Report - ip170.ip-51-89-105.eu/

Report Overview

Visited public
2023-11-21 02:43:08
Tags
URL
ip170.ip-51-89-105.eu/
Finishing URL
ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667
IP / ASN
51.89.105.170
#16276 OVH SAS
Title
Libero Mail - login

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.iolam.it	203511	2018-01-24	2018-03-07 08:54:25	2023-11-18 11:11:40	1.1 kB	186 kB	213.209.30.161
fundingchoicesmessages.google.com	2397	1997-09-15	2019-01-16 16:59:52	2023-11-19 18:13:53	443 B	11 kB	216.58.211.14
i1.plug.it	unknown	1996-12-03	2015-10-16 10:09:10	2023-10-31 22:32:12	939 B	32 kB	143.204.55.63
ip170.ip-51-89-105.eu	unknown	unknown	2023-10-05 08:43:33	2023-11-05 12:18:52	2.6 kB	120 kB	51.89.105.170
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-20 03:42:02	1.1 kB	33 kB	216.58.207.227
rumcdn.geoedge.be	1525	2018-05-06	2019-03-06 14:37:04	2023-11-20 04:03:04	692 B	78 kB	54.230.111.4
i.plug.it	191428	1996-12-03	2012-08-07 20:03:52	2023-11-18 11:11:40	373 B	573 B	143.204.55.72
italiaonline01.wt-eu02.net	198846	2012-11-02	2017-02-01 06:28:27	2023-11-15 19:24:03	1.2 kB	873 B	185.54.150.20
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-20 03:45:34	454 B	1.8 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-20	medium	ip170.ip-51-89-105.eu/	Libero
2023-11-20	medium	ip170.ip-51-89-105.eu/	Libero
2023-11-20	medium	ip170.ip-51-89-105.eu/	Libero
2023-11-20	medium	ip170.ip-51-89-105.eu/	Libero
2023-11-20	medium	ip170.ip-51-89-105.eu/	Libero
2023-11-20	medium	ip170.ip-51-89-105.eu/	Libero
2023-11-20	medium	ip170.ip-51-89-105.eu/	Libero

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (26)

	URL	From	Size	First Seen	Last Seen
	ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667	ScriptElement	295 B	2023-11-05	2024-08-20
Pretty URL ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667 IP 51.89.105.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-05 14:46 Last Seen2024-08-20 20:48 Times Seen2 Hash 062b91438ecaed8a6276789e492c8af9 024e6a4b1702fa74a36c65d32215891e385fbf82 8b0c2eebb6e3bf141b40822bd7ab7b51b79a913d279b1d12c1183a7c938b9281 Loading...

	ip170.ip-51-89-105.eu/js/0sBN1QtxZSRY.js	ScriptElement	46 kB	2023-03-13	2023-11-21
Pretty URL ip170.ip-51-89-105.eu/js/0sBN1QtxZSRY.js IP 51.89.105.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:27 Last Seen2023-11-21 03:43 Times Seen2 Hash 10fd38d35c7d0ffd25b63da5cb552fdb 999634b63d59cb76162ddfe39d03f3bf8bc6d2dd 17e49df09dd14c40d50c5e4693c448e99cfee8ee79aa5a9c5bd2be5be3105562 Loading...

	ip170.ip-51-89-105.eu/sandbox%20eval%20code		148 B	2023-05-05	2025-05-15
Pretty URL ip170.ip-51-89-105.eu/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 22:57 Last Seen2025-05-15 01:11 Times Seen12719 Hash f019f144761e15f741f6ab1e4cf566a5 1c73bccb222e44ae4633750eda7c357460a81a03 4cacaf0fd3e370c4840c87c79f923f1ffb69ff7ce5d8172390783c8f83861d62 Loading...

	ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667	ScriptElement	1.0 kB	2023-11-05	2025-01-24
Pretty URL ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667 IP 51.89.105.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-05 14:46 Last Seen2025-01-24 14:37 Times Seen3 Hash 325de5c08e36b35566ebc4f342e9095b d9faa89c68f7916f8b9574fbf87fc7e3d34de89e 378cf78d43a4f568889fb64360a0b2528c9edd135bf1b33f277f16cd64af826e Loading...

	www.iolam.it/js/iam2.0.js?ns=libero/web/webmail/login/1.1	ScriptElement	141 kB	2023-11-21	2023-11-21
Pretty URL www.iolam.it/js/iam2.0.js?ns=libero/web/webmail/login/1.1 IP 213.209.30.161 ASN #8660 Italiaonline S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-21 03:43 Last Seen2023-11-21 03:43 Times Seen1 Hash db3dc092a3c0d5eb454459364128f483 3e89fe9caf87fb9193187c4668c96d1e50469088 bab579eb63de66ef6e1da663a09365752e647b34edbaf15a65ef8477817b55a2 Loading...

	fundingchoicesmessages.google.com/i/pub-2033535132705533?ers=1	ScriptElement	23 kB	2023-11-17	2023-11-28
Pretty URL fundingchoicesmessages.google.com/i/pub-2033535132705533?ers=1 IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-17 01:25 Last Seen2023-11-28 05:42 Times Seen18 Hash 59a166b210b6265b9419c437f00c55a4 a4228cd6b4eab2f6db83dacc9750b600cf7669e9 3c4c65c0c6c57bc982205df9f5d5f2959e6049396d5f0cd90f19a2f9ddb74013 Loading...

	ip170.ip-51-89-105.eu/js/zlIY73HV9ZcD.js	ScriptElement	5.9 kB	2023-03-13	2023-11-21
Pretty URL ip170.ip-51-89-105.eu/js/zlIY73HV9ZcD.js IP 51.89.105.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:27 Last Seen2023-11-21 03:43 Times Seen2 Hash a74c4931e8922eb02ded30aa554978a9 70a7aed0372bf2e164f9d487e240c30e23c53a2d ba622f81f692dd7f4b54e5379346086874eff141a501881982c5a5b3b2370df8 Loading...

	ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667	ScriptElement	186 B	2023-03-13	2024-08-20
Pretty URL ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667 IP 51.89.105.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 03:27 Last Seen2024-08-20 20:48 Times Seen2 Hash de5cf85f6f861c3f8deed3143bf20c76 85af64ee373ec6c0519f4a1facc9cbd2aa24df4f ad7d05d92d845b15c9faac8e59fd4180e77fdf0b44b2bc2aa44f43023fcb5b2e Loading...

	ip170.ip-51-89-105.eu/sandbox%20eval%20code		136 B	2023-04-11	2025-05-15
Pretty URL ip170.ip-51-89-105.eu/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:23 Last Seen2025-05-15 02:06 Times Seen41802 Hash fb4eb094524daea58bf7f82331598541 f5ca39eb98fa1685f8647514a627d3d7f216f7ef 7cbf1e77bb9277bac7030ded2087246adf5c59564a5a1f28ce8c09be6ef48683 Loading...

	unknown	ScriptElement	463 B	2023-03-13	2025-05-13
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:27 Last Seen2025-05-13 14:11 Times Seen32 Hash 30b3a494c195705f263104e4573db80a 212246456fe1d0e0c5d8a77865fba811ed030600 8c7639bc05cfddc376dce0697e6146e0b9a91e28880f07439a07ebbf144799a6 Loading...

	ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667	ScriptElement	5.2 kB	2023-03-13	2025-04-07
Pretty URL ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667 IP 51.89.105.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 03:27 Last Seen2025-04-07 06:28 Times Seen11 Hash 959abb79742aa4201ab1bef56c940c04 db9c59cea2cf86b8241be0a75e157abc6999ef0a e302574de27422eb8c0076627db3934cc565675d00d8182151fc48af31ed9e9b Loading...

	ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667	ScriptElement	5.1 kB	2023-03-13	2025-01-24
Pretty URL ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667 IP 51.89.105.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 03:27 Last Seen2025-01-24 14:37 Times Seen3 Hash 342e325c0b3c8ffb3c1426839579c179 da71e1d36456126b588b26457b3346ebbbcbf38b 384b6308c397dc6c4ef9b538e9b73fcc27afed86c9150782591fd9f413a95c7e Loading...

	rumcdn.geoedge.be/grumi-ip.js	ScriptElement	16 kB	2023-10-01	2023-12-09
Pretty URL rumcdn.geoedge.be/grumi-ip.js IP 54.230.111.4 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-01 21:49 Last Seen2023-12-09 17:56 Times Seen108 Hash 4c4f4bf824d2aa120a5e0b665b4c9828 755309710c76c46798a0675970e429e23b299447 ccf7b12ecc8e9e8ffdde253ba24560e0b8742463ad4868c7659fc90968ffcb3a Loading...

	ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667	ScriptElement	51 B	2023-03-13	2025-04-07
Pretty URL ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667 IP 51.89.105.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 03:27 Last Seen2025-04-07 06:28 Times Seen12 Hash d5cb7303af37fe303badb0c2cf25ccce 52f45e437b12ff7620841adcbbe26ef1a13539c1 b000c76bae95a368a8044ddbfa674d5ef80f053ee844ffa0d07a398aec46312d Loading...

	unknown	ScriptElement	429 B	2023-03-07	2025-05-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:02 Last Seen2025-05-15 02:33 Times Seen2419 Hash eafaa0be830db11da3770638100b686f db325dc427493ed0c2988ef229573b7093425466 96adbda6f380d09bfd780e4143e165a48037b43421d3964980a4343aedc644ab Loading...

	ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667	ScriptElement	6.1 kB	2023-11-05	2024-08-20
Pretty URL ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667 IP 51.89.105.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-05 01:12 Last Seen2024-08-20 20:52 Times Seen6 Hash a2a17701b7141f2483f9d3087ff25062 cafa94b39f384f370d347525f01a5e4ca9737e0d 3b49f1c398b27e90a1a2452efe4080f0717648a2a6c10c98b4fc4d5ad5c039ae Loading...

	ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667	ScriptElement	1.2 kB	2023-03-13	2025-04-07
Pretty URL ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667 IP 51.89.105.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 03:27 Last Seen2025-04-07 06:28 Times Seen11 Hash fcb6987ec5ecf16106c314e97fd5049c 7b21804e5534cb5801da9335b7c1afc89b272f34 de16f701a4a5791d36a8d06a0d26a8db3d3c253f08b4ee3fbce5b14045e84e01 Loading...

	ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667	ScriptElement	233 B	2023-11-05	2024-08-20
Pretty URL ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667 IP 51.89.105.170 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-05 14:46 Last Seen2024-08-20 20:48 Times Seen2 Hash 8dcd0fe1c3d6da59f5c5df92a992fb88 eeee4a21a3470d0260dd4c9dfdd5ba61c59ec309 e3f8d3e6864a8877f141a341018011a777d1ee918a0e2cd4ea3810cc05625df7 Loading...

	securepubads.g.doubleclick.net/tag/js/gpt.js	ScriptElement	13 kB	2023-04-05	2025-05-15
Pretty URL securepubads.g.doubleclick.net/tag/js/gpt.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 04:46 Last Seen2025-05-15 02:06 Times Seen39616 Hash 0c9ed134ae3d5ffe972da2a3e59dc428 620df222551395592e46e4c5f425cf23dcdad891 5f9efa604bfe2aee8c1a90376125a098306ba390530a6f9b2ecb0a67cdac178d Loading...

	i.plug.it/iplug/js/lib/iol/analytics/ads/banners/_adv.js?_t=1700534574191	ScriptElement	25 B	2023-03-13	2025-05-13
Pretty URL i.plug.it/iplug/js/lib/iol/analytics/ads/banners/_adv.js?_t=1700534574191 IP 143.204.55.72 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:27 Last Seen2025-05-13 14:11 Times Seen32 Hash 71cf8419f164dc0a17189bd5ca53bb40 59e4285963c836eee0fa20b8d2b08cf45c846af9 0718476f9aeec1cbd746c569d6768a28c021163de52ceb5c7d89005484f16b8e Loading...

		Size	First Seen	Last Seen
	#1 Eval - b8b7ebf132441780de23267832b794cc	40 B	2023-11-05 14:46	2025-04-30 12:17
Pretty Observations First Seen2023-11-05 14:46 Last Seen2025-04-30 12:17 Times Seen12 Hash b8b7ebf132441780de23267832b794cc 54e10de4752698a854a7008de8ff03fdbcf26aa7 96cc8a2a95c731d340f5c6db2b9b069bcb86d6cd840aecf1825a79267e309b46 Loading...

	#2 Eval - ae3ab6259b502a9de58e6fd2b81914d9	56 B	2023-03-13 03:27	2025-04-07 06:28
Pretty Observations First Seen2023-03-13 03:27 Last Seen2025-04-07 06:28 Times Seen6 Hash ae3ab6259b502a9de58e6fd2b81914d9 aa7281a14b0517a90d1f8d7a44c7c70dcbaba993 676004089a2295cc88da3cb6509d38c174e9d190996b04209565c50236aa46b0 Loading...

	#3 Eval - eb94fd12c1f18b0e96638c8aacf22076	25 B	2023-11-05 14:46	2025-04-30 12:17
Pretty Observations First Seen2023-11-05 14:46 Last Seen2025-04-30 12:17 Times Seen20 Hash eb94fd12c1f18b0e96638c8aacf22076 5ff085daaeb6fde30c70cedb4296e7ea7f2c1474 e8fd06611d688290a216d5308e227bc5eb3ea9bdfb9af9158714895e68fb6cf0 Loading...

	#4 Eval - 31984b6775595498a4bc511fc26d7a90	40 B	2023-11-05 14:46	2025-04-30 12:17
Pretty Observations First Seen2023-11-05 14:46 Last Seen2025-04-30 12:17 Times Seen12 Hash 31984b6775595498a4bc511fc26d7a90 304d357d25ecb4aa29d746246295fcb24c8f4ee3 cd3bb40eb5b7db78afea90d0d06efc375b00664e4189cb5f70032a65a86c0e39 Loading...

		Size	First Seen	Last Seen
	#1 Write - 53943bfd4878e66da9050da3663c5aa5	138 B	2024-08-20 18:33	2024-08-20 18:33
Pretty Observations First Seen2024-08-20 18:33 Last Seen2024-08-20 18:33 Times Seen1 Hash 53943bfd4878e66da9050da3663c5aa5 078299f0505f8ef251a908ee2641abca0435ecba 1eb63d5973ef66e7f938d6009c893133770b4157c580f1049f49986d267e1780 Loading...

	#2 Write - 536cf551a47ec98ad869da0139ef6973	511 B	2023-03-13 03:27	2025-05-13 14:11
Pretty Observations First Seen2023-03-13 03:27 Last Seen2025-05-13 14:11 Times Seen32 Hash 536cf551a47ec98ad869da0139ef6973 754e3c0784748717443e0511daa56ff609b79508 a3fbf85bb0234d1d55f46ac568d18ecfef3711ccd4e045e6e9de70d6778d915a Loading...

HTTP Transactions (20)

URL IP Response Size

ip170.ip-51-89-105.eu/

51.89.105.170

29 kB

URL User Request GET
ip170.ip-51-89-105.eu/
IP
51.89.105.170:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5180), with CRLF line terminators
Size
29 kB (29364 bytes)
Hash
e6a9196a39316696aa8c7e09ead4a9bc
c07d7c54e14d448f6de07e4f47000bacb07db3a0
21d7579b5b7d351e245b32baa71866d1a494f0da53c81c45e6e2c70fd4a7c357

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Libero

HTTP Headers

GET / HTTP/1.1
Host: ip170.ip-51-89-105.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 21 Nov 2023 02:42:51 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ip170.ip-51-89-105.eu/js/zlIY73HV9ZcD.js

51.89.105.170

200 OK

5.9 kB

URL GET HTTP/1.1
ip170.ip-51-89-105.eu/js/zlIY73HV9ZcD.js
IP
51.89.105.170:80
ASN
#16276 OVH SAS

Requested by
http://ip170.ip-51-89-105.eu/

File type
ASCII text
Size
5.9 kB (5930 bytes)
Hash
a74c4931e8922eb02ded30aa554978a9
70a7aed0372bf2e164f9d487e240c30e23c53a2d
ba622f81f692dd7f4b54e5379346086874eff141a501881982c5a5b3b2370df8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Libero

HTTP Headers

GET /js/zlIY73HV9ZcD.js HTTP/1.1
Host: ip170.ip-51-89-105.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 21 Nov 2023 02:42:51 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 10:52:22 GMT
Accept-Ranges: bytes
Content-Length: 5930
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

www.iolam.it/js/iam2.0.js?ns=libero/web/webmail/login/1.1

213.209.30.161

200 OK

210 B

URL GET HTTP/2
www.iolam.it/js/iam2.0.js?ns=libero/web/webmail/login/1.1
IP
213.209.30.161:443
ASN
#8660 Italiaonline S.p.A.

Requested by
http://ip170.ip-51-89-105.eu/
Certificate
IssuerSectigo Limited
Subjectwww.iolam.it
FingerprintA5:E9:20:AE:57:1F:C9:1B:75:65:95:B5:97:7B:CA:29:60:9C:05:A9
ValidityMon, 09 Jan 2023 00:00:00 GMT - Sat, 03 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
210 B (210 bytes)
Hash
2a8493a54137dc4532d7392911cd4f61
f667738299a487ad82cf3027fcbe92ef2a12c0cc
606315b40c15180b8b9d101016f918871acaf49378a95cefc759169a1830c0d7

HTTP Headers

GET /js/iam2.0.js?ns=libero/web/webmail/login/1.1 HTTP/1.1
Host: www.iolam.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Tue, 21 Nov 2023 02:42:51 GMT
Server: Apache
Content-Length: 210
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

ip170.ip-51-89-105.eu/js/0sBN1QtxZSRY.js

51.89.105.170

200 OK

46 kB

URL GET HTTP/1.1
ip170.ip-51-89-105.eu/js/0sBN1QtxZSRY.js
IP
51.89.105.170:80
ASN
#16276 OVH SAS

Requested by
http://ip170.ip-51-89-105.eu/

File type
ASCII text, with very long lines (32029)
Size
46 kB (46107 bytes)
Hash
10fd38d35c7d0ffd25b63da5cb552fdb
999634b63d59cb76162ddfe39d03f3bf8bc6d2dd
17e49df09dd14c40d50c5e4693c448e99cfee8ee79aa5a9c5bd2be5be3105562

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Libero

HTTP Headers

GET /js/0sBN1QtxZSRY.js HTTP/1.1
Host: ip170.ip-51-89-105.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 21 Nov 2023 02:42:51 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 10:52:19 GMT
Accept-Ranges: bytes
Content-Length: 46107
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

ip170.ip-51-89-105.eu/fonts/wpJ0jqagdDSx.svg

51.89.105.170

200 OK

4.8 kB

URL GET HTTP/1.1
ip170.ip-51-89-105.eu/fonts/wpJ0jqagdDSx.svg
IP
51.89.105.170:80
ASN
#16276 OVH SAS

Requested by
http://ip170.ip-51-89-105.eu/

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (4827), with no line terminators
Size
4.8 kB (4827 bytes)
Hash
d22db58fef29f1762d01762c332f01bd
886710819c12dc8cf160a55646c955119fb6b2a6
54ea3b729d9ff4a499d3bf59b0497606ceb27b7100c60d74d28467224f3983f9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Libero

HTTP Headers

GET /fonts/wpJ0jqagdDSx.svg HTTP/1.1
Host: ip170.ip-51-89-105.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 21 Nov 2023 02:42:51 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 10:52:18 GMT
Accept-Ranges: bytes
Content-Length: 4827
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

ip170.ip-51-89-105.eu/images/1WVfw4Yw8xor.png

51.89.105.170

200 OK

1.2 kB

URL GET HTTP/1.1
ip170.ip-51-89-105.eu/images/1WVfw4Yw8xor.png
IP
51.89.105.170:80
ASN
#16276 OVH SAS

Requested by
http://ip170.ip-51-89-105.eu/

File type
PNG image data, 68 x 20, 8-bit colormap, non-interlaced\012- data
Size
1.2 kB (1154 bytes)
Hash
9a60dbd6e77cf0cec47a9dd6205dad98
b83e1607441db0704dcbf503f9fbf82f48801869
8239d985179b5598a3b76db41bbd8842530e4e37e82665dc6449ed97b20c6227

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Libero

HTTP Headers

GET /images/1WVfw4Yw8xor.png HTTP/1.1
Host: ip170.ip-51-89-105.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 21 Nov 2023 02:42:51 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 10:52:19 GMT
Accept-Ranges: bytes
Content-Length: 1154
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

www.iolam.it/js/iam2.0.js?ns=libero/web/webmail/login/1.1

213.209.30.161

200 OK

32 kB

URL GET HTTP/2
www.iolam.it/js/iam2.0.js?ns=libero/web/webmail/login/1.1
IP
213.209.30.161:443
ASN
#8660 Italiaonline S.p.A.

Requested by
http://ip170.ip-51-89-105.eu/
Certificate
IssuerSectigo Limited
Subjectwww.iolam.it
FingerprintA5:E9:20:AE:57:1F:C9:1B:75:65:95:B5:97:7B:CA:29:60:9C:05:A9
ValidityMon, 09 Jan 2023 00:00:00 GMT - Sat, 03 Feb 2024 23:59:59 GMT

File type
C source, ASCII text, with very long lines (65507)
Size
32 kB (31766 bytes)
Hash
db3dc092a3c0d5eb454459364128f483
3e89fe9caf87fb9193187c4668c96d1e50469088
bab579eb63de66ef6e1da663a09365752e647b34edbaf15a65ef8477817b55a2

HTTP Headers

GET /js/iam2.0.js?ns=libero/web/webmail/login/1.1 HTTP/1.1
Host: www.iolam.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 21 Nov 2023 02:42:51 GMT
server: Apache
strict-transport-security: max-age=63072000;
accept-ranges: bytes
cache-control: max-age=86400
expires: Wed, 22 Nov 2023 02:42:51 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 31766
content-type: application/javascript
X-Firefox-Spdy: h2

www.iolam.it/js/prebid.js

213.209.30.161

200 OK

154 kB

URL GET HTTP/1.1
www.iolam.it/js/prebid.js
IP
213.209.30.161:80
ASN
#8660 Italiaonline S.p.A.

Requested by
http://ip170.ip-51-89-105.eu/

File type
ASCII text, with very long lines (64693)
Size
154 kB (153608 bytes)
Hash
986c761ce904004ac8ad4a556375b68e
df1e90ac7fbe2c8f2e800e0db30b42c68afdaafc
bf04cc3daa882029d0bec76c3444dda192ce1779eb69642ca66440c72c5cc31f

HTTP Headers

GET /js/prebid.js HTTP/1.1
Host: www.iolam.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 21 Nov 2023 02:42:51 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Wed, 22 Nov 2023 02:42:51 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: application/javascript

fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap

142.250.74.106

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://ip170.ip-51-89-105.eu/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
1.2 kB (1166 bytes)
Hash
5f110245564b6b1ca13856e6352fcb8f
f1c62416ce9339798d62d2cda85b6b3aea0e1801
daa6a85c3d4a4138ecd1cbed69844acbc379b9657ce82a74810a33c8f96adb86

HTTP Headers

GET /css2?family=Roboto:wght@300;400;500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://i1.plug.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 21 Nov 2023 02:42:52 GMT
date: Tue, 21 Nov 2023 02:42:52 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://ip170.ip-51-89-105.eu/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ip170.ip-51-89-105.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Nov 2023 04:57:34 GMT
expires: Fri, 15 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 423918
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://ip170.ip-51-89-105.eu/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ip170.ip-51-89-105.eu
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Nov 2023 17:28:13 GMT
expires: Fri, 15 Nov 2024 17:28:13 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 378879
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

rumcdn.geoedge.be/grumi-ip.js

54.230.111.4

200 OK

6.1 kB

URL GET HTTP/1.1
rumcdn.geoedge.be/grumi-ip.js
IP
54.230.111.4:80
ASN
#16509 AMAZON-02

Requested by
http://ip170.ip-51-89-105.eu/

File type
HTML document, ASCII text, with very long lines (15451), with no line terminators
Size
6.1 kB (6132 bytes)
Hash
4c4f4bf824d2aa120a5e0b665b4c9828
755309710c76c46798a0675970e429e23b299447
ccf7b12ecc8e9e8ffdde253ba24560e0b8742463ad4868c7659fc90968ffcb3a

HTTP Headers

GET /grumi-ip.js HTTP/1.1
Host: rumcdn.geoedge.be
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 21 Nov 2023 02:34:06 GMT
Last-Modified: Sat, 30 Sep 2023 14:56:14 GMT
ETag: W/"4c4f4bf824d2aa120a5e0b665b4c9828"
x-amz-server-side-encryption: AES256
Cache-Control: public, max-age=14400, stale-while-revalidate=14400, immutable
x-amz-version-id: UsDbhp3DKJzQFkiO2rZfweKkBkl0vF1S
Server: AmazonS3
Content-Encoding: gzip
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dqiieUsvAYySX2h4Nmmf-P3s5UOgZUx5UJzhzoJt2QOmj2PrvOXGKA==
Age: 527
Vary: Accept-Encoding, Origin

i.plug.it/iplug/js/lib/iol/analytics/ads/banners/_adv.js?_t=1700534574191

143.204.55.72

200 OK

45 B

URL GET HTTP/1.1
i.plug.it/iplug/js/lib/iol/analytics/ads/banners/_adv.js?_t=1700534574191
IP
143.204.55.72:80
ASN
#16509 AMAZON-02

Requested by
http://ip170.ip-51-89-105.eu/

File type
ASCII text, with no line terminators
Size
45 B (45 bytes)
Hash
71cf8419f164dc0a17189bd5ca53bb40
59e4285963c836eee0fa20b8d2b08cf45c846af9
0718476f9aeec1cbd746c569d6768a28c021163de52ceb5c7d89005484f16b8e

HTTP Headers

GET /iplug/js/lib/iol/analytics/ads/banners/_adv.js?_t=1700534574191 HTTP/1.1
Host: i.plug.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Tue, 21 Nov 2023 02:42:52 GMT
Access-Control-Allow-Methods: GET, POST, HEAD, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1200
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Pd3SkQg5T9yTmwi9c8jn1G77XGAANb9WvgiUQOLFsPOnsrKgFP7lhw==

italiaonline01.wt-eu02.net/215973748390194/wt?p=433,libero.web.messaging.smart.login.step1,1,1280x1024,24,1,1700534574117,0,1280x1024,0&pu=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.4320331638110667&la=en&tz=0&cg1=libero&cg2=web&cg3=messaging&cg4=smart&cg5=login&cg6=step1&cg7=libero.web.messaging.smart.login.step1&cp1=no-referrer&cp2=no-referrer&cp4=no-refresh&cp7=utf-8&cp9=1.4.04&cp10=20220927140300&cp11=Libero%20Mail%20-%20login&cp12=web&cp24=email&cp25=http%3A&cp26=ip170.ip-51-89-105.eu&cp47=&cp103=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.4320331638110667

185.54.150.20

200

43 B

URL GET HTTP/1.1
italiaonline01.wt-eu02.net/215973748390194/wt?p=433,libero.web.messaging.smart.login.step1,1,1280x1024,24,1,1700534574117,0,1280x1024,0&pu=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.4320331638110667&la=en&tz=0&cg1=libero&cg2=web&cg3=messaging&cg4=smart&cg5=login&cg6=step1&cg7=libero.web.messaging.smart.login.step1&cp1=no-referrer&cp2=no-referrer&cp4=no-refresh&cp7=utf-8&cp9=1.4.04&cp10=20220927140300&cp11=Libero%20Mail%20-%20login&cp12=web&cp24=email&cp25=http%3A&cp26=ip170.ip-51-89-105.eu&cp47=&cp103=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.4320331638110667
IP
185.54.150.20:443
ASN
#60164 Webtrekk GmbH

Requested by
http://ip170.ip-51-89-105.eu/
Certificate
IssuerSectigo Limited
Subject*.wt-eu02.net
Fingerprint92:9A:6C:25:26:F6:C2:BA:56:0A:8B:D4:47:43:79:30:51:2D:91:7A
ValidityFri, 13 Jan 2023 00:00:00 GMT - Tue, 13 Feb 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /215973748390194/wt?p=433,libero.web.messaging.smart.login.step1,1,1280x1024,24,1,1700534574117,0,1280x1024,0&pu=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.4320331638110667&la=en&tz=0&cg1=libero&cg2=web&cg3=messaging&cg4=smart&cg5=login&cg6=step1&cg7=libero.web.messaging.smart.login.step1&cp1=no-referrer&cp2=no-referrer&cp4=no-refresh&cp7=utf-8&cp9=1.4.04&cp10=20220927140300&cp11=Libero%20Mail%20-%20login&cp12=web&cp24=email&cp25=http%3A&cp26=ip170.ip-51-89-105.eu&cp47=&cp103=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.4320331638110667 HTTP/1.1
Host: italiaonline01.wt-eu02.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Set-Cookie: wteid_215973748390194=4170053457200561432; Max-Age=15552000; Expires=Sun, 19 May 2024 02:42:52 GMT; Secure; SameSite=None
wtsid_215973748390194=1; Secure; SameSite=None
wt_nbg_Q3=!cJZdtnRYk9R+I9k8AP7SORvNY+Kz1PcOpTpvjeYaAENWrq5w9JxJPad2/xAL8lGC2JD1vn6oU+obFw==; path=/; Httponly; Secure; SameSite=None
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Tue, 21 Nov 2023 02:42:52 GMT
P3P: policyref="https://q3.webtrekk.net/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT"
X-Robots-Tag: noindex, nofollow, noarchive
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Date: Tue, 21 Nov 2023 02:42:52 GMT
Keep-Alive: timeout=30
Connection: keep-alive
Server: c20ad4d7

rumcdn.geoedge.be/4415fe16-b37d-46de-ac5c-69d63c72d5ee/grumi.js

54.230.111.4

200 OK

70 kB

URL GET HTTP/1.1
rumcdn.geoedge.be/4415fe16-b37d-46de-ac5c-69d63c72d5ee/grumi.js
IP
54.230.111.4:80
ASN
#16509 AMAZON-02

Requested by
http://ip170.ip-51-89-105.eu/

File type
ASCII text, with very long lines (65436)
Size
70 kB (70272 bytes)
Hash
8fcc551219a24e7fa6d1425a2181b4ca
126ed0113f28ff8751cf058b2e1d7591ac7dd994
ede158d96e9ee7ea0334c2e6d709d887121b6c3d0772809ed883977b720ba5c6

HTTP Headers

GET /4415fe16-b37d-46de-ac5c-69d63c72d5ee/grumi.js HTTP/1.1
Host: rumcdn.geoedge.be
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Tue, 21 Nov 2023 02:34:20 GMT
Last-Modified: Tue, 21 Nov 2023 01:54:30 GMT
ETag: W/"8fcc551219a24e7fa6d1425a2181b4ca"
x-amz-server-side-encryption: AES256
Cache-Control: public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
x-amz-version-id: LXhtrFGLSSiT1W3HT7kcWYWRLaTCrqqj
Server: AmazonS3
Content-Encoding: gzip
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 491Gpem2aOhlhPTKS5tzjlW9FbyVwbaqj12mIZJqOeiX8sdWhnnomA==
Age: 512
Vary: Accept-Encoding, Origin

ip170.ip-51-89-105.eu/0tTymf1AqEtS.ico

51.89.105.170

200 OK

1.2 kB

URL GET HTTP/1.1
ip170.ip-51-89-105.eu/0tTymf1AqEtS.ico
IP
51.89.105.170:80
ASN
#16276 OVH SAS

Requested by
http://ip170.ip-51-89-105.eu/

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
c7343b24a765be9d966a0b3b865b86b0
5d82987600804c6d1b5ec6dc8e20f37b85d0beca
fba1ebd847c9826cd1bb0482cb11ba739012cd4b4003af92ab28b8b559a8e8de

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Libero

HTTP Headers

GET /0tTymf1AqEtS.ico HTTP/1.1
Host: ip170.ip-51-89-105.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 21 Nov 2023 02:42:52 GMT
Server: Apache
Last-Modified: Mon, 14 Nov 2022 10:52:18 GMT
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/x-icon

fundingchoicesmessages.google.com/i/pub-2033535132705533?ers=1

216.58.211.14

200 OK

9.4 kB

URL GET HTTP/2
fundingchoicesmessages.google.com/i/pub-2033535132705533?ers=1
IP
216.58.211.14:443
ASN
#15169 GOOGLE

Requested by
http://ip170.ip-51-89-105.eu/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
gzip compressed data, max compression\012- data
Size
9.4 kB (9421 bytes)
Hash
1af629bcf2282fd8f6d50fc4c9824a9d
e030cfb607234a63ebb65380aa92229d799a0551
ea89f37041ad621cf283a7fb8188e111e3f8421d5b4c7302b1acd80c489f8539

HTTP Headers

GET /i/pub-2033535132705533?ers=1 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 21 Nov 2023 02:42:52 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-136L_4pDDouucMtv9pBfmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667

51.89.105.170

29 kB

URL
ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667
IP
51.89.105.170:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5180), with CRLF line terminators
Size
29 kB (29364 bytes)
Hash
e6a9196a39316696aa8c7e09ead4a9bc
c07d7c54e14d448f6de07e4f47000bacb07db3a0
21d7579b5b7d351e245b32baa71866d1a494f0da53c81c45e6e2c70fd4a7c357

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Libero

HTTP Headers

GET /?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.4320331638110667 HTTP/1.1
Host: ip170.ip-51-89-105.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 21 Nov 2023 02:43:05 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

i1.plug.it/mail/login/2020/libero/img/logo.svg

143.204.55.63

200 OK

4.8 kB

URL GET HTTP/2
i1.plug.it/mail/login/2020/libero/img/logo.svg
IP
143.204.55.63:443
ASN
#16509 AMAZON-02

Requested by
http://ip170.ip-51-89-105.eu/
Certificate
IssuerSectigo Limited
Subject*.plug.it
FingerprintAB:A5:B9:1D:85:77:25:A6:B0:F7:0F:CD:25:1E:DE:60:BC:A1:66:CE
ValidityMon, 05 Dec 2022 00:00:00 GMT - Fri, 05 Jan 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (4913), with no line terminators
Size
4.8 kB (4827 bytes)
Hash
24b7dd916d7a8d15825ef0ac5ffbb064
f414ae6a4bd2c4348b4458357ac5a2b959b07512
01358108084f70dee5826fcf2c3e6a456c4023efdfc26f736ca78c8e40842505

HTTP Headers

GET /mail/login/2020/libero/img/logo.svg HTTP/1.1
Host: i1.plug.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://i1.plug.it/mail/login/2020/libero/css/style.css?01022022
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
server: nginx
last-modified: Mon, 28 Jun 2021 12:10:08 GMT
content-encoding: gzip
date: Mon, 20 Nov 2023 06:11:57 GMT
cache-control: public, max-age=86400
etag: W/"60d9bc20-12db"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: l62dmw3uBltWMeupAjkvmQbSSTIaTac-DdsGDvNzjeCzpCSL8KEHuw==
age: 73855
X-Firefox-Spdy: h2

i1.plug.it/mail/login/2020/libero/css/style.css?01022022

143.204.55.63

200 OK

26 kB

URL GET HTTP/2
i1.plug.it/mail/login/2020/libero/css/style.css?01022022
IP
143.204.55.63:443
ASN
#16509 AMAZON-02

Requested by
http://ip170.ip-51-89-105.eu/
Certificate
IssuerSectigo Limited
Subject*.plug.it
FingerprintAB:A5:B9:1D:85:77:25:A6:B0:F7:0F:CD:25:1E:DE:60:BC:A1:66:CE
ValidityMon, 05 Dec 2022 00:00:00 GMT - Fri, 05 Jan 2024 23:59:59 GMT

File type
ASCII text
Size
26 kB (26204 bytes)
Hash
856b9eec63979d52eae32d42d0a5f600
932f1834ff3d667caec087517a9b4225940d275f
eb97f750d5607e2544524de92d09cf088fee2d4484d14eeb16184448100df690

HTTP Headers

GET /mail/login/2020/libero/css/style.css?01022022 HTTP/1.1
Host: i1.plug.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://ip170.ip-51-89-105.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
server: nginx
date: Tue, 21 Nov 2023 02:42:17 GMT
cache-control: public, max-age=86400
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zFaHOGaaGLupOfTHKjYAVEPAERHmCRC9Wbk109kSWjqexQfim4kQoQ==
age: 34
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash