Report - verif77amzservics-acconttrstdsasa.dynnamn.ru/?sig7incs

Report Overview

Submitted URL
verif77amzservics-acconttrstdsasa.dynnamn.ru/?sig7incs_
IP
162.240.160.144
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2023-12-03 18:03:27
Access
public
Website Title
Amazon Sign-In
Final URL
verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
8
Network Intrusion Detection
9
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
m.media-amazon.com	580	2016-08-18	2018-06-22	2023-12-03	1.6 kB	63 kB	151.101.65.16
verif77amzservics-acconttrstdsasa.dynnamn.ru	unknown	unknown	No data	No data	4.0 kB	340 kB	162.240.160.144

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-03 18:03:14	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-03 18:03:14	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-03 18:03:14	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-03 18:03:15	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-03 18:03:16	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-03 18:03:16	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-03 18:03:16	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-03 18:03:16	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain
2023-12-03 18:03:19	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to dynnamn .ru Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-03	medium	dynnamn.ru	Sinkholed
2023-12-03	medium	dynnamn.ru	Sinkholed
2023-12-03	medium	dynnamn.ru	Sinkholed
2023-12-03	medium	dynnamn.ru	Sinkholed
2023-12-03	medium	dynnamn.ru	Sinkholed
2023-12-03	medium	dynnamn.ru	Sinkholed
2023-12-03	medium	dynnamn.ru	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/js/jquery-3.3.1.min.js	108 kB	2023-03-08	2024-07-26
Pretty URL verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/js/jquery-3.3.1.min.js IP 162.240.160.144 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:57:23 Last Seen2024-07-26 21:12:41 Times Seen701 Hash d532c905d593a7f16eff99f24f27621e ea0f0d16f78ec4bbaf7866213a2f012d2793e14c 97ecd42dea3bc998c5efd456bc13e2c45c700fba1c581961ca1481676bf08b42 Loading...

	verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/js/jquery.validate.min.js	37 kB	2023-04-16	2024-07-20
Pretty URL verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/js/jquery.validate.min.js IP 162.240.160.144 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-16 23:53:23 Last Seen2024-07-20 19:08:13 Times Seen320 Hash a55bc1a7d4b73fa8520f96ff509a33de c58c57e658a1408210d35b40d8a0420e05aa17be 8adda41c71d59c83d9e7a18df25ffc17ab7c5fa9728b2656a66c48b5ae01060f Loading...

	verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807	2.1 kB	2023-03-10	2024-06-07
Pretty URL verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807 IP 162.240.160.144 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 18:53:43 Last Seen2024-06-07 08:34:23 Times Seen84 Hash 2d2fc5cedfe5cac7f20c1e971807ce26 6be6ca053b6794816bb622be7945ca356cfc6061 aa3e84ed952d7e588208e032a351bb41dab308fe44bf1c8aaa63a5de5d1df69f Loading...

HTTP Transactions (10)

URL IP Response Size

verif77amzservics-acconttrstdsasa.dynnamn.ru/?sig7incs_

162.240.160.144

307 Temporary Redirect

20 B

URL User Request GET HTTP/1.1
verif77amzservics-acconttrstdsasa.dynnamn.ru/?sig7incs_
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectverif77amzservics-acconttrstdsasa.dynnamn.ru
FingerprintD8:2A:45:34:8B:1E:25:67:4F:8C:FD:6C:7D:0B:03:59:48:03:9D:39
ValiditySat, 02 Dec 2023 18:14:08 GMT - Fri, 01 Mar 2024 18:14:07 GMT

File type
gzip compressed data, from Unix\012- data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?sig7incs_ HTTP/1.1
Host: verif77amzservics-acconttrstdsasa.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Date: Sun, 03 Dec 2023 18:03:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=fc1b1d7b1acdc3c4e738f5bd203fe9dd; path=/
Location: https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807

162.240.160.144

200 OK

3.3 kB

URL User Request GET HTTP/1.1
verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectverif77amzservics-acconttrstdsasa.dynnamn.ru
FingerprintD8:2A:45:34:8B:1E:25:67:4F:8C:FD:6C:7D:0B:03:59:48:03:9D:39
ValiditySat, 02 Dec 2023 18:14:08 GMT - Fri, 01 Mar 2024 18:14:07 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (661), with CRLF line terminators
Size
3.3 kB (3345 bytes)
Hash
f67f64ad117c08c58a16b876ccde1573
322d4087c124fdfd8935bf87725836fd11c27e00
ded568cf8d652bf6087401c7443bfb0f4e11bfe297a7c20878a5bd0366449ad4

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /signin?verify=cr51_63807 HTTP/1.1
Host: verif77amzservics-acconttrstdsasa.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=fc1b1d7b1acdc3c4e738f5bd203fe9dd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 18:03:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/css/style.sign-desktop.css

162.240.160.144

200 OK

36 kB

URL GET HTTP/1.1
verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/css/style.sign-desktop.css
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Certificate
IssuerLet's Encrypt
Subjectverif77amzservics-acconttrstdsasa.dynnamn.ru
FingerprintD8:2A:45:34:8B:1E:25:67:4F:8C:FD:6C:7D:0B:03:59:48:03:9D:39
ValiditySat, 02 Dec 2023 18:14:08 GMT - Fri, 01 Mar 2024 18:14:07 GMT

File type
ASCII text, with very long lines (20048), with CRLF line terminators
Size
36 kB (36441 bytes)
Hash
ce03668bf4cba84e446d39b1e5430fa2
a1e1d2f4e14d20921a9b13ed4ea14ce0c407e64f
0c56d79edb4b4187f79ddcecd68fae587c56402c3ed737ed954b3eda3d250967

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CR51/Assets/_hayo/css/style.sign-desktop.css HTTP/1.1
Host: verif77amzservics-acconttrstdsasa.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Cookie: PHPSESSID=fc1b1d7b1acdc3c4e738f5bd203fe9dd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 18:03:11 GMT
Server: Apache
Last-Modified: Sun, 14 Nov 2021 12:02:18 GMT
Accept-Ranges: bytes
Content-Length: 36441
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/js/jquery.validate.min.js

162.240.160.144

200 OK

37 kB

URL GET HTTP/1.1
verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/js/jquery.validate.min.js
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Certificate
IssuerLet's Encrypt
Subjectverif77amzservics-acconttrstdsasa.dynnamn.ru
FingerprintD8:2A:45:34:8B:1E:25:67:4F:8C:FD:6C:7D:0B:03:59:48:03:9D:39
ValiditySat, 02 Dec 2023 18:14:08 GMT - Fri, 01 Mar 2024 18:14:07 GMT

File type
Unicode text, UTF-8 text, with very long lines (829), with CRLF line terminators
Size
37 kB (36756 bytes)
Hash
1cdeeb8eaca2a1357de0a82bd5e5526f
f0474ee246d33979152b20bfbea49045581792f3
1327e703fcf1311de11818f1fedcef1ec0ba4f60734962c6955fdffc408d5287

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CR51/Assets/_hayo/js/jquery.validate.min.js HTTP/1.1
Host: verif77amzservics-acconttrstdsasa.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Cookie: PHPSESSID=fc1b1d7b1acdc3c4e738f5bd203fe9dd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 18:03:11 GMT
Server: Apache
Last-Modified: Sun, 14 Nov 2021 12:02:18 GMT
Accept-Ranges: bytes
Content-Length: 36756
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/js/jquery-3.3.1.min.js

162.240.160.144

200 OK

108 kB

URL GET HTTP/1.1
verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/js/jquery-3.3.1.min.js
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Certificate
IssuerLet's Encrypt
Subjectverif77amzservics-acconttrstdsasa.dynnamn.ru
FingerprintD8:2A:45:34:8B:1E:25:67:4F:8C:FD:6C:7D:0B:03:59:48:03:9D:39
ValiditySat, 02 Dec 2023 18:14:08 GMT - Fri, 01 Mar 2024 18:14:07 GMT

File type
ASCII text, with very long lines (65451)
Size
108 kB (107631 bytes)
Hash
d532c905d593a7f16eff99f24f27621e
ea0f0d16f78ec4bbaf7866213a2f012d2793e14c
97ecd42dea3bc998c5efd456bc13e2c45c700fba1c581961ca1481676bf08b42

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CR51/Assets/_hayo/js/jquery-3.3.1.min.js HTTP/1.1
Host: verif77amzservics-acconttrstdsasa.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Cookie: PHPSESSID=fc1b1d7b1acdc3c4e738f5bd203fe9dd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 18:03:11 GMT
Server: Apache
Last-Modified: Sun, 14 Nov 2021 12:02:18 GMT
Accept-Ranges: bytes
Content-Length: 107631
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/css/sign-dekstop.css

162.240.160.144

200 OK

136 kB

URL GET HTTP/1.1
verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/css/sign-dekstop.css
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Certificate
IssuerLet's Encrypt
Subjectverif77amzservics-acconttrstdsasa.dynnamn.ru
FingerprintD8:2A:45:34:8B:1E:25:67:4F:8C:FD:6C:7D:0B:03:59:48:03:9D:39
ValiditySat, 02 Dec 2023 18:14:08 GMT - Fri, 01 Mar 2024 18:14:07 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
136 kB (135724 bytes)
Hash
145d4167f1247d5618d6a7d3df28aa7a
1188188a940b68ee827c7babeffc279ec06f8f13
a3987cc9ff1e96ae068bdd13278434f2d3d32e781b1e131d8e0ed2a1a8eb481b

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CR51/Assets/_hayo/css/sign-dekstop.css HTTP/1.1
Host: verif77amzservics-acconttrstdsasa.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Cookie: PHPSESSID=fc1b1d7b1acdc3c4e738f5bd203fe9dd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 18:03:11 GMT
Server: Apache
Last-Modified: Sun, 14 Nov 2021 12:02:18 GMT
Accept-Ranges: bytes
Content-Length: 135724
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css

m.media-amazon.com/images/S/sash/pDxWAF1pBB0dzGB.woff2

151.101.65.16

200 OK

17 kB

URL GET HTTP/2
m.media-amazon.com/images/S/sash/pDxWAF1pBB0dzGB.woff2
IP
151.101.65.16:443
ASN
#54113 FASTLY

Requested by
https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Certificate
IssuerDigiCert Inc
Subjectimages-na.ssl-images-amazon.com
Fingerprint0A:7D:8E:50:BF:66:8B:63:B2:7A:02:D9:9D:F9:D4:43:00:40:F7:94
ValidityFri, 08 Sep 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16616, version 1.655\012- data
Size
17 kB (16616 bytes)
Hash
4afcd3b79b78d33386f497877a29c518
cc7ebaa05a2cd3b02c0929ac0475a44ab30b7efa
cded49f94fc16dc0a14923975e159fbf4b14844593e612c1342c9e34e2f96821

HTTP Headers

GET /images/S/sash/pDxWAF1pBB0dzGB.woff2 HTTP/1.1
Host: m.media-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://verif77amzservics-acconttrstdsasa.dynnamn.ru
DNT: 1
Connection: keep-alive
Referer: https://verif77amzservics-acconttrstdsasa.dynnamn.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/font-woff2; charset=utf-8
x-amz-ir-id: c8c3029d-0183-4b9a-bf1a-1c4ccdeee9a1
expires: Thu, 23 May 2041 09:24:39 GMT
cache-control: max-age=630720000,public
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
access-control-allow-origin: *
last-modified: Fri, 30 Oct 2020 21:19:16 GMT
x-nginx-cache-status: HIT
accept-ranges: bytes
date: Sun, 03 Dec 2023 18:03:13 GMT
age: 40958115
x-served-by: cache-dca17754-DCA, cache-iad-kcgs7200047-IAD, cache-bma1631-BMA
x-cache: HIT from fastly, HIT from fastly, HIT from fastly
server-timing: provider;desc="fy"
content-length: 16616
X-Firefox-Spdy: h2

m.media-amazon.com/images/S/sash/mPGmT0r6IeTyIee.png

151.101.65.16

200 OK

28 kB

URL GET HTTP/2
m.media-amazon.com/images/S/sash/mPGmT0r6IeTyIee.png
IP
151.101.65.16:443
ASN
#54113 FASTLY

Requested by
https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Certificate
IssuerDigiCert Inc
Subjectimages-na.ssl-images-amazon.com
Fingerprint0A:7D:8E:50:BF:66:8B:63:B2:7A:02:D9:9D:F9:D4:43:00:40:F7:94
ValidityFri, 08 Sep 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT

File type
PNG image data, 400 x 750, 8-bit colormap, non-interlaced\012- data
Size
28 kB (27972 bytes)
Hash
1b5a1fb097715b1604b21aba92ef6a3e
c4a765aedd886dc04d89e7e93b6a02c59ecb7013
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5

HTTP Headers

GET /images/S/sash/mPGmT0r6IeTyIee.png HTTP/1.1
Host: m.media-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verif77amzservics-acconttrstdsasa.dynnamn.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
x-amz-ir-id: 60c5c3cb-0e05-45df-9336-9135292f45b8
cache-control: max-age=630720000,public
last-modified: Tue, 17 Nov 2020 23:31:33 GMT
access-control-allow-origin: *
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
expires: Tue, 15 Sep 2043 08:53:47 GMT
x-nginx-cache-status: HIT
accept-ranges: bytes
date: Sun, 03 Dec 2023 18:03:13 GMT
age: 2800697
x-served-by: cache-iad-kjyo7100113-IAD, cache-bma1652-BMA
x-cache: HIT from fastly, HIT from fastly
server-timing: provider;desc="fy"
content-length: 27972
X-Firefox-Spdy: h2

m.media-amazon.com/images/S/sash/KFPk-9IF4FqAqY-.woff2

151.101.65.16

200 OK

16 kB

URL GET HTTP/2
m.media-amazon.com/images/S/sash/KFPk-9IF4FqAqY-.woff2
IP
151.101.65.16:443
ASN
#54113 FASTLY

Requested by
https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Certificate
IssuerDigiCert Inc
Subjectimages-na.ssl-images-amazon.com
Fingerprint0A:7D:8E:50:BF:66:8B:63:B2:7A:02:D9:9D:F9:D4:43:00:40:F7:94
ValidityFri, 08 Sep 2023 00:00:00 GMT - Fri, 21 Jun 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16460, version 1.655\012- data
Size
16 kB (16460 bytes)
Hash
15e17f26c664ee0518f82972282e6ff3
46b91bda68161c14e554a779643ef4957431987b
4065b43ba3db8da5390ba0708555889f78e86483fe0226ef79ea22d07c306b89

HTTP Headers

GET /images/S/sash/KFPk-9IF4FqAqY-.woff2 HTTP/1.1
Host: m.media-amazon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://verif77amzservics-acconttrstdsasa.dynnamn.ru
DNT: 1
Connection: keep-alive
Referer: https://verif77amzservics-acconttrstdsasa.dynnamn.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/font-woff2; charset=utf-8
x-amz-ir-id: 29d3a6a7-1de1-4b26-a924-6c3f60e02dbf
cache-control: max-age=630720000,public
last-modified: Fri, 30 Oct 2020 21:19:26 GMT
access-control-allow-origin: *
expires: Fri, 28 Aug 2043 19:16:09 GMT
x-nginx-cache-status: HIT
timing-allow-origin: https://www.amazon.se
accept-ranges: bytes
date: Sun, 03 Dec 2023 18:03:13 GMT
age: 7729500
x-served-by: cache-iad-kcgs7200049-IAD, cache-bma1631-BMA
x-cache: HIT from fastly, HIT from fastly
server-timing: provider;desc="fy"
content-length: 16460
X-Firefox-Spdy: h2

verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/images/favicon.ico

162.240.160.144

200 OK

18 kB

URL GET HTTP/1.1
verif77amzservics-acconttrstdsasa.dynnamn.ru/CR51/Assets/_hayo/images/favicon.ico
IP
162.240.160.144:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Certificate
IssuerLet's Encrypt
Subjectverif77amzservics-acconttrstdsasa.dynnamn.ru
FingerprintD8:2A:45:34:8B:1E:25:67:4F:8C:FD:6C:7D:0B:03:59:48:03:9D:39
ValiditySat, 02 Dec 2023 18:14:08 GMT - Fri, 01 Mar 2024 18:14:07 GMT

File type
MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
18 kB (17542 bytes)
Hash
ca6619b86c2f6e6068b69ba3aaddb7e4
c44a1bb9d14385334eb851fbb0afb19d961c1ee7
17d02e2db6dbedb95dd449d06868c147ac2c3b5371497bcb9407e75336a99e09

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CR51/Assets/_hayo/images/favicon.ico HTTP/1.1
Host: verif77amzservics-acconttrstdsasa.dynnamn.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verif77amzservics-acconttrstdsasa.dynnamn.ru/signin?verify=cr51_63807
Cookie: PHPSESSID=fc1b1d7b1acdc3c4e738f5bd203fe9dd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2023 18:03:13 GMT
Server: Apache
Last-Modified: Sun, 14 Nov 2021 12:02:18 GMT
Accept-Ranges: bytes
Content-Length: 17542
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/x-icon

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN