Overview

URL owl.li/fxpD30nv4ld
IP54.183.132.164
ASNAS16509 Amazon.com, Inc.
Location United States
Report completed2019-02-16 08:25:34 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-02-16 2 owl.li/fxpD30nv4ld Phishing
2019-02-16 2 ow.ly/fxpD30nv4ld Phishing
2019-02-16 2 clickmetertracking.com/cu78 Phishing
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 54.183.132.164

Date UQ / IDS / BL URL IP
2019-04-20 11:46:33 +0200
0 - 0 - 5 owl.li/gK8C30ngXwZ 54.183.132.164
2019-04-17 09:13:56 +0200
0 - 0 - 0 ow.ly/6cL030oqxI0 54.183.132.164
2019-04-17 09:12:44 +0200
0 - 0 - 3 ht.ly/Xhbv30orNnC 54.183.132.164
2019-04-15 17:36:20 +0200
0 - 0 - 0 htl.li/YYvS30oqlZ3 54.183.132.164
2019-04-04 10:02:22 +0200
0 - 0 - 1 ow.ly/FJd330nhtKc 54.183.132.164
2019-03-26 20:37:13 +0100
0 - 1 - 2 htl.li/gRzV30n2qbO 54.183.132.164
2019-03-26 11:59:47 +0100
0 - 0 - 1 htl.li/vikA30nUas9 54.183.132.164
2019-03-22 16:28:23 +0100
0 - 4 - 0 ow.ly/qn3g30o6I5T 54.183.132.164
2019-03-18 21:09:51 +0100
0 - 0 - 1 htl.li/aNcj30n67lk 54.183.132.164
2019-03-18 08:01:59 +0100
0 - 0 - 2 ow.ly/77WT30nyQmH 54.183.132.164

Last 10 reports on ASN: AS16509 Amazon.com, Inc.

Date UQ / IDS / BL URL IP
2019-04-26 12:25:40 +0200
0 - 0 - 0 https://www.spreaker.com/show/super-rugby-pre (...) 54.154.53.92
2019-04-26 11:37:00 +0200
0 - 0 - 1 ww12.bellmobility-interac.com/ 54.72.9.115
2019-04-26 11:09:33 +0200
0 - 2 - 0 file.reallusion.com/ffxpress.exe 54.245.89.38
2019-04-26 10:39:54 +0200
0 - 0 - 0 kdiuy.com 54.77.207.55
2019-04-26 10:34:58 +0200
0 - 0 - 1 gdmgtrck.com/ 52.18.60.199
2019-04-26 10:09:31 +0200
0 - 0 - 1 securessl-bizz.com/ 54.229.209.161
2019-04-26 09:43:19 +0200
0 - 0 - 6 https://securecloud-smart.com/?a=82520 54.229.150.7
2019-04-26 09:33:32 +0200
0 - 0 - 2 https://offaces-butional.com/ 52.28.12.46
2019-04-26 09:29:49 +0200
0 - 0 - 1 givechinad.com/bigshuju 54.72.9.51
2019-04-26 09:23:31 +0200
0 - 0 - 1 developmentdepartmentinc.com/sitemap.html 54.72.9.51

Last 10 reports on domain: owl.li

Date UQ / IDS / BL URL IP
2019-04-20 11:46:33 +0200
0 - 0 - 5 owl.li/gK8C30ngXwZ 54.183.132.164
2019-04-16 16:22:23 +0200
0 - 0 - 1 owl.li/8Kkt30orIxa 54.67.120.65
2019-04-12 21:51:16 +0200
0 - 0 - 1 owl.li/82yH30opmGn 54.183.131.91
2019-04-12 17:18:36 +0200
0 - 0 - 1 owl.li/ABoM30opmFX 54.183.131.91
2019-04-10 08:36:26 +0200
0 - 0 - 1 owl.li/aN5y30onGqq 54.183.131.91
2019-04-09 19:51:49 +0200
0 - 0 - 1 owl.li/km5330oniU6 54.183.130.144
2019-04-09 13:39:40 +0200
0 - 0 - 1 owl.li/fc7C30omFsc 54.183.130.144
2019-04-05 22:01:45 +0200
0 - 0 - 1 owl.li/XH3R30okTS6 54.67.120.65
2019-03-20 09:27:37 +0100
0 - 0 - 4 owl.li/G97i30m1YKk 54.183.131.91
2019-03-19 16:44:30 +0100
0 - 0 - 0 owl.li/VCwZ30o6oEg?191111319111131911113&1911 (...) 54.183.130.144


JavaScript

Executed Scripts (3)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (10)


Request Response
                                        
                                            GET /fxpD30nv4ld HTTP/1.1 
Host: owl.li
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.183.132.164
HTTP/1.1 301 Moved Permanently
                                        
Location: http://ow.ly/fxpD30nv4ld
Connection: close
Content-Length: 0


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /fxpD30nv4ld HTTP/1.1 
Host: ow.ly
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.67.57.56
HTTP/1.1 301 Moved Permanently
                                        
Location: http://clickmetertracking.com/cu78
Connection: close
Content-Length: 0


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            GET /cu78 HTTP/1.1 
Host: clickmetertracking.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.225.212.76
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Sat, 16 Feb 2019 07:25:02 GMT
Engine: clickmeter.redirect, version 2.0
X-Rate-Limit-Limit: 20s
X-Rate-Limit-Remaining: 299
X-Rate-Limit-Reset: 2019-02-16T07:25:22.8288300Z
Transfer-Encoding: chunked
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1339
Md5:    ec0c1e8da4e9ea0fd4e36aa8bfae3aff
Sha1:   9eae14fed4710856f2cc533fc386a325d5867e63
Sha256: ce6149d96b72794f21142347af61aff3b8e6c2ede2015798a87b97ba8f3d3e38

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=102288
Date: Sat, 16 Feb 2019 07:25:03 GMT
Etag: "5c6688fa-1d7"
Expires: Sun, 17 Feb 2019 11:49:51 GMT
Last-Modified: Fri, 15 Feb 2019 09:40:10 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    54e1e41e6d9d631e1be25eb4accde0ff
Sha1:   bcc19863bd93fc72cbd689abcaa35a30112ae177
Sha256: 715177f0b99a4ce6d98f102657c9063a7fedf0f5e5331e8bf8b032e4c0dbe99f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=159713
Date: Sat, 16 Feb 2019 07:25:03 GMT
Etag: "5c6767b9-1d7"
Expires: Mon, 18 Feb 2019 03:46:56 GMT
Last-Modified: Sat, 16 Feb 2019 01:30:33 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    dc0a956148524c8d9bff5e9a76a45546
Sha1:   395a4f4d698aaffcf299c249ed051c14b2ffe980
Sha256: 9183c9b926539241637e025678ef98f6951297889738ef8471e5e277808ec30c
                                        
                                            POST / HTTP/1.1 
Host: s.symcd.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         23.52.27.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx/1.12.2
Content-Length: 1754
Content-Transfer-Encoding: binary
Cache-Control: max-age=422473, public, no-transform, must-revalidate
Last-Modified: Thu, 14 Feb 2019 04:45:13 GMT
Expires: Thu, 21 Feb 2019 04:45:13 GMT
Date: Sat, 16 Feb 2019 07:25:03 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1754
Md5:    a711b2f756e03611d570f65fd8491181
Sha1:   7bdb8c0a80d5b81ac55617fec50a18738ac7b99c
Sha256: f89074681eb5ef3749c6601df8007fc7659f821d0f98af9e8aa08142b23345b7
                                        
                                            GET /redirect-cm/v1/content/styles/nprogress.css HTTP/1.1 
Host: d19nyn3hrzs6lg.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://clickmetertracking.com/cu78

                                         
                                         143.204.51.29
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Content-Length: 1531
Connection: keep-alive
Date: Wed, 25 Jul 2018 16:48:25 GMT
Last-Modified: Tue, 09 Aug 2016 14:27:00 GMT
Etag: "b860fa714a808e442b01396841a89622"
Accept-Ranges: bytes
Server: AmazonS3
Age: 26189
X-Cache: Hit from cloudfront
Via: 1.1 f079cf7999e97a7d962121c7aebf2c3c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Z_VoukDSDzjDKXwulNHODQVp6S5N7BF3jzaECcOPzl1zu8VkJFgYlg==


--- Additional Info ---
Magic:  UTF-8 Unicode (with BOM) C program text, with CRLF line terminators
Size:   1531
Md5:    b860fa714a808e442b01396841a89622
Sha1:   8c9363a06d6dc29f7acd833d545aaea3a832fd34
Sha256: b324a27797d093617e6286d9ded96782d741b40576bdb97d9b22d8bbf6ff2970
                                        
                                            GET /redirect-cm/v1/content/scripts/nprogress.js HTTP/1.1 
Host: d19nyn3hrzs6lg.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://clickmetertracking.com/cu78

                                         
                                         143.204.51.29
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Content-Length: 14234
Connection: keep-alive
Date: Wed, 25 Jul 2018 16:48:25 GMT
Last-Modified: Tue, 09 Aug 2016 14:26:59 GMT
Etag: "becc90ab00d3bb994ff072c30c4735c0"
Accept-Ranges: bytes
Server: AmazonS3
Age: 26189
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Id: uy2yFYNZmyDmfNDEA686B5DFewvBNTmkEd6mBwa-gaGyTV6_GXLBbQ==


--- Additional Info ---
Magic:  UTF-8 Unicode (with BOM) C program text, with CRLF line terminators
Size:   14234
Md5:    becc90ab00d3bb994ff072c30c4735c0
Sha1:   1d38889b9c19374097df0f43431a36a7bb90f7a0
Sha256: 7e97780ee4f0eff1a73d22ae6623054986ff2b7f45fea8f71a03f28f7090a81b
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: clickmetertracking.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         54.225.212.76
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Accept-Ranges: bytes
Date: Sat, 16 Feb 2019 07:25:05 GMT
Etag: "1cfb7cdbb902f0a"
Last-Modified: Thu, 14 Aug 2014 14:40:46 GMT
X-Rate-Limit-Limit: 20s
X-Rate-Limit-Remaining: 298
X-Rate-Limit-Reset: 2019-02-16T07:25:22.8288300Z
Content-Length: 1034
Connection: keep-alive


--- Additional Info ---
Magic:  PNG image, 16 x 16, 8-bit/color RGBA, non-interlaced
Size:   1034
Md5:    9f73346515bbc6c406cfeea13c7304f0
Sha1:   66729b396d3082002e0b512aff3fc78a744bc3c2
Sha256: 90b3e6e1c6a8cda9bbae08d4262d5079cb6a93ca3e273b681552692ad465b5f0
                                        
                                            GET /adobe/nsw/data HTTP/1.1 
Host: fatouma.in.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://clickmetertracking.com/cu78

                                         
                                         0.0.0.0
                                        


--- Additional Info ---