Overview

URL https://goo.gl/Bj3eii
IP216.58.211.142
ASNAS15169 Google Inc.
Location United States
Report completed2017-12-11 18:58:55 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-12-11 19:05:03 CET 1  109.95.158.1 Client IP ET CURRENT_EVENTS Revalidation Phish Landing Nov 13 2015


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-12-11 2 omeda.pl/proktologia/images/bann/t6/index.htm Phishing
2017-12-11 2 goo.gl/Bj3eii Phishing
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 216.58.211.142

Date UQ / IDS / BL URL IP
2018-07-12 18:17:52 +0200
0 - 0 - 0 youtube-ui.l.google.com 216.58.211.142
2018-07-06 22:44:42 +0200
0 - 0 - 0 www.youtube.com/v/offEC8Hvf34 216.58.211.142
2018-06-30 05:26:09 +0200
0 - 0 - 0 https://www.youtube.com/channel/UCZmUseFsqPZG (...) 216.58.211.142
2018-06-29 10:11:21 +0200
0 - 0 - 0 https://www.youtube.com/channel/UCFVFZ-LzA057 (...) 216.58.211.142
2018-06-25 08:36:12 +0200
0 - 0 - 0 https://www.youtube.com/api/stats/qoe?event=s (...) 216.58.211.142
2018-06-22 11:47:02 +0200
0 - 0 - 0 android.clients.google.com 216.58.211.142
2018-06-11 15:03:25 +0200
0 - 0 - 0 https://www.youtube.com/api/stats/qoe?event=s (...) 216.58.211.142
2018-06-06 16:37:40 +0200
0 - 0 - 0 https://www.youtube.com 216.58.211.142
2018-05-30 02:19:44 +0200
0 - 0 - 0 www.youtube.com/watch?v=5VEiKEGgUTo 216.58.211.142
2018-05-17 14:55:26 +0200
0 - 0 - 0 https://www.youtube.com/channel/UClwBdeUDTHoq (...) 216.58.211.142

Last 10 reports on ASN: AS15169 Google Inc.

Date UQ / IDS / BL URL IP
2018-07-21 05:43:29 +0200
0 - 0 - 0 https://www.youtube.com/user/MrJimmyPenguin 216.58.209.142
2018-07-21 04:57:12 +0200
0 - 0 - 0 https://microsoft65outlookwebapp.ucraft.me/ 216.58.207.243
2018-07-21 04:07:17 +0200
0 - 0 - 0 https://sites.google.com/site/movieandtvserie (...) 216.58.211.14
2018-07-21 02:09:16 +0200
0 - 0 - 0 https://www.evite.com/_ct/9ae6ff61e540b0283ba (...) 216.58.207.243
2018-07-21 02:02:10 +0200
0 - 0 - 0 drive.google.com/open?id=1rHbGNjOvZHgHyGI6EoG (...) 216.58.211.14
2018-07-21 01:42:52 +0200
0 - 0 - 0 https://goo.gl/mvvNMc 216.58.207.238
2018-07-21 01:37:31 +0200
0 - 0 - 0 https://www.google.com/aclk?sa=L&ai=DChcSEwjX (...) 216.58.211.4
2018-07-21 01:07:31 +0200
0 - 0 - 0 https://goo.gl/rqi4pZ 216.58.207.238
2018-07-21 01:05:54 +0200
0 - 0 - 0 topicred.blogspot.com/2018/07/fight-glory-55- (...) 216.58.211.1
2018-07-21 00:47:22 +0200
0 - 0 - 0 topicred.blogspot.com/2018/07/freetvglory-55- (...) 216.58.211.1

Last 10 reports on domain: goo.gl

Date UQ / IDS / BL URL IP
2018-07-21 01:42:52 +0200
0 - 0 - 0 https://goo.gl/mvvNMc 216.58.207.238
2018-07-21 01:07:31 +0200
0 - 0 - 0 https://goo.gl/rqi4pZ 216.58.207.238
2018-07-20 19:04:22 +0200
0 - 0 - 0 https://goo.gl/T5DXQA 216.58.211.14
2018-07-20 18:35:56 +0200
0 - 0 - 0 https://goo.gl/xuH3nJ 216.58.207.238
2018-07-20 17:36:25 +0200
0 - 0 - 0 https://goo.gl/6hh8vR 216.58.207.238
2018-07-20 17:18:34 +0200
0 - 0 - 0 https://goo.gl/forms/A1n132ysIvpQ2%20y6z2 216.58.207.238
2018-07-20 16:48:35 +0200
0 - 0 - 0 https://goo.gl/bqap6D 216.58.207.238
2018-07-20 16:37:06 +0200
0 - 0 - 26 https://goo.gl/zeBAQo 216.58.211.14
2018-07-20 16:10:03 +0200
0 - 0 - 0 https://goo.gl/DZDbtZ 216.58.211.14
2018-07-20 15:38:01 +0200
0 - 0 - 0 https://goo.gl/rozkvZ 216.58.211.14


JavaScript

Executed Scripts (1)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (7)


Request Response
                                        
                                            POST /ocsp HTTP/1.1 
Host: clients1.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 11 Dec 2017 18:04:59 GMT
Cache-Control: public, max-age=345600
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    75072b9b67d9ee05ca50efc3330b4a2f
Sha1:   d7414cb228f722c4d918e3c734b1c8f52250363e
Sha256: 9b4c3e4fbd0f383c132664309e1337ac9ee84837fdfadb348d11326e7da4ed08
                                        
                                            POST / HTTP/1.1 
Host: g.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.43.139.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.10.2
Content-Length: 1391
Content-Transfer-Encoding: binary
Cache-Control: max-age=318000, public, no-transform, must-revalidate
Last-Modified: Fri, 8 Dec 2017 10:20:28 GMT
Expires: Fri, 15 Dec 2017 10:20:28 GMT
Date: Mon, 11 Dec 2017 18:04:59 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1391
Md5:    e9ddb1c95be289655ae271a4b166773a
Sha1:   db72f0514cae142accb8f88cb65e02fd1e872151
Sha256: 7791d62c0ddaa8d7bbb9633ba6aeb461dbeeed5907b8317b5b839a69e55b2998
                                        
                                            GET /proktologia/images/bann/t6/index.htm HTTP/1.1 
Host: omeda.pl
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         109.95.158.1
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Etag: "168e-5a292b0a-81b05c28886dbe03"
Last-Modified: Thu, 07 Dec 2017 11:50:34 GMT
Content-Length: 2059
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Mon, 11 Dec 2017 18:04:59 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: close
Cache-Control: max-age=7200, must-revalidate


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2059
Md5:    a62922ac789da7f09c341da3667691a0
Sha1:   8ba13287b435845395cd118f0c8faf7464b70c68
Sha256: 3907ba6b8a40d6fadf8b814d4230bffc82f2bc0fad61a053b47df15a13a620c7

Alerts:
  Blacklists:
    - fortinet: Phishing
  IDS:
    - ET CURRENT_EVENTS Revalidation Phish Landing Nov 13 2015
                                        
                                            GET /proktologia/images/bann/t6/header-bg.jpg HTTP/1.1 
Host: omeda.pl
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://omeda.pl/proktologia/images/bann/t6/index.htm

                                         
                                         109.95.158.1
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Etag: "1927-58a40f05-bc1e3478f8c6afb9"
Last-Modified: Wed, 15 Feb 2017 08:19:17 GMT
Content-Length: 2307
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Mon, 11 Dec 2017 18:04:59 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: close
Cache-Control: max-age=7200, must-revalidate


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2307
Md5:    0a14a815aab7b4c94865b07986fe4b19
Sha1:   1b11ccf2bbacf84d4baaa264dcc365bc1115543f
Sha256: a4a1d9553690cc2b949fdc48787af6c9aef42c1ad83d386bc1af90d0f12b2b03
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: omeda.pl
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         109.95.158.1
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Etag: "1927-58a40f05-bc1e3478f8c6afb9"
Last-Modified: Wed, 15 Feb 2017 08:19:17 GMT
Content-Length: 2307
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Mon, 11 Dec 2017 18:04:59 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: close
Cache-Control: max-age=7200, must-revalidate


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2307
Md5:    0a14a815aab7b4c94865b07986fe4b19
Sha1:   1b11ccf2bbacf84d4baaa264dcc365bc1115543f
Sha256: a4a1d9553690cc2b949fdc48787af6c9aef42c1ad83d386bc1af90d0f12b2b03
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: omeda.pl
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
If-Modified-Since: Wed, 15 Feb 2017 08:19:17 GMT
If-None-Match: "1927-58a40f05-bc1e3478f8c6afb9"

                                         
                                         109.95.158.1
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Etag: "1927-58a40f05-bc1e3478f8c6afb9"
Last-Modified: Wed, 15 Feb 2017 08:19:17 GMT
Content-Length: 2307
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Mon, 11 Dec 2017 18:05:02 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: close
Cache-Control: max-age=7200, must-revalidate


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2307
Md5:    0a14a815aab7b4c94865b07986fe4b19
Sha1:   1b11ccf2bbacf84d4baaa264dcc365bc1115543f
Sha256: a4a1d9553690cc2b949fdc48787af6c9aef42c1ad83d386bc1af90d0f12b2b03
                                        
                                            GET /Bj3eii HTTP/1.1 
Host: goo.gl
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         216.58.211.142
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 11 Dec 2017 18:04:59 GMT
Location: http://omeda.pl/proktologia/images/bann/t6/index.htm
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
Transfer-Encoding: chunked


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Phishing