urlscan.io logo urlscan.io
SecurityTrails logo

ip170.ip-51-89-105.eu Open in urlscan Pro
51.89.105.170  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://ip170.ip-51-89-105.eu/
Submission: On November 06 via api from BY — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 18 IPs in 4 countries across 13 domains to perform 45 HTTP transactions. The main IP is 51.89.105.170, located in London, United Kingdom and belongs to OVH, FR. The main domain is ip170.ip-51-89-105.eu.
This is the only time ip170.ip-51-89-105.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Libero (Online)

Domain & IP information

5    51.89.105.170 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip170.ip-51-89-105.eu
ip170.ip-51-89-105.eu
2    13.225.78.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-115.fra2.r.cloudfront.net
i1.plug.it
3    213.209.30.161 (Assago, Italy)

ASN8660 (MATRIX-AS, IT)
www.iolam.it
2    108.138.1.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-1-25.fra56.r.cloudfront.net
c.amazon-adsystem.com
2    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    185.54.150.20 (Germany)

ASN60164 (WEBTREKK-AS, DE)
italiaonline01.wt-eu02.net
2    18.66.147.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-75.fra60.r.cloudfront.net
sb.scorecardresearch.com
3    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    13.225.78.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-19.fra2.r.cloudfront.net
i.plug.it
1    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
6    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
1    18.193.244.226 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-244-226.eu-central-1.compute.amazonaws.com
italiaonline.profiles.tagger.opecloud.com
5    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
7deeb05b02c217becaec6af92d145ac8.safeframe.googlesyndication.com
6    2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
5    2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
Apex Domain
Subdomains		 Transfer
12 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 97
7deeb05b02c217becaec6af92d145ac8.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 149
63 KB
6 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196
180 KB
5 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 406
104 KB
5 ip-51-89-105.eu
ip170.ip-51-89-105.eu
87 KB
3 gstatic.com
fonts.gstatic.com
65 KB
3 iolam.it
www.iolam.it — Cisco Umbrella Rank: 293470
173 KB
3 plug.it
i1.plug.it — Cisco Umbrella Rank: 344750
i.plug.it — Cisco Umbrella Rank: 273675
8 KB
2 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1359
www.google.com — Cisco Umbrella Rank: 2
11 KB
2 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 172
743 B
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
2 KB
2 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 306
65 KB
1 opecloud.com
italiaonline.profiles.tagger.opecloud.com — Cisco Umbrella Rank: 294980
1 wt-eu02.net
italiaonline01.wt-eu02.net — Cisco Umbrella Rank: 265757
900 B
45 13
Domain Requested by
6 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
ip170.ip-51-89-105.eu
6 securepubads.g.doubleclick.net 1 redirects ip170.ip-51-89-105.eu
securepubads.g.doubleclick.net
5 cdn.ampproject.org securepubads.g.doubleclick.net
5 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
5 ip170.ip-51-89-105.eu ip170.ip-51-89-105.eu
3 fonts.gstatic.com fonts.googleapis.com
3 www.iolam.it ip170.ip-51-89-105.eu
2 sb.scorecardresearch.com 1 redirects ip170.ip-51-89-105.eu
2 fonts.googleapis.com i1.plug.it
securepubads.g.doubleclick.net
2 c.amazon-adsystem.com 1 redirects ip170.ip-51-89-105.eu
2 i1.plug.it ip170.ip-51-89-105.eu
i1.plug.it
1 www.google.com tpc.googlesyndication.com
1 7deeb05b02c217becaec6af92d145ac8.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 italiaonline.profiles.tagger.opecloud.com www.iolam.it
1 fundingchoicesmessages.google.com www.iolam.it
1 i.plug.it ip170.ip-51-89-105.eu
1 italiaonline01.wt-eu02.net ip170.ip-51-89-105.eu
45 17
Subject Issuer Validity Valid
*.plug.it
Sectigo RSA Domain Validation Secure Server CA		 2022-12-05 -
2024-01-05		 a year crt.sh
www.iolam.it
Sectigo RSA Domain Validation Secure Server CA		 2023-01-09 -
2024-02-03		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
*.wt-eu02.net
Sectigo RSA Domain Validation Secure Server CA		 2023-01-13 -
2024-02-13		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh

This page contains 6 frames:

Primary Page: http://ip170.ip-51-89-105.eu/
Frame ID: A40E17C0D15536DB308E23888200D41C
Requests: 25 HTTP requests in this frame

Frame: http://i.plug.it/iplug/js/lib/iol/analytics/ads/banners/_adv.js?_t=1699269242053
Frame ID: C2FF622C2596CD8A88C902A598BA71E6
Requests: 1 HTTP requests in this frame

Frame: https://7deeb05b02c217becaec6af92d145ac8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: BAC060C4542281EE5C4CB168F01C955B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F8A8FD3D4CF41F600851F8A661BD820B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9A20BCD4CE9E7C2FF60165E8A33591D8
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/032310301456000/amp4ads-v0.mjs
Frame ID: 70C7BF673161FE942EA9B85F5573E2D2
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Libero Mail - login

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • /prebid\.js

Page Statistics

45
Requests

71 %
HTTPS

53 %
IPv6

13
Domains

17
Subdomains

18
IPs

4
Countries

759 kB
Transfer

2126 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • http://c.amazon-adsystem.com/aax2/apstag.js HTTP 301
  • https://c.amazon-adsystem.com/aax2/apstag.js
Request Chain 11
  • https://sb.scorecardresearch.com/b?c1=2&c2=33012141&cs_ucfr=0&ns__t=1699269242038&ns_c=UTF-8&c7=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.0021461086651843875&c8=Libero%20Mail%20-%20login HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=33012141&cs_ucfr=0&ns__t=1699269242038&ns_c=UTF-8&c7=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.0021461086651843875&c8=Libero%20Mail%20-%20login
Request Chain 17
  • http://securepubads.g.doubleclick.net/tag/js/gpt.js HTTP 302
  • https://securepubads.g.doubleclick.net/tag/js/gpt.js

45 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ip170.ip-51-89-105.eu/ 		29 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ip170.ip-51-89-105.eu/
Protocol
HTTP/1.1
Server
51.89.105.170 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip170.ip-51-89-105.eu
Software
Apache /
Resource Hash
21d7579b5b7d351e245b32baa71866d1a494f0da53c81c45e6e2c70fd4a7c357

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 06 Nov 2023 11:14:01 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked
style.css
i1.plug.it/mail/login/2020/libero/css/ 		26 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://i1.plug.it/mail/login/2020/libero/css/style.css?01022022
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-115.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
eb97f750d5607e2544524de92d09cf088fee2d4484d14eeb16184448100df690

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 11:13:23 GMT
content-encoding
br
via
1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA2-C2
age
38
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
cache-control
public, max-age=86400
x-amz-cf-id
UzwPoywFcWNQwPmhSaVLwn2Q361gfApbeSyQ7Dkduqyz69AVRhYm2g==
iam2.0.js
www.iolam.it/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://www.iolam.it/js/iam2.0.js?ns=libero/web/webmail/login/1.1
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/
Protocol
HTTP/1.1
Server
213.209.30.161 Assago, Italy, ASN8660 (MATRIX-AS, IT),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers
prebid.js
www.iolam.it/js/ 		445 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.iolam.it/js/prebid.js
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/
Protocol
HTTP/1.1
Server
213.209.30.161 Assago, Italy, ASN8660 (MATRIX-AS, IT),
Reverse DNS
Software
Apache /
Resource Hash
6efa283977000649a48e619b134ad5c50cb28b585af87972e4d3f31f24e15b2d

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Mon, 06 Nov 2023 11:14:01 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Transfer-Encoding
chunked
Upgrade
h2,h2c
Content-Type
application/javascript
Cache-Control
max-age=86400
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Tue, 07 Nov 2023 11:14:01 GMT
apstag.js
c.amazon-adsystem.com/aax2/
Redirect Chain
  • http://c.amazon-adsystem.com/aax2/apstag.js
  • https://c.amazon-adsystem.com/aax2/apstag.js
265 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
Protocol
H2
Server
108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-1-25.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a15af42dcf8e6705a1ecea1dc8a864ce0c050b8c2dc5365d760f6f8b2477825

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 10:50:38 GMT
content-encoding
gzip
via
1.1 23e8ec14db0917c91c2c733b45578890.cloudfront.net (CloudFront), 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
last-modified
Wed, 01 Nov 2023 21:46:15 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1, FRA56-P6
age
1404
x-amz-server-side-encryption
AES256
etag
W/"952090f32d44601808d121a61e707826"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
HTXSwPP2Kf6jSMXDuRu2ADOYVKltg713NJKryFODKmtD0Cf_HArxVQ==

Redirect headers

Date
Mon, 06 Nov 2023 11:14:01 GMT
Via
1.1 20a87151baa74b57c01624c82e244c6a.cloudfront.net (CloudFront)
Server
CloudFront
X-Amz-Cf-Pop
FRA56-P6
X-Cache
Redirect from cloudfront
Content-Type
text/html
Location
https://c.amazon-adsystem.com/aax2/apstag.js
Connection
keep-alive
Content-Length
167
X-Amz-Cf-Id
R8Eog98gXTFq4mDlyuQ0GM_RjaL1rK12fwJ_0jV2WxJOe8Ahf2G2uA==
iam2.0.js
www.iolam.it/js/ 		139 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.iolam.it/js/iam2.0.js?ns=libero/web/webmail/login/1.1
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.209.30.161 Assago, Italy, ASN8660 (MATRIX-AS, IT),
Reverse DNS
Software
Apache /
Resource Hash
0f4aa6137f1a6881202fc5acf9f7ab8d687c5b9950d7627bf86b56c711ff2969
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 11:14:02 GMT
strict-transport-security
max-age=63072000;
content-encoding
gzip
x-content-type-options
nosniff
x-original-content-length
142273
server
Apache
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=79882
accept-ranges
bytes
expires
Tue, 07 Nov 2023 09:25:25 GMT
1WVfw4Yw8xor.png
ip170.ip-51-89-105.eu/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ip170.ip-51-89-105.eu/images/1WVfw4Yw8xor.png
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
Protocol
HTTP/1.1
Server
51.89.105.170 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip170.ip-51-89-105.eu
Software
Apache /
Resource Hash
8239d985179b5598a3b76db41bbd8842530e4e37e82665dc6449ed97b20c6227

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Mon, 06 Nov 2023 11:14:01 GMT
Last-Modified
Mon, 14 Nov 2022 10:52:19 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1154
wpJ0jqagdDSx.svg
ip170.ip-51-89-105.eu/fonts/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ip170.ip-51-89-105.eu/fonts/wpJ0jqagdDSx.svg
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
Protocol
HTTP/1.1
Server
51.89.105.170 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip170.ip-51-89-105.eu
Software
Apache /
Resource Hash
54ea3b729d9ff4a499d3bf59b0497606ceb27b7100c60d74d28467224f3983f9

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Mon, 06 Nov 2023 11:14:01 GMT
Last-Modified
Mon, 14 Nov 2022 10:52:18 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
4827
zlIY73HV9ZcD.js
ip170.ip-51-89-105.eu/js/ 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ip170.ip-51-89-105.eu/js/zlIY73HV9ZcD.js
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
Protocol
HTTP/1.1
Server
51.89.105.170 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip170.ip-51-89-105.eu
Software
Apache /
Resource Hash
ba622f81f692dd7f4b54e5379346086874eff141a501881982c5a5b3b2370df8

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Mon, 06 Nov 2023 11:14:01 GMT
Last-Modified
Mon, 14 Nov 2022 10:52:22 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
5930
0sBN1QtxZSRY.js
ip170.ip-51-89-105.eu/js/ 		45 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ip170.ip-51-89-105.eu/js/0sBN1QtxZSRY.js
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
Protocol
HTTP/1.1
Server
51.89.105.170 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip170.ip-51-89-105.eu
Software
Apache /
Resource Hash
17e49df09dd14c40d50c5e4693c448e99cfee8ee79aa5a9c5bd2be5be3105562

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Mon, 06 Nov 2023 11:14:01 GMT
Last-Modified
Mon, 14 Nov 2022 10:52:19 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
46107
css2
fonts.googleapis.com/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap
Requested by
Host: i1.plug.it
URL: https://i1.plug.it/mail/login/2020/libero/css/style.css?01022022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2170f04df3b7e03e3439440b22f30247a1ee0606d4a0253e159c8a725372ac8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://i1.plug.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 06 Nov 2023 11:14:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 10:32:27 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 06 Nov 2023 11:14:01 GMT
wt
italiaonline01.wt-eu02.net/215973748390194/ 		43 B
900 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://italiaonline01.wt-eu02.net/215973748390194/wt?p=433,libero.web.messaging.smart.login.step1,1,1600x1200,24,1,1699269242037,0,1600x1200,0&pu=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.0021461086651843875&la=en&tz=0&cg1=libero&cg2=web&cg3=messaging&cg4=smart&cg5=login&cg6=step1&cg7=libero.web.messaging.smart.login.step1&cp1=no-referrer&cp2=no-referrer&cp4=no-refresh&cp7=utf-8&cp9=1.4.04&cp10=20220927140300&cp11=Libero%20Mail%20-%20login&cp12=web&cp24=email&cp25=http%3A&cp26=ip170.ip-51-89-105.eu&cp47=&cp103=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.0021461086651843875
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.54.150.20 , Germany, ASN60164 (WEBTREKK-AS, DE),
Reverse DNS
Software
aab32389 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 06 Nov 2023 11:14:01 GMT
Last-Modified
Mon, 06 Nov 2023 11:14:02 GMT
Server
aab32389
P3P
policyref="https://q3.webtrekk.net/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT"
Content-Type
image/gif;charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
Connection
keep-alive
X-Robots-Tag
noindex, nofollow, noarchive
Keep-Alive
timeout=30
Content-Length
43
Expires
Mon, 26 Jul 1997 05:00:00 GMT
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=33012141&cs_ucfr=0&ns__t=1699269242038&ns_c=UTF-8&c7=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwe...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=33012141&cs_ucfr=0&ns__t=1699269242038&ns_c=UTF-8&c7=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fw...
0
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=33012141&cs_ucfr=0&ns__t=1699269242038&ns_c=UTF-8&c7=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.0021461086651843875&c8=Libero%20Mail%20-%20login
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
Protocol
H2
Server
18.66.147.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-147-75.fra60.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 11:14:02 GMT
via
1.1 6b25d4ce9efa3f2699980e1915129606.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
FRA60-P4
x-amz-cf-id
dLqxiFPyrqCrcdFKyLg7LgEidrnbDCeGO4nWyId925xySgY2fiSrwQ==
x-cache
Miss from cloudfront

Redirect headers

date
Mon, 06 Nov 2023 11:14:02 GMT
via
1.1 6b25d4ce9efa3f2699980e1915129606.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
location
/b2?c1=2&c2=33012141&cs_ucfr=0&ns__t=1699269242038&ns_c=UTF-8&c7=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.0021461086651843875&c8=Libero%20Mail%20-%20login
content-length
0
x-amz-cf-id
rq-uQMlhGEqkAI3PvmZl-wTntffb1lO2eXIkRIoNMW4nyaoyc2odhw==
logo.svg
i1.plug.it/mail/login/2020/libero/img/ 		5 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.plug.it/mail/login/2020/libero/img/logo.svg
Requested by
Host: i1.plug.it
URL: https://i1.plug.it/mail/login/2020/libero/css/style.css?01022022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-115.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
54ea3b729d9ff4a499d3bf59b0497606ceb27b7100c60d74d28467224f3983f9

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://i1.plug.it/mail/login/2020/libero/css/style.css?01022022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 02:12:32 GMT
content-encoding
gzip
via
1.1 0d94766f433ae64cf30c40acb74fc43e.cloudfront.net (CloudFront)
last-modified
Mon, 28 Jun 2021 12:10:08 GMT
server
nginx
x-amz-cf-pop
FRA2-C2
age
32496
etag
W/"60d9bc20-12db"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=86400
x-amz-cf-id
yYKyq4LjUxWRfFWRvRW939Z1LzsaajcEdE6ym1E4Bx3JlStBRkg2Gw==
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://ip170.ip-51-89-105.eu
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 04:06:52 GMT
x-content-type-options
nosniff
age
284830
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Nov 2024 04:06:52 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://ip170.ip-51-89-105.eu
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Fri, 03 Nov 2023 15:18:02 GMT
x-content-type-options
nosniff
age
244560
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Nov 2024 15:18:02 GMT
_adv.js
i.plug.it/iplug/js/lib/iol/analytics/ads/banners/ Frame C2FF 		25 B
585 B 		Script
General
Check archive.org
Download Go to
Full URL
http://i.plug.it/iplug/js/lib/iol/analytics/ads/banners/_adv.js?_t=1699269242053
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/js/0sBN1QtxZSRY.js
Protocol
HTTP/1.1
Server
13.225.78.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-19.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
0718476f9aeec1cbd746c569d6768a28c021163de52ceb5c7d89005484f16b8e

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Mon, 06 Nov 2023 11:14:02 GMT
Content-Encoding
gzip
Via
1.1 04ce5a607a98db6d08257633417b84d6.cloudfront.net (CloudFront)
Server
nginx
X-Amz-Cf-Pop
FRA2-C2
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, HEAD, OPTIONS
Content-Type
application/javascript
Access-Control-Allow-Origin
*
X-Cache
Miss from cloudfront
Cache-Control
public, max-age=1200
Vary
Accept-Encoding
Connection
keep-alive
X-Amz-Cf-Id
X6rPXfP4t4Sp9g_a7durX6izeYjwZirCoOzjYBw5CD0qWdGLyvU9sw==
pub-2033535132705533
fundingchoicesmessages.google.com/i/ 		22 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/pub-2033535132705533?ers=1
Requested by
Host: www.iolam.it
URL: https://www.iolam.it/js/iam2.0.js?ns=libero/web/webmail/login/1.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cc73f85c572bc2c190626494e3148539c6359d533eb0af6b16a84ac53b80aae7
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-BSIawo12aF_oTAUWH3R7NA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 11:14:02 GMT
content-security-policy
script-src 'report-sample' 'nonce-BSIawo12aF_oTAUWH3R7NA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/
Redirect Chain
  • http://securepubads.g.doubleclick.net/tag/js/gpt.js
  • https://securepubads.g.doubleclick.net/tag/js/gpt.js
99 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
Protocol
H2
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
511012baed760fe89283ad7c58c6cd638cbbe7de96bb21658434daae3542b6b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 11:14:02 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31012
x-xss-protection
0
server
cafe
etag
12 / 19667 / m202310310101 / config-hash: 14899894906618228737
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 06 Nov 2023 11:14:02 GMT

Redirect headers

Date
Mon, 06 Nov 2023 11:14:02 GMT
X-Content-Type-Options
nosniff
Server
cafe
Vary
Accept-Encoding
P3P
policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Content-Type
text/html; charset=UTF-8
Cache-Control
private, max-age=900, stale-while-revalidate=3600
Cross-Origin-Resource-Policy
cross-origin
Timing-Allow-Origin
*
Content-Length
0
X-XSS-Protection
0
Expires
Mon, 06 Nov 2023 11:14:02 GMT
targeting
italiaonline.profiles.tagger.opecloud.com/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
http://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.0021461086651843875&gdpr_applies=0
Protocol
HTTP/1.1
Server
18.193.244.226 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-244-226.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
referrer-policy
Access-Control-Request-Method
GET
Origin
http://ip170.ip-51-89-105.eu
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/plain; charset=UTF-8
Date
Mon, 06 Nov 2023 11:14:02 GMT
Transfer-Encoding
chunked
targeting
italiaonline.profiles.tagger.opecloud.com/v1/ 		0
0
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/ 		425 KB
133 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: http://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e8cf20f6e98c91ff5a877209649b0839bb06e5751793babfb0dbbbb60a9e811a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 10:25:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
2913
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
136288
x-xss-protection
0
server
cafe
etag
17302374607849014435
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Tue, 05 Nov 2024 10:25:30 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		43 B
586 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=ip170.ip-51-89-105.eu
Requested by
Host: securepubads.g.doubleclick.net
URL: http://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
641e28d4f30fee9fd061d1027af53fd40685ce377a0a76aac23e105a6aca492c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 11:14:03 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44
x-xss-protection
0
expires
Mon, 06 Nov 2023 11:14:03 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		69 KB
15 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3648284770400654&correlator=1178903299525798&eid=31079465%2C31078016%2C31079377&output=ldjh&gdfp_req=1&vrg=202310310101&ptt=17&impl=fifs&npa=1&tfcd=0&iu_parts=5180%2Clibero%2Cwebmail%2Clogin%2Cstep1&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=1540x1024%7C300x600&ifi=1&sfv=1-0-40&eri=1&sc=0&cookie_enabled=1&abxe=1&dt=1699269244663&lmt=1699269244&adxs=576&adys=50&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&bc=23&nvt=1&url=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.0021461086651843875&vis=1&psz=980x0&msz=1540x0&fws=0&ohw=0&ga_vid=1160524046.1699269245&ga_sid=1699269245&ga_hid=1985415686&ga_fc=false&dlt=1699269241380&idt=1803&cust_params=oe%3DUTF-8%26optout%3D1%26adv_infocus%3Dyes%26inventory_type%3Dbrowsable%26adv_referrer%3Dother%26adv_sgt%3D3%26is_native%3Dno%26xdid_user_ui%3Dfalse%26adv_sso1%3D0%26adv_sso2%3D0%26adv_sso3%3D0%26us_ua%3Dfalse%26gdpr%3D0%26siz_hostname%3Dip170.ip-51-89-105.eu%26siz_devicetype%3Ddesktop%26downlink%3D10&adks=1573533839&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cebbb0189a54f6f3c9deef327089354368711bf8641db99197fa86b25e3e2f38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 11:14:05 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14990
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
http://ip170.ip-51-89-105.eu
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310310101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
75a49c3cd6a3060b2dfd44578c89fa08af06fbde0fd015bcf1b125383eaaec0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 11:14:04 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12100
x-xss-protection
0
container.html
7deeb05b02c217becaec6af92d145ac8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BAC0 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://7deeb05b02c217becaec6af92d145ac8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://ip170.ip-51-89-105.eu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 06 Nov 2023 11:14:04 GMT
expires
Tue, 05 Nov 2024 11:14:04 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 11:14:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 06 Nov 2023 11:14:05 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F8A8 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://ip170.ip-51-89-105.eu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
age
2810
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 06 Nov 2023 10:27:15 GMT
expires
Tue, 05 Nov 2024 10:27:15 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 9A20 		829 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9282f02f48390e9fca6de654609cc3bd1dc96e7530a16304adb635f19bb78033
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-NeaRi2QpoBPySMQ0PHj87A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://ip170.ip-51-89-105.eu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-NeaRi2QpoBPySMQ0PHj87A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 06 Nov 2023 11:14:05 GMT
expires
Mon, 06 Nov 2023 11:14:05 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
amp4ads-v0.mjs
cdn.ampproject.org/rtv/032310301456000/ Frame 70C7 		196 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/032310301456000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
44b748b890bd935c0b3e5ade361e771456c7372e38dbe8a948ada16737b7f482
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 01 Nov 2023 00:13:09 GMT
age
471656
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56116
x-xss-protection
0
server
sffe
etag
"890ab1af1f81066d"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 31 Oct 2024 00:13:09 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/032310301456000/v0/ Frame 70C7 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/032310301456000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 01 Nov 2023 00:13:09 GMT
age
471656
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5225
x-xss-protection
0
server
sffe
etag
"0b7142e00666043e"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 31 Oct 2024 00:13:09 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/032310301456000/v0/ Frame 70C7 		95 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/032310301456000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 01 Nov 2023 00:13:09 GMT
age
471656
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29077
x-xss-protection
0
server
sffe
etag
"7b1f1965b6cd6fda"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 31 Oct 2024 00:13:09 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/032310301456000/v0/ Frame 70C7 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/032310301456000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 01 Nov 2023 00:13:09 GMT
age
471656
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1911
x-xss-protection
0
server
sffe
etag
"13d776bf5afa96e6"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 31 Oct 2024 00:13:09 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/032310301456000/v0/ Frame 70C7 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/032310301456000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 01 Nov 2023 00:13:09 GMT
age
471656
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12952
x-xss-protection
0
server
sffe
etag
"9817e561a46c70fa"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 31 Oct 2024 00:13:09 GMT
css
fonts.googleapis.com/ Frame 70C7 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310310101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 06 Nov 2023 11:14:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 06 Nov 2023 09:42:35 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 06 Nov 2023 11:14:05 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 70C7 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Sun, 05 Nov 2023 21:19:17 GMT
x-content-type-options
nosniff
server
cafe
age
50088
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Mon, 06 Nov 2023 21:19:17 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 70C7 		295 B
537 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Sun, 05 Nov 2023 21:19:17 GMT
x-content-type-options
nosniff
server
cafe
age
50088
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Mon, 06 Nov 2023 21:19:17 GMT
14763004658117789537
tpc.googlesyndication.com/simgad/4770466390203846603/ Frame 70C7 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/4770466390203846603/14763004658117789537?w=400&h=209&tw=1&q=75
Requested by
Host: ip170.ip-51-89-105.eu
URL: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9cce5cc0f001809778760bfd3610105d6b603d3383b3a74180b0febccb1a61fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Sun, 05 Nov 2023 04:45:19 GMT
x-content-type-options
nosniff
age
109726
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18531
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 03:51:58 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Mon, 04 Nov 2024 04:45:19 GMT
truncated
/ Frame 70C7 		206 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 70C7 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fe1cbff3b475632d76e1931d466a06a8a230a4bda0100881d3d0d12acfb5565e

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 70C7 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4c1e0a18936835e8e11a3ff965a1f67672e1b328c3b6782a7dd20b498acebe2a

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type
image/png
4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js
pagead2.googlesyndication.com/bg/ Frame F8A8 		38 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 10:25:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
2901
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15096
x-xss-protection
0
last-modified
Tue, 31 Oct 2023 13:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 05 Nov 2024 10:25:44 GMT
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 70C7 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://ip170.ip-51-89-105.eu
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Sat, 04 Nov 2023 05:04:01 GMT
x-content-type-options
nosniff
age
195004
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
34108
x-xss-protection
0
last-modified
Tue, 23 May 2023 16:35:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 03 Nov 2024 05:04:01 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 9A20 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202310310101&jk=3648284770400654&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers
adview
securepubads.g.doubleclick.net/pagead/ Frame 70C7 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CEqPufMpIZeWvLd-NjuwPhfSh4Af7rtLsc9iBpc_REdOHhsvCARABIKKW1BZguwagAcj0xcYpyAEJqQIcwtakBk54PuACAKgDAcgDCqoEhANP0CUfIwL_jGmd-HCWRIoaD9fYKZ95VS_tpGkJGbZTJzwwFVK4H79bTQ88sB1RH0AKsGI5-hLLrVVtdkKYGQ2BE5O9zAD9juN72aCZTUlWOk_odRGW8ieBwflSmWVd4QFfzUnDVDaoH_2xZofp14mlIe9JaEvTcJaNJnP4lYv_p311jDTcyyiguCDd5GehZjjC3b2jE2jFwzq6JX3Ncb8_H5tgGPR_Nmn6CsuS9d2OsU2ilQGw-JM3EHMbJPldPP78fp8bFYC0kFiXbd7QvGHp-HX1_4RKc6Wr0Yos_JDiFjU9sUYoIF2uKE9Sh48Kw0cvHkr3ngweXKga-tE4rrtfW1ak9nNE6JxB7bx5ig84EKcFquzE2OAll9uvMUUPGa1G340yGVr9ybDX-I_ntMU-h8Ia9neoBkkyNHlhNl9Hkp1UZ_f6GGnpT2CWE3-lDuQWCUKSRq1zrl7CghvNbc6BGOmuzcvIi7m7AAkonSDvyDwxrH--8_p9jInd1_QlQvY47OXewATH44WNtATgBAGIBbPaxKdMkgUECAQYAZIFBAgFGASgBi6AB7ydqKgEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQz_ka0ggWCIDhgHAQARgdMgLrAjoCgEBIvf3BOpoJmgFodHRwczovL3VzLmZvYmx1ZS5jb20vZHNyP3E9dGhlJTIwYmVzdCUyMHN1diUyMDIwMjMmcmFjPVNlYXJjaCUyMGZvciUyMHRoZSUyMGJlc3QlMjBzdXYlMjAyMDIzJmFzaWQ9ZmJfY2g4MDEmbnc9ZCZkZT1jJmxwaWQ9MjgyNiZwdWI9aXAxNzAuaXAtNTEtODktMTA1LmV1gAoDyAsB4g0TCMuK1p2fr4IDFd-GgwcdBXoIfNgTDdAVAYAXAbIXHgocCAASFHB1Yi0yMDMzNTM1MTMyNzA1NTMzGP_cFQ&sigh=XwAeOC2PeA4&uach_m=[]&ase=2&nis=5&cid=CAQSTADICaaN8G-NSLifRMZ33SlgBt9K9qs5rVXvyET94tWOOsIXR_LQP945EZpynW2BkxZwHnON_pJZJeI0dNaqR72t0sObWizF0S1TResYAQ&template_id=5000&cbvp=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame F8A8 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?mDUvuw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 11:14:06 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202310310101&jk=3648284770400654&bg=!cXKlcj3NAAb4oU7C2KE7ADQBe5WfOImhuqHNDWWELIEzDg6qUatbx-DOx4PRlEVEXRe0V4VsXygxGv7wV8h8Nu6Ok-ADAgAAAohSAAAACWgBBwoAo815iOgeP5o0eC9QOTd-XkRCaHexshWa27Hn0gb1Tc9OCFEG_AUtpdf8Tqgm9mo5FFqoCEHekpgP6oA8lIjLlZRdAHw5c63AvR2E6KnPxn91xAtgiwaXKXOVW9Lsizp6usqJ6ht5EqVxUvkWLjc2R98Hunm_jMeUFQgraEiOaCuxI4Ob1kLn8jQ_4m2tdtQW2IhEeDPEbJY-WV4DYxmdRPqcWYmZAud6IXxwJHmHkWH6qBZJB_0pcX7vd6UFwz-PMbMevRaNZ1J5MPGqr6ncqRjoFUuHlt8OVyXLzEVUTr1FLt8Ut017djbjm_VuE9MhCHmQrOLeX5MuGrWFKSjY8dzW5FH3s4_4807Ryx6vN25EU-U9mRItlz2q8xwLZKvuuaNxxvaGYpH7fRG_hYhvgeedtHTRptMvMilNADkTuC-xW_sfWN3CSG5_6_JzJiILpaEH4JVNbiYDo7ryJTNDhgGYf6QQN4wcLz5pFgp2BNart25ypeoW7QyfhanxbM2Gk76-6JOv-nTx8kqnwM7h-THYklJBCsEVv_tvvQSMrd2Fl3t44MytxaJRaMx1_7JciaDAI6ZRhrovOsUqvWR4ZT-3F2Nl7nNedXTvJwoKPS82e2HLpzC6Y4or-CE6evYvbHYxRA5Ig_FFeUBnYyztyd0qBGhgGC5SakW9my9rxH5cPVEY7J1qjrygi2y10bUoNpcGPwEsweOHTURgPHru6hctNfHsGuxcZDrBUSSbHAFv4qIIHYmiRxlSkIi9Utsn3a7ov3CxomlKVnwRETObR_j2x88MKdP6IC78epkV99xjnIwmdVJtKr57-kbZU2AJeqZfN1pbz-2cUq6yOY3IIgM6Xwhv27crkOp1DwBfDdIbX22gLH5rdwEaY0vXshSx-7Tk1Sr-XheUi_o0azwn_Lk1osWArh3MKWa_F5a-f1np38h_SoBi5iN7LZYx7DzmgqeC0U6cP3LHk18LwK4ZxJlQA2O6UI0-oytTtCFQq3k9Hv74tDhUub9MKyx9aekzkXzwU8RkCnuSKuQUmbpkiznlEvnxnBXF5L0yrBzE6o-Z4Q_esHEVT7BHjHkHB9ac4iRlkOlb5ekBarViAB4pUd8hTC1YJRFxUhBKDn8pa6S00a-c-kk3-4mkTtr10v3dm7K7V5wAsySD1qVSU0QRolhARZt8SQa3-gGizQ8gokMdfCi2xwwnrzbREjVTCQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers
activeview
pagead2.googlesyndication.com/pcs/ Frame 70C7 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssfB0ZVW1He7YL0PomIsOsY1e1zCYM6IxvmjYBWTZGRMV4NG_TH14PfWv_WrBQHwvOGP5Am6G30Ewi1apgbL0MKdvLtRMty0kt3-KjiXPgrtx2bLsVWq0DC0mUc7t28lfgObkYFR2ixCWKv&sai=AMfl-YSfgtTYy9VjQZeFHLmnzuLPWV_zXaA-dvawC46l5h67zTqbu4B3AFqkFL_RMCSwl-nYYHwzvh0noz2WbJjeDjLhg_g3jXQhKvqRsoTPRggM3h07407gXl1_Eav0CrT6oVlApzwRS8EE25qv5A&sig=Cg0ArKJSzDeRR7xOOIr8EAE&cid=CAQSTADICaaN8G-NSLifRMZ33SlgBt9K9qs5rVXvyET94tWOOsIXR_LQP945EZpynW2BkxZwHnON_pJZJeI0dNaqR72t0sObWizF0S1TResYAQ&id=ampim&o=576,50&d=300,600&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=959&tls=1959&g=100&h=100&tt=1959&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=&uaw=&adk=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
http://ip170.ip-51-89-105.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 06 Nov 2023 11:14:07 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
italiaonline.profiles.tagger.opecloud.com
URL
http://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.0021461086651843875&gdpr_applies=0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Libero (Online)

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 string| ex1 string| newurl function| druid_track object| IOL string| crtg_nid object| iol_adv_config object| pubAdsCfg function| Fingerprint function| letter_or_dot function| do_text_select function| Autocomplete undefined| arrValues function| checkparams function| showMpu function| get_editorial function| show_editorial function| show_editorial_premium function| getRandonIndexArray undefined| nSdkInstancestatic undefined| rnd undefined| nielsenMetadata string| iol_login_page_id object| iol_analytics_tracking_conf function| Hunt object| iat string| classFunc function| createElement boolean| iamInitialized object| grumi function| __an6na521li18__ string| bG9hZGVyX2pz string| Y2FjaGVkX2pz object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| googletag object| ggeac object| google_js_reporting_queue undefined| google_measure_js_timing number| google_unique_id object| gaGlobal object| GoogleGcLKhOms object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager

7 Cookies

Domain/Path Name / Value
italiaonline01.wt-eu02.net/215973748390194 Name: wteid_215973748390194
Value: 4169926924200025049
italiaonline01.wt-eu02.net/215973748390194 Name: wtsid_215973748390194
Value: 1
.scorecardresearch.com/ Name: UID
Value: 12Efe82a6950ee8a2393a391699269242
italiaonline01.wt-eu02.net/ Name: wt_nbg_Q3
Value: !AV0lY2A4VoHam448MzkSP47aGUgI1y7SceazZRtKXg+hwIMzo3g7ZDnYr9gtaWltb4A4TZlL/3h4kA==
.ip-51-89-105.eu/ Name: __gads
Value: ID=9c34f2ff45b4832b:T=1699269244:RT=1699269244:S=ALNI_MbmJoz7Fh6b3leJUCtmasSMRjJvjA
.ip-51-89-105.eu/ Name: __gpi
Value: UID=00000cb703f3ba73:T=1699269244:RT=1699269244:S=ALNI_MaBt2t-1K5OnLJ-BRe4NeSMdi_VgQ
.doubleclick.net/ Name: IDE
Value: AHWqTUlYf49sYPFFdEWMHxJqF-zTRXaYliTk2yX7ludnBLvVXfnwYPku-TkU6YrPmfo

3 Console Messages

Source Level URL
Text
network error URL: http://www.iolam.it/js/iam2.0.js?ns=libero/web/webmail/login/1.1
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
javascript error URL: http://ip170.ip-51-89-105.eu/?client_id=?service_id=email&ret_url=http://webmail.libero.lt/cp/default.jsp0.0021461086651843875
Message:
Access to XMLHttpRequest at 'http://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.0021461086651843875&gdpr_applies=0' from origin 'http://ip170.ip-51-89-105.eu' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: http://italiaonline.profiles.tagger.opecloud.com/v1/targeting?url=http%3A%2F%2Fip170.ip-51-89-105.eu%2F%3Fclient_id%3D%3Fservice_id%3Demail%26ret_url%3Dhttp%3A%2F%2Fwebmail.libero.lt%2Fcp%2Fdefault.jsp0.0021461086651843875&gdpr_applies=0
Message:
Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7deeb05b02c217becaec6af92d145ac8.safeframe.googlesyndication.com
c.amazon-adsystem.com
cdn.ampproject.org
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
i.plug.it
i1.plug.it
ip170.ip-51-89-105.eu
italiaonline.profiles.tagger.opecloud.com
italiaonline01.wt-eu02.net
pagead2.googlesyndication.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.google.com
www.iolam.it
italiaonline.profiles.tagger.opecloud.com
108.138.1.25
13.225.78.115
13.225.78.19
18.193.244.226
18.66.147.75
185.54.150.20
213.209.30.161
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2001
2a00:1450:4001:810::2001
2a00:1450:4001:811::2002
2a00:1450:4001:81c::2004
2a00:1450:4001:828::200a
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2003
2a00:1450:4001:831::200e
51.89.105.170
0718476f9aeec1cbd746c569d6768a28c021163de52ceb5c7d89005484f16b8e
0f4aa6137f1a6881202fc5acf9f7ab8d687c5b9950d7627bf86b56c711ff2969
17e49df09dd14c40d50c5e4693c448e99cfee8ee79aa5a9c5bd2be5be3105562
18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9
2170f04df3b7e03e3439440b22f30247a1ee0606d4a0253e159c8a725372ac8f
21d7579b5b7d351e245b32baa71866d1a494f0da53c81c45e6e2c70fd4a7c357
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636
44b748b890bd935c0b3e5ade361e771456c7372e38dbe8a948ada16737b7f482
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4c1e0a18936835e8e11a3ff965a1f67672e1b328c3b6782a7dd20b498acebe2a
511012baed760fe89283ad7c58c6cd638cbbe7de96bb21658434daae3542b6b0
516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0
54ea3b729d9ff4a499d3bf59b0497606ceb27b7100c60d74d28467224f3983f9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
641e28d4f30fee9fd061d1027af53fd40685ce377a0a76aac23e105a6aca492c
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6a15af42dcf8e6705a1ecea1dc8a864ce0c050b8c2dc5365d760f6f8b2477825
6efa283977000649a48e619b134ad5c50cb28b585af87972e4d3f31f24e15b2d
75a49c3cd6a3060b2dfd44578c89fa08af06fbde0fd015bcf1b125383eaaec0b
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8239d985179b5598a3b76db41bbd8842530e4e37e82665dc6449ed97b20c6227
9282f02f48390e9fca6de654609cc3bd1dc96e7530a16304adb635f19bb78033
9cce5cc0f001809778760bfd3610105d6b603d3383b3a74180b0febccb1a61fd
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de
ba622f81f692dd7f4b54e5379346086874eff141a501881982c5a5b3b2370df8
cc73f85c572bc2c190626494e3148539c6359d533eb0af6b16a84ac53b80aae7
cebbb0189a54f6f3c9deef327089354368711bf8641db99197fa86b25e3e2f38
e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8cf20f6e98c91ff5a877209649b0839bb06e5751793babfb0dbbbb60a9e811a
eb97f750d5607e2544524de92d09cf088fee2d4484d14eeb16184448100df690
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fe1cbff3b475632d76e1931d466a06a8a230a4bda0100881d3d0d12acfb5565e