{"report_id":"5547ab6c-1967-4b69-a339-dc052cbbfa06","version":6,"status":"done","tags":["apple","phishing","dyndns"],"date":"2023-12-02T13:11:16Z","url":{"schema":"http","addr":"smg.city/bud","fqdn":"smg.city","domain":"smg.city","tld":"city"},"ip":{"addr":"103.101.52.69","port":0,"asn":136843,"as":"Dinas Komunikasi dan Informatika Pemerintah Kota Semarang","country":"Indonesia","country_code":"ID"},"final":{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"title":"Manage your Apple ID - Apple"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T09:32:51Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"smg.city","ip":{"addr":"103.101.52.69","port":0,"asn":136843,"as":"Dinas Komunikasi dan Informatika Pemerintah Kota Semarang","country":"Indonesia","country_code":"ID"},"domain_registered":"2019-07-31","domain_rank":0,"first_seen":"2019-07-31 11:46:06","last_seen":"2023-11-30 06:02:14","alert_count":0,"request_count":1,"received_data":262,"sent_data":478,"comment":"","tags":null,"fingerprints":null},{"fqdn":"strksmnge-pmblianspasea.dynnamn.ru","ip":{"addr":"162.214.98.92","port":0,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"domain_registered":"2019-09-16","domain_rank":0,"first_seen":"2023-12-01 12:07:23","last_seen":"2023-12-01 12:07:23","alert_count":55,"request_count":19,"received_data":1642946,"sent_data":11088,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:04Z","timestamp":1701522664,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":41627,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:04.014924+0000\",\"flow_id\":1761852172810828,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":41627,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":24076,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:04.014924+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:04Z","timestamp":1701522664,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":45391,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:04.015082+0000\",\"flow_id\":2070447720512234,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":45391,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":5480,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:04.015082+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:05Z","timestamp":1701522665,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36412,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:05.513810+0000\",\"flow_id\":73743194511122,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":36412,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":64405,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:05.513810+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:06Z","timestamp":1701522666,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":58030,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:06.206572+0000\",\"flow_id\":597681960003308,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":58030,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":29444,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:06.206572+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:06Z","timestamp":1701522666,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":39858,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:06.207533+0000\",\"flow_id\":146955207060141,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":39858,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":44504,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:06.207533+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:06Z","timestamp":1701522666,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":49802,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:06.212316+0000\",\"flow_id\":1830064843537756,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":49802,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":41421,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:06.212316+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:06Z","timestamp":1701522666,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56927,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:06.215960+0000\",\"flow_id\":1392817845455768,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":56927,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":4088,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:06.215960+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:06Z","timestamp":1701522666,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":36855,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:06.218662+0000\",\"flow_id\":826595126957606,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":36855,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":26444,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:06.218662+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:06Z","timestamp":1701522666,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54493,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:06.219733+0000\",\"flow_id\":20992406215253,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":54493,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":11565,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:06.219733+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:07Z","timestamp":1701522667,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":56383,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:07.576011+0000\",\"flow_id\":1658008453761547,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":56383,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":40759,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:07.576011+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:07Z","timestamp":1701522667,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59489,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:07.579107+0000\",\"flow_id\":104443620873763,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":59489,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":1739,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:07.579107+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:07Z","timestamp":1701522667,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54677,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:07.590054+0000\",\"flow_id\":650976045499245,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":54677,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":35050,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":2}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":2,\"pkts_toclient\":1,\"bytes_toserver\":200,\"bytes_toclient\":367,\"start\":\"2023-12-02T13:06:59.328557+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:07Z","timestamp":1701522667,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34816,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:07.592151+0000\",\"flow_id\":1793604866214167,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":34816,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":36669,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:07.592151+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:07Z","timestamp":1701522667,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":33102,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:07.593333+0000\",\"flow_id\":85545764720053,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":33102,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":18625,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:07.593333+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:07Z","timestamp":1701522667,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":45348,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:07.598373+0000\",\"flow_id\":1561159088677221,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":45348,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":9453,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:07.598373+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-02T13:11:08Z","timestamp":1701522668,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":45333,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain","source":"{\"timestamp\":\"2023-12-02T13:11:08.356394+0000\",\"flow_id\":1397355478544426,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.135\",\"src_port\":45333,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038994,\"rev\":1,\"signature\":\"ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_09_26\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_09_26\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":36925,\"rrname\":\"strksmnge-pmblianspasea.dynnamn.ru\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":105,\"bytes_toclient\":0,\"start\":\"2023-12-02T13:11:08.356394+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/js/jquery.js","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"adb784ef9dc257b32965a5da7ee82a8b","sha1":"7a41c488d820ea08231d1d393e5f4daed4d25041","sha256":"8e09aa31f396ea41d698f437dc5fc7125e931d400eb2873f5b68ef78c1e6f3a6","sha512":"bc8fcdf5a4645443c394b0d1b7222b2e2321a4558cd39cfac18c88aa1abc44d4317a94a26b0f8444f6700197fe2a90d2812c42fb1f85fc5ae33069343579d4df","ssdeep":"1536:fYE1JVoiB9JqZdXXe2pD3PgoIiulrUn6Z6a4tfOR7WpfWBZPBJda4w9W3qG9a98Q:u4J+rlfOhWpgCW6G9a98HrU","tlshash":"1383c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85580,"data":"","first_seen":"2023-03-07T01:20:21Z","last_seen":"2026-04-08T21:59:08.082807Z","times_seen":1847,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/js/jquery.validate.min.js","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"146e83f3299d808104b4eff9b5d02150","sha1":"308282674902bc02929c4ec1978d3a1ba7d5f2ad","sha256":"f909dd0bc5367dd15e530330204f5ef655e7c39610b47966a9a9f519c01ec981","sha512":"a2d4ce30596d4370be294250bc8dad6421bf1baaf9d8415efd90c13ca4b0458b54cc424c4d9b7e54c0e24e75d1297dea6e48bbcf46dbbbd4fec5b0dca11b70c9","ssdeep":"384:QXrHpoSnWB6/tX2lH1dkMiYnFpg54Lrf7m9SNAc0Eny+RWuK7NeBMwV/vtrx+OLg:mWB6/8lH1dkMioFpg54n7mcQEny+NLx+","tlshash":"bda2a78d76d670465e9720f4909b660b61b669a0a008e83cb5f8e4d1baf4ecc50f7f78","size":23263,"data":"","first_seen":"2023-04-06T16:55:47Z","last_seen":"2026-04-08T07:26:06.542132Z","times_seen":1176,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/js/script-login-desktop.js","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ff0ecc2b70c9ad12b4043d00dc3d5d9e","sha1":"5326d14cc8635c4a7ef10ad160b5d05d87a31cc0","sha256":"42f3d2772f3df6542b9ff9db1684b27f2b7ffad066c329f3fff582a9e3074e7d","sha512":"728de86f7a64eed6cab44a8c27beb3027d967ccba17e604327910d9b54503e9d4c28b38c1aff08aa8a7b403567ff0b2fd873f4829d63fd74dd94dab9696c979c","ssdeep":"","tlshash":"6121a3a735c78b380dde3fab257443c87c3894656e053514a87c7c20b061e86b67bb94","size":1240,"data":"","first_seen":"2023-03-08T19:46:07Z","last_seen":"2025-06-03T20:48:16.744126Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-09T08:07:55.876601Z","times_seen":13532580,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"smg.city/bud","fqdn":"smg.city","domain":"smg.city","tld":"city"},"ip":{"addr":"103.101.52.69","port":0,"asn":136843,"as":"Dinas Komunikasi dan Informatika Pemerintah Kota Semarang","country":"Indonesia","country_code":"ID"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-12-02T13:11:04.009580156Z","timestamp":1701522664009,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /bud HTTP/1.1\r\nHost: smg.city\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx/1.17.2\r\nDate: Sat, 02 Dec 2023 13:10:58 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nX-Powered-By: PHP/7.0.8\r\nLocation: https://strksmnge-pmblianspasea.dynnamn.ru/?signtye\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-09T08:07:55.876601Z","times_seen":13532580,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/?signtye","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":0,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-12-02T13:11:05.218192797Z","timestamp":1701522665218,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /?signtye HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:10:59 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nSet-Cookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75; path=/\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":160,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"HTML document text\\012- exported SGML document, ASCII text, with no line terminators","md5":"d0353385847a19e2899a826e49f144c9","sha1":"cd8ec88d5292054102008badd13db9d4955f4647","sha256":"98376e99ed88d2350b56fb1ec7f56245c292613c55657860f8aa19d951f7c537","sha512":"8de441ca55feb36d041d0cbf78fe388dce6282d24c48b85cfe891e27923f503f12ac1eeb57a297af93faad4f22cf7a1bdc34dc9dd1aba0bffb098f4dac0aede1","ssdeep":"","tlshash":"7ec0c04d3d40c1040c4502c1f031b41050d850b54f02b01501f88c7430c068fd6160dc","first_seen":"2023-12-02T14:11:18Z","last_seen":"2023-12-02T14:11:18Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-02T13:11:05.515Z","timestamp":1701522665515,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/?signtye\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:00 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2792,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document text\\012- exported SGML document, ASCII text, with very long lines (330)","md5":"807e2973673a19b9e521aa3302f8b0aa","sha1":"b14ec812584c3dd0c1d2f561dc22fda03d00202e","sha256":"c0ddea0330cdad8dd89d73860fcc2449cd2591c22af6e5352bf73229cbf035ff","sha512":"2316dc671b2aa94e0e2003863724db9dd0fb922c54a9796c7988e258835a44e311d690918071fa69a80dba9063efdb846a3cd68f89ce8e7c5ae9cda5c9c40548","ssdeep":"192:v3bwiYi+iqi9Fxi0iRiSixinNVniEixiIiGiBNDJ7JdlrJf8yzap:PbdYi+iqi9Fxi0iRiSixinN5iEixiIiI","tlshash":"a812a6b77da20904355798d93fb297887535c00bca05dd083abc62f4efdadc8983b669","first_seen":"2023-12-02T14:11:18Z","last_seen":"2023-12-02T14:11:18Z","times_seen":1,"resource_available":false,"data":null}},"time_used":637,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":637,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/css/modal.css","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:06.208Z","timestamp":1701522666208,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/css/modal.css HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:01 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 12 Jul 2018 00:56:28 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 17803\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/css\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17803,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (17803), with no line terminators","md5":"8ab65fdf5424038cafa42049fa73e7bf","sha1":"cdfab6775ee409086d6387565c0c17680a3c8bfa","sha256":"6097f6d2cbbb8780c006ccbc4914216ee8b449ea80a71e9cb2b0c93e9631f8d5","sha512":"24f57670be92ea1b907b193b9f50820cd98ac461ce4c4005f9b128b266e153474d21ffaa6a09e1d9151bb39d7299ab1d7ba573b6a42c94657b050f28e0c9fc53","ssdeep":"192:+jOXXQcnd0+Z4yfgHY5rbfDLcHALmAz/QZ69KNsDTS:g+Z4yfCYkHALF9KNs6","tlshash":"1f82775c9d9d219c617bc602b7cb0f24973ac2a39e116dde7524721f8b8be8821e7347","first_seen":"2023-05-17T11:47:17Z","last_seen":"2025-06-03T20:48:16.727119Z","times_seen":5,"resource_available":false,"data":null}},"time_used":379,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":194,"receive":185,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/js/script-login-desktop.js","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:06.223Z","timestamp":1701522666223,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/js/script-login-desktop.js HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:01 GMT\r\nServer: Apache\r\nLast-Modified: Tue, 26 Dec 2017 21:59:06 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 1240\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: application/javascript\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1240,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"ff0ecc2b70c9ad12b4043d00dc3d5d9e","sha1":"5326d14cc8635c4a7ef10ad160b5d05d87a31cc0","sha256":"42f3d2772f3df6542b9ff9db1684b27f2b7ffad066c329f3fff582a9e3074e7d","sha512":"728de86f7a64eed6cab44a8c27beb3027d967ccba17e604327910d9b54503e9d4c28b38c1aff08aa8a7b403567ff0b2fd873f4829d63fd74dd94dab9696c979c","ssdeep":"","tlshash":"6121a3a735c78b380dde3fab257443c87c3894656e053514a87c7c20b061e86b67bb94","first_seen":"2023-03-08T19:46:07Z","last_seen":"2025-06-03T20:48:16.744126Z","times_seen":4,"resource_available":true,"data":null}},"time_used":984,"timings":{"blocked":372,"dns":1,"connect":184,"send":0,"wait":236,"receive":0,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/css/style-login-desktop.css","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:06.221Z","timestamp":1701522666221,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/css/style-login-desktop.css HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:01 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 12 Jul 2018 00:57:02 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 7994\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/css\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7994,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7994), with no line terminators","md5":"53764a563e5fd4669b624b96adddbb9b","sha1":"46dbc09333ba09f0125c3f2fd22677614dad2403","sha256":"21716f423a763bdb240b136af1a9feba49f58e6fd2e5beeb55aa15037ff102c9","sha512":"2328482da6b7db9c7f3da497fbbeb50bdc4205299e738604542bc052bb8002362076b1b5a1196aa6e938afbf0536edcbb9643bc63c8154054002f5681d2f89ba","ssdeep":"192:wPlRGAsD+GpVXtutTBpu36HX2cHaFIWr1CBXi/qeR:CoDFtqTBpu36HX2cHaFIWUot","tlshash":"09f1ac32b94771aea44769ab3475235c693fc487a7e7473a307f23e5e11b8483435990","first_seen":"2023-12-02T14:11:18Z","last_seen":"2025-06-03T20:48:16.724824Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1156,"timings":{"blocked":373,"dns":0,"connect":184,"send":0,"wait":405,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/js/jquery.js","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:06.216Z","timestamp":1701522666216,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/js/jquery.js HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:01 GMT\r\nServer: Apache\r\nLast-Modified: Mon, 12 Nov 2018 17:38:58 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 85580\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: application/javascript\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":85580,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (32065), with CRLF line terminators","md5":"adb784ef9dc257b32965a5da7ee82a8b","sha1":"7a41c488d820ea08231d1d393e5f4daed4d25041","sha256":"8e09aa31f396ea41d698f437dc5fc7125e931d400eb2873f5b68ef78c1e6f3a6","sha512":"bc8fcdf5a4645443c394b0d1b7222b2e2321a4558cd39cfac18c88aa1abc44d4317a94a26b0f8444f6700197fe2a90d2812c42fb1f85fc5ae33069343579d4df","ssdeep":"1536:fYE1JVoiB9JqZdXXe2pD3PgoIiulrUn6Z6a4tfOR7WpfWBZPBJda4w9W3qG9a98Q:u4J+rlfOhWpgCW6G9a98HrU","tlshash":"1383c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:20:21Z","last_seen":"2026-04-08T21:59:08.082807Z","times_seen":1847,"resource_available":true,"data":null}},"time_used":1339,"timings":{"blocked":363,"dns":1,"connect":183,"send":0,"wait":237,"receive":367,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/js/jquery.validate.min.js","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:06.220Z","timestamp":1701522666220,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/js/jquery.validate.min.js HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:01 GMT\r\nServer: Apache\r\nLast-Modified: Mon, 12 Nov 2018 17:18:56 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 23264\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: application/javascript\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23264,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (23122), with CRLF line terminators","md5":"c2e02460a0c2bb3c499009f8aa4297ab","sha1":"7998a9786924b8222a46f05e0314b05862f7a713","sha256":"788b4b14ec9f43877f386cc49c67218b664c545f048468334b493b7d238f89f4","sha512":"ea95f555b553d07f68d4e9f4611eb570849d40b68f767eb353f07001f621f30a41f733bf4230618ee76f63653af107fd9c7b8bc0e47481c7fd54370e88955349","ssdeep":"384:QXrHpFSnWB6/tX2lH1dkMiYnFpg54Lrf7m9SNAc0Eny+RWuK7NeBMwV/vtrx+OLg:RWB6/8lH1dkMioFpg54n7mcQEny+NLx+","tlshash":"63a2a78d76d670465e9720f4909b660b61b669a0a008e83cb5f8e4d1baf4ecc50f7f78","first_seen":"2023-03-07T01:03:32Z","last_seen":"2025-03-01T07:41:42.299638Z","times_seen":262,"resource_available":false,"data":null}},"time_used":1346,"timings":{"blocked":374,"dns":1,"connect":184,"send":0,"wait":407,"receive":184,"ssl":193},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/css/bootstrap.min.css","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:06.212Z","timestamp":1701522666212,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/css/bootstrap.min.css HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:01 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 25 Jun 2014 03:14:12 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 109518\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/css\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":109518,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65371)","md5":"385b964b68acb68d23cb43a5218fade9","sha1":"58a360d7ef24d8d05737db1712dd5c086597e862","sha256":"b5fd723750763ebb731f9221e413e7d64d58d5192dc040e42292ed3dcccca732","sha512":"729f49483ca2d020c2bc17c52982d65debdbdebf2146fe49c5cc4b914abf2c4b4098e83b5f4cb3477a74c7f83e4b7696719c35f26871b025f27a5296997833ce","ssdeep":"768:ZbGxwUkBUmlpztzuRdvGN6eABkdIUIbZbnbJN8gwaKNhL3tqNhkRQmNae:ywldERdvGNIkabbRk3chs","tlshash":"78b3d7a0f11031ea7223c55a71d0ed872619a053e66b4fb7f22f25d88f895ca1773f1a","first_seen":"2023-04-05T11:14:50Z","last_seen":"2026-04-09T07:20:59.97062Z","times_seen":3635,"resource_available":false,"data":null}},"time_used":1665,"timings":{"blocked":363,"dns":0,"connect":179,"send":0,"wait":396,"receive":538,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/img/logo.png","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:06.226Z","timestamp":1701522666226,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/img/logo.png HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:02 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 29 Nov 2017 22:29:44 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 4690\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4690,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 420 x 112, 8-bit colormap, non-interlaced\\012- data","md5":"643a1f9fc2aa09799472c39031456af5","sha1":"70f89834a607b4a00e5c1e8ff2bd66b798db04df","sha256":"c691a459c75691e086dfbbacf08d2f4591a8316f11484ff99a5ca500a172e2b4","sha512":"f5429f5eefb13f66c54646572a090e83b20b6794abbf0cba1bd3c33cb58e0bff93c8f15c82ea7a35fe4cb11e3421b470f9910172a85d3842c6080cc7d25899d7","ssdeep":"48:P9DvI8EUfLmU/BwtLWAMgYmroPIXN80n6oJ5l8bWukOXodXUtuvWIFdMfWXPT3+Z:lD53/B45PUYnxWXkd9vBdMfWXbji","tlshash":"4ea16d85a8bd818a58955417450056f2d90bcee7465c82220a2e3b5e13fcfbd95b1b27","first_seen":"2023-05-17T11:47:17Z","last_seen":"2026-03-16T12:36:56.989261Z","times_seen":60,"resource_available":false,"data":null}},"time_used":1471,"timings":{"blocked":1284,"dns":0,"connect":0,"send":0,"wait":187,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/img/navbar-repeat-login.png","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:07.580Z","timestamp":1701522667580,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/img/navbar-repeat-login.png HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/assets/css/style-login-desktop.css\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:02 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 29 Nov 2017 22:57:10 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 186\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":186,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 105, 8-bit/color RGBA, non-interlaced\\012- data","md5":"830a3bf9352f3c3b78865d529d72cee4","sha1":"1b5d9f63eb347cee0e8a612e8af6adcfc3b929f3","sha256":"e49898a9129afa7b491faa3cfe7e03667c7152e1aad867b3c910c9de8aad2ab7","sha512":"459cb1f5d1f0c01bc0d4de77212d7d211aa4d00c7e68249fd9b3f062718613d5161160da35f6b207eddb931f186ba1288422cf83969c1b0aa5c40a4d5d4feff4","ssdeep":"","tlshash":"","first_seen":"2023-05-17T11:47:17Z","last_seen":"2025-06-03T20:48:16.74522Z","times_seen":4,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/img/btn.png","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:07.594Z","timestamp":1701522667594,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/img/btn.png HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/assets/css/style-login-desktop.css\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:02 GMT\r\nServer: Apache\r\nLast-Modified: Sun, 27 Dec 2015 07:24:34 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 711\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":711,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 29 x 28, 8-bit/color RGBA, non-interlaced\\012- data","md5":"72ae62bf41ef56795a918c54169c1243","sha1":"ed438963479a897b970eb29f916f8b81c46d5cff","sha256":"20561e3f883ab183123a6ef5a08a66fd701c6553766be53950034e487731b3fb","sha512":"96daa163d9632b3c54de2859324c3adaaf229c03834553a08f80c16293ac784898bb31327f3a7963aca5dbbebd03911946feaa1082eb18d84f1a2a8e3db89c2f","ssdeep":"","tlshash":"","first_seen":"2023-05-17T11:47:17Z","last_seen":"2025-06-03T20:48:16.717087Z","times_seen":9,"resource_available":false,"data":null}},"time_used":187,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":187,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/img/footer-login-desktop.png","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:07.599Z","timestamp":1701522667599,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/img/footer-login-desktop.png HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/assets/css/style-login-desktop.css\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:02 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 27 Dec 2017 05:25:54 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 67831\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":67831,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1010 x 387, 8-bit/color RGBA, non-interlaced\\012- data","md5":"03f050d044fa1712f4da42ba60c1bb57","sha1":"980756aec61d0ada8dd224449bcb7ae6acee1d7e","sha256":"63d0b4747b1208a82a115837bf59556c26a2bf4173bcf7a6cbb9254373a7c0f5","sha512":"ddb0017cf6db09a3764fac7296bfa615763c3fc6c05d8d63a113f9357f4f6aa7a63432ff74789b2988d530c3cd5f38a03415aa89cdab90de1e119322af3a6c89","ssdeep":"","tlshash":"","first_seen":"2023-05-17T11:47:17Z","last_seen":"2025-06-03T20:48:16.728684Z","times_seen":4,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":166,"dns":0,"connect":0,"send":0,"wait":183,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/img/navbar.png","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:07.587Z","timestamp":1701522667587,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/img/navbar.png HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/assets/css/style-login-desktop.css\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:02 GMT\r\nServer: Apache\r\nLast-Modified: Sat, 26 Dec 2015 04:19:08 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 20218\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20218,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1000 x 44, 8-bit/color RGBA, non-interlaced\\012- data","md5":"3eec9a839c236164353015a4becf6310","sha1":"ad05219c34d3a4dc026e708436701fe8ad6eb116","sha256":"9d031ab45532cbbc836814405707597d04c0830d59c713fc26176c4e48e6a5cc","sha512":"f90a310e30e2a40098087871b3ce4e296cad78c078a60bcb4990cadffc491f345123926a9e3f73448a50f60175da6c2d083ad11b0ef4462330c3c28707401a72","ssdeep":"","tlshash":"","first_seen":"2023-05-17T11:47:17Z","last_seen":"2025-06-03T20:48:16.735226Z","times_seen":4,"resource_available":false,"data":null}},"time_used":378,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":190,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/img/fot.png","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:07.584Z","timestamp":1701522667584,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/img/fot.png HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/assets/css/style-login-desktop.css\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:02 GMT\r\nServer: Apache\r\nLast-Modified: Fri, 12 Jan 2018 11:32:48 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 69666\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":69666,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1440 x 61, 8-bit/color RGBA, non-interlaced\\012- data","md5":"4d80f544e8f7a05371e52bc5784ff70b","sha1":"ecb0ec62f563f26783005783e9f4ac97da1fe1ba","sha256":"cca6d2243ce58776ece6442dad0c84d08621100b8b24c3c1e1cc6a45c2173b86","sha512":"88079741020bbbc33501236787801eae8abd03ee3dfc6447b81c572b2d2316e220b1d3add379f723beb20131916ca977f82e8df9fd6bb80fe1ff9450761db89a","ssdeep":"","tlshash":"","first_seen":"2023-05-17T11:47:17Z","last_seen":"2025-06-03T20:48:16.731924Z","times_seen":3,"resource_available":false,"data":null}},"time_used":567,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":193,"receive":374,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/img/footerbawah.png","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:07.601Z","timestamp":1701522667601,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/img/footerbawah.png HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/assets/css/style-login-desktop.css\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:02 GMT\r\nServer: Apache\r\nLast-Modified: Fri, 01 Jul 2022 08:18:50 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 32656\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32656,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1440 x 79, 8-bit/color RGBA, non-interlaced\\012- data","md5":"c88ba03dad3bd3c0529c000a3fdeaed5","sha1":"ed735e4c947cf88df178a99f0c1e25e5b7bee82d","sha256":"dd5855892cf85af8d10519cd7a67b4295f1eeca6e7a5c5eecdcaabe9822c804e","sha512":"1d7bca7163dcfd15aad8b3f8bd3797b784a77792a9e43813d1b5ffe6dafd644396c837cdde14b4b97b5b5b9d9f5e8d8469f2b88b21a021c5825a80e50eb2eaca","ssdeep":"","tlshash":"","first_seen":"2023-12-02T14:11:18Z","last_seen":"2023-12-02T14:11:18Z","times_seen":1,"resource_available":false,"data":null}},"time_used":546,"timings":{"blocked":176,"dns":0,"connect":0,"send":0,"wait":188,"receive":182,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/css/31642.ttf","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:07.605Z","timestamp":1701522667605,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/css/31642.ttf HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/assets/css/style-login-desktop.css\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:02 GMT\r\nServer: Apache\r\nLast-Modified: Fri, 03 Jun 2016 22:29:00 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 93500\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: font/ttf\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":93500,"size_decoded":0,"mime_type":"font/ttf","magic":"OpenType font data\\012- data","md5":"b58491710f8752142d06a0cbae7f1c90","sha1":"e7a9014ee08887c26aa8e16607fec3537d3b262b","sha256":"ce14da853e7fd9c071f89a2f66ac447156ab0b799a5fdcafca174de85bb87936","sha512":"9e6d5de3bf908307f0f1e68f0bdf460c207ddceb9b1ef73b9ed1eb8ff9b0aac4f477881cde71d53d4dd315d7ed3451bde48f94fc876a840a10b0ac538cf40397","ssdeep":"1536:vYB79vZp3MeJymLbVQbU9JJixFRPmtK8sNLTty8JqEmDg7WNLVbFhsCC+yUVyVWO:E79vZp3MeJymLbVQbaJiUM8s9Jy8QDJC","tlshash":"a193cf6777209b65e866ae37aad3d3312330f24c5f15d32178acc9605e817b03f49b9a","first_seen":"2023-05-17T11:47:17Z","last_seen":"2026-04-03T03:12:33.786095Z","times_seen":17,"resource_available":false,"data":null}},"time_used":650,"timings":{"blocked":93,"dns":0,"connect":0,"send":0,"wait":189,"receive":368,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/img/login-desktop.png","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:06.224Z","timestamp":1701522666224,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/img/login-desktop.png HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:02 GMT\r\nServer: Apache\r\nLast-Modified: Wed, 11 Jul 2018 12:32:34 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 1080923\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1080923,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, progressive, precision 8, 4628x1732, components 3\\012- data","md5":"e2f376b6b058ff6c7c1e6f3b525a9157","sha1":"5c50c1cd477de76e7b1e2c6437479664bb86ca7b","sha256":"bca2ec8caf9eaaa75ed49a2f0de20067590b055d7457ae1f0c67acd394055fdc","sha512":"6d50930b473990d56519c1f59979c87b708cd80d5e6a7407f9f5aff22ce54d3059acbb7c53c3a5c10409c6226b194edda66df490ac557163b0a5564f3f9eeec6","ssdeep":"","tlshash":"","first_seen":"2023-05-17T11:47:17Z","last_seen":"2025-06-03T20:48:16.720084Z","times_seen":4,"resource_available":false,"data":null}},"time_used":2233,"timings":{"blocked":1285,"dns":0,"connect":0,"send":0,"wait":186,"receive":762,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/img/favicon.ico","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:08.359Z","timestamp":1701522668359,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/img/favicon.ico HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:03 GMT\r\nServer: Apache\r\nLast-Modified: Sat, 26 Dec 2015 07:05:32 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 9062\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: image/x-icon\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9062,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 4 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\\012- data","md5":"28ec4eaba5ae210b98a11257caf5bade","sha1":"6164148a39d6a27286641896fce3b76f439aeab1","sha256":"3f5086612aae9363c9fb02949219cef19854c18fe5ad4eda78aa1aefcc79cc71","sha512":"4efb48689296863d6e05b3cf32f8f98ac57a2bdeae09209735170dd7f1c70e22a9bd2fbe93fccb7181b8c1b6dfe555af548129ef7b8705ed50486a972815868e","ssdeep":"48:z87CC6NTQ8Om4F/POAVpSVyvFElSfwa89A4:ACC6NTEmAGAVcLSfwa8N","tlshash":"9a1222fdd50be636c11738f0012a5cbab2b8cd92c8b78d30d917f97ada2c6135a62435","first_seen":"2023-04-07T08:31:23Z","last_seen":"2026-04-07T07:23:56.467591Z","times_seen":1647,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"strksmnge-pmblianspasea.dynnamn.ru/assets/img/favicon.ico","fqdn":"strksmnge-pmblianspasea.dynnamn.ru","domain":"dynnamn.ru","tld":"ru"},"ip":{"addr":"162.214.98.92","port":443,"asn":46606,"as":"UNIFIEDLAYER-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO","date":"2023-12-02T13:11:08.359Z","timestamp":1701522668359,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"strksmnge-pmblianspasea.dynnamn.ru","organization":""},"issuer":{"commonName":"R3","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Nov 2023 21:32:50 GMT","end":"Wed, 28 Feb 2024 21:32:49 GMT"},"fingerprint":{"sha1":"AE:6D:EC:CA:B2:9F:88:43:36:0B:EB:BC:D2:18:80:28:E1:C9:B8:3C","sha256":"FD:DB:E2:3E:1C:DB:C9:8B:0A:CB:FC:11:4A:8C:63:2A:9D:00:06:16:84:CD:67:6D:42:1E:B6:BB:F3:72:69:04"}}},"request":{"raw":"GET /assets/img/favicon.ico HTTP/1.1\r\nHost: strksmnge-pmblianspasea.dynnamn.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://strksmnge-pmblianspasea.dynnamn.ru/account/?view=login\u0026appIdKey=a964943ec381744\u0026country=NO\r\nCookie: PHPSESSID=161bcf19810eccdd584a5b186bac2b75\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 02 Dec 2023 13:11:03 GMT\r\nServer: Apache\r\nLast-Modified: Sat, 26 Dec 2015 07:05:32 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 9062\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: image/x-icon\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9062,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 4 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel\\012- data","md5":"28ec4eaba5ae210b98a11257caf5bade","sha1":"6164148a39d6a27286641896fce3b76f439aeab1","sha256":"3f5086612aae9363c9fb02949219cef19854c18fe5ad4eda78aa1aefcc79cc71","sha512":"4efb48689296863d6e05b3cf32f8f98ac57a2bdeae09209735170dd7f1c70e22a9bd2fbe93fccb7181b8c1b6dfe555af548129ef7b8705ed50486a972815868e","ssdeep":"48:z87CC6NTQ8Om4F/POAVpSVyvFElSfwa89A4:ACC6NTEmAGAVcLSfwa8N","tlshash":"9a1222fdd50be636c11738f0012a5cbab2b8cd92c8b78d30d917f97ada2c6135a62435","first_seen":"2023-04-07T08:31:23Z","last_seen":"2026-04-07T07:23:56.467591Z","times_seen":1647,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2023-12-02","alert":"Sinkholed","trigger":"dynnamn.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Apple","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Apple phishing","tags":["apple","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}}]}