aedwaer.mrslove.com/mobile/index[.]php
301 Moved Permanently 266 B URL User Request GET HTTP/1.1 aedwaer.mrslove.com/mobile/index[.]php
IP
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c984797bd63b5f7d3dda47f96521a3f4
930ce54843db7967775a6ddcb0628751d6953e54
0a177fa6526d58d99abd5d9404e073440c2a27e23235cca4acde4713847d3aca
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.mrslove .com Domain
GET /mobile/index[.]php HTTP/1.1
Host: aedwaer.mrslove.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
content-length: 266
content-type: text/html; charset=iso-8859-1
date: Thu, 25 May 2023 04:37:32 GMT
server: Apache
X-Firefox-Spdy: h2
aedwaer.mrslove.com/mobile/index[.]php
301 Moved Permanently 327 B URL User Request GET HTTP/1.1 aedwaer.mrslove.com/mobile/index[.]php
IP
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash da3a7986dfab3f8a79ef312e88251082
06345aa8e1577076c5c4bc009725e9ea2503cdb3
1b54d2611efd116362c0a35ea94a3192b720270c4f611ec9d0df60bc9194a1af
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO DYNAMIC_DNS HTTP Request to a *.mrslove .com Domain
GET /mobile/index[.]php HTTP/1.1
Host: aedwaer.mrslove.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Thu, 25 May 2023 04:37:33 GMT
Server: Apache
Location: https://aedwaer.mrslove.com/mobile/index%5b.%5dphp
Content-Length: 327
Connection: close
Content-Type: text/html; charset=iso-8859-1
aedwaer.mrslove.com/mobile/index%5b.%5dphp
404 Not Found 266 B URL User Request GET HTTP/2 aedwaer.mrslove.com/mobile/index%5b.%5dphp
IP
ASN #8100 ASN-QUADRANET-GLOBAL
Certificate IssuerLet's Encrypt
Subjectnadfqw4e.misecure.com
Fingerprint5C:B1:DE:2C:46:3F:78:63:49:87:26:C5:F4:15:99:7E:6A:1E:9A:60
ValidityWed, 24 May 2023 10:33:27 GMT - Tue, 22 Aug 2023 10:33:26 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c984797bd63b5f7d3dda47f96521a3f4
930ce54843db7967775a6ddcb0628751d6953e54
0a177fa6526d58d99abd5d9404e073440c2a27e23235cca4acde4713847d3aca
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
fortinet Phishing
quad9 Sinkholed
GET /mobile/index%5b.%5dphp HTTP/1.1
Host: aedwaer.mrslove.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-length: 266
content-type: text/html; charset=iso-8859-1
date: Thu, 25 May 2023 04:37:33 GMT
server: Apache
X-Firefox-Spdy: h2
aedwaer.mrslove.com/favicon.ico
404 Not Found 266 B URL GET HTTP/2 aedwaer.mrslove.com/favicon.ico
IP
ASN #8100 ASN-QUADRANET-GLOBAL
Requested by https://aedwaer.mrslove.com/mobile/index%5b.%5dphp
Certificate IssuerLet's Encrypt
Subjectnadfqw4e.misecure.com
Fingerprint5C:B1:DE:2C:46:3F:78:63:49:87:26:C5:F4:15:99:7E:6A:1E:9A:60
ValidityWed, 24 May 2023 10:33:27 GMT - Tue, 22 Aug 2023 10:33:26 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c984797bd63b5f7d3dda47f96521a3f4
930ce54843db7967775a6ddcb0628751d6953e54
0a177fa6526d58d99abd5d9404e073440c2a27e23235cca4acde4713847d3aca
Analyzer Verdict Alert urlquery suspicious Suspicious - DynDNS domain
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: aedwaer.mrslove.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aedwaer.mrslove.com/mobile/index%5b.%5dphp
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-length: 266
content-type: text/html; charset=iso-8859-1
date: Thu, 25 May 2023 04:37:33 GMT
server: Apache
X-Firefox-Spdy: h2
167.160.188.62