Report - mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng

Report Overview

Submitted URL
mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
IP
13.213.161.248
ASN
#16509 AMAZON-02
Submitted
2024-04-19 09:40:41
Access
public
Website Title
mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Final URL
mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mirthmingle.net	unknown	2024-04-14	2024-04-14	2024-04-18	2.8 kB	10 kB	13.213.161.248
d1dt57yh60in0y.cloudfront.net	unknown	2008-04-25	2022-04-19	2024-04-13	889 B	179 kB	54.230.111.79
ofklefkian.com	unknown	2024-01-25	2024-01-25	2024-04-18	1.1 kB	15 kB	139.45.197.251
jouteetu.net	260109	2021-07-08	2021-07-15	2024-04-18	888 B	1.3 kB	139.45.197.251
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-04-19	1.0 kB	1.1 kB	139.45.197.250

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	ofklefkian.com	Sinkholed
2024-04-19	medium	ofklefkian.com	Sinkholed
2024-04-19	medium	amunfezanttor.com	Sinkholed
2024-04-19	medium	amunfezanttor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng	0 B	2023-03-07	2024-05-02
Pretty URL mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng IP 13.213.161.248 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-02 12:50:41 Times Seen37271990 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	mirthmingle.net/all/common.js?v=20230908	1.1 kB	2024-04-18	2024-04-19
Pretty URL mirthmingle.net/all/common.js?v=20230908 IP 13.213.161.248 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 12:05:38 Last Seen2024-04-19 11:40:44 Times Seen4 Hash 6e04e072ff13101fdca4851bad683fa8 5b5228d7a4c2ef635e2f9ea6e9729165e109f9e9 ea401adbf766e620a94220962df6c4d9e585cbee33c0f3cbe7529e3f34a8e66e Loading...

	mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng	0 B	2023-03-07	2024-05-02
Pretty URL mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng IP 13.213.161.248 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-02 12:50:41 Times Seen37271990 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ofklefkian.com/pfe/current/micro.tag.min.js?z=7350763&sw=/sw-check-permissions-ded21.js	37 kB	2024-04-19	2024-04-24
Pretty URL ofklefkian.com/pfe/current/micro.tag.min.js?z=7350763&sw=/sw-check-permissions-ded21.js IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 11:01:02 Last Seen2024-04-24 10:13:15 Times Seen137 Hash a20bcaec96bee3dbd00db263a10489fd 2b938c0fe930489aab17567f78269f42d43e0555 b09a1860a090fc1aa1b482392060a3bb197d25044275dda41fdce5770ba758ba Loading...

HTTP Transactions (14)

URL IP Response Size

mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng

13.213.161.248

200 OK

1.0 kB

URL User Request GET HTTP/1.1
mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectmirthmingle.net
Fingerprint59:50:C1:12:5F:D7:40:3E:73:F4:E8:CF:FC:CB:51:BE:CB:3F:84:8C
ValiditySun, 14 Apr 2024 04:41:45 GMT - Sat, 13 Jul 2024 04:41:44 GMT

File type
HTML document, ASCII text
Size
1.0 kB (1048 bytes)
Hash
94b187ab649d3b700fdbf61b36068b1f
efc5a3a0d968e7aedc4c8eba4b25ead785ea7d45
92abed386a8f911e76118eb58b93ece9447045ad1bff56a679d4bd3b7ba2ad36

HTTP Headers

GET /all/?click_id=coh3nldqtppc73fde9ng HTTP/1.1
Host: mirthmingle.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 09:40:16 GMT
Content-Type: text/html
Last-Modified: Sun, 14 Apr 2024 05:36:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"661b6b6c-c6d"
Content-Encoding: gzip

mirthmingle.net/all/app.css?v=20231218

13.213.161.248

200 OK

1.6 kB

URL GET HTTP/1.1
mirthmingle.net/all/app.css?v=20231218
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerLet's Encrypt
Subjectmirthmingle.net
Fingerprint59:50:C1:12:5F:D7:40:3E:73:F4:E8:CF:FC:CB:51:BE:CB:3F:84:8C
ValiditySun, 14 Apr 2024 04:41:45 GMT - Sat, 13 Jul 2024 04:41:44 GMT

File type
ASCII text
Size
1.6 kB (1631 bytes)
Hash
0e6d84f22affd539485c2d47cdfcb148
86b9f4acb0f8cdb09a317c0d8fa9e8718a069eb0
6a06ed4bb7f902f517f42cb85d220f553514de7a8c16a2d6be2686079f592f49

HTTP Headers

GET /all/app.css?v=20231218 HTTP/1.1
Host: mirthmingle.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 09:40:16 GMT
Content-Type: text/css
Content-Length: 1631
Last-Modified: Sun, 14 Apr 2024 05:36:44 GMT
Connection: keep-alive
ETag: "661b6b6c-65f"
Accept-Ranges: bytes

mirthmingle.net/all/css/timeTo.css

13.213.161.248

200 OK

4.2 kB

URL GET HTTP/1.1
mirthmingle.net/all/css/timeTo.css
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerLet's Encrypt
Subjectmirthmingle.net
Fingerprint59:50:C1:12:5F:D7:40:3E:73:F4:E8:CF:FC:CB:51:BE:CB:3F:84:8C
ValiditySun, 14 Apr 2024 04:41:45 GMT - Sat, 13 Jul 2024 04:41:44 GMT

File type
ASCII text
Size
4.2 kB (4167 bytes)
Hash
c704d4b96307d5faa9f729e1d0f1ff24
c6e4c98a37882b9ae05b51ee5b803662daf974f7
721e2bfcdf3281e55aea0a0ba7ebe94010bead3113aeaae1a22bc158e82a0967

HTTP Headers

GET /all/css/timeTo.css HTTP/1.1
Host: mirthmingle.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 09:40:17 GMT
Content-Type: text/css
Content-Length: 4167
Last-Modified: Sun, 14 Apr 2024 05:36:44 GMT
Connection: keep-alive
ETag: "661b6b6c-1047"
Accept-Ranges: bytes

mirthmingle.net/all/common.js?v=20230908

13.213.161.248

200 OK

1.1 kB

URL GET HTTP/1.1
mirthmingle.net/all/common.js?v=20230908
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerLet's Encrypt
Subjectmirthmingle.net
Fingerprint59:50:C1:12:5F:D7:40:3E:73:F4:E8:CF:FC:CB:51:BE:CB:3F:84:8C
ValiditySun, 14 Apr 2024 04:41:45 GMT - Sat, 13 Jul 2024 04:41:44 GMT

File type
JavaScript source, ASCII text
Size
1.1 kB (1068 bytes)
Hash
6e04e072ff13101fdca4851bad683fa8
5b5228d7a4c2ef635e2f9ea6e9729165e109f9e9
ea401adbf766e620a94220962df6c4d9e585cbee33c0f3cbe7529e3f34a8e66e

HTTP Headers

GET /all/common.js?v=20230908 HTTP/1.1
Host: mirthmingle.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 09:40:17 GMT
Content-Type: application/javascript
Content-Length: 1068
Last-Modified: Mon, 15 Apr 2024 15:26:23 GMT
Connection: keep-alive
ETag: "661d471f-42c"
Accept-Ranges: bytes

d1dt57yh60in0y.cloudfront.net/cpl/alibaba_logo.png

54.230.111.79

200 OK

57 kB

URL GET HTTP/2
d1dt57yh60in0y.cloudfront.net/cpl/alibaba_logo.png
IP
54.230.111.79:443
ASN
#16509 AMAZON-02

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 428 x 428, 8-bit colormap, non-interlaced
Size
57 kB (56550 bytes)
Hash
df63415b623157b9be8dc33a5f27309b
bd8aec755cbd0713654a3843c0118cad4de65003
02b398d8493eda68bb0a9235b8b32f3a6165f778db56a5a8d272855aa0f6112e

HTTP Headers

GET /cpl/alibaba_logo.png HTTP/1.1
Host: d1dt57yh60in0y.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirthmingle.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 56550
last-modified: Thu, 04 Jan 2024 06:08:02 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Fri, 19 Apr 2024 09:40:17 GMT
etag: "df63415b623157b9be8dc33a5f27309b"
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZAf91aVV408X_PqTS-7RZKagoR7GZU3QYMDvQoX4xQJrxhUKHpx2yQ==
age: 14628
X-Firefox-Spdy: h2

d1dt57yh60in0y.cloudfront.net/cpl/credit_line.jpg

54.230.111.79

200 OK

122 kB

URL GET HTTP/2
d1dt57yh60in0y.cloudfront.net/cpl/credit_line.jpg
IP
54.230.111.79:443
ASN
#16509 AMAZON-02

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x628, components 3
Size
122 kB (121584 bytes)
Hash
ee2525008df8223ebb82d801704cc086
29d6c0c85123c5aaa3f8e4909a8d3f02c0a0385a
f631fcb45674f9112cacb43be859ad7a4919b819296da8c227572af0538267d5

HTTP Headers

GET /cpl/credit_line.jpg HTTP/1.1
Host: d1dt57yh60in0y.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirthmingle.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
content-length: 121584
last-modified: Thu, 04 Jan 2024 06:05:35 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Fri, 19 Apr 2024 09:40:17 GMT
etag: "ee2525008df8223ebb82d801704cc086"
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7w_HrN1tjmlKsjMpnBavCEFRGRdqqvAPI9ZKicKvSx6tpsDIS8aWRw==
age: 4155
X-Firefox-Spdy: h2

mirthmingle.net/favicon.ico

13.213.161.248

404 Not Found

123 B

URL GET HTTP/1.1
mirthmingle.net/favicon.ico
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerLet's Encrypt
Subjectmirthmingle.net
Fingerprint59:50:C1:12:5F:D7:40:3E:73:F4:E8:CF:FC:CB:51:BE:CB:3F:84:8C
ValiditySun, 14 Apr 2024 04:41:45 GMT - Sat, 13 Jul 2024 04:41:44 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
123 B (123 bytes)
Hash
1b7c22a214949975556626d7217e9a39
d01c97e2944166ed23e47e4a62ff471ab8fa031f
340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mirthmingle.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 09:40:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

ofklefkian.com/zone?&pub=0&zone_id=7350763&is_mobile=false&domain=mirthmingle.net&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.501&trace_id=adadf9d4-2b11-43b3-ab37-7397969c9779&action=prerequest

139.45.197.251

200 OK

0 B

URL POST HTTP/2
ofklefkian.com/zone?&pub=0&zone_id=7350763&is_mobile=false&domain=mirthmingle.net&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.501&trace_id=adadf9d4-2b11-43b3-ab37-7397969c9779&action=prerequest
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerLet's Encrypt
Subjectofklefkian.com
Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02
ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /zone?&pub=0&zone_id=7350763&is_mobile=false&domain=mirthmingle.net&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.501&trace_id=adadf9d4-2b11-43b3-ab37-7397969c9779&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mirthmingle.net
DNT: 1
Connection: keep-alive
Referer: https://mirthmingle.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 09:40:18 GMT
content-length: 0
x-trace-id: bc756be1cff49f1b78731ce02da8c621
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mirthmingle.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 279
Origin: https://mirthmingle.net
DNT: 1
Connection: keep-alive
Referer: https://mirthmingle.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 09:40:18 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 5c21ab1e99e4b4c876f23f699b314e53
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mirthmingle.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 281
Origin: https://mirthmingle.net
DNT: 1
Connection: keep-alive
Referer: https://mirthmingle.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 09:40:18 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 4669b761b06ffb3b97930a29ad35ea8d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mirthmingle.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ofklefkian.com/pfe/current/micro.tag.min.js?z=7350763&sw=/sw-check-permissions-ded21.js

139.45.197.251

200 OK

14 kB

URL GET HTTP/2
ofklefkian.com/pfe/current/micro.tag.min.js?z=7350763&sw=/sw-check-permissions-ded21.js
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerLet's Encrypt
Subjectofklefkian.com
Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02
ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT

File type
gzip compressed data, max speed, from Unix
Size
14 kB (14547 bytes)
Hash
c1c1fbb5bc4a0fb5bab60612fcf1fd4d
b9b4065d7e668ee6243ad84c7b8d7d565b7f8f9e
6416d54c58b1afed27d6506c720e21729cca436d884a45b8d9ae83aa241f8fdb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=7350763&sw=/sw-check-permissions-ded21.js HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirthmingle.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 09:40:17 GMT
content-type: application/javascript
last-modified: Fri, 19 Apr 2024 08:30:08 GMT
etag: W/"66222b90-8eda"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mirthmingle.net/
Origin: https://mirthmingle.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 09:40:18 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://mirthmingle.net
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

mirthmingle.net/sw-check-permissions-ded21.js?zoneId=7350763

13.213.161.248

200 OK

570 B

URL GET HTTP/1.1
mirthmingle.net/sw-check-permissions-ded21.js?zoneId=7350763
IP
13.213.161.248:443
ASN
#16509 AMAZON-02

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerLet's Encrypt
Subjectmirthmingle.net
Fingerprint59:50:C1:12:5F:D7:40:3E:73:F4:E8:CF:FC:CB:51:BE:CB:3F:84:8C
ValiditySun, 14 Apr 2024 04:41:45 GMT - Sat, 13 Jul 2024 04:41:44 GMT

File type
Java source, ASCII text
Size
570 B (570 bytes)
Hash
019de1a1162107c6518e2f4b44a5b6fb
9cc5d6296d710c6530e4babe6bbeb3d8d2b1de50
c3ae932ff617ed3600c7335aefdcd08eaf88cfc21f345041c55139a9adcf8b24

HTTP Headers

GET /sw-check-permissions-ded21.js?zoneId=7350763 HTTP/1.1
Host: mirthmingle.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 19 Apr 2024 09:40:18 GMT
Content-Type: application/javascript
Content-Length: 570
Last-Modified: Mon, 15 Apr 2024 15:26:23 GMT
Connection: keep-alive
ETag: "661d471f-23a"
Accept-Ranges: bytes

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://mirthmingle.net/all/?click_id=coh3nldqtppc73fde9ng
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
afb5474cfe8faceccaca3eec4562292f
f4edbc4a92b920ac965a89deead5b5e54583dc55
c2c9916da6a7b900d4059843c6217a44fd382a3f45c3d8cec6abf246af9ce9dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mirthmingle.net/
Content-Type: application/json
Content-Length: 912
Origin: https://mirthmingle.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 09:40:18 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mirthmingle.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash