Report - zjaxghnj4z.8389966dhxl.shop/

Report Overview

Visitedpublic

2025-08-08 06:22:16

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ww1.8389966dhxl.shop	unknown	2024-07-12	2025-07-15	2025-08-07	1.1 kB	1.6 kB	64.190.63.136
zjaxghnj4z.8389966dhxl.shop	unknown	2024-07-12	2025-08-08	2025-08-08	908 B	5.3 kB	0.0.0.0
router.parklogic.com	unknown	2007-02-28	2025-03-19	2025-08-03	522 B	221 B	172.234.216.100
sedoparking.com	50712	2001-09-18	2012-06-01	2025-08-02	450 B	1.5 kB	64.190.63.136

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Detection System	Indicator	Verdict	Alert
Quad9 DNS	ww1.8389966dhxl.shop	malicious	Sinkholed
Quad9 DNS	zjaxghnj4z.8389966dhxl.shop	malicious	Sinkholed

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	zjaxghnj4z.8389966dhxl.shop/	ScriptElement	4.3 kB	2025-08-08	2025-08-08
URL zjaxghnj4z.8389966dhxl.shop/ IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2025-08-08 Last Seen 2025-08-08 Times Seen 1 Size 4.3 kB (4327 bytes) MD5 7845ccda3e4a9303173fa24c177dced0 SHA1 a412f95935009f3eb5f0042af080bef9c01bc545 SHA256 72dd3db0ae103bda2518fe827725dae9fb7201dd698780b29bb901f51b6cb2e7 Format Code Loading...

	ww1.8389966dhxl.shop/?usid=103&utid=641e8798c692cd2d289402babab648c0	ScriptElement	138 B	2025-08-07	2025-08-08
URL ww1.8389966dhxl.shop/?usid=103&utid=641e8798c692cd2d289402babab648c0 IP / ASN 64.190.63.136 #47846 SEDO GmbH Introduced by ScriptElement Embedded true Resource Info First Seen 2025-08-07 Last Seen 2025-08-08 Times Seen 50 Size 138 B (138 bytes) MD5 b4ece50d15c4faebed8e47bfcc230c71 SHA1 2aacb3f174bfe67e66cd958e8020e6cf7b1f86f8 SHA256 d74cd7ecfe8b98c5287a86afe498941cb8e278c3fc7b564abf0e62694eaf7d29 Format Code Loading...

	sedoparking.com/frmpark/8389966dhxl.shop/sedopark/park.js	ScriptElement	1.3 kB	2025-08-07	2025-08-08
URL sedoparking.com/frmpark/8389966dhxl.shop/sedopark/park.js IP / ASN 64.190.63.136 #47846 SEDO GmbH Introduced by ScriptElement Embedded false Resource Info First Seen 2025-08-07 Last Seen 2025-08-08 Times Seen 50 Size 1.3 kB (1289 bytes) MD5 cdedb5c119a5c613a977615532cec5c2 SHA1 876a55cfe40e7d2894f43ac2203af707f41e36fe SHA256 9aabd106555137729a1dc946cfaf3946aab7368bfe8bcf3c92f2493bc7eedf04 Format Code Loading...

	HASH	FROM	Size	First Seen	Last Seen
	7d63b08cfa0964c2af0b86d477e50be4	DocumentWrite	83 B	2025-08-07	2025-08-08
Introduced by DocumentWrite First Seen 2025-08-07 Last Seen 2025-08-08 Times Seen 50 Size 83 B (83 bytes) MD5 7d63b08cfa0964c2af0b86d477e50be4 SHA1 fa6fac22edfa9a084423f806927592579c462eab SHA256 009773225215f9c11decf39273b41c646722239017fe2eefbc63714ba29db9fe Format Code Loading...

HTTP Transactions (6)

URL IP Response Size

GET ww1.8389966dhxl.shop/favicon.ico

64.190.63.136

441 No Reason Phrase

0 B

URL GET HTTPS

ww1.8389966dhxl.shop/favicon.ico

IP / ASN

64.190.63.136

#47846 SEDO GmbH

Requested byhttps://ww1.8389966dhxl.shop/?usid=103&utid=641e8798c692cd2d289402babab648c0

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5722983

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerDigiCert Inc

Subjectww1.8389966dhxl.shop

Fingerprint93:45:48:DF:41:58:F6:4A:B9:9D:3B:A3:0E:A8:09:7D:EC:BF:CF:A5

ValiditySun, 13 Jul 2025 00:00:00 GMT - Sun, 12 Jul 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww1.8389966dhxl.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.8389966dhxl.shop/?usid=103&utid=641e8798c692cd2d289402babab648c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 441 No Reason Phrase
date: Fri, 08 Aug 2025 06:21:59 GMT
server: Parking/1.0
content-length: 0
X-Firefox-Spdy: h2

GET zjaxghnj4z.8389966dhxl.shop/

0.0.0.0

0 B

URL User Request GET HTTP

zjaxghnj4z.8389966dhxl.shop/

IP / ASN

0.0.0.0

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5722983

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: zjaxghnj4z.8389966dhxl.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET zjaxghnj4z.8389966dhxl.shop/

172.233.221.214

200 OK

4.4 kB

URL User Request GET HTTP

zjaxghnj4z.8389966dhxl.shop/

IP / ASN

172.233.221.214

#63949 Akamai Connected Cloud

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (4422), with no line terminators

First Seen2025-08-08

Last Seen2025-08-08

Times Seen1

Size4.4 kB (4422 bytes)

MD574d0bce3febde5168ad30aa79b76ab61

SHA10d57c6de66fe77d2065676e30068045520a430ea

SHA256f604c910c21b3f0b3f6587615a4da0f91bce44539dc19ce61cfe7961003b8604

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: zjaxghnj4z.8389966dhxl.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 08 Aug 2025 06:21:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-CH: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
Permissions-Policy: ch-ua=(self "https://*.parklogic.com"), ch-ua-arch=(self "https://*.parklogic.com"), ch-ua-bitness=(self "https://*.parklogic.com"), ch-ua-full-version=(self "https://*.parklogic.com"), ch-ua-full-version-list=(self "https://*.parklogic.com"), ch-ua-mobile=(self "https://*.parklogic.com"), ch-ua-model=(self "https://*.parklogic.com"), ch-ua-platform=(self "https://*.parklogic.com"), ch-ua-platform-version=(self "https://*.parklogic.com"), ch-ua-wow64=(self "https://*.parklogic.com")
Content-Encoding: gzip

POST router.parklogic.com/

172.234.216.100

200 OK

75 B

URL POST HTTPS

router.parklogic.com/

IP / ASN

172.234.216.100

#63949 Akamai Connected Cloud

Requested byhttp://zjaxghnj4z.8389966dhxl.shop/

Resource Info

File typeASCII text, with no line terminators

First Seen2025-08-08

Last Seen2025-08-08

Times Seen1

Size75 B (75 bytes)

MD53d4cfb63114a756bb66551da5133a31c

SHA19b5667446163f11376e4a46b98c43f9e82d352d3

SHA256b7d2dc26a855c6ddc7290f0beec6837301949e365ba320c2908b94e617cf75ac

Certificate Info

IssuerLet's Encrypt

Subjectrouter-lb01.parklogic.com

Fingerprint85:E3:F4:EB:CD:63:9B:0A:3D:3A:5F:C3:4A:6C:65:01:DB:CA:C3:9C

ValiditySat, 28 Jun 2025 21:31:25 GMT - Fri, 26 Sep 2025 21:31:24 GMT

HTTP Headers

POST / HTTP/1.1
Host: router.parklogic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 449
Origin: http://zjaxghnj4z.8389966dhxl.shop
DNT: 1
Connection: keep-alive
Referer: http://zjaxghnj4z.8389966dhxl.shop/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 08 Aug 2025 06:21:58 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET ww1.8389966dhxl.shop/?usid=103&utid=641e8798c692cd2d289402babab648c0

64.190.63.136

200 OK

1.0 kB

URL User Request GET HTTPS

ww1.8389966dhxl.shop/?usid=103&utid=641e8798c692cd2d289402babab648c0

IP / ASN

64.190.63.136

#47846 SEDO GmbH

Requested byN/A

Resource Info

File typeHTML document, ASCII text

First Seen2025-08-07

Last Seen2025-08-08

Times Seen50

Size1.0 kB (1030 bytes)

MD5307c7c28e8918fbb8a461adaf8a59941

SHA1cbfdd3479c40eb188cd2f0e07dfe365703486229

SHA2568a201b5645414ae727a29ee727eb62f78c5243ff5d90cf4f888b70187eaf4829

Certificate Info

IssuerDigiCert Inc

Subjectww1.8389966dhxl.shop

Fingerprint93:45:48:DF:41:58:F6:4A:B9:9D:3B:A3:0E:A8:09:7D:EC:BF:CF:A5

ValiditySun, 13 Jul 2025 00:00:00 GMT - Sun, 12 Jul 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?usid=103&utid=641e8798c692cd2d289402babab648c0 HTTP/1.1
Host: ww1.8389966dhxl.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://zjaxghnj4z.8389966dhxl.shop/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Fri, 08 Aug 2025 06:21:58 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 08 Aug 2025 06:21:58 GMT
pragma: no-cache
server: Parking/1.0
vary: Accept-Encoding
x-cache-miss-from: parking-7446b6f84f-897bl
X-Firefox-Spdy: h2

GET sedoparking.com/frmpark/8389966dhxl.shop/sedopark/park.js

64.190.63.136

200 OK

1.3 kB

URL GET HTTPS

sedoparking.com/frmpark/8389966dhxl.shop/sedopark/park.js

IP / ASN

64.190.63.136

#47846 SEDO GmbH

Requested byhttps://ww1.8389966dhxl.shop/?usid=103&utid=641e8798c692cd2d289402babab648c0

Resource Info

File typeASCII text, with very long lines (987)

First Seen2025-08-07

Last Seen2025-08-08

Times Seen50

Size1.3 kB (1289 bytes)

MD5cdedb5c119a5c613a977615532cec5c2

SHA1876a55cfe40e7d2894f43ac2203af707f41e36fe

SHA2569aabd106555137729a1dc946cfaf3946aab7368bfe8bcf3c92f2493bc7eedf04

Certificate Info

IssuerDigiCert Inc

Subjectsedoparking.com

Fingerprint45:61:0E:D1:43:DE:A0:DC:79:8A:43:F4:8E:17:DD:B2:3A:40:7C:23

ValidityMon, 23 Dec 2024 00:00:00 GMT - Tue, 23 Dec 2025 23:59:59 GMT

HTTP Headers

GET /frmpark/8389966dhxl.shop/sedopark/park.js HTTP/1.1
Host: sedoparking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww1.8389966dhxl.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
content-type: application/javascript; charset=UTF-8
date: Fri, 08 Aug 2025 06:21:59 GMT
server: Parking/1.0
vary: Accept-Encoding
x-cache-miss-from: parking-7446b6f84f-f8tvt
X-Firefox-Spdy: h2