.134.116.30	302 Found	0 B
URL User Request GET xml-v4.springtides.xyz/click?i=cIDDFLbI4K8_0 IP 198.134.116.30:443 ASN #27257 WEBAIR-INTERNET File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /click?i=cIDDFLbI4K8_0 HTTP/1.1 Host: xml-v4.springtides.xyz User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://1levitranow.com/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 302 Found Server: nginx Date: Sat, 07 Jun 2025 05:29:42 GMT Content-Length: 0 Connection: keep-alive Cache-Control: no-store Location: https://reyeshehadtwobri.com/?Tnk2V=1020654`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL POST

IP

ASN

Requested by