Report - m-package-forward.dynnamn.ru/

Report Overview

Visited public
2023-10-26 17:21:12
Tags
dyndns
URL
m-package-forward.dynnamn.ru/
Finishing URL
m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi
IP / ASN
45.133.200.3
#200313 WEB_GroupInternet INC
Title
Account Suspended
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
m-package-forward.dynnamn.ru	unknown	2019-09-16	2023-10-24 21:38:21	2023-10-25 10:12:17	2.0 kB	17 kB	45.133.200.3
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-10-25 18:12:23	990 B	87 kB	172.64.103.11

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-10-26 17:20:55	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-26 17:20:55	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-26 17:20:56	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-26 17:20:56	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-26 17:20:56	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-10-26 17:20:56	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-10-25	medium	m-package-forward.dynnamn.ru/	United States Postal Service
2023-10-25	medium	m-package-forward.dynnamn.ru/	United States Postal Service
2023-10-25	medium	m-package-forward.dynnamn.ru/	United States Postal Service
2023-10-25	medium	m-package-forward.dynnamn.ru/	United States Postal Service

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-26	medium	dynnamn.ru	Sinkholed
2023-10-26	medium	dynnamn.ru	Sinkholed
2023-10-26	medium	dynnamn.ru	Sinkholed
2023-10-26	medium	dynnamn.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

m-package-forward.dynnamn.ru/

45.133.200.3

302 Found

246 B

URL User Request GET HTTP/2
m-package-forward.dynnamn.ru/
IP
45.133.200.3:443
ASN
#200313 WEB_GroupInternet INC

Certificate
IssuerLet's Encrypt
Subjectm-package-forward.dynnamn.ru
Fingerprint61:ED:FD:53:53:91:F9:67:8E:0D:C9:E9:CD:DE:87:BB:E0:83:9D:D1
ValidityTue, 24 Oct 2023 18:37:02 GMT - Mon, 22 Jan 2024 18:37:01 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
246 B (246 bytes)
Hash
c34b6eee4647edb7809dc88efc43cebf
aa8ed57adcf502b2eba1b6916668775ae0f217f2
e68d671dacb126a5a664cf67730326ae79176a7eb520a19d5a7bb9599825628a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	United States Postal Service
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: m-package-forward.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Thu, 26 Oct 2023 17:20:55 GMT
content-type: text/html; charset=iso-8859-1
content-length: 246
location: https://m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
X-Firefox-Spdy: h2

m-package-forward.dynnamn.ru/favicon.ico

45.133.200.3

302 Found

246 B

URL GET HTTP/2
m-package-forward.dynnamn.ru/favicon.ico
IP
45.133.200.3:443
ASN
#200313 WEB_GroupInternet INC

Requested by
https://m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi
Certificate
IssuerLet's Encrypt
Subjectm-package-forward.dynnamn.ru
Fingerprint61:ED:FD:53:53:91:F9:67:8E:0D:C9:E9:CD:DE:87:BB:E0:83:9D:D1
ValidityTue, 24 Oct 2023 18:37:02 GMT - Mon, 22 Jan 2024 18:37:01 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
246 B (246 bytes)
Hash
c34b6eee4647edb7809dc88efc43cebf
aa8ed57adcf502b2eba1b6916668775ae0f217f2
e68d671dacb126a5a664cf67730326ae79176a7eb520a19d5a7bb9599825628a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	United States Postal Service
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: m-package-forward.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Thu, 26 Oct 2023 17:20:55 GMT
content-type: text/html; charset=iso-8859-1
content-length: 246
location: https://m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi
expires: Mon, 25 Dec 2023 17:20:55 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.0.6/css/all.css

172.64.103.11

200 OK

46 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.0.6/css/all.css
IP
172.64.103.11:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (34556)
Size
46 kB (46410 bytes)
Hash
42eaa52604673b64d6b356c2fd7f87e3
6b59cb703b2d4a7a2691f13008062b46a6bc7fdb
ed0f122470c4d13d86bbabdc38046d743d0228204a56d786d2e17bd83fd358ce

HTTP Headers

GET /releases/v5.0.6/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m-package-forward.dynnamn.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:20:56 GMT
content-type: text/css
x-amz-id-2: H9hK29b5iFPEy8TCVIP5G7upJA9ACrAE7U0DxTvyHEokOqcJQDZk0RrIb6gPiJ2nNAhA+oTFP3U=
x-amz-request-id: ZPVHR3KYK4NCQZSJ
last-modified: Wed, 30 Jun 2021 15:27:49 GMT
etag: W/"42eaa52604673b64d6b356c2fd7f87e3"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2557503
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C0FYW8L%2FgHYWZU2bgIoatBTsxzoLl7AK9H1QD6vEc7qjogaW60OEWANw8Mu4AV28eDgixFkn3PcDbuhMc8oNgVE2z%2BuR83yAx1P%2FTep%2F5RfY%2B1PKQKiJqz65KEMfM32acUwm2M5O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81c45f6e1bffd188-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2

172.64.103.11

200 OK

39 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2
IP
172.64.103.11:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 38784, version 1.0\012- data
Size
39 kB (38784 bytes)
Hash
f9b85c9463af7103b9b24bbbf09a06ed
d28d7222bcbeb8ea701a771e85f7efe006e62fb1
62554277d07b20c6bfae7c6267b3198b4846f604a37d4085bf9f54c392210b56

HTTP Headers

GET /releases/v5.0.6/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://m-package-forward.dynnamn.ru
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Oct 2023 17:20:56 GMT
content-type: application/font-woff2
content-length: 38784
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "f9b85c9463af7103b9b24bbbf09a06ed"
last-modified: Fri, 22 Sep 2023 01:44:10 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 21299
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JfRZNMi7PRfSZWnuAYmI95QDFdXFdXY9%2BAxC7289vyJrg8sMAt%2F%2Fy%2FWA3o56cdMBN2GqAnYWv87UXv0ekXoHS7dHqe8VMw%2F%2F8eHDwvcRGsGnIMkjSrhRmyXBEXt%2FUvmvX%2BDisZ9C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81c45f6f6dfd76a3-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi

45.133.200.3

200 OK

7.7 kB

URL User Request GET HTTP/2
m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi
IP
45.133.200.3:443
ASN
#200313 WEB_GroupInternet INC

Certificate
IssuerLet's Encrypt
Subjectm-package-forward.dynnamn.ru
Fingerprint61:ED:FD:53:53:91:F9:67:8E:0D:C9:E9:CD:DE:87:BB:E0:83:9D:D1
ValidityTue, 24 Oct 2023 18:37:02 GMT - Mon, 22 Jan 2024 18:37:01 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7820), with no line terminators
Size
7.7 kB (7650 bytes)
Hash
ee08348da212415798a452140119547f
7cb95633f908136668e4a193daec6b3c21bd8e7a
f3d9d29f760a2ed3933bb816b8e654c0f5e22c829eab297d75ef32c1df92605a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	United States Postal Service
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: m-package-forward.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 26 Oct 2023 17:20:55 GMT
content-type: text/html
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2

m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi

45.133.200.3

200 OK

7.7 kB

URL GET HTTP/2
m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi
IP
45.133.200.3:443
ASN
#200313 WEB_GroupInternet INC

Requested by
https://m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi
Certificate
IssuerLet's Encrypt
Subjectm-package-forward.dynnamn.ru
Fingerprint61:ED:FD:53:53:91:F9:67:8E:0D:C9:E9:CD:DE:87:BB:E0:83:9D:D1
ValidityTue, 24 Oct 2023 18:37:02 GMT - Mon, 22 Jan 2024 18:37:01 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7820), with no line terminators
Size
7.7 kB (7650 bytes)
Hash
ee08348da212415798a452140119547f
7cb95633f908136668e4a193daec6b3c21bd8e7a
f3d9d29f760a2ed3933bb816b8e654c0f5e22c829eab297d75ef32c1df92605a

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	United States Postal Service
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: m-package-forward.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://m-package-forward.dynnamn.ru/cgi-sys/suspendedpage.cgi
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 26 Oct 2023 17:20:56 GMT
content-type: text/html
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: HIT
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (6)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers