Report - www.mnb.email/tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net

Report Overview

Submitted URL
www.mnb.email/tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net
IP
208.83.141.137
ASN
#15085 IMMEDION
Submitted
2023-05-25 15:37:12
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.mynewsletterbuilder.com	921925	2003-07-14	2012-06-28	2023-05-10	4.8 kB	64 kB	104.26.14.39
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-25	999 B	2.1 kB	142.250.74.131
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2023-05-25	444 B	35 kB	142.250.74.106
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-05-25	438 B	121 kB	142.250.74.136
ocsp.godaddy.com	698	1999-03-02	2012-05-20	2023-05-25	330 B	2.3 kB	192.124.249.23
www.mnb.email	unknown	2014-04-14	2017-08-17	2023-05-09	587 B	798 B	208.83.141.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator
2023-05-25	medium	slurpmail.net
2023-05-25	medium	slurpmail.net
2023-05-25	medium	slurpmail.net
2023-05-25	medium	slurpmail.net

Quad9 DNS

Scan Date	Severity	Indicator
2023-05-25	medium	slurpmail.net
2023-05-25	medium	slurpmail.net
2023-05-25	medium	slurpmail.net
2023-05-25	medium	slurpmail.net

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	www.mynewsletterbuilder.com/cdn-cgi/apps/head/MqJjDCGtLy5z3tgedFxmZMAeSFg.js	6.4 kB	2023-05-04	2023-05-25
Pretty URL www.mynewsletterbuilder.com/cdn-cgi/apps/head/MqJjDCGtLy5z3tgedFxmZMAeSFg.js IP 172.67.74.88 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-04 21:42:33 Last Seen2023-05-25 21:08:16 Times Seen9 Hash 3f8d5497dd43bbd0fb2b873ac0d849c0 a6e4f8361fe2d32923faca4223bbab33ed9fce8c b63c8b0a0e88df72c9effa8695ad4fed2691668906bc049358967aaed7af8feb Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js	94 kB	2023-03-07	2024-04-26
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:53 Last Seen2024-04-26 07:11:06 Times Seen16308 Hash 3576a6e73c9dccdbbc4a2cf8ff544ad7 06e872300088b9ba8a08427d28ed0efcdf9c6ff5 61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf Loading...

	www.googletagmanager.com/gtag/js?id=UA-3177177-1	120 kB	2023-05-25	2023-05-25
Pretty URL www.googletagmanager.com/gtag/js?id=UA-3177177-1 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-25 17:37:13 Last Seen2023-05-25 17:37:13 Times Seen2 Hash ad72679d2067b4e9541bcae5c17399fe 6bd95af2413a2b2a01aa2c9cdef1314c3f731fbd 7f2172f9d32cb6f9e9b570596b8b4b990614678ca0c90a60f94fb30d1f6aaf0b Loading...

	www.mynewsletterbuilder.com/tools/sandbox%20eval%20code	147 B	2023-04-11	2024-04-26
Pretty URL www.mynewsletterbuilder.com/tools/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-26 07:22:58 Times Seen342325 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-04-26
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-04-26 07:22:58 Times Seen341826 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

HTTP Transactions (15)

URL IP Response Size

ocsp.godaddy.com/

192.124.249.23

1.8 kB

URL
ocsp.godaddy.com/
IP
192.124.249.23:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
6645b67715c788ae719a22d435aa7270
6a8685e544fc792cd31e3e910f0f88994e031e6b
a3a06139d5e98f892e656bcb2f80d9849a972a1ab1b1336aa774dc6c03024a82

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 25 May 2023 15:36:55 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 25 May 2023 04:14:26 GMT
Expires: Fri, 26 May 2023 04:14:26 GMT
ETag: "6a8685e544fc792cd31e3e910f0f88994e031e6b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

www.mnb.email/tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net

208.83.141.137

307 Temporary Redirect

452 B

URL User Request GET HTTP/1.1
www.mnb.email/tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net
IP
208.83.141.137:443
ASN
#15085 IMMEDION

Certificate
IssuerGoDaddy.com, Inc.
Subjectwww.mynewsletterbuilder.com
Fingerprint9E:DC:32:B8:E8:9F:46:DB:B7:83:88:BA:A2:74:F5:DC:E6:A7:4E:63
ValidityWed, 15 Jun 2022 19:02:57 GMT - Mon, 17 Jul 2023 19:02:57 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
452 B (452 bytes)
Hash
9e21eeda11b8c697094de805d3da48f6
db6233a4d7d17ee6b7b5055adfe46ed32489bd89
a0d995d26aac33915338db44cbb33c164599dfb6f6c6246c1cf2b422988d1439

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net HTTP/1.1
Host: www.mnb.email
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.11.4
Date: Thu, 25 May 2023 15:36:55 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 452
Connection: keep-alive
Location: http://www.mynewsletterbuilder.com/tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net

www.mynewsletterbuilder.com/tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net

104.26.14.39

302 Found

540 B

URL User Request GET HTTP/2
www.mynewsletterbuilder.com/tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net
IP
104.26.14.39:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintBE:14:A5:58:F5:EA:14:65:94:75:B0:55:B7:3B:C1:00:2C:95:7C:77
ValidityMon, 17 Apr 2023 00:00:00 GMT - Tue, 16 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
540 B (540 bytes)
Hash
d2e636549df6b271a2fa16be07580448
0bd0535d5371f65bd5854d5d45bef862cff396f0
096ee4e8383b56858282c2e1b55ce4aecf41ed22e7fd2f6a3f09ea2f3dd45f9d

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net HTTP/1.1
Host: www.mynewsletterbuilder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Date: Thu, 25 May 2023 15:36:56 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.mynewsletterbuilder.com/tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cXNGbR%2BPXAg%2BbMDiOYnEt57EdzBomqXVsqqLVVzpZux1%2BNWYwwukjoELd5q898Y5JZgnWiATfWC1TJFV5x3awxMUTLHEFxwib0jyanLhyZv5nETB83NoOS4T0q7ZrjBLDFayefOIbpTrOTDGvA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ccedb546a141c0e-OSL
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
02441e71b96dfcb212dc26c6742966fa
893af98d5499b9838549a364494517859f99e38e
2cffe2846eca0320d66174334f55ba35bd299aff59b40c730f7f4b179d542c7b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 25 May 2023 15:36:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

142.250.74.106

200 OK

34 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint9B:D0:53:C4:55:9D:41:A4:94:03:4A:2B:6A:5B:57:EB:EB:A5:F0:4A
ValidityMon, 24 Apr 2023 12:00:43 GMT - Mon, 17 Jul 2023 12:00:42 GMT

File type
ASCII text, with very long lines (65483)
Size
34 kB (33593 bytes)
Hash
3576a6e73c9dccdbbc4a2cf8ff544ad7
06e872300088b9ba8a08427d28ed0efcdf9c6ff5
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf

HTTP Headers

GET /ajax/libs/jquery/1.8.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mynewsletterbuilder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33593
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 May 2023 14:43:17 GMT
expires: Wed, 22 May 2024 14:43:17 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 176020
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
02441e71b96dfcb212dc26c6742966fa
893af98d5499b9838549a364494517859f99e38e
2cffe2846eca0320d66174334f55ba35bd299aff59b40c730f7f4b179d542c7b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 25 May 2023 15:36:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.mynewsletterbuilder.com/tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net

172.67.74.88

302 Found

956 B

URL User Request GET HTTP/2
www.mynewsletterbuilder.com/tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net
IP
172.67.74.88:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintBE:14:A5:58:F5:EA:14:65:94:75:B0:55:B7:3B:C1:00:2C:95:7C:77
ValidityMon, 17 Apr 2023 00:00:00 GMT - Tue, 16 Apr 2024 23:59:59 GMT

File type
data
Size
956 B (956 bytes)
Hash
d81c6d1321b0bdc311d3e1ab604b332a
fb35e6b1635d1c92e2ed7d0a50335d89f2f24950
2c954aa3911ab3b0eebc4dc4b9434d5e8fe7bff772c726cd064696bb8545e243

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /tools/subscription.php?username=ewineberg&send_id=646d8f71fa17fb02a0099576&l=p&email=christopher.e.holm@slurpmail.net HTTP/1.1
Host: www.mynewsletterbuilder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 25 May 2023 15:36:56 GMT
content-type: text/html; charset=UTF-8
location: https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
x-powered-by: PHP/5.6.31
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s8pQK5yEPD1kE2Z1kk7FafldmfwMpEIvD1UMsQ%2F8B1%2BZ3uxK1iaFp0KoMrAT%2FUaCSUOnbix8%2BLA6wauW9cJxRYhi%2B2m4cP1eE9hmj6KYy%2FIPEJ6H6k3m50bo0%2BCz76RTsmeipPqtJ0pZZ6sITQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ccedb563d280b31-OSL
X-Firefox-Spdy: h2

www.mynewsletterbuilder.com/images/mnb_powered_pop.gif

172.67.74.88

200 OK

1.5 kB

URL GET HTTP/2
www.mynewsletterbuilder.com/images/mnb_powered_pop.gif
IP
172.67.74.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintBE:14:A5:58:F5:EA:14:65:94:75:B0:55:B7:3B:C1:00:2C:95:7C:77
ValidityMon, 17 Apr 2023 00:00:00 GMT - Tue, 16 Apr 2024 23:59:59 GMT

File type
GIF image data, version 89a, 231 x 28\012- data
Size
1.5 kB (1483 bytes)
Hash
40914e6636816d292ddfbc471c9f3c34
5198a5c5de49159994eb080bc8fda5c992362482
70006399ee68a05bd18437dff61360a87099ab53d5e0cf270faede2b9c58001b

HTTP Headers

GET /images/mnb_powered_pop.gif HTTP/1.1
Host: www.mynewsletterbuilder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 May 2023 15:36:57 GMT
content-type: image/gif
content-length: 1483
last-modified: Sat, 22 Apr 2017 23:47:11 GMT
etag: "5cb-54dc9fe2e9b7d"
cache-control: max-age=432000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1fp8OKCZpSasS93ipN0eBDx74XWUdlGRrL1OXj5mpoQGi%2BLOGv%2Fd48t%2BhAv%2FpJyeFEbo6WB4T0zm8YwZObsPn2dbfv6Bn6eJ36DYTrJVzIhhPrH6N8Rt9l%2FgDIUC8MAL%2FCA1ju61%2F%2B7POM9Mlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccedb5d6f030b31-OSL
X-Firefox-Spdy: h2

www.mynewsletterbuilder.com/cdn-cgi/apps/head/MqJjDCGtLy5z3tgedFxmZMAeSFg.js

172.67.74.88

200 OK

49 kB

URL GET HTTP/2
www.mynewsletterbuilder.com/cdn-cgi/apps/head/MqJjDCGtLy5z3tgedFxmZMAeSFg.js
IP
172.67.74.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintBE:14:A5:58:F5:EA:14:65:94:75:B0:55:B7:3B:C1:00:2C:95:7C:77
ValidityMon, 17 Apr 2023 00:00:00 GMT - Tue, 16 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (329)
Size
49 kB (48786 bytes)
Hash
3f8d5497dd43bbd0fb2b873ac0d849c0
a6e4f8361fe2d32923faca4223bbab33ed9fce8c
b63c8b0a0e88df72c9effa8695ad4fed2691668906bc049358967aaed7af8feb

HTTP Headers

GET /cdn-cgi/apps/head/MqJjDCGtLy5z3tgedFxmZMAeSFg.js HTTP/1.1
Host: www.mynewsletterbuilder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 25 May 2023 15:36:57 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: G9pwqA+oJ7QQJs4hAkszcDQs3SzPeAIZM+7L2hr9zPkxbBFhKEqJwGuHSfxACsIK1jTfs79cG6A=
x-amz-request-id: ZSCCRAMXQHX76CE9
cache-control: public, max-age=31536000
last-modified: Thu, 15 Mar 2018 14:14:32 GMT
x-amz-version-id: QfqUJSKolZHyuS1AxlB4fapW6fBEExf_
etag: W/"c0bdf964973f18b3ad1cc91a60b3cfb1"
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gjMl97A8i%2B7MTeZG06kPe3%2BuA2O52vKxAXGWlriYY9ZuyGOh6QtPGARuPvevBLE%2BdM0gm2brJqraVYSDhdZmD8nNy5YOq4gqz46eKRdsJdaY8DAJ3c7L8zHf7uEAfFyJlkl%2Bzm6ps%2FZRl7nmxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccedb5d6efe0b31-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3cd11736a494e3b099d888ca94acbfc2
32a4eb572df98523b2e05ad6ace84bafe791ee59
229dcfdcfba2437dfb69860f2020d71fde3e74fdf2b878281f0b7b256c88989a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 25 May 2023 15:36:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.mynewsletterbuilder.com/css/whitelabel.php?uid=232992

172.67.74.88

200 OK

1.5 kB

URL GET HTTP/2
www.mynewsletterbuilder.com/css/whitelabel.php?uid=232992
IP
172.67.74.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintBE:14:A5:58:F5:EA:14:65:94:75:B0:55:B7:3B:C1:00:2C:95:7C:77
ValidityMon, 17 Apr 2023 00:00:00 GMT - Tue, 16 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1530), with no line terminators
Size
1.5 kB (1466 bytes)
Hash
19386b29a78b2d426e328084cd261788
7172f3947028cf77daa5e9b305895b4aeeacece2
423536d0a5a60c58cd1615d08bcdb9fb67beab53396e2d250d2c4472af35df4f

HTTP Headers

GET /css/whitelabel.php?uid=232992 HTTP/1.1
Host: www.mynewsletterbuilder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 May 2023 15:36:57 GMT
content-type: text/css;charset=UTF-8
x-powered-by: PHP/5.6.31
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=huT4%2FJMkuUxKXMSORTccVDAEPiiDaO402ejkKioAJ1ZgpkABFmTxMZVm59OyfSApLOMmK3wB8xOr%2FN%2BiQy7slRzHrTOsphosatsliATW2eQEFOQ34hLYy1zvIhkZQg%2FNwSVnt4kbGhk0rcMPzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ccedb5d6f000b31-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.mynewsletterbuilder.com/favicon.ico

172.67.74.88

200 OK

1.4 kB

URL GET HTTP/2
www.mynewsletterbuilder.com/favicon.ico
IP
172.67.74.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintBE:14:A5:58:F5:EA:14:65:94:75:B0:55:B7:3B:C1:00:2C:95:7C:77
ValidityMon, 17 Apr 2023 00:00:00 GMT - Tue, 16 Apr 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel\012- data
Size
1.4 kB (1406 bytes)
Hash
cc42ff850ba1be141cd92e454fef8075
4697f117001f690e585231433f9fefaa773b27d0
2c7dfed481790609969e8f8d26b6f4d2c2f7d6847b02d74ba5d421a17d531578

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.mynewsletterbuilder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 May 2023 15:36:57 GMT
content-type: image/x-icon
last-modified: Sat, 22 Apr 2017 23:47:11 GMT
etag: W/"57e-54dc9fe2c7897"
cache-control: max-age=432000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nVxFKNL7aL9hy4cizOglOEuaGiQwOnN6z1vpCKkGpw%2FejUkV9nXtsdHUmPMqHvfgkLiycx59ywjKpkDqsXqLf3NHFE1d%2BWUcSFrvkJy8aJIJxdFf7B10s0MAMZ6qveHPlEhdhx76Ucze4v6d%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ccedb60bbad0b31-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-3177177-1

142.250.74.136

200 OK

120 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-3177177-1
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint55:51:32:58:36:72:A1:C8:50:5E:5A:8D:CE:A5:2F:DC:D7:1E:62:03
ValidityMon, 24 Apr 2023 11:56:06 GMT - Mon, 17 Jul 2023 11:56:05 GMT

File type
ASCII text, with very long lines (2271)
Size
120 kB (120104 bytes)
Hash
ad72679d2067b4e9541bcae5c17399fe
6bd95af2413a2b2a01aa2c9cdef1314c3f731fbd
7f2172f9d32cb6f9e9b570596b8b4b990614678ca0c90a60f94fb30d1f6aaf0b

HTTP Headers

GET /gtag/js?id=UA-3177177-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mynewsletterbuilder.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 May 2023 15:36:57 GMT
expires: Thu, 25 May 2023 15:36:57 GMT
cache-control: private, max-age=900
last-modified: Thu, 25 May 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46677
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0

172.67.74.88

200 OK

2.2 kB

URL User Request GET HTTP/2
www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
IP
172.67.74.88:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintBE:14:A5:58:F5:EA:14:65:94:75:B0:55:B7:3B:C1:00:2C:95:7C:77
ValidityMon, 17 Apr 2023 00:00:00 GMT - Tue, 16 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2379), with no line terminators
Size
2.2 kB (2240 bytes)
Hash
0f0aba4eb1ccf375ec5be88a1c5cad8f
bd27952ac111dc2d3159461b7a18625d3ea7126e
96f390d39b990b199d67aabb04c6f2388f78636ae8d7dff9b7903c480b5f3ee9

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed
quad9	Sinkholed

HTTP Headers

GET /tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0 HTTP/1.1
Host: www.mynewsletterbuilder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 May 2023 15:36:56 GMT
content-type: text/html; charset=UTF-8
content-location: subscription.php
vary: negotiate,Accept-Encoding
tcn: choice
x-powered-by: PHP/5.6.31
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8TteKzIfxV4MGmHOg4nj2Od%2BGSgc3xFv0IgKe40b2NBUDTQ%2BxsnWc7SbyucRQbXegIFNl8sKgWCHYGRU2UGb07Qg5t7xoO4OIBkZsQMZVW4u70wZ%2B2DU8gwwzU90MY5luN%2FF0n6rq0oaDVzd2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ccedb5a2ade0b31-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.mynewsletterbuilder.com/css/external/sub_forms.css

172.67.74.88

200 OK

1.2 kB

URL GET HTTP/2
www.mynewsletterbuilder.com/css/external/sub_forms.css
IP
172.67.74.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintBE:14:A5:58:F5:EA:14:65:94:75:B0:55:B7:3B:C1:00:2C:95:7C:77
ValidityMon, 17 Apr 2023 00:00:00 GMT - Tue, 16 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1381), with no line terminators
Size
1.2 kB (1179 bytes)
Hash
ff59e78b972e589aedb1793e793f7cc2
bc37ae13e9fa0dc5fd2641504286e7218d284143
f41d7893c50f47a7bb347dd5bb735072f592565c402a32819ebe61158492fecc

HTTP Headers

GET /css/external/sub_forms.css HTTP/1.1
Host: www.mynewsletterbuilder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mynewsletterbuilder.com/tools/subscription?username=ewineberg&action=existing&email=christopher.e.holm@slurpmail.net&send_id=646d8f71fa17fb02a0099576&newsletter_id=0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 May 2023 15:36:57 GMT
content-type: text/css
last-modified: Sat, 22 Apr 2017 23:47:11 GMT
etag: W/"49b-54dc9fe2e0edb-gzip"
vary: Accept-Encoding
cache-control: max-age=432000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q3t%2BA3AP20KO1KAtvq%2Bdd5cx5ju9WbEqNko8MO%2FbxewTtKXIfBl09Gve6hgWUDC8LR4XBVrHMVyatQEaVPkF1o9%2Fa1YiED36TmRl4gK%2B6UoHSWgw3gbfbf3Nmx%2Bn9aRg57QDtDkz9PPdQDhyhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ccedb5d6f010b31-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP