# pws24.biz — SUSPICIOUS

> pws24.biz was linked to phishing attempts. Avoid interaction with this domain and ensure your credentials remain secure.

## Summary
PhishDestroy has identified pws24.biz as a domain associated with generic phishing activities. Although flagged at a low risk level, it is critical that users avoid engaging with this domain to prevent potential credential compromise or other malicious outcomes.

The domain pws24.biz was registered recently on February 21, 2026, through NiceNIC International Group Co., Limited. It resolves to the IP address 104.21.41.68 and has appeared on one security blocklist. VirusTotal reports 2 out of 95 security vendors have flagged this domain. The webpage title "Just a moment..." suggests an attempt to masquerade or delay detection.

Currently, pws24.biz is offline, indicating that mitigation steps may have been effective or the threat actor has ceased operations temporarily. Users are advised to remain cautious, avoid clicking links or providing sensitive information related to this domain, and maintain updated security software to reduce risks from similar phishing threats.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 403)
- Page title: Just a moment...

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Expires: 2027-01-07 00:00:00
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.41.68
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: agustin.ns.cloudflare.com romina.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["Fortinet", "SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c56e1-a02f-75ae-bd67-fa8f1f131b19.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/27482d01-ddd8-41b5-884e-693f48b8fd43
- Wayback Machine: https://web.archive.org/web/https://pws24.biz
- PhishDestroy: https://phishdestroy.io/domain/pws24.biz/
- LLM endpoint: https://phishdestroy.io/domain/pws24.biz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pws24.biz/
Last updated: 2026-03-19