Report - customservicseesdammzmmz.dynnamn.ru/?sig7incs

Report Overview

Visited public
2023-12-04 23:05:54
Tags
dyndns
URL
customservicseesdammzmmz.dynnamn.ru/?sig7incs_
Finishing URL
customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
IP / ASN
162.240.160.144
#46606 UNIFIEDLAYER-AS-1
Title
Amazon Sign-In
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
m.media-amazon.com	580	2016-08-18	2018-06-22 13:41:03	2023-12-04 12:51:16	1.6 kB	64 kB	143.204.48.132
customservicseesdammzmmz.dynnamn.ru	unknown	unknown	No data	No data	3.9 kB	340 kB	162.240.160.144

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-04 23:05:43	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-04 23:05:43	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-04 23:05:43	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-04 23:05:44	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-04 23:05:44	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-04 23:05:44	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-04 23:05:46	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	dynnamn.ru	Sinkholed
2023-12-04	medium	dynnamn.ru	Sinkholed
2023-12-04	medium	dynnamn.ru	Sinkholed
2023-12-04	medium	dynnamn.ru	Sinkholed
2023-12-04	medium	dynnamn.ru	Sinkholed
2023-12-04	medium	dynnamn.ru	Sinkholed
2023-12-04	medium	dynnamn.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/js/jquery-3.3.1.min.js	ScriptElement	108 kB	2023-03-08	2025-05-03
Pretty URL customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/js/jquery-3.3.1.min.js IP 162.240.160.144 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:57 Last Seen2025-05-03 07:32 Times Seen379 Hash d532c905d593a7f16eff99f24f27621e ea0f0d16f78ec4bbaf7866213a2f012d2793e14c 97ecd42dea3bc998c5efd456bc13e2c45c700fba1c581961ca1481676bf08b42 Loading...

	customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/js/jquery.validate.min.js	ScriptElement	37 kB	2023-04-16	2025-05-06
Pretty URL customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/js/jquery.validate.min.js IP 162.240.160.144 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-16 23:53 Last Seen2025-05-06 14:30 Times Seen390 Hash a55bc1a7d4b73fa8520f96ff509a33de c58c57e658a1408210d35b40d8a0420e05aa17be 8adda41c71d59c83d9e7a18df25ffc17ab7c5fa9728b2656a66c48b5ae01060f Loading...

	customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572	ScriptElement	2.1 kB	2023-03-10	2025-05-03
Pretty URL customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572 IP 162.240.160.144 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 18:53 Last Seen2025-05-03 07:32 Times Seen96 Hash 2d2fc5cedfe5cac7f20c1e971807ce26 6be6ca053b6794816bb622be7945ca356cfc6061 aa3e84ed952d7e588208e032a351bb41dab308fe44bf1c8aaa63a5de5d1df69f Loading...

HTTP Transactions (10)

URL IP Response Size

customservicseesdammzmmz.dynnamn.ru/?sig7incs_

162.240.160.144

307 Temporary Redirect

20 B

URL User Request GET HTTP/1.1
customservicseesdammzmmz.dynnamn.ru/?sig7incs_
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectcustomservicseesdammzmmz.dynnamn.ru
FingerprintAE:50:57:0F:E5:EF:D6:42:EC:36:2B:46:E0:50:1F:9E:56:A4:30:12
ValidityMon, 04 Dec 2023 21:08:23 GMT - Sun, 03 Mar 2024 21:08:22 GMT

File type
gzip compressed data, from Unix\012- data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?sig7incs_ HTTP/1.1
Host: customservicseesdammzmmz.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Date: Mon, 04 Dec 2023 23:05:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=22e23557a7f3bd067b4e9b955a35c40f; path=/
Location: https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572

162.240.160.144

200 OK

3.3 kB

URL User Request GET HTTP/1.1
customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectcustomservicseesdammzmmz.dynnamn.ru
FingerprintAE:50:57:0F:E5:EF:D6:42:EC:36:2B:46:E0:50:1F:9E:56:A4:30:12
ValidityMon, 04 Dec 2023 21:08:23 GMT - Sun, 03 Mar 2024 21:08:22 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (661), with CRLF line terminators
Size
3.3 kB (3330 bytes)
Hash
664f63760972a8ea38be7de098639099
5346b430bfce0da0090b5326c0d19cbda8e6b0ce
cc08e164c42d442d8dbbe5add341bea8997c838d60aec449784060bd17803239

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /signin?verify=cr51_41572 HTTP/1.1
Host: customservicseesdammzmmz.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=22e23557a7f3bd067b4e9b955a35c40f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 23:05:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/css/sign-dekstop.css

162.240.160.144

200 OK

136 kB

URL GET HTTP/1.1
customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/css/sign-dekstop.css
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Certificate
IssuerLet's Encrypt
Subjectcustomservicseesdammzmmz.dynnamn.ru
FingerprintAE:50:57:0F:E5:EF:D6:42:EC:36:2B:46:E0:50:1F:9E:56:A4:30:12
ValidityMon, 04 Dec 2023 21:08:23 GMT - Sun, 03 Mar 2024 21:08:22 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
136 kB (135724 bytes)
Hash
145d4167f1247d5618d6a7d3df28aa7a
1188188a940b68ee827c7babeffc279ec06f8f13
a3987cc9ff1e96ae068bdd13278434f2d3d32e781b1e131d8e0ed2a1a8eb481b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CR51/Assets/_hayo/css/sign-dekstop.css HTTP/1.1
Host: customservicseesdammzmmz.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Cookie: PHPSESSID=22e23557a7f3bd067b4e9b955a35c40f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 23:05:39 GMT
Server: Apache
Last-Modified: Sun, 14 Nov 2021 12:02:18 GMT
Accept-Ranges: bytes
Content-Length: 135724
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/css/style.sign-desktop.css

162.240.160.144

200 OK

36 kB

URL GET HTTP/1.1
customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/css/style.sign-desktop.css
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Certificate
IssuerLet's Encrypt
Subjectcustomservicseesdammzmmz.dynnamn.ru
FingerprintAE:50:57:0F:E5:EF:D6:42:EC:36:2B:46:E0:50:1F:9E:56:A4:30:12
ValidityMon, 04 Dec 2023 21:08:23 GMT - Sun, 03 Mar 2024 21:08:22 GMT

File type
ASCII text, with very long lines (20048), with CRLF line terminators
Size
36 kB (36441 bytes)
Hash
ce03668bf4cba84e446d39b1e5430fa2
a1e1d2f4e14d20921a9b13ed4ea14ce0c407e64f
0c56d79edb4b4187f79ddcecd68fae587c56402c3ed737ed954b3eda3d250967

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CR51/Assets/_hayo/css/style.sign-desktop.css HTTP/1.1
Host: customservicseesdammzmmz.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Cookie: PHPSESSID=22e23557a7f3bd067b4e9b955a35c40f
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 23:05:39 GMT
Server: Apache
Last-Modified: Sun, 14 Nov 2021 12:02:18 GMT
Accept-Ranges: bytes
Content-Length: 36441
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/js/jquery.validate.min.js

162.240.160.144

200 OK

37 kB

URL GET HTTP/1.1
customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/js/jquery.validate.min.js
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Certificate
IssuerLet's Encrypt
Subjectcustomservicseesdammzmmz.dynnamn.ru
FingerprintAE:50:57:0F:E5:EF:D6:42:EC:36:2B:46:E0:50:1F:9E:56:A4:30:12
ValidityMon, 04 Dec 2023 21:08:23 GMT - Sun, 03 Mar 2024 21:08:22 GMT

File type
Unicode text, UTF-8 text, with very long lines (829), with CRLF line terminators
Size
37 kB (36756 bytes)
Hash
1cdeeb8eaca2a1357de0a82bd5e5526f
f0474ee246d33979152b20bfbea49045581792f3
1327e703fcf1311de11818f1fedcef1ec0ba4f60734962c6955fdffc408d5287

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CR51/Assets/_hayo/js/jquery.validate.min.js HTTP/1.1
Host: customservicseesdammzmmz.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Cookie: PHPSESSID=22e23557a7f3bd067b4e9b955a35c40f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 23:05:39 GMT
Server: Apache
Last-Modified: Sun, 14 Nov 2021 12:02:18 GMT
Accept-Ranges: bytes
Content-Length: 36756
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

m.media-amazon.com/images/S/sash/KFPk-9IF4FqAqY-.woff2

143.204.48.132

200 OK

16 kB

URL GET HTTP/2
m.media-amazon.com/images/S/sash/KFPk-9IF4FqAqY-.woff2
IP
143.204.48.132:443
ASN
#16509 AMAZON-02

Requested by
https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Certificate
IssuerDigiCert Inc
Subjectimages-na.ssl-images-amazon.com
FingerprintAA:46:E6:D0:CB:90:98:F0:BC:7D:7A:5B:14:98:24:32:09:12:4C:CF
ValidityWed, 09 Aug 2023 00:00:00 GMT - Wed, 24 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16460, version 1.655\012- data
Size
16 kB (16460 bytes)
Hash
15e17f26c664ee0518f82972282e6ff3
46b91bda68161c14e554a779643ef4957431987b
4065b43ba3db8da5390ba0708555889f78e86483fe0226ef79ea22d07c306b89

HTTP Headers

GET /images/S/sash/KFPk-9IF4FqAqY-.woff2 HTTP/1.1
Host: m.media-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://customservicseesdammzmmz.dynnamn.ru
DNT: 1
Connection: keep-alive
Referer: https://customservicseesdammzmmz.dynnamn.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/font-woff2; charset=utf-8
content-length: 16460
server: Server
date: Wed, 13 Sep 2023 14:24:30 GMT
x-amz-ir-id: 29d3a6a7-1de1-4b26-a924-6c3f60e02dbf
cache-control: max-age=630720000,public
last-modified: Fri, 30 Oct 2020 21:19:26 GMT
access-control-allow-origin: *
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
edge-cache-tag: x-cache-409,/images/S/sash/KFPk-9IF4FqAqY-
expires: Fri, 28 Aug 2043 19:16:09 GMT
surrogate-key: x-cache-409 /images/S/sash/KFPk-9IF4FqAqY-
x-nginx-cache-status: HIT
accept-ranges: bytes
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
age: 7116069
server-timing: provider;desc="cf"
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: lubXsPRZXHgdglJewcoS8Mr951YuwyBoHVUIJOWU2knuz0V-6D3gbA==
X-Firefox-Spdy: h2

m.media-amazon.com/images/S/sash/mPGmT0r6IeTyIee.png

143.204.48.132

200 OK

28 kB

URL GET HTTP/2
m.media-amazon.com/images/S/sash/mPGmT0r6IeTyIee.png
IP
143.204.48.132:443
ASN
#16509 AMAZON-02

Requested by
https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Certificate
IssuerDigiCert Inc
Subjectimages-na.ssl-images-amazon.com
FingerprintAA:46:E6:D0:CB:90:98:F0:BC:7D:7A:5B:14:98:24:32:09:12:4C:CF
ValidityWed, 09 Aug 2023 00:00:00 GMT - Wed, 24 Jul 2024 23:59:59 GMT

File type
PNG image data, 400 x 750, 8-bit colormap, non-interlaced\012- data
Size
28 kB (27972 bytes)
Hash
1b5a1fb097715b1604b21aba92ef6a3e
c4a765aedd886dc04d89e7e93b6a02c59ecb7013
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5

HTTP Headers

GET /images/S/sash/mPGmT0r6IeTyIee.png HTTP/1.1
Host: m.media-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://customservicseesdammzmmz.dynnamn.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 27972
server: Server
date: Fri, 19 May 2023 16:52:09 GMT
x-amz-ir-id: 2d124614-443a-4ee6-ba84-05888d0b41ba
cache-control: max-age=630720000,public
last-modified: Tue, 17 Nov 2020 23:31:33 GMT
access-control-allow-origin: *
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
edge-cache-tag: x-cache-236,/images/S/sash/mPGmT0r6IeTyIee
expires: Tue, 14 Apr 2043 08:55:48 GMT
surrogate-key: x-cache-236 /images/S/sash/mPGmT0r6IeTyIee
x-nginx-cache-status: HIT
accept-ranges: bytes
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
age: 17216011
server-timing: provider;desc="cf"
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: mTBUnQHS04iXPxC5H_0E5frXXwNgSc4_cyoJFOhKWPc8VStJVcASSA==
X-Firefox-Spdy: h2

m.media-amazon.com/images/S/sash/pDxWAF1pBB0dzGB.woff2

143.204.48.132

200 OK

17 kB

URL GET HTTP/2
m.media-amazon.com/images/S/sash/pDxWAF1pBB0dzGB.woff2
IP
143.204.48.132:443
ASN
#16509 AMAZON-02

Requested by
https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Certificate
IssuerDigiCert Inc
Subjectimages-na.ssl-images-amazon.com
FingerprintAA:46:E6:D0:CB:90:98:F0:BC:7D:7A:5B:14:98:24:32:09:12:4C:CF
ValidityWed, 09 Aug 2023 00:00:00 GMT - Wed, 24 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16616, version 1.655\012- data
Size
17 kB (16616 bytes)
Hash
4afcd3b79b78d33386f497877a29c518
cc7ebaa05a2cd3b02c0929ac0475a44ab30b7efa
cded49f94fc16dc0a14923975e159fbf4b14844593e612c1342c9e34e2f96821

HTTP Headers

GET /images/S/sash/pDxWAF1pBB0dzGB.woff2 HTTP/1.1
Host: m.media-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://customservicseesdammzmmz.dynnamn.ru
DNT: 1
Connection: keep-alive
Referer: https://customservicseesdammzmmz.dynnamn.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/font-woff2; charset=utf-8
content-length: 16616
server: Server
date: Fri, 21 Jul 2023 06:43:09 GMT
x-amz-ir-id: 5b1199ea-12ba-4130-bdad-081fb94461f9
expires: Sun, 22 Feb 2043 06:09:50 GMT
cache-control: max-age=630720000,public
surrogate-key: x-cache-298 /images/S/sash/pDxWAF1pBB0dzGB
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
edge-cache-tag: x-cache-298,/images/S/sash/pDxWAF1pBB0dzGB
access-control-allow-origin: *
last-modified: Fri, 30 Oct 2020 21:19:16 GMT
x-nginx-cache-status: HIT
accept-ranges: bytes
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
age: 11809351
server-timing: cdn-cache-hit,cdn-pop;desc="OSL50-C1",cdn-rid;desc="VDWJYaAnT7bPKHZrSW6CbucYgE7zXXTstC3zHuShWgz4-TJ5cztlSA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=1,provider;desc="cf"
x-cache: Hit from cloudfront
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VDWJYaAnT7bPKHZrSW6CbucYgE7zXXTstC3zHuShWgz4-TJ5cztlSA==
X-Firefox-Spdy: h2

customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/js/jquery-3.3.1.min.js

162.240.160.144

200 OK

108 kB

URL GET HTTP/1.1
customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/js/jquery-3.3.1.min.js
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Certificate
IssuerLet's Encrypt
Subjectcustomservicseesdammzmmz.dynnamn.ru
FingerprintAE:50:57:0F:E5:EF:D6:42:EC:36:2B:46:E0:50:1F:9E:56:A4:30:12
ValidityMon, 04 Dec 2023 21:08:23 GMT - Sun, 03 Mar 2024 21:08:22 GMT

File type
ASCII text, with very long lines (65451)
Size
108 kB (107631 bytes)
Hash
d532c905d593a7f16eff99f24f27621e
ea0f0d16f78ec4bbaf7866213a2f012d2793e14c
97ecd42dea3bc998c5efd456bc13e2c45c700fba1c581961ca1481676bf08b42

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CR51/Assets/_hayo/js/jquery-3.3.1.min.js HTTP/1.1
Host: customservicseesdammzmmz.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Cookie: PHPSESSID=22e23557a7f3bd067b4e9b955a35c40f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 23:05:39 GMT
Server: Apache
Last-Modified: Sun, 14 Nov 2021 12:02:18 GMT
Accept-Ranges: bytes
Content-Length: 107631
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/images/favicon.ico

162.240.160.144

200 OK

18 kB

URL GET HTTP/1.1
customservicseesdammzmmz.dynnamn.ru/CR51/Assets/_hayo/images/favicon.ico
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Certificate
IssuerLet's Encrypt
Subjectcustomservicseesdammzmmz.dynnamn.ru
FingerprintAE:50:57:0F:E5:EF:D6:42:EC:36:2B:46:E0:50:1F:9E:56:A4:30:12
ValidityMon, 04 Dec 2023 21:08:23 GMT - Sun, 03 Mar 2024 21:08:22 GMT

File type
MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
18 kB (17542 bytes)
Hash
ca6619b86c2f6e6068b69ba3aaddb7e4
c44a1bb9d14385334eb851fbb0afb19d961c1ee7
17d02e2db6dbedb95dd449d06868c147ac2c3b5371497bcb9407e75336a99e09

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CR51/Assets/_hayo/images/favicon.ico HTTP/1.1
Host: customservicseesdammzmmz.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://customservicseesdammzmmz.dynnamn.ru/signin?verify=cr51_41572
Cookie: PHPSESSID=22e23557a7f3bd067b4e9b955a35c40f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 04 Dec 2023 23:05:40 GMT
Server: Apache
Last-Modified: Sun, 14 Nov 2021 12:02:18 GMT
Accept-Ranges: bytes
Content-Length: 17542
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/x-icon

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size