Report - yoursendin.dynv6.net/?RERE4EWRD

Report Overview

Visited public
2023-12-01 16:17:51
Tags
dyndns
URL
yoursendin.dynv6.net/?RERE4EWRD
Finishing URL
yoursendin.dynv6.net/?RERE4EWRD
IP / ASN
89.213.41.232
#8851 GCI Network Solutions Limited
Title
yoursendin.dynv6.net/?RERE4EWRD
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
yoursendin.dynv6.net	unknown	2014-10-24	2023-11-21 20:02:41	2023-11-28 02:12:52	952 B	952 B	89.213.41.232
gifs.eco.br	unknown	2021-06-06	2017-12-22 12:45:14	2023-11-28 21:54:50	567 B	3.8 MB	104.21.82.141

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-01 16:17:38	high	Client IP	Internal IP	ETPRO POLICY Observed DNS Query to Dynamic DNS Service
2023-12-01 16:17:38	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.dynv6 .net Domain
2023-12-01 16:17:38	high	Client IP	Internal IP	ETPRO POLICY Observed DNS Query to Dynamic DNS Service
2023-12-01 16:17:38	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.dynv6 .net Domain
2023-12-01 16:17:38	high	Client IP	Internal IP	ETPRO POLICY Observed DNS Query to Dynamic DNS Service
2023-12-01 16:17:38	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.dynv6 .net Domain
2023-12-01 16:17:40	high	Client IP	Internal IP	ETPRO POLICY Observed DNS Query to Dynamic DNS Service
2023-12-01 16:17:40	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.dynv6 .net Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

yoursendin.dynv6.net/?RERE4EWRD

89.213.41.232

200 OK

155 B

URL User Request GET HTTP/1.1
yoursendin.dynv6.net/?RERE4EWRD
IP
89.213.41.232:443
ASN
#8851 GCI Network Solutions Limited

Certificate
IssuerLet's Encrypt
Subjectyoursendin.dynv6.net
FingerprintB6:A9:71:F2:46:72:79:77:78:A9:58:28:BD:C1:27:EC:0C:9A:D8:49
ValidityMon, 20 Nov 2023 23:46:30 GMT - Sun, 18 Feb 2024 23:46:29 GMT

File type
ASCII text, with no line terminators
Size
155 B (155 bytes)
Hash
4fcd0ef19fe1e2321cdad3d6173dc25b
3b2d6ab6174e7f89d916b24b22ad8b41646f7f18
bd8dfe32d7a409710ccc671797b8dfe8d8f832aef2dabda2c35e8dc256374dfb

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /?RERE4EWRD HTTP/1.1
Host: yoursendin.dynv6.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 01 Dec 2023 16:17:34 GMT
Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4
X-Powered-By: PHP/8.2.4
Content-Length: 155
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

yoursendin.dynv6.net/favicon.ico

89.213.41.232

404 Not Found

307 B

URL GET HTTP/1.1
yoursendin.dynv6.net/favicon.ico
IP
89.213.41.232:443
ASN
#8851 GCI Network Solutions Limited

Requested by
https://yoursendin.dynv6.net/?RERE4EWRD
Certificate
IssuerLet's Encrypt
Subjectyoursendin.dynv6.net
FingerprintB6:A9:71:F2:46:72:79:77:78:A9:58:28:BD:C1:27:EC:0C:9A:D8:49
ValidityMon, 20 Nov 2023 23:46:30 GMT - Sun, 18 Feb 2024 23:46:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
307 B (307 bytes)
Hash
fb9f2f375cadcd99671e65a0032cc82f
74c9be541a5ea6399c5360d1cc322543fd237607
3ca5119c37759da3cf97e4da15dca36eef6d9d2a6fb2d56616b06f1f3b0e0831

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: yoursendin.dynv6.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yoursendin.dynv6.net/?RERE4EWRD
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Fri, 01 Dec 2023 16:17:35 GMT
Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4
Content-Length: 307
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

gifs.eco.br/wp-content/uploads/2022/05/gifs-de-mario-bros-7.gif

104.21.82.141

200 OK

3.8 MB

URL GET HTTP/2
gifs.eco.br/wp-content/uploads/2022/05/gifs-de-mario-bros-7.gif
IP
104.21.82.141:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yoursendin.dynv6.net/?RERE4EWRD
Certificate
IssuerLet's Encrypt
Subjectgifs.eco.br
Fingerprint53:F2:73:F5:5E:51:6C:88:9F:17:BA:D4:38:10:36:7A:0A:A4:FC:33
ValidityFri, 06 Oct 2023 01:14:42 GMT - Thu, 04 Jan 2024 01:14:41 GMT

File type
GIF image data, version 89a, 800 x 600\012- data
Size
3.8 MB (3823486 bytes)
Hash
3e39e1607aadec2b3f43e7291f6b67c4
654d9f8571426a31b264396df41c90e57fb99a61
90e883b22f86e5ef6631ce711077120582644073b9d30d9378a80a31786120a5

HTTP Headers

GET /wp-content/uploads/2022/05/gifs-de-mario-bros-7.gif HTTP/1.1
Host: gifs.eco.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yoursendin.dynv6.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 16:17:36 GMT
content-type: image/gif
content-length: 3823486
last-modified: Sat, 14 May 2022 21:15:00 GMT
etag: "62801bd4-3a577e"
version: MS23102701
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;
cf-cache-status: HIT
age: 452443
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aPixjQQZZs7QsKNP%2FB8ltDtxlx3AFBuzEpVVZ%2B7qAtOgo5OZf6%2FQNE6sLjmtt%2F%2FIa513HSHx506TAvZDjR5uhh%2BcTSktW8vgE%2FPXdBDKtraIc5%2BZIYnWvCzwk7hwCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82eca428c9d1b521-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (3)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers