www.5pj5m5m.one Open in urlscan Pro
89.46.104.47 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://digilander.libero.it/microdgl6/mic.html
Effective URL:
https://www.5pj5m5m.one/virg/?=search-console?resource_id
Submission: On January 09 via manual (January 9th 2023, 9:41:12 am UTC) from IT — Scanned from IT

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 8 domains to perform 21 HTTP transactions. The main IP is 89.46.104.47, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.5pj5m5m.one.
TLS certificate: Issued by Actalis Domain Validation Server CA G3 on November 3rd 2022. Valid for: a year.

This is the only time www.5pj5m5m.one was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 2	213.209.30.199 213.209.30.199	8660 (MATRIX-AS) (MATRIX-AS)
2	13.32.99.3 13.32.99.3	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400d:802::2008	15169 (GOOGLE) (GOOGLE)
3	2600:9000:206... 2600:9000:206e:c600:2:42d9:3100:93a1	16509 (AMAZON-02) (AMAZON-02)
1 3	13.32.99.23 13.32.99.23	16509 (AMAZON-02) (AMAZON-02)
1	185.54.150.20 185.54.150.20	60164 (WEBTREKK-AS) (WEBTREKK-AS)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	34.255.234.46 34.255.234.46	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:205... 2600:9000:2057:8800:1d:667e:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 5	89.46.104.47 89.46.104.47	31034 (ARUBA-ASN) (ARUBA-ASN)
21	11

2 213.209.30.199 (Assago, Italy) 1 redirects

ASN8660 (MATRIX-AS, IT)

digilander.libero.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.99.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-3.fra60.r.cloudfront.net

i.plug.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:802::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:206e:c600:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.99.23 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-23.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.54.150.20 (Germany)

ASN60164 (WEBTREKK-AS, DE)

italiaonline01.wt-eu02.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.234.46 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-234-46.eu-west-1.compute.amazonaws.com

secure-it.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:8800:1d:667e:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

e0enz8o1msu72xs1s7umijqiqcwry1673257267.nuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 89.46.104.47 (Arezzo, Italy) 1 redirects

ASN31034 (ARUBA-ASN, IT)
PTR: webx1037.aruba.it

www.5pj5m5m.one	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	5pj5m5m.one 1 redirects www.5pj5m5m.one	4 KB
5	imrworldwide.com cdn-gl.imrworldwide.com — Cisco Umbrella Rank: 3091 secure-it.imrworldwide.com — Cisco Umbrella Rank: 72535 e0enz8o1msu72xs1s7umijqiqcwry1673257267.nuid.imrworldwide.com	66 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 237	3 KB
2	plug.it i.plug.it — Cisco Umbrella Rank: 345040	14 KB
2	libero.it 1 redirects digilander.libero.it digistatic.libero.it Failed	4 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2124	350 B
1	wt-eu02.net italiaonline01.wt-eu02.net — Cisco Umbrella Rank: 424549	900 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 123	77 KB
21	8

	Domain	Requested by
5	www.5pj5m5m.one	1 redirects www.5pj5m5m.one
3	sb.scorecardresearch.com	1 redirects digilander.libero.it
3	cdn-gl.imrworldwide.com	digilander.libero.it cdn-gl.imrworldwide.com
2	i.plug.it	digilander.libero.it
2	digilander.libero.it	1 redirects digilander.libero.it
1	e0enz8o1msu72xs1s7umijqiqcwry1673257267.nuid.imrworldwide.com	digilander.libero.it
1	secure-it.imrworldwide.com	digilander.libero.it
1	region1.google-analytics.com	www.googletagmanager.com
1	italiaonline01.wt-eu02.net	digilander.libero.it
1	www.googletagmanager.com	digilander.libero.it
0	digistatic.libero.it Failed	digilander.libero.it
21	11

This site contains no links.

Subject Issuer	Validity	Valid
*.libero.it Sectigo RSA Organization Validation Secure Server CA	`2022-09-06` - `2023-10-07`	a year	crt.sh
*.plug.it Sectigo RSA Domain Validation Secure Server CA	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.scorecardresearch.com Amazon	`2022-12-30` - `2024-01-28`	a year	crt.sh
*.wt-eu02.net Sectigo RSA Domain Validation Secure Server CA	`2022-01-17` - `2023-01-27`	a year	crt.sh
*.nuid.imrworldwide.com Amazon	`2022-05-12` - `2023-06-10`	a year	crt.sh
*.5pj5m5m.one Actalis Domain Validation Server CA G3	`2022-11-03` - `2023-11-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.5pj5m5m.one/virg/?=search-console?resource_id
Frame ID: CD391C8A154B450D40552CFB8147633A
Requests: 18 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: FF5CD8CBD7094F7D0CF9EE42706C782C
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Accedi al tuo account Microsf

Page URL History Show full URLs

http://digilander.libero.it/microdgl6/mic.html HTTP 301
https://digilander.libero.it/microdgl6/mic.html Page URL
https://www.5pj5m5m.one/mc.php?=search-console?resource_id HTTP 302
https://www.5pj5m5m.one/virg/?=search-console?resource_id Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Page Statistics

21
Requests

76 %
HTTPS

40 %
IPv6

8
Domains

11
Subdomains

11
IPs

4
Countries

169 kB
Transfer

516 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://digilander.libero.it/microdgl6/mic.html HTTP 301
https://digilander.libero.it/microdgl6/mic.html Page URL
https://www.5pj5m5m.one/mc.php?=search-console?resource_id HTTP 302
https://www.5pj5m5m.one/virg/?=search-console?resource_id Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://digilander.libero.it/microdgl6/mic.html HTTP 301
https://digilander.libero.it/microdgl6/mic.html

Request Chain 10

https://sb.scorecardresearch.com/b?c1=2&c2=33012141&cs_ucfr=0&ns__t=1673257267467&ns_c=UTF-8&c7=https%3A%2F%2Fdigilander.libero.it%2Fmicrodgl6%2Fmic.html&c8=Accedi HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=33012141&cs_ucfr=0&ns__t=1673257267467&ns_c=UTF-8&c7=https%3A%2F%2Fdigilander.libero.it%2Fmicrodgl6%2Fmic.html&c8=Accedi

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

mic.html Show response
digilander.libero.it/microdgl6/
Redirect Chain

http://digilander.libero.it/microdgl6/mic.html
https://digilander.libero.it/microdgl6/mic.html

4 KB
4 KB

77ms
19ms

Document
text/html

213.209.30.199
MATRIX-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://digilander.libero.it/microdgl6/mic.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.209.30.199 Assago, Italy, ASN8660 (MATRIX-AS, IT),

Reverse DNS

Software

Apache /

Resource Hash

6c8a7ab79eb49977c9bd8b4161d1458f614709f74b4a7ba87ce44d3832c8509b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

Accept-Ranges: bytes
Connection: close
Content-Length: 4001
Content-Secure-Policy: default-src 'self';
Content-Type: text/html
Date: Mon, 09 Jan 2023 09:41:07 GMT
Last-Modified: Sat, 07 Jan 2023 16:40:07 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Location: https://digilander.libero.it/microdgl6/mic.html
Server: BigIP

GET
H2 200 tracking_digilander-libero-it.min.js Show response
i.plug.it/iplug/js/lib/iol/analytics/data/digilander-libero-it/ 1 KB
637 B 148ms
30ms Script
application/javascript 13.32.99.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.plug.it/iplug/js/lib/iol/analytics/data/digilander-libero-it/tracking_digilander-libero-it.min.js
Requested by: Host: digilander.libero.it
URL: https://digilander.libero.it/microdgl6/mic.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-3.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 73f027e62b6885a4ee78f67a3ce8fd624a2ff1ae6b211e8f5e181a93b45b85bc

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://digilander.libero.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 09:14:41 GMT
content-encoding: br
via: 1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 1586
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=1200
x-amz-cf-id: BTGA6gL6Lg5DYipqEO_KwXCqKwmMIf2fr4KRmIjdXRwKl7E1Xf9Pyg==

GET
H2 200 IOL.Analytics.Tracking.min.js Show response
i.plug.it/iplug/js/lib/iol/analytics/engine/ 45 KB
13 KB 147ms
29ms Script
application/javascript 13.32.99.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://i.plug.it/iplug/js/lib/iol/analytics/engine/IOL.Analytics.Tracking.min.js
Requested by: Host: digilander.libero.it
URL: https://digilander.libero.it/microdgl6/mic.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-3.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 17e49df09dd14c40d50c5e4693c448e99cfee8ee79aa5a9c5bd2be5be3105562

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://digilander.libero.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 09:30:47 GMT
content-encoding: br
via: 1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P3
age: 620
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=1200
x-amz-cf-id: 2ep2xK4F7vRc0U4vbH0vLxUFU_1aaPfILtmfOdpgfg5Woh3OCH1BNg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
77 KB 162ms
63ms Script
application/javascript 2a00:1450:400d:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-9K5Y6YYGV4

Requested by

Host: digilander.libero.it
URL: https://digilander.libero.it/microdgl6/mic.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d71b79831b505e071fd6c1c422b943377a864bdf2a0c81a11236b5263eb4ed59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://digilander.libero.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 09:41:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78671
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 09 Jan 2023 09:41:07 GMT

GET digi_ad_13.js
digilander.libero.it/_ad/ 0
0

GET
H2 200 P1504C48C-9D0B-4ADE-B7CD-04AF56A52362.js Show response
cdn-gl.imrworldwide.com/conf/ 28 KB
7 KB 164ms
38ms Script
application/javascript 2600:9000:206e:c600:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/conf/P1504C48C-9D0B-4ADE-B7CD-04AF56A52362.js
Requested by: Host: digilander.libero.it
URL: https://digilander.libero.it/microdgl6/mic.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 08b074cc3cd2a93f41e9b25fa53e2acaf85942424380b2fe2882b70d3eec2d22

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://digilander.libero.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: Wd0Gof.DWg5kZTxE4mTNgIzP9PIiBakq
content-encoding: gzip
via: 1.1 87459a7837f980cdc57ba8a2c23a55ae.cloudfront.net (CloudFront)
date: Mon, 09 Jan 2023 09:26:51 GMT
last-modified: Mon, 09 Jan 2023 01:15:28 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C1
age: 1179
x-amz-server-side-encryption: AES256
etag: W/"5d0d22b948f865edffe687f46fc49b84"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400,s-maxage=86400
x-amz-cf-id: 4ry-C5Gb4hAGeR1z5wt2rPhtWsCi0qg1MUO0bUlJhTTIYoYJJAQE6w==

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 92ms
26ms Script
application/javascript 13.32.99.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: digilander.libero.it
URL: https://digilander.libero.it/microdgl6/mic.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-23.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

Request headers

Referer: https://digilander.libero.it/
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 09 Jan 2023 08:56:29 GMT
content-encoding: gzip
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront)
last-modified: Tue, 28 Jun 2022 13:19:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P3
age: 2678
x-amz-server-side-encryption: AES256
etag: W/"eaf85c1c6758e84acfe134efd70e9373"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: 42w53Pxa0UgCpfs__QRugtM7c_5K9rychTvb-ak5zgtCu6wXMO7ixg==

GET comscore_digilander.libero.it.js
digistatic.libero.it/js/comscore_8_3_04/ 0
0

GET comscore_engine.js
digistatic.libero.it/js/comscore_8_3_04/ 0
0

GET
H/1.1 200 wt
italiaonline01.wt-eu02.net/215973748390194/ 43 B
900 B 257ms
29ms Image
image/gif 185.54.150.20
WEBTREKK-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://italiaonline01.wt-eu02.net/215973748390194/wt?p=433,libero.web.share.digiland.siti.digilander,1,1600x1200,24,1,1673257267466,0,1600x1200,0&pu=https%3A%2F%2Fdigilander.libero.it%2Fmicrodgl6%2Fmic.html&la=en&tz=0&cg1=libero&cg2=web&cg3=share&cg4=digiland&cg5=siti&cg6=digilander&cg7=libero.web.share.digiland.siti.digilander&cp1=no-referrer&cp2=no-referrer&cp4=no-refresh&cp7=utf-8&cp9=1.4.04&cp10=20191212150351&cp11=Accedi&cp12=web&cp25=https%3A&cp26=digilander.libero.it&cp103=https%3A%2F%2Fdigilander.libero.it%2Fmicrodgl6%2Fmic.html
Requested by: Host: digilander.libero.it
URL: https://digilander.libero.it/microdgl6/mic.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.54.150.20 , Germany, ASN60164 (WEBTREKK-AS, DE),
Reverse DNS
Software: c51ce410 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://digilander.libero.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 09:41:07 GMT
Last-Modified: Mon, 09 Jan 2023 09:41:07 GMT
Server: c51ce410
P3P: policyref="https://q3.webtrekk.net/w3c/p3p.xml", CP="NOI DSP IND COM NAV INT"
Content-Type: image/gif;charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
Connection: keep-alive
X-Robots-Tag: noindex, nofollow, noarchive
Keep-Alive: timeout=30
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=33012141&cs_ucfr=0&ns__t=1673257267467&ns_c=UTF-8&c7=https%3A%2F%2Fdigilander.libero.it%2Fmicrodgl6%2Fmic.html&c8=Accedi
https://sb.scorecardresearch.com/b2?c1=2&c2=33012141&cs_ucfr=0&ns__t=1673257267467&ns_c=UTF-8&c7=https%3A%2F%2Fdigilander.libero.it%2Fmicrodgl6%2Fmic.html&c8=Accedi

0
190 B

27ms
27ms

Image
text/plain

13.32.99.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=33012141&cs_ucfr=0&ns__t=1673257267467&ns_c=UTF-8&c7=https%3A%2F%2Fdigilander.libero.it%2Fmicrodgl6%2Fmic.html&c8=Accedi
Requested by: Host: digilander.libero.it
URL: https://digilander.libero.it/microdgl6/mic.html
Protocol: H2
Server: 13.32.99.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-23.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://digilander.libero.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 09:41:07 GMT
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-amz-cf-id: E6HWKAPNpjpmV94tB6H3uj-aNb8RBBoIy9elCElqStX-v3klUI1aug==
x-cache: Miss from cloudfront

Redirect headers

location: /b2?c1=2&c2=33012141&cs_ucfr=0&ns__t=1673257267467&ns_c=UTF-8&c7=https%3A%2F%2Fdigilander.libero.it%2Fmicrodgl6%2Fmic.html&c8=Accedi
date: Mon, 09 Jan 2023 09:41:07 GMT
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-length: 0
x-amz-cf-id: diE54zy_ZY6LdBbr_tw5Lig4JhY3rVnzFSAigSpq8gIKSXUV6gUTAg==
x-cache: Miss from cloudfront

GET
H2 200 nlsSDK600.bundle.min.js Show response
cdn-gl.imrworldwide.com/novms/js/2/ 195 KB
55 KB 46ms
45ms Script
application/javascript 2600:9000:206e:c600:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/P1504C48C-9D0B-4ADE-B7CD-04AF56A52362.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2d0ade31483bf44bbdbc9822066eaebf674738b370092fcfc8295e7ae3195d98

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://digilander.libero.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: Tw1ZrV6S6M8HrQmSnEoR4BpykB7j_69v
content-encoding: gzip
via: 1.1 87459a7837f980cdc57ba8a2c23a55ae.cloudfront.net (CloudFront)
date: Mon, 09 Jan 2023 09:28:45 GMT
x-amz-cf-pop: VIE50-C1
age: 743
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
last-modified: Wed, 28 Sep 2022 14:09:01 GMT
server: AmazonS3
etag: W/"81a9e2a298d0019660cb2966f0c24748"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: r4-pCz90juwfRLPBYj2sGgWnV0EWysiyKiAijClIycJmcPJYWIYTDQ==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
350 B 81ms
31ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-9K5Y6YYGV4&gtm=2oe120&_p=136768987&cid=1771092842.1673257268&ul=en-us&_rdi=1&_geo=1&_s=1&sid=1673257267&sct=1&seg=0&dl=https%3A%2F%2Fdigilander.libero.it%2Fmicrodgl6%2Fmic.html&dt=Accedi&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9K5Y6YYGV4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://digilander.libero.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 09:41:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://digilander.libero.it
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ls.html Show response
cdn-gl.imrworldwide.com/novms/html/ Frame FF5C 12 KB
4 KB 36ms
36ms Document
text/html 2600:9000:206e:c600:2:42d9:3100:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by: Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206e:c600:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1

Request headers

Referer: https://digilander.libero.it/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

age: 1044
cache-control: max-age=86400
content-encoding: gzip
content-type: text/html
date: Mon, 09 Jan 2023 09:23:44 GMT
etag: W/"7fa83dfc7b78314b137e2eb13834daa7"
last-modified: Wed, 28 Sep 2022 14:09:00 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 87459a7837f980cdc57ba8a2c23a55ae.cloudfront.net (CloudFront)
x-amz-cf-id: LPA53iYVVMS5f-W30veT69tD4i-H9RttOxdtMNviKf7ypG7EjWSGsg==
x-amz-cf-pop: VIE50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: kefD87rpNa3sUBHNjAEOkjjRzic54A4V
x-cache: Hit from cloudfront

GET
H2 200 gn
secure-it.imrworldwide.com/cgi-bin/ Frame FF5C 44 B
720 B 234ms
51ms Image
image/gif 34.255.234.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-it.imrworldwide.com/cgi-bin/gn?prd=session&c9=devid,&c13=asid,P1504C48C-9D0B-4ADE-B7CD-04AF56A52362&sessionId=e0enz8o1msu72xs1s7umijqiqcwry1673257267&c16=sdkv,bj.6.0.0&uoo=&fp_id=&fp_cr_tm=&fp_acc_tm=&fp_emm_tm=&ve_id=&c30=bldv,6.0.0.623&uid2=&uid2_token=&hem_sha256=&hem_sha1=&hem_md5=&hem_unknown=&sdd=&retry=0
Requested by: Host: digilander.libero.it
URL: https://digilander.libero.it/microdgl6/mic.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.234.46 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-234-46.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 09:41:07 GMT
server: nginx
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-it.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 /
e0enz8o1msu72xs1s7umijqiqcwry1673257267.nuid.imrworldwide.com/ Frame FF5C 35 B
350 B 145ms
37ms Image
image/gif 2600:9000:2057:8800:1d:667e:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e0enz8o1msu72xs1s7umijqiqcwry1673257267.nuid.imrworldwide.com/
Requested by: Host: digilander.libero.it
URL: https://digilander.libero.it/microdgl6/mic.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:8800:1d:667e:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://cdn-gl.imrworldwide.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 02:35:24 GMT
via: 1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
last-modified: Tue, 11 Sep 2018 17:05:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 25544
etag: "c2196de8ba412c60c22ab491af7b1409"
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 35
x-amz-cf-id: FMFBDSqaAuQrlaanZHJLwTXxgdNhi5tz0Cps4N3hldDrdY2C2RTdSg==

GET
H2

200

Primary Request / Show response
www.5pj5m5m.one/virg/
Redirect Chain

https://www.5pj5m5m.one/mc.php?=search-console?resource_id
https://www.5pj5m5m.one/virg/?=search-console?resource_id

1 KB
829 B

43ms
43ms

Document
text/html

89.46.104.47
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.5pj5m5m.one/virg/?=search-console?resource_id
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.46.104.47 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx1037.aruba.it
Software: aruba-proxy /
Resource Hash: 4b3af608fa8734eddbf392111fe50137f81e48335f669546a0e86aba231e4931

Request headers

Referer: https://digilander.libero.it/microdgl6/mic.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 09 Jan 2023 09:41:09 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: aruba-proxy
vary: Accept-Encoding
x-servername: ipvsproxy18.ad.aruba.it

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 09 Jan 2023 09:41:09 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://www.5pj5m5m.one/virg/?=search-console?resource_id
pragma: no-cache
server: aruba-proxy
x-servername: ipvsproxy18.ad.aruba.it

POST collect
region1.google-analytics.com/g/ 0
0

GET
H2 200 style.css
www.5pj5m5m.one/virg/ 3 KB
1 KB 41ms
40ms Stylesheet
text/css 89.46.104.47
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.5pj5m5m.one/virg/style.css
Requested by: Host: www.5pj5m5m.one
URL: https://www.5pj5m5m.one/virg/?=search-console?resource_id
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.46.104.47 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx1037.aruba.it
Software: aruba-proxy /
Resource Hash: b185c49c30cc1d64bea77a92ebedace1803c884494e331d851293df1296e8cb5

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.5pj5m5m.one/virg/?=search-console?resource_id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-servername: ipvsproxy18.ad.aruba.it
date: Mon, 09 Jan 2023 09:41:09 GMT
content-encoding: gzip
last-modified: Sat, 07 Jan 2023 16:02:33 GMT
server: aruba-proxy
vary: Accept-Encoding
content-type: text/css

GET
H2 200 micro.svg
www.5pj5m5m.one/virg/img/ 4 KB
2 KB 51ms
51ms Image
image/svg+xml 89.46.104.47
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.5pj5m5m.one/virg/img/micro.svg
Requested by: Host: www.5pj5m5m.one
URL: https://www.5pj5m5m.one/virg/?=search-console?resource_id
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.46.104.47 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx1037.aruba.it
Software: aruba-proxy /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.5pj5m5m.one/virg/?=search-console?resource_id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-servername: ipvsproxy18.ad.aruba.it
date: Mon, 09 Jan 2023 09:41:09 GMT
content-encoding: gzip
last-modified: Sat, 07 Jan 2023 16:02:34 GMT
server: aruba-proxy
vary: Accept-Encoding
content-type: image/svg+xml

GET
H2 200 scripts.js Show response
www.5pj5m5m.one/virg/ 552 B
452 B 37ms
37ms Script
application/javascript 89.46.104.47
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.5pj5m5m.one/virg/scripts.js
Requested by: Host: www.5pj5m5m.one
URL: https://www.5pj5m5m.one/virg/?=search-console?resource_id
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.46.104.47 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx1037.aruba.it
Software: aruba-proxy /
Resource Hash: be52e1f718405bf1f01cd9a69a4f09f3f4fbd679fe8353480dcf0038b64e995e

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.5pj5m5m.one/virg/?=search-console?resource_id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-servername: ipvsproxy18.ad.aruba.it
date: Mon, 09 Jan 2023 09:41:09 GMT
content-encoding: gzip
last-modified: Sat, 07 Jan 2023 16:02:33 GMT
server: aruba-proxy
vary: Accept-Encoding
content-type: application/javascript

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: digilander.libero.it
URL: http://digilander.libero.it/_ad/digi_ad_13.js

Domain: digistatic.libero.it
URL: http://digistatic.libero.it/js/comscore_8_3_04/comscore_digilander.libero.it.js

Domain: digistatic.libero.it
URL: http://digistatic.libero.it/js/comscore_8_3_04/comscore_engine.js

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-9K5Y6YYGV4&gtm=2oe120&_p=136768987&cid=1771092842.1673257268&ul=en-us&_rdi=1&_geo=1&sid=1673257267&sct=1&seg=0&dl=https%3A%2F%2Fdigilander.libero.it%2Fmicrodgl6%2Fmic.html&dt=Accedi&_s=2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| validateEmail function| validatePassword

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
italiaonline01.wt-eu02.net/215973748390194	1970-01-20 13:06:49	Name: wteid_215973748390194 Value: 4167325726700449524
italiaonline01.wt-eu02.net/215973748390194	1969-12-31 23:59:59	Name: wtsid_215973748390194 Value: 1
.scorecardresearch.com/	1970-01-20 18:23:37	Name: UID Value: 1CFd6e547693265dbbf91451673257267
.libero.it/	1970-01-20 18:23:37	Name: _ga Value: GA1.1.1771092842.1673257268
italiaonline01.wt-eu02.net/	1969-12-31 23:59:59	Name: wt_nbg_Q3 Value: !2PI5wxpXotQTirvpjGYh4zwSUbWZoKDS0Cjdo58nLIulbnIMcYB0hunFr3CxnY7LiixMDKp3FHGXiQ==
.imrworldwide.com/	1970-01-20 18:09:13	Name: IMRID Value: be34ece1-9001-11ed-a934-a93e49e670c9
www.5pj5m5m.one/	1969-12-31 23:59:59	Name: PHPSESSID Value: 0bpv5s5si2jbli3s0ag6k6s4jv
.libero.it/	1970-01-20 18:23:37	Name: _ga_9K5Y6YYGV4 Value: GS1.1.1673257267.1.0.1673257269.0.0.0

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://digilander.libero.it/microdgl6/mic.html Message: Mixed Content: The page at 'https://digilander.libero.it/microdgl6/mic.html' was loaded over HTTPS, but requested an insecure script 'http://digilander.libero.it/_ad/digi_ad_13.js'. This request has been blocked; the content must be served over HTTPS.
javascript	warning	URL: https://digilander.libero.it/microdgl6/mic.html(Line 62) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://sb.scorecardresearch.com/beacon.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://digilander.libero.it/microdgl6/mic.html(Line 62) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://sb.scorecardresearch.com/beacon.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	error	URL: https://digilander.libero.it/microdgl6/mic.html(Line 66) Message: Mixed Content: The page at 'https://digilander.libero.it/microdgl6/mic.html' was loaded over HTTPS, but requested an insecure script 'http://digistatic.libero.it/js/comscore_8_3_04/comscore_digilander.libero.it.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://digilander.libero.it/microdgl6/mic.html Message: Mixed Content: The page at 'https://digilander.libero.it/microdgl6/mic.html' was loaded over HTTPS, but requested an insecure script 'http://digistatic.libero.it/js/comscore_8_3_04/comscore_engine.js'. This request has been blocked; the content must be served over HTTPS.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn-gl.imrworldwide.com
digilander.libero.it
digistatic.libero.it
e0enz8o1msu72xs1s7umijqiqcwry1673257267.nuid.imrworldwide.com
i.plug.it
italiaonline01.wt-eu02.net
region1.google-analytics.com
sb.scorecardresearch.com
secure-it.imrworldwide.com
www.5pj5m5m.one
www.googletagmanager.com
digilander.libero.it
digistatic.libero.it
region1.google-analytics.com
13.32.99.23
13.32.99.3
185.54.150.20
2001:4860:4802:34::36
213.209.30.199
2600:9000:2057:8800:1d:667e:2a40:93a1
2600:9000:206e:c600:2:42d9:3100:93a1
2a00:1450:400d:802::2008
34.255.234.46
89.46.104.47
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
08b074cc3cd2a93f41e9b25fa53e2acaf85942424380b2fe2882b70d3eec2d22
17e49df09dd14c40d50c5e4693c448e99cfee8ee79aa5a9c5bd2be5be3105562
2d0ade31483bf44bbdbc9822066eaebf674738b370092fcfc8295e7ae3195d98
4b3af608fa8734eddbf392111fe50137f81e48335f669546a0e86aba231e4931
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c8a7ab79eb49977c9bd8b4161d1458f614709f74b4a7ba87ce44d3832c8509b
73f027e62b6885a4ee78f67a3ce8fd624a2ff1ae6b211e8f5e181a93b45b85bc
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b185c49c30cc1d64bea77a92ebedace1803c884494e331d851293df1296e8cb5
be52e1f718405bf1f01cd9a69a4f09f3f4fbd679fe8353480dcf0038b64e995e
c1ca15aa8598ac972f25c8812a1c189cd22f8926ec7b890bc8ea6a70a7779fd1
d71b79831b505e071fd6c1c422b943377a864bdf2a0c81a11236b5263eb4ed59
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

www.5pj5m5m.one Open in urlscan Pro 89.46.104.47 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

76 %HTTPS

40 %IPv6

8 Domains

11 Subdomains

11 IPs

4 Countries

169 kBTransfer

516 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

8 Cookies

5 Console Messages

Security Headers

Indicators

www.5pj5m5m.one Open in urlscan Pro
89.46.104.47 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

76 %
HTTPS

40 %
IPv6

8
Domains

11
Subdomains

11
IPs

4
Countries

169 kB
Transfer

516 kB
Size

8
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!