Report - inmak.su/cgi-bin/inmakred.cgi?bn=685&url=dankdollz.com

Report Overview

Visited public
2023-11-06 03:25:45
Tags
URL
inmak.su/cgi-bin/inmakred.cgi?bn=685&url=dankdollz.com
Finishing URL
inmak.su/cgi-bin/inmakred.cgi?bn=685&url=dankdollz.com
IP / ASN
95.163.101.102
#12695 LLC Digital Network
Title
Внимание!

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
inmak.su	unknown	2008-04-22	2020-09-07 20:35:12	2023-10-15 03:01:56	1.7 kB	3.3 kB	95.163.101.102

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-06 03:25:28	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-06 03:25:28	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-06 03:25:28	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-06 03:25:29	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-06 03:25:29	medium	Client IP	95.163.101.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-06 03:25:29	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-11-06 03:25:29	medium	Client IP	95.163.101.102	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-11-06 03:25:29	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

inmak.su/cgi-bin/inmakred.cgi?bn=685&url=dankdollz.com

95.163.101.102

403 Forbidden

302 B

URL User Request GET HTTP/1.1
inmak.su/cgi-bin/inmakred.cgi?bn=685&url=dankdollz.com
IP
95.163.101.102:80
ASN
#12695 LLC Digital Network

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text
Size
302 B (302 bytes)
Hash
d48f27e0e449456329c4cd7d68ebcb02
057821d6fc35d6d2670708086f1e94a5e0bf4a77
2369687fa4061ef4eb73767ca03692e07f304757865ae5652ef4ffc475629d0b

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /cgi-bin/inmakred.cgi?bn=685&url=dankdollz.com HTTP/1.1
Host: inmak.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx
Date: Mon, 06 Nov 2023 03:25:29 GMT
Content-Type: text/html; charset=koi8-r
Transfer-Encoding: chunked
Connection: keep-alive
Vary: *
Content-Encoding: gzip

inmak.su/cgi-bin/inmakred.cgi?bn=685&url=dankdollz.com

95.163.101.102

403 Forbidden

429 B

URL User Request GET HTTP/1.1
inmak.su/cgi-bin/inmakred.cgi?bn=685&url=dankdollz.com
IP
95.163.101.102:80
ASN
#12695 LLC Digital Network

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text
Size
429 B (429 bytes)
Hash
d48f27e0e449456329c4cd7d68ebcb02
057821d6fc35d6d2670708086f1e94a5e0bf4a77
2369687fa4061ef4eb73767ca03692e07f304757865ae5652ef4ffc475629d0b

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /cgi-bin/inmakred.cgi?bn=685&url=dankdollz.com HTTP/1.1
Host: inmak.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Mon, 06 Nov 2023 03:25:29 GMT
Server: Apache
Vary: *
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=koi8-r

inmak.su/favicon.ico

95.163.101.102

200 OK

232 B

URL GET HTTP/1.1
inmak.su/favicon.ico
IP
95.163.101.102:443
ASN
#12695 LLC Digital Network

Requested by
http://inmak.su/cgi-bin/inmakred.cgi?bn=685&url=dankdollz.com
Certificate
IssuerLet's Encrypt
Subjectinmak.com
Fingerprint85:43:DC:9C:98:35:B2:09:66:6E:17:C1:5E:6C:2A:3D:2B:56:18:F5
ValiditySun, 15 Oct 2023 00:00:56 GMT - Sat, 13 Jan 2024 00:00:55 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 B (232 bytes)
Hash
322b3e06b625c6d497b94566465aa6b4
cbff2d5681f106aa7b9a0503e945d25bf061fcf1
d6015f9b2878beb7ca2fcaeb9d2a3496ab0a02a71304bfae74d14d5f7fefb6d7

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: inmak.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://inmak.su/cgi-bin/inmakred.cgi?bn=685&url=dankdollz.com
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Nov 2023 03:25:29 GMT
Server: Apache
Location: https://inmak.su/favicon.ico
Keep-Alive: timeout=10, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

inmak.su/favicon.ico

95.163.101.102

200 OK

1.4 kB

URL GET HTTP/1.1
inmak.su/favicon.ico
IP
95.163.101.102:443
ASN
#12695 LLC Digital Network

Requested by
http://inmak.su/cgi-bin/inmakred.cgi?bn=685&url=dankdollz.com
Certificate
IssuerLet's Encrypt
Subjectinmak.com
Fingerprint85:43:DC:9C:98:35:B2:09:66:6E:17:C1:5E:6C:2A:3D:2B:56:18:F5
ValiditySun, 15 Oct 2023 00:00:56 GMT - Sat, 13 Jan 2024 00:00:55 GMT

File type
MS Windows icon resource - 1 icon, 16x16\012- data
Size
1.4 kB (1406 bytes)
Hash
a540c4e38df9f74e680869bca1d7c49f
07a1785a8262b0916f06fff3d8b298a77dad4bed
f956464e48d6846e24a7c197bd470c18dafe0e1d6171c17287a72e5bae5f7f4e

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: inmak.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://inmak.su/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 06 Nov 2023 03:25:30 GMT
Content-Type: image/x-icon
Content-Length: 1406
Last-Modified: Tue, 28 Jan 2020 15:54:22 GMT
Connection: keep-alive
ETag: "5e30592e-57e"
Cache-Control: public, max-age=2592000, immutable
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (4)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers