Report - yicmk.edonhisdhi.com/

Report Overview

Visited public
2025-01-01 12:12:13
Tags
URL
yicmk.edonhisdhi.com/
Finishing URL
yicmk.edonhisdhi.com/
IP / ASN
34.195.224.242
#14618 AMAZON-AES
Title
Title

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
encythan.online	unknown	2023-01-24	2020-11-16	2024-12-28	559 B	0 B	0.0.0.0
yicmk.edonhisdhi.com	unknown	2024-01-01	2025-01-01	2025-01-01	857 B	1.1 MB	54.225.185.110

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-01	medium	encythan.online	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	yicmk.edonhisdhi.com/service_worker.js	ScriptElement	140 kB	2023-03-10	2025-05-28
Pretty URL yicmk.edonhisdhi.com/service_worker.js IP 54.225.185.110 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 16:22 Last Seen2025-05-28 17:54 Times Seen279 Hash cbcb6557f617f149532c723cc4edd57c 051e2f9348d9ee04bad6565b3f406ad6ced1caa0 9846e67f8cd6186b03d3f831826c0c457b99ea8c9f98ea63cddcac7e0fe43251 Loading...

	yicmk.edonhisdhi.com/	ScriptElement	90 kB	2023-03-07	2025-05-28
Pretty URL yicmk.edonhisdhi.com/ IP 54.225.185.110 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:06 Last Seen2025-05-28 17:54 Times Seen219 Hash 1de95e448f6c764e4b8611d622fa1bab d8972a322b1de82305cda02f9b7926673bb62259 113b3e5b554865d550281aeea90fd372de2519f8906103344f2fd72d3e845b8f Loading...

	yicmk.edonhisdhi.com/	ScriptElement	40 kB	2023-03-07	2025-05-28
Pretty URL yicmk.edonhisdhi.com/ IP 54.225.185.110 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:06 Last Seen2025-05-28 17:54 Times Seen219 Hash 6ea86f11ae806cb11b2f053e5e0fd7c4 112a77ba1a1ba7fe575cbd7ac296cca0c5dd18b9 e9f79f88752cc733458de0ccd81f8f88598416003c41dca444a2e98572587811 Loading...

	yicmk.edonhisdhi.com/	ScriptElement	201 kB	2023-03-07	2025-05-28
Pretty URL yicmk.edonhisdhi.com/ IP 54.225.185.110 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:06 Last Seen2025-05-28 17:54 Times Seen219 Hash aca38ecd939f42089c3c21ee6026cd0f 84f7d1c61dbcc4f57d7a42efd1f4dc19f2ecd5d4 902b148385047dcff604c45c71a6d8f5c554f4d144ad890a70a4ae90af16b1bd Loading...

HTTP Transactions (3)

URL IP Response Size

encythan.online/MnNITTJJUTs6bUcBJG8IEBs8OUJBSWdiS1sQJSYcVxcnI1pbACwlWxwQJyAdQRY6O1tRFhc6XUAYLT8cWABqYRBBHi5vCANfaj5fRFFybwEcR2phEEYSLxJbVlFybwsDQ317BxBfaj5HUCwhKQAQSWovB1BFeykKAV4tLlELXnwsVwteKStWBl4uKAsBQn91UFFLfXoQTw

0.0.0.0

0 B

URL GET
encythan.online/MnNITTJJUTs6bUcBJG8IEBs8OUJBSWdiS1sQJSYcVxcnI1pbACwlWxwQJyAdQRY6O1tRFhc6XUAYLT8cWABqYRBBHi5vCANfaj5fRFFybwEcR2phEEYSLxJbVlFybwsDQ317BxBfaj5HUCwhKQAQSWovB1BFeykKAV4tLlELXnwsVwteKStWBl4uKAsBQn91UFFLfXoQTw
IP
0.0.0.0:0
ASN
#0

Requested by
https://yicmk.edonhisdhi.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /MnNITTJJUTs6bUcBJG8IEBs8OUJBSWdiS1sQJSYcVxcnI1pbACwlWxwQJyAdQRY6O1tRFhc6XUAYLT8cWABqYRBBHi5vCANfaj5fRFFybwEcR2phEEYSLxJbVlFybwsDQ317BxBfaj5HUCwhKQAQSWovB1BFeykKAV4tLlELXnwsVwteKStWBl4uKAsBQn91UFFLfXoQTw HTTP/1.1
Host: encythan.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

yicmk.edonhisdhi.com/

54.225.185.110

200 OK

943 kB

URL User Request GET HTTP/2
yicmk.edonhisdhi.com/
IP
54.225.185.110:443
ASN
#14618 AMAZON-AES

Certificate
IssuerLet's Encrypt
Subjectedonhisdhi.com
Fingerprint90:F1:2D:10:6A:45:9E:40:91:DA:D9:0F:74:8E:88:08:2B:08:96:DC
ValiditySun, 24 Nov 2024 08:17:41 GMT - Sat, 22 Feb 2025 08:17:40 GMT

File type

Size
943 kB (943015 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: yicmk.edonhisdhi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With, content-type
content-encoding: gzip
X-Firefox-Spdy: h2

yicmk.edonhisdhi.com/service_worker.js

54.225.185.110

200 OK

140 kB

URL GET HTTP/2
yicmk.edonhisdhi.com/service_worker.js
IP
54.225.185.110:443
ASN
#14618 AMAZON-AES

Requested by
https://yicmk.edonhisdhi.com/
Certificate
IssuerLet's Encrypt
Subjectedonhisdhi.com
Fingerprint90:F1:2D:10:6A:45:9E:40:91:DA:D9:0F:74:8E:88:08:2B:08:96:DC
ValiditySun, 24 Nov 2024 08:17:41 GMT - Sat, 22 Feb 2025 08:17:40 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (139543 bytes)
Hash
cbcb6557f617f149532c723cc4edd57c
051e2f9348d9ee04bad6565b3f406ad6ced1caa0
9846e67f8cd6186b03d3f831826c0c457b99ea8c9f98ea63cddcac7e0fe43251

HTTP Headers

GET /service_worker.js HTTP/1.1
Host: yicmk.edonhisdhi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.21.4.1
date: Wed, 01 Jan 2025 12:11:49 GMT
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With, content-type
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (3)

URL GET

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers