Report Overview
Visitedpublic
2026-04-28 13:55:12
Submit Tags
URL
contratolivmsn365acti.iceiy.com
Finishing URL
contratolivmsn365acti.iceiy.com/?i=1
IP / ASN
185.27.134.225
Title
Home
Suspicious - Suspicious Javascript code
Detections
urlquery
2
Network Intrusion Detection
1
Threat Detection Systems
4
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
contratolivmsn365acti.iceiy.com 14 alert(s) on this Host | unknown | 2020-12-06 | 2026-04-28 | 2026-04-28 | 2.0 kB | 28 kB | 185.27.134.225 |       |
cdn.auth0.com | 38124 | 2012-10-18 | 2017-04-20 | 2026-04-23 | 455 B | 1.0 kB |  54.230.218.223 |    |
companieslogo.com | 178320 | 2020-08-08 | 2022-03-14 | 2026-04-22 | 482 B | 9.2 kB |  172.67.69.135 |  |
maxcdn.bootstrapcdn.com | 6807 | 2012-05-25 | 2014-06-18 | 2026-04-27 | 479 B | 122 kB | 104.18.10.207 | |
fonts.googleapis.com | 313 | 2005-01-25 | 2012-05-23 | 2026-04-26 | 487 B | 4.5 kB | 172.217.20.170 | |
cdnjs.cloudflare.com | 1222 | 2009-02-17 | 2012-05-23 | 2026-04-26 | 1.1 kB | 110 kB | 104.17.24.14 | |
ajax.googleapis.com | 3691 | 2005-01-25 | 2012-05-22 | 2026-04-26 | 460 B | 90 kB | 216.58.201.202 | |
fonts.gstatic.com | unknown | 2008-02-11 | 2014-04-02 | 2026-04-26 | 1.1 kB | 77 kB | 172.217.20.163 | |
stackpath.bootstrapcdn.com | 21970 | 2012-05-25 | 2018-04-05 | 2026-04-27 | 512 B | 41 kB | 104.18.11.207 | |
ipinfo.io | 1327 | 2013-04-23 | 2013-12-16 | 2026-04-22 | 502 B | 539 B | 34.117.59.81 |   |
OpenResty (Web servers)
OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.Nginx (Web servers, Reverse proxies)
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.Bootstrap:3.3.7 (UI frameworks)
Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.jQuery:3.5.1 (JavaScript libraries)
jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.Google Hosted Libraries (CDN)
Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.BootstrapCDN:3.4.1 (CDN)
BootstrapCDN is a powerful and reliable Content Delivery Network (CDN) that delivers static resources, including CSS, JavaScript, and font files, for the widely-used Bootstrap framework. By leveraging multiple server locations worldwide, BootstrapCDN accelerates website loading times, ensuring a smooth and visually appealing user experience. Additionally, it ensures website compatibility with various devices and browsers. The service reduces bandwidth usage and server load, improving web performance for developers and end-users alike.Amazon CloudFront (CDN)
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.Amazon S3 (CDN)
Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.Amazon Web Services (PaaS)
Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.Google Cloud CDN (CDN)
Cloud CDN uses Google's global edge network to serve content closer to users.Google Cloud (IaaS)
Google Cloud is a suite of cloud computing services.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| medium | Client IP | 34.117.59.81 | ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| YARAhub by abuse.ch | contratolivmsn365acti.iceiy.com/sax.js | malware | Detects file containing Telegram Bot API |
| Cloudflare DNS | contratolivmsn365acti.iceiy.com | malicious | Sinkholed |
| OpenDNS | contratolivmsn365acti.iceiy.com | phishing | Phishing Block |
| DNS4EU | contratolivmsn365acti.iceiy.com | malicious | Sinkholed |
Telegram Bot detected (1)
URL
contratolivmsn365acti.iceiy.com/sax.js
IP / ASN
185.27.134.225
Token
8507303280:AAHaVB_LX6DJJ1w4ePr7_SEHVFbwgmboK-0
Bot Overview
User ID8507303280
Usernamelotenewhotmailoutlookbot
First Namelotenewhotmail
Last NameN/A
Chat Info
Chat ID8388670606
Chat Typeprivate
TitleN/A
User Count2
Admins0
Pending Msgs0
JavaScript (7)
No JavaScripts
HTTP Transactions (15)
| URL | IP | Response | Size |
|---|