Report - yh698.shop/

Report Overview

Visitedpublic

2025-07-12 16:55:07

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
yh698.shop	unknown	2023-10-31	2023-11-01	2023-11-01	1.3 kB	3.0 kB	154.205.94.240
34.96.219.148	unknown	unknown	No data	No data	976 B	670 B	34.96.219.148
sdk.51.la	88367	2005-01-17	2021-03-08	2025-07-12	410 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-12	medium	34.96.219.148	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	yh698.shop/ccs.js	ScriptElement	896 B	2025-05-23	2025-08-01
URL yh698.shop/ccs.js IP / ASN 154.205.94.240 #54467 XNNET Introduced by ScriptElement Embedded false Resource Info First Seen 2025-05-23 Last Seen 2025-08-01 Times Seen 268 Size 896 B (896 bytes) MD5 2d6c983ef7fd79af386369eab6a1fd7a SHA1 70444403e8f316a7e7608aba2ff16559575f8f70 SHA256 75de3de80d7add88d07f1755b61903505ce2feb2f31ac263ed4226d9e5aa8a5e Format Code Loading...

HTTP Transactions (6)

URL IP Response Size

GET yh698.shop/favicon.ico

154.205.94.240

404 Not Found

148 B

URL

yh698.shop/favicon.ico

IP / ASN

154.205.94.240

#54467 XNNET

Requested byhttps://yh698.shop/

Resource Info

File typeHTML document, ASCII text

First Seen2024-07-21

Last Seen2025-08-02

Times Seen3310

Size148 B (148 bytes)

MD5630e1f9fef1a483fe84154e2d0d046df

SHA1f10e0cf39fb920a438116caaea80a71e0dcdc162

SHA2569cad3cff676946810a81047247f12e4e51faccc01df4134edfd871aee8ba0956

Certificate Info

IssuerLet's Encrypt

Subjectwww.yh698.shop

Fingerprint2D:E5:84:00:9C:4F:07:3B:64:75:60:86:DF:14:8D:FA:4A:11:25:0B

ValidityThu, 12 Jun 2025 03:12:56 GMT - Wed, 10 Sep 2025 03:12:55 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: yh698.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yh698.shop/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Sat, 12 Jul 2025 16:54:46 GMT
content-type: text/html
content-length: 148
etag: "684a521c-94"
X-Firefox-Spdy: h2

GET 34.96.219.148:3333/register

34.96.219.148

403 Forbidden

159 B

URL

34.96.219.148:3333/register

IP / ASN

34.96.219.148

#396982 GOOGLE-CLOUD-PLATFORM

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2024-08-21

Last Seen2025-08-02

Times Seen695

Size159 B (159 bytes)

MD507f36d44d48e2d2cf2d780aa6495f804

SHA13e90020ec732a1bbb0cd23e949266f81c98f7624

SHA2568caff164cd30f36a8f13fcc423a5500a8fce33ce603883090d91f3c085700f8a

Certificate Info

IssuerSectigo Limited

Subject34.96.219.148

Fingerprint2F:3E:36:68:A3:C2:71:D1:C7:21:98:83:1A:79:92:2F:5A:D0:6B:3E

ValidityWed, 19 Feb 2025 00:00:00 GMT - Thu, 19 Feb 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /register HTTP/1.1
Host: 34.96.219.148:3333
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yh698.shop/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: openresty/1.25.3.2
Date: Sat, 12 Jul 2025 16:54:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 159
Connection: keep-alive

GET 34.96.219.148:3333/favicon.ico

34.96.219.148

403 Forbidden

159 B

URL

34.96.219.148:3333/favicon.ico

IP / ASN

34.96.219.148

#396982 GOOGLE-CLOUD-PLATFORM

Requested byhttps://34.96.219.148:3333/register

Resource Info

File typeHTML document, ASCII text, with CRLF line terminators

First Seen2024-08-21

Last Seen2025-08-02

Times Seen695

Size159 B (159 bytes)

MD507f36d44d48e2d2cf2d780aa6495f804

SHA13e90020ec732a1bbb0cd23e949266f81c98f7624

SHA2568caff164cd30f36a8f13fcc423a5500a8fce33ce603883090d91f3c085700f8a

Certificate Info

IssuerSectigo Limited

Subject34.96.219.148

Fingerprint2F:3E:36:68:A3:C2:71:D1:C7:21:98:83:1A:79:92:2F:5A:D0:6B:3E

ValidityWed, 19 Feb 2025 00:00:00 GMT - Thu, 19 Feb 2026 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 34.96.219.148:3333
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://34.96.219.148:3333/register
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: openresty/1.25.3.2
Date: Sat, 12 Jul 2025 16:54:48 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 159
Connection: keep-alive

GET yh698.shop/

154.205.94.240

200 OK

798 B

URL

yh698.shop/

IP / ASN

154.205.94.240

#54467 XNNET

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with CRLF line terminators

First Seen2025-05-23

Last Seen2025-08-01

Times Seen300

Size798 B (798 bytes)

MD543ae571d2390e0be38bb47eda853bf50

SHA1c29e539d4bd4fa16d1862788a0f04b752f234539

SHA256e343ee263c2014896a2cd2e274d163f70c1f376afaa11d8a7ecc96ddd821fd92

Certificate Info

IssuerLet's Encrypt

Subjectwww.yh698.shop

Fingerprint2D:E5:84:00:9C:4F:07:3B:64:75:60:86:DF:14:8D:FA:4A:11:25:0B

ValidityThu, 12 Jun 2025 03:12:56 GMT - Wed, 10 Sep 2025 03:12:55 GMT

HTTP Headers

GET / HTTP/1.1
Host: yh698.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 16:54:46 GMT
content-type: text/html
content-length: 798
last-modified: Thu, 12 Jun 2025 04:05:48 GMT
etag: "684a521c-31e"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET yh698.shop/ccs.js

154.205.94.240

200 OK

896 B

URL

yh698.shop/ccs.js

IP / ASN

154.205.94.240

#54467 XNNET

Requested byhttps://yh698.shop/

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with CRLF line terminators

First Seen2025-05-23

Last Seen2025-08-01

Times Seen268

Size896 B (896 bytes)

MD52d6c983ef7fd79af386369eab6a1fd7a

SHA170444403e8f316a7e7608aba2ff16559575f8f70

SHA25675de3de80d7add88d07f1755b61903505ce2feb2f31ac263ed4226d9e5aa8a5e

Certificate Info

IssuerLet's Encrypt

Subjectwww.yh698.shop

Fingerprint2D:E5:84:00:9C:4F:07:3B:64:75:60:86:DF:14:8D:FA:4A:11:25:0B

ValidityThu, 12 Jun 2025 03:12:56 GMT - Wed, 10 Sep 2025 03:12:55 GMT

HTTP Headers

GET /ccs.js HTTP/1.1
Host: yh698.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yh698.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 12 Jul 2025 16:54:46 GMT
content-type: application/javascript
content-length: 896
last-modified: Thu, 12 Jun 2025 04:05:48 GMT
etag: "684a521c-380"
expires: Sun, 13 Jul 2025 04:54:46 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET sdk.51.la/js-sdk-pro.min.js

0.0.0.0

0 B

URL

sdk.51.la/js-sdk-pro.min.js

IP / ASN

0.0.0.0

Requested byhttps://yh698.shop/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608713

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yh698.shop/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache