Report - my-att-verification-id00093.cs4.support/

Report Overview

Visited public
2023-11-21 20:15:35
Tags
dyndns
URL
my-att-verification-id00093.cs4.support/
Finishing URL
my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
IP / ASN
172.67.176.67
#13335 CLOUDFLARENET
Title
my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
my-att-verify-id827347.dynnamn.ru	unknown	2019-09-16	2023-11-18 13:34:22	2023-11-18 19:59:17	7.8 kB	541 kB	190.14.37.18
api.iconify.design	41285	2018-10-17	2018-12-24 03:01:40	2023-11-21 10:26:33	495 B	1.1 kB	104.26.12.204
my-att-verification-id00093.cs4.support	unknown	2023-11-18	2023-11-20 14:33:05	2023-11-21 16:57:51	498 B	2.5 kB	104.21.96.89

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-21 20:15:20	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-11-21 20:15:20	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-11-21 20:15:21	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-11-21 20:15:22	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-11-21 20:15:22	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-11-21 20:15:22	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-11-21 20:15:23	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-11-21 20:15:23	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-18	medium	my-att-verify-id827347.dynnamn.ru/	AT&T
2023-11-18	medium	my-att-verify-id827347.dynnamn.ru/	AT&T
2023-11-18	medium	my-att-verify-id827347.dynnamn.ru/	AT&T
2023-11-18	medium	my-att-verify-id827347.dynnamn.ru/	AT&T
2023-11-18	medium	my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController	AT&T
2023-11-18	medium	my-att-verify-id827347.dynnamn.ru/	AT&T
2023-11-18	medium	my-att-verify-id827347.dynnamn.ru/	AT&T

PhishTank

Scan Date	Severity	Indicator	Alert
2023-11-19	medium	my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController	AT&T

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-21	medium	dynnamn.ru	Sinkholed
2023-11-21	medium	dynnamn.ru	Sinkholed
2023-11-21	medium	dynnamn.ru	Sinkholed
2023-11-21	medium	dynnamn.ru	Sinkholed
2023-11-21	medium	dynnamn.ru	Sinkholed
2023-11-21	medium	dynnamn.ru	Sinkholed
2023-11-21	medium	dynnamn.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	my-att-verify-id827347.dynnamn.ru/build/assets/main-a6739179.js	ScriptElement	510 kB	2023-11-19	2024-08-20
Pretty URL my-att-verify-id827347.dynnamn.ru/build/assets/main-a6739179.js IP 190.14.37.18 ASN #52469 Offshore Racks S.A Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 03:06 Last Seen2024-08-20 18:51 Times Seen2 Hash 2a5701bc09678ae6678ef6f3d2dbb249 f7a8fa7b481576036fcb38d1dffe69c66901e219 9bf1abaf38250b361bcedecee2cd7009a5a327aa4a76ed80179cd147670bc554 Loading...

HTTP Transactions (9)

URL IP Response Size

my-att-verify-id827347.dynnamn.ru/favicon.ico

190.14.37.18

200 OK

0 B

URL GET HTTP/2
my-att-verify-id827347.dynnamn.ru/favicon.ico
IP
190.14.37.18:443
ASN
#52469 Offshore Racks S.A

Requested by
https://my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
Certificate
IssuerLet's Encrypt
Subjectmy-att-verify-id827347.dynnamn.ru
Fingerprint87:6A:F9:09:5F:CD:A2:49:B1:ED:B5:62:A8:37:D7:74:15:07:E2:5E
ValiditySat, 18 Nov 2023 11:32:01 GMT - Fri, 16 Feb 2024 11:32:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	AT&T
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: my-att-verify-id827347.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
Cookie: XSRF-TOKEN=eyJpdiI6ImZnUTd6YlNPWXhDU0x3aGZkaWVjd1E9PSIsInZhbHVlIjoiTmtmNVZIeTlSMXZHK2l1MGNqekxZbEo3eHdqWS9BTWV1SmtkeStCbDJ0VmtObEJ5UEN4dUpSMG94TXVPUWUza0ZPSXVIdmU5a2xNTnVvaGlBTHZQNUlwRXJKMFZlRjBxWmg1eU90OG5DTi9OM01RRkMySkRTcEFzM2phZnNMZmoiLCJtYWMiOiJiNjU0OTM0YWFlN2VmZmQ2OGZkYTA3YmExYWE3ZjU0ZTUwOGJkMmUyZDdkNjBjZGNjNWMzODUyOTcxMTQ1ZDJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBycDRFcGlVem0wR080VDFLNXd3dHc9PSIsInZhbHVlIjoib29sS0hVNmhuOHY1cXQ4eHdLR21xR1BZMk02anJPVksvemJ2R1h3TUExZjlmUUx4OW5JRDd4d2QvcE1LUlJmUDlTWWtNVVEzeU9BZzZ2ZThMNlc1Z1p3bXU1NHJCbGo4RitaZEsrWlRFTVR5ZGRYbEdXVFdzME5POFE5WGE0bmIiLCJtYWMiOiI0NmIyZTZjZjE4ZDk2MDU1NmU5Yzk0ODA5MDQxOWM2MjRiYThmNjQ5YWQxZWVmYzlmNzQ2ODgxMWJjNWI1YTdkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 20:15:21 GMT
content-type: image/x-icon
content-length: 0
last-modified: Sat, 18 Nov 2023 12:20:50 GMT
etag: "6558ac22-0"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

my-att-verify-id827347.dynnamn.ru/

190.14.37.18

302 Found

871 B

URL User Request GET HTTP/2
my-att-verify-id827347.dynnamn.ru/
IP
190.14.37.18:443
ASN
#52469 Offshore Racks S.A

Certificate
IssuerLet's Encrypt
Subjectmy-att-verify-id827347.dynnamn.ru
Fingerprint87:6A:F9:09:5F:CD:A2:49:B1:ED:B5:62:A8:37:D7:74:15:07:E2:5E
ValiditySat, 18 Nov 2023 11:32:01 GMT - Fri, 16 Feb 2024 11:32:00 GMT

File type

Size
871 B (871 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	AT&T
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: my-att-verify-id827347.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
content-type: text/html; charset=UTF-8
location: https://my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
cache-control: no-cache, private
date: Tue, 21 Nov 2023 20:15:19 GMT
vary: X-Inertia
set-cookie: XSRF-TOKEN=eyJpdiI6Inh6MG40bjM1SjVyTWN6dE5ML0tCemc9PSIsInZhbHVlIjoiZWRKN1hjTjNacXRudDBUTlF5eUJGN05XOGE0akNJZGt6ZTZ6KzB5UGdXdUl3eHdvbFYvcW16K2l1eHNUcGY3VXQwN2hLNGpJOTU1NHl0bHZNZXcxZUJRYUZya1ltdTNHZFgzZzhRV3ZWVTdFd01lVExZTklxTTg5M0hWQ1ZycVEiLCJtYWMiOiIxZmNlZTZhMDY1Zjg4ZjRiNjc5YWIzMGVjZmE4NGQ1MWE0M2YyMmIyYjE2Mjk0ODIxMDgwOGZjNTczM2JjYzk5IiwidGFnIjoiIn0%3D; expires=Tue, 21 Nov 2023 22:15:19 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IjVMaDExeW9kRHlFaUtLSnNTNkN0cXc9PSIsInZhbHVlIjoiTE93RGNkWjR5UmVhOWROYzlld3JBOVFCMVQ1UUhMa2ZqaXcreS84VmVDUmROVWZ0NDlwd3RqRjUwcEt2SFVOUVlsT2pDTWYxSlo5bFNHelFrOW9obXZoSk54QjJwTmpyRUFGWVl3Um9jVVFibnFDekpGWGtJM3FNQTl6ZGVnR2QiLCJtYWMiOiIxZGUwNTg5N2MzNzVkMGU5YjVlZDI5OGU1NzkxMTc1NjE0YTdhNjRjNjYxZDJkZGM1ZDI5MzIwMjlkNmZjZGI5IiwidGFnIjoiIn0%3D; expires=Tue, 21 Nov 2023 22:15:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my-att-verify-id827347.dynnamn.ru/build/assets/main-a6739179.js

190.14.37.18

200 OK

510 kB

URL GET HTTP/2
my-att-verify-id827347.dynnamn.ru/build/assets/main-a6739179.js
IP
190.14.37.18:443
ASN
#52469 Offshore Racks S.A

Requested by
https://my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
Certificate
IssuerLet's Encrypt
Subjectmy-att-verify-id827347.dynnamn.ru
Fingerprint87:6A:F9:09:5F:CD:A2:49:B1:ED:B5:62:A8:37:D7:74:15:07:E2:5E
ValiditySat, 18 Nov 2023 11:32:01 GMT - Fri, 16 Feb 2024 11:32:00 GMT

File type

Size
510 kB (509603 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	AT&T
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /build/assets/main-a6739179.js HTTP/1.1
Host: my-att-verify-id827347.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
Cookie: XSRF-TOKEN=eyJpdiI6ImZnUTd6YlNPWXhDU0x3aGZkaWVjd1E9PSIsInZhbHVlIjoiTmtmNVZIeTlSMXZHK2l1MGNqekxZbEo3eHdqWS9BTWV1SmtkeStCbDJ0VmtObEJ5UEN4dUpSMG94TXVPUWUza0ZPSXVIdmU5a2xNTnVvaGlBTHZQNUlwRXJKMFZlRjBxWmg1eU90OG5DTi9OM01RRkMySkRTcEFzM2phZnNMZmoiLCJtYWMiOiJiNjU0OTM0YWFlN2VmZmQ2OGZkYTA3YmExYWE3ZjU0ZTUwOGJkMmUyZDdkNjBjZGNjNWMzODUyOTcxMTQ1ZDJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBycDRFcGlVem0wR080VDFLNXd3dHc9PSIsInZhbHVlIjoib29sS0hVNmhuOHY1cXQ4eHdLR21xR1BZMk02anJPVksvemJ2R1h3TUExZjlmUUx4OW5JRDd4d2QvcE1LUlJmUDlTWWtNVVEzeU9BZzZ2ZThMNlc1Z1p3bXU1NHJCbGo4RitaZEsrWlRFTVR5ZGRYbEdXVFdzME5POFE5WGE0bmIiLCJtYWMiOiI0NmIyZTZjZjE4ZDk2MDU1NmU5Yzk0ODA5MDQxOWM2MjRiYThmNjQ5YWQxZWVmYzlmNzQ2ODgxMWJjNWI1YTdkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 20:15:20 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 18 Nov 2023 12:53:52 GMT
vary: Accept-Encoding
etag: W/"6558b3e0-7c6a3"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

my-att-verify-id827347.dynnamn.ru/logo.svg

190.14.37.18

200 OK

4.7 kB

URL GET HTTP/2
my-att-verify-id827347.dynnamn.ru/logo.svg
IP
190.14.37.18:443
ASN
#52469 Offshore Racks S.A

Requested by
https://my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
Certificate
IssuerLet's Encrypt
Subjectmy-att-verify-id827347.dynnamn.ru
Fingerprint87:6A:F9:09:5F:CD:A2:49:B1:ED:B5:62:A8:37:D7:74:15:07:E2:5E
ValiditySat, 18 Nov 2023 11:32:01 GMT - Fri, 16 Feb 2024 11:32:00 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4702), with no line terminators
Size
4.7 kB (4672 bytes)
Hash
529c970a7db1c4da3da64e4e8eae8127
01e168ed598bef906b93c48b1e20632bcb9c3d8d
e71f91442f7184d97335b9a83537ffc60976370e54a66695cc84f4a555f55c0b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	AT&T
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logo.svg HTTP/1.1
Host: my-att-verify-id827347.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
Cookie: XSRF-TOKEN=eyJpdiI6ImZnUTd6YlNPWXhDU0x3aGZkaWVjd1E9PSIsInZhbHVlIjoiTmtmNVZIeTlSMXZHK2l1MGNqekxZbEo3eHdqWS9BTWV1SmtkeStCbDJ0VmtObEJ5UEN4dUpSMG94TXVPUWUza0ZPSXVIdmU5a2xNTnVvaGlBTHZQNUlwRXJKMFZlRjBxWmg1eU90OG5DTi9OM01RRkMySkRTcEFzM2phZnNMZmoiLCJtYWMiOiJiNjU0OTM0YWFlN2VmZmQ2OGZkYTA3YmExYWE3ZjU0ZTUwOGJkMmUyZDdkNjBjZGNjNWMzODUyOTcxMTQ1ZDJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBycDRFcGlVem0wR080VDFLNXd3dHc9PSIsInZhbHVlIjoib29sS0hVNmhuOHY1cXQ4eHdLR21xR1BZMk02anJPVksvemJ2R1h3TUExZjlmUUx4OW5JRDd4d2QvcE1LUlJmUDlTWWtNVVEzeU9BZzZ2ZThMNlc1Z1p3bXU1NHJCbGo4RitaZEsrWlRFTVR5ZGRYbEdXVFdzME5POFE5WGE0bmIiLCJtYWMiOiI0NmIyZTZjZjE4ZDk2MDU1NmU5Yzk0ODA5MDQxOWM2MjRiYThmNjQ5YWQxZWVmYzlmNzQ2ODgxMWJjNWI1YTdkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 20:15:21 GMT
content-type: image/svg+xml
last-modified: Sat, 18 Nov 2023 12:20:50 GMT
vary: Accept-Encoding
etag: W/"6558ac22-1240"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

api.iconify.design/material-symbols.json?icons=check

104.26.12.204

200 OK

252 B

URL GET HTTP/2
api.iconify.design/material-symbols.json?icons=check
IP
104.26.12.204:443
ASN
#13335 CLOUDFLARENET

Requested by
https://my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
Certificate
IssuerCloudflare, Inc.
Subjecticonify.design
Fingerprint79:BD:70:71:52:C8:91:3D:C6:E9:54:9C:F9:65:7D:B3:7F:62:A2:D9
ValidityThu, 18 May 2023 00:00:00 GMT - Fri, 17 May 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
252 B (252 bytes)
Hash
835dcc546a0062e00ef871b848911c3e
9d7f218c6809e0c36f4341d68b779f5348172c88
a57cf1bf87b1ee22427e71ee6dee9fcc14e100f7d938d90a845e4fb2ecfa5f84

HTTP Headers

GET /material-symbols.json?icons=check HTTP/1.1
Host: api.iconify.design
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://my-att-verify-id827347.dynnamn.ru/
Origin: https://my-att-verify-id827347.dynnamn.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 21 Nov 2023 20:15:21 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Encoding
access-control-max-age: 86400
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=604800, min-refresh=604800, immutable
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HJS%2F5zMzKwC0v3h5Llwqk2%2B%2FtRU8aA40N%2F7QlXLoVrKVxe6bjV3QWMc9G4DPAa%2BNXdPNMcXGZOqF4dei7PfjJGsOSDt5R05I%2B%2BOmlCPWGI4cDcBePgMAEB146a4UoyOwWXpJlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 829b9aacdccbb503-OSL
content-encoding: br
X-Firefox-Spdy: h2

my-att-verification-id00093.cs4.support/

104.21.96.89

302 Found

871 B

URL User Request GET HTTP/2
my-att-verification-id00093.cs4.support/
IP
104.21.96.89:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectcs4.support
FingerprintF6:8E:97:F1:D4:0D:27:5E:35:5D:8A:1F:F1:D6:37:C7:D7:25:95:A5
ValiditySat, 18 Nov 2023 11:39:49 GMT - Fri, 16 Feb 2024 11:39:48 GMT

File type

Size
871 B (871 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: my-att-verification-id00093.cs4.support
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 21 Nov 2023 20:15:18 GMT
content-type: text/html; charset=UTF-8
location: https://my-att-verify-id827347.dynnamn.ru
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Ink2UHp0aG5pL3ZYcmg5V2RkQWcrMHc9PSIsInZhbHVlIjoiL0cwVTBaWlhPN05kR0RwRjdmZ2FlWjdtKzFTM2ljL0Z3ZzBheURrSmljQXI0VHpHd013bVdGTlUxMGdQT0Y4dHpzeVJtQXdCTXVLL2RYZEZid1RKU282Q3hCVGZFbjB1MEdHNUFvUHR6cGtOS0NZZEM3M2tyMEpWR09yUzR3di8iLCJtYWMiOiI0MDEwMzBmOTE0ZmMxNzllNWUwYjMwZWM1YjBmZDU1YTVjMTdiODlhMjVkZTBhOGFkY2Q4NWZhNWM2ZDhmOGNiIiwidGFnIjoiIn0%3D; expires=Tue, 21 Nov 2023 22:15:18 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6ImdsRWdpSlhGSFQwb3dmYUYxSmk3YkE9PSIsInZhbHVlIjoiZ2k5OFB1RnJiM2EvclhkRkhaQWJEbmFqdnpZb0VBeCtoaGpEWWU0ZkJVZGtiUGpQaERETWNsYWZuR0xBcEZ5RHRIdUR0M1FlaUtOL1E1Q0oreG4ybTdFTzBSdUQ3QmxzZEh6Nm1JTTlkWWtpc1V2MG84cEdLQzhVUUovV0NUOTYiLCJtYWMiOiJlYjk3MTI3ZGY0MGNjZTFkZjJlYTU0NGM3ZmY5M2Q2MzE2YTJjOGRjNTg0ZTc3MmMxNmNlN2UzODk2NDZmZjM4IiwidGFnIjoiIn0%3D; expires=Tue, 21 Nov 2023 22:15:18 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CFxNJR75F%2BokItFHRFzBmPximjK4m4DNguz2QNzcxHdPAY%2ByJ9%2FArA6wIrwjCcyEFfJ5yHkcgfntkeFP2mFXwZAeP2%2Bdm58gLBAy5TH19%2F%2B%2FYqORkEy8sep4rYfE3Veg10cFhm9qJKDTSdouUGaoSgWg%2Fwjz6uK0Wfk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 829b9a9b7a4056c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController

190.14.37.18

200 OK

871 B

URL User Request GET HTTP/2
my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
IP
190.14.37.18:443
ASN
#52469 Offshore Racks S.A

Certificate
IssuerLet's Encrypt
Subjectmy-att-verify-id827347.dynnamn.ru
Fingerprint87:6A:F9:09:5F:CD:A2:49:B1:ED:B5:62:A8:37:D7:74:15:07:E2:5E
ValiditySat, 18 Nov 2023 11:32:01 GMT - Fri, 16 Feb 2024 11:32:00 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (912), with no line terminators
Size
871 B (871 bytes)
Hash
201e879cd9ed2a15fde829558bffa4ee
0824c94d3a156d1ecc4013de41f58a990cbdfd0c
1033e2d38cd739d39d9740673d2628d01636915e8814bbd6c4b5e771a5c1e7a7

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	AT&T
PhishTank	phishing	AT&T
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dynamic/iamLRR/LrrController HTTP/1.1
Host: my-att-verify-id827347.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Inh6MG40bjM1SjVyTWN6dE5ML0tCemc9PSIsInZhbHVlIjoiZWRKN1hjTjNacXRudDBUTlF5eUJGN05XOGE0akNJZGt6ZTZ6KzB5UGdXdUl3eHdvbFYvcW16K2l1eHNUcGY3VXQwN2hLNGpJOTU1NHl0bHZNZXcxZUJRYUZya1ltdTNHZFgzZzhRV3ZWVTdFd01lVExZTklxTTg5M0hWQ1ZycVEiLCJtYWMiOiIxZmNlZTZhMDY1Zjg4ZjRiNjc5YWIzMGVjZmE4NGQ1MWE0M2YyMmIyYjE2Mjk0ODIxMDgwOGZjNTczM2JjYzk5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjVMaDExeW9kRHlFaUtLSnNTNkN0cXc9PSIsInZhbHVlIjoiTE93RGNkWjR5UmVhOWROYzlld3JBOVFCMVQ1UUhMa2ZqaXcreS84VmVDUmROVWZ0NDlwd3RqRjUwcEt2SFVOUVlsT2pDTWYxSlo5bFNHelFrOW9obXZoSk54QjJwTmpyRUFGWVl3Um9jVVFibnFDekpGWGtJM3FNQTl6ZGVnR2QiLCJtYWMiOiIxZGUwNTg5N2MzNzVkMGU5YjVlZDI5OGU1NzkxMTc1NjE0YTdhNjRjNjYxZDJkZGM1ZDI5MzIwMjlkNmZjZGI5IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
date: Tue, 21 Nov 2023 20:15:19 GMT
vary: Accept-Encoding, X-Inertia
set-cookie: XSRF-TOKEN=eyJpdiI6ImZnUTd6YlNPWXhDU0x3aGZkaWVjd1E9PSIsInZhbHVlIjoiTmtmNVZIeTlSMXZHK2l1MGNqekxZbEo3eHdqWS9BTWV1SmtkeStCbDJ0VmtObEJ5UEN4dUpSMG94TXVPUWUza0ZPSXVIdmU5a2xNTnVvaGlBTHZQNUlwRXJKMFZlRjBxWmg1eU90OG5DTi9OM01RRkMySkRTcEFzM2phZnNMZmoiLCJtYWMiOiJiNjU0OTM0YWFlN2VmZmQ2OGZkYTA3YmExYWE3ZjU0ZTUwOGJkMmUyZDdkNjBjZGNjNWMzODUyOTcxMTQ1ZDJjIiwidGFnIjoiIn0%3D; expires=Tue, 21 Nov 2023 22:15:19 GMT; Max-Age=7200; path=/; samesite=lax
laravel_session=eyJpdiI6IlBycDRFcGlVem0wR080VDFLNXd3dHc9PSIsInZhbHVlIjoib29sS0hVNmhuOHY1cXQ4eHdLR21xR1BZMk02anJPVksvemJ2R1h3TUExZjlmUUx4OW5JRDd4d2QvcE1LUlJmUDlTWWtNVVEzeU9BZzZ2ZThMNlc1Z1p3bXU1NHJCbGo4RitaZEsrWlRFTVR5ZGRYbEdXVFdzME5POFE5WGE0bmIiLCJtYWMiOiI0NmIyZTZjZjE4ZDk2MDU1NmU5Yzk0ODA5MDQxOWM2MjRiYThmNjQ5YWQxZWVmYzlmNzQ2ODgxMWJjNWI1YTdkIiwidGFnIjoiIn0%3D; expires=Tue, 21 Nov 2023 22:15:19 GMT; Max-Age=7200; path=/; httponly; samesite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

my-att-verify-id827347.dynnamn.ru/build/assets/tailwind-07169928.css

190.14.37.18

200 OK

21 kB

URL GET HTTP/2
my-att-verify-id827347.dynnamn.ru/build/assets/tailwind-07169928.css
IP
190.14.37.18:443
ASN
#52469 Offshore Racks S.A

Requested by
https://my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
Certificate
IssuerLet's Encrypt
Subjectmy-att-verify-id827347.dynnamn.ru
Fingerprint87:6A:F9:09:5F:CD:A2:49:B1:ED:B5:62:A8:37:D7:74:15:07:E2:5E
ValiditySat, 18 Nov 2023 11:32:01 GMT - Fri, 16 Feb 2024 11:32:00 GMT

File type
ASCII text, with very long lines (21217)
Size
21 kB (21218 bytes)
Hash
033d7876ade8de90ed95b43f5a5a15ec
f6df96511176afbe5eb71ff3711771cadf44e214
07169928107af3ab903ad2511eb4f50ec628d7b6634e11db08c0d39a0b90bebc

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	AT&T
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /build/assets/tailwind-07169928.css HTTP/1.1
Host: my-att-verify-id827347.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
Cookie: XSRF-TOKEN=eyJpdiI6ImZnUTd6YlNPWXhDU0x3aGZkaWVjd1E9PSIsInZhbHVlIjoiTmtmNVZIeTlSMXZHK2l1MGNqekxZbEo3eHdqWS9BTWV1SmtkeStCbDJ0VmtObEJ5UEN4dUpSMG94TXVPUWUza0ZPSXVIdmU5a2xNTnVvaGlBTHZQNUlwRXJKMFZlRjBxWmg1eU90OG5DTi9OM01RRkMySkRTcEFzM2phZnNMZmoiLCJtYWMiOiJiNjU0OTM0YWFlN2VmZmQ2OGZkYTA3YmExYWE3ZjU0ZTUwOGJkMmUyZDdkNjBjZGNjNWMzODUyOTcxMTQ1ZDJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBycDRFcGlVem0wR080VDFLNXd3dHc9PSIsInZhbHVlIjoib29sS0hVNmhuOHY1cXQ4eHdLR21xR1BZMk02anJPVksvemJ2R1h3TUExZjlmUUx4OW5JRDd4d2QvcE1LUlJmUDlTWWtNVVEzeU9BZzZ2ZThMNlc1Z1p3bXU1NHJCbGo4RitaZEsrWlRFTVR5ZGRYbEdXVFdzME5POFE5WGE0bmIiLCJtYWMiOiI0NmIyZTZjZjE4ZDk2MDU1NmU5Yzk0ODA5MDQxOWM2MjRiYThmNjQ5YWQxZWVmYzlmNzQ2ODgxMWJjNWI1YTdkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 20:15:20 GMT
content-type: text/css
last-modified: Sat, 18 Nov 2023 12:53:52 GMT
vary: Accept-Encoding
etag: W/"6558b3e0-52e2"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

my-att-verify-id827347.dynnamn.ru/logo.svg

0.0.0.0

0 B

URL GET
my-att-verify-id827347.dynnamn.ru/logo.svg
IP
0.0.0.0:0
ASN
#0

Requested by
https://my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
Certificate
IssuerLet's Encrypt
Subjectmy-att-verify-id827347.dynnamn.ru
Fingerprint87:6A:F9:09:5F:CD:A2:49:B1:ED:B5:62:A8:37:D7:74:15:07:E2:5E
ValiditySat, 18 Nov 2023 11:32:01 GMT - Fri, 16 Feb 2024 11:32:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	AT&T
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logo.svg HTTP/1.1
Host: my-att-verify-id827347.dynnamn.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://my-att-verify-id827347.dynnamn.ru/dynamic/iamLRR/LrrController
Cookie: XSRF-TOKEN=eyJpdiI6ImZnUTd6YlNPWXhDU0x3aGZkaWVjd1E9PSIsInZhbHVlIjoiTmtmNVZIeTlSMXZHK2l1MGNqekxZbEo3eHdqWS9BTWV1SmtkeStCbDJ0VmtObEJ5UEN4dUpSMG94TXVPUWUza0ZPSXVIdmU5a2xNTnVvaGlBTHZQNUlwRXJKMFZlRjBxWmg1eU90OG5DTi9OM01RRkMySkRTcEFzM2phZnNMZmoiLCJtYWMiOiJiNjU0OTM0YWFlN2VmZmQ2OGZkYTA3YmExYWE3ZjU0ZTUwOGJkMmUyZDdkNjBjZGNjNWMzODUyOTcxMTQ1ZDJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBycDRFcGlVem0wR080VDFLNXd3dHc9PSIsInZhbHVlIjoib29sS0hVNmhuOHY1cXQ4eHdLR21xR1BZMk02anJPVksvemJ2R1h3TUExZjlmUUx4OW5JRDd4d2QvcE1LUlJmUDlTWWtNVVEzeU9BZzZ2ZThMNlc1Z1p3bXU1NHJCbGo4RitaZEsrWlRFTVR5ZGRYbEdXVFdzME5POFE5WGE0bmIiLCJtYWMiOiI0NmIyZTZjZjE4ZDk2MDU1NmU5Yzk0ODA5MDQxOWM2MjRiYThmNjQ5YWQxZWVmYzlmNzQ2ODgxMWJjNWI1YTdkIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (9)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN