Report - eiamardesh.news/cgi-admin/signer.html

Report Overview

Visitedpublic

2025-10-16 15:25:38

Tags

phishing voidproxy aitm

Submit Tags

URL

eiamardesh.news/cgi-admin/signer.html

Finishing URL

accounts.turiny.icu/kk/bHRT9Y/XKNMeO6TTY?dsh=S-1187729807%3A1760628326394032&ifkv=AfYwgwUwtQ0mHp3hva2MQ1KCCpf8_s359kSC0nJwLwrxyyPiT3Pm-z0hq8zjz4kjdOUeOkuFNBmOCA&flowName=GlifWebSignIn&flowEntry=ServiceLogin

IP / ASN

198.23.217.41

#36352 AS-COLOCROSSING

Title

Phishing - voidProxy MitM Proxy

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
eiamardesh.news	unknown	2024-08-10	2025-10-03	2025-10-03	963 B	1.9 kB	198.23.217.41
challenges.cloudflare.com	11393	2009-02-17	2021-10-20	2025-10-12	7.2 kB	590 kB	104.18.95.41
davidrivera.stevenrollings.workers.dev	unknown	2019-02-08	2025-10-16	2025-10-16	1.9 kB	8.1 kB	104.21.86.180
accounts.turiny.icu	unknown	2025-04-25	2025-08-22	2025-10-03	5.4 kB	1.9 MB	104.21.28.80

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-10-16 15:25:11	medium	Client IP	104.21.28.80	ET INFO Suspicious Domain (*.icu) in TLS SNI
2025-10-16 15:25:12	low	Client IP	104.21.86.180	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI

Threat Detection Systems

No alerts detected

JavaScript (63)

	HASH	FROM	Size	First Seen	Last Seen
	086707e4369f60afedcafb16050a7618	DocumentWrite	39 B	2023-03-07	2025-11-06
Introduced by DocumentWrite First Seen 2023-03-07 Last Seen 2025-11-06 Times Seen 222947 Size 39 B (39 bytes) MD5 086707e4369f60afedcafb16050a7618 SHA1 8216b0cc6876cbd44f01c158e7dff3833ceccd41 SHA256 a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e Format Code Loading...

HTTP Transactions (21)

	URL	IP	Response	Size