water.c0m.li Open in urlscan Pro
159.65.71.145 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u.nu/hhfhfhfhf
Effective URL:
https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Submission: On November 23 via manual (November 23rd 2018, 7:01:48 pm UTC) from US

Summary HTTP 19 Redirects Links 13 Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 159.65.71.145, located in Dallas, United States and belongs to DIGITALOCEAN-ASN - DigitalOcean, LLC, US. The main domain is water.c0m.li.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 22nd 2018. Valid for: 3 months.

This is the only time water.c0m.li was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Earthlink (Telecommunication)

Domain & IP information

	IP Address		AS Autonomous System
1 1	2a07:d880::5 2a07:d880::5		43357 (OWL Owl L...) (OWL Owl Limited)
18	159.65.71.145 159.65.71.145		14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
1 2	172.82.212.52 172.82.212.52		15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
19	2

1 2a07:d880::5 (None, ) 1 redirects

ASN43357 (OWL Owl Limited, EE)

u.nu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 159.65.71.145 (Dallas, United States)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)

water.c0m.li	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.82.212.52 (Lehi, United States) 1 redirects

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: earthlink.net.102.122.2o7.net

s.earthlink.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	c0m.li water.c0m.li	382 KB
2	earthlink.net 1 redirects s.earthlink.net	2 KB
1	u.nu 1 redirects u.nu	305 B
19	3

	Domain	Requested by
18	water.c0m.li	water.c0m.li
2	s.earthlink.net	1 redirects water.c0m.li
1	u.nu	1 redirects
19	3

This site contains links to these domains. Also see Links.

Domain
www.earthlink.net
webmail.earthlink.net
myaccount.earthlink.net
support.earthlink.net
www.facebook.com
twitter.com
my.earthlink.net

Subject Issuer	Validity	Valid
water.c0m.li Let's Encrypt Authority X3	`2018-11-22` - `2019-02-20`	3 months	crt.sh
s.earthlink.net COMODO RSA Organization Validation Secure Server CA	`2016-02-02` - `2019-02-01`	3 years	crt.sh

This page contains 2 frames:

Primary Page: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Frame ID: 484A97D0488AB4332BDF3123ABA0C7DA
Requests: 18 HTTP requests in this frame

Frame: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/saved_resource.html
Frame ID: FF3B233EF944165304C2EFA6D820E3C5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://u.nu/hhfhfhfhf HTTP 301
https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Outbrain (Widgets) Expand

Overall confidence: 100%
Detected patterns

env /^(?:OutbrainPermaLink|OB_releaseVer)$/i

SiteCatalyst (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\/s[_-]code.*\.js/i
env /^s_(?:account|objectID|code|INST)$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

19
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

383 kB
Transfer

378 kB
Size

3
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.earthlink.net/

Search URL Search Domain Scan URL

URL: https://webmail.earthlink.net/

Search URL Search Domain Scan URL

URL: https://myaccount.earthlink.net/
Title: My Account

Search URL Search Domain Scan URL

URL: https://support.earthlink.net/
Title: Support

Search URL Search Domain Scan URL

URL: https://www.earthlink.net/webmail/mobile/?CampaignID=MS:E:164:tech_tip:www_page
Title: MyEarthLink App!

Search URL Search Domain Scan URL

URL: https://support.earthlink.net/articles/email/imap-email.php
Title: IMAP: Now Available!

Search URL Search Domain Scan URL

URL: https://www.facebook.com/earthlink

Search URL Search Domain Scan URL

URL: https://twitter.com/earthlink

Search URL Search Domain Scan URL

URL: https://myaccount.earthlink.net/cam/passmain.jsp
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: http://www.earthlink.net/about/policies/
Title: Policies and Agreements

Search URL Search Domain Scan URL

URL: http://www.earthlink.net/about/policies/use.faces?add=1
Title: Acceptable Use Policy.

Search URL Search Domain Scan URL

URL: http://www.earthlink.net/about/policies/privacy/
Title: EarthLink Privacy Policy

Search URL Search Domain Scan URL

URL: http://my.earthlink.net/channel/feedback/?cgid=87
Title: Feedback

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u.nu/hhfhfhfhf HTTP 301
https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://s.earthlink.net/b/ss/earthlnkpsplive/1/H.17/s03476204304953?AQB=1&ndh=1&t=23/10/2018%2019%3A1%3A32%205%200&vmt=4A785FB7&g=https%3A//water.c0m.li/cil/earthlinx/myEarthLink%2520Secure%2520Login.html&cc=USD&ch=myEarthLink%20Secure%20Login&c1=cg%3A87&c3=out&c4=Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_13_5%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/67.0.3396.87%20Safari/537.36&c21=NO_UUID&v21=NO_UUID&c22=NO_ZIP&v22=NO_ZIP&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
https://s.earthlink.net/b/ss/earthlnkpsplive/1/H.17/s03476204304953?AQB=1&pccr=true&vidn=2DFC27468507EB63-4000010B8000B640&&ndh=1&t=23/10/2018%2019%3A1%3A32%205%200&vmt=4A785FB7&g=https%3A//water.c0m.li/cil/earthlinx/myEarthLink%2520Secure%2520Login.html&cc=USD&ch=myEarthLink%20Secure%20Login&c1=cg%3A87&c3=out&c4=Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_13_5%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/67.0.3396.87%20Safari/537.36&c21=NO_UUID&v21=NO_UUID&c22=NO_ZIP&v22=NO_ZIP&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request myEarthLink%20Secure%20Login.html Show response
water.c0m.li/cil/earthlinx/
Redirect Chain

https://u.nu/hhfhfhfhf
https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html

11 KB
11 KB

533ms
172ms

Document
text/html

159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 979346a2ac7f149b93abd9777ca6407300f6e8bab341e7ec958354a8f9232ea5

Request headers

Host: water.c0m.li
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:31 GMT
Server: Apache
Last-Modified: Fri, 06 Jul 2018 00:40:04 GMT
Accept-Ranges: bytes
Content-Length: 10973
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

status: 301
server: nginx
date: Fri, 23 Nov 2018 19:01:31 GMT
content-type: text/html; charset=UTF-8
location: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-custom-job: If you see this header, please contact hello@xtom.com for a job

GET
H/1.1 200
OK get Show response
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 2 KB
2 KB 173ms
172ms Script
text/plain 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/get
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 0b2d5239c939743140b96b98c98c33d539161496b9d22d82d02c73af9d776a46

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:32 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:20 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1579

GET
H/1.1 200
OK bootstrap.min.css
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 122 KB
122 KB 345ms
172ms Stylesheet
text/css 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/bootstrap.min.css
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 9bf87f7140c085febf881462c536ee73cf9183670811342d3dc1fd0f7a762a0d

Request headers

Pragma: no-cache
Origin: https://water.c0m.li
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Origin: https://water.c0m.li

Response headers

Date: Fri, 23 Nov 2018 19:01:32 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:20 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 124962

GET
H/1.1 200
OK jquery-3.2.1.slim.min.js.download Show response
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 68 KB
68 KB 641ms
161ms Script
application/javascript 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/jquery-3.2.1.slim.min.js.download
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Pragma: no-cache
Origin: https://water.c0m.li
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Origin: https://water.c0m.li

Response headers

Date: Fri, 23 Nov 2018 19:01:32 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:20 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 69597

GET
H/1.1 200
OK s_code.js.download Show response
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 18 KB
18 KB 641ms
161ms Script
application/javascript 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/s_code.js.download
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 7769eef08de59d070e1fedf01a59b47770dfbf0e386ecd0b49ef50753665d6a4

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:32 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:22 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 18300

GET
H/1.1 200
OK elnk_logo.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 11 KB
11 KB 674ms
172ms Image
image/png 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/elnk_logo.png
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: b72865c6b577b87b4628d9923a04ac037ff3f0e4e63658394942965ec3c04b58

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:32 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:22 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 10817

GET
H/1.1 200
OK enhanced_by_google.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 5 KB
5 KB 172ms
171ms Image
image/png 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/enhanced_by_google.png
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 29459dd1e4566c297c1a27c78bbebb3bca144d246e97e1494c12c59298cc5546

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:32 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:22 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 5029

GET
H/1.1 200
OK mag_button_smaller.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 4 KB
4 KB 161ms
161ms Image
image/png 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/mag_button_smaller.png
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 7abf8fd346f413ae2fd27ef7d5fd95d0b72a4e15d6e7a59d5c4204cbde5c324e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:33 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:22 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3589

GET
H/1.1 200
OK webmail_icon.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 2 KB
3 KB 162ms
161ms Image
image/png 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/webmail_icon.png
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 2c4e94821b47cf33602ff80defc9d0f3085447dd0d25d5c2c7839b65560301ca

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:33 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:22 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2377

GET
H/1.1 200
OK gear_icon.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 3 KB
3 KB 173ms
172ms Image
image/png 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/gear_icon.png
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: db42be4b42f924f73a72a5878fa21f9a3e6d375715625ff30971f07f138deb94

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:33 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:22 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 2629

GET
H/1.1 200
OK facebook.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 2 KB
2 KB 175ms
175ms Image
image/png 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/facebook.png
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 2f212a6c52aa781c6c3aa834a70eaa2ca0b1fc627ceeab4ae5d87bd6bd961e18

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Connection: keep-alive
Cache-Control: no-cache
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:33 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:22 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1917

GET
H/1.1 200
OK twitter.png
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 2 KB
2 KB 292ms
161ms Image
image/png 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/twitter.png
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 46b2ccda52249b86593a44bad556801f0a5783c73bf56b15ef56aa67013950c9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Cookie: s_cc=true; gpv_p5=no%20value; s_sq=%5B%5BB%5D%5D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:33 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:22 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 2001

GET
H/1.1 200
OK widgetGlobalEvent Show response
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 4 B
218 B 161ms
161ms Script
text/plain 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/widgetGlobalEvent
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Cookie: s_cc=true; gpv_p5=no%20value; s_sq=%5B%5BB%5D%5D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:33 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:24 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 4

GET
H/1.1 200
OK outbrain.js.download Show response
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 61 KB
62 KB 186ms
172ms Script
application/javascript 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/outbrain.js.download
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 17c5de1e2baed4a56701eb883099236177fe9234c92416d31ebce7a0cdddbcac

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Cookie: s_cc=true; gpv_p5=no%20value; s_sq=%5B%5BB%5D%5D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:33 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:24 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 62732

GET
H/1.1 200
OK popper.min.js.download Show response
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 19 KB
19 KB 500ms
172ms Script
application/javascript 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/popper.min.js.download
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 5292e677fe712c80863414e9e73f3678d86d409f751392b6803b70a949fc1017

Request headers

Pragma: no-cache
Origin: https://water.c0m.li
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Origin: https://water.c0m.li

Response headers

Date: Fri, 23 Nov 2018 19:01:32 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:24 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 19033

GET
H/1.1 200
OK bootstrap.min.js.download Show response
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ 50 KB
50 KB 172ms
172ms Script
application/javascript 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/bootstrap.min.js.download
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b

Request headers

Pragma: no-cache
Origin: https://water.c0m.li
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Origin: https://water.c0m.li

Response headers

Date: Fri, 23 Nov 2018 19:01:32 GMT
Last-Modified: Tue, 24 Oct 2017 09:55:24 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 51143

GET
H/1.1

200
OK

s03476204304953
s.earthlink.net/b/ss/earthlnkpsplive/1/H.17/
Redirect Chain

https://s.earthlink.net/b/ss/earthlnkpsplive/1/H.17/s03476204304953?AQB=1&ndh=1&t=23/10/2018%2019%3A1%3A32%205%200&vmt=4A785FB7&g=https%3A//water.c0m.li/cil/earthlinx/myEarthLink%2520Secure%2520Log...
https://s.earthlink.net/b/ss/earthlnkpsplive/1/H.17/s03476204304953?AQB=1&pccr=true&vidn=2DFC27468507EB63-4000010B8000B640&&ndh=1&t=23/10/2018%2019%3A1%3A32%205%200&vmt=4A785FB7&g=https%3A//water.c...

43 B
723 B

98ms
97ms

Image
image/gif

172.82.212.52
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.earthlink.net/b/ss/earthlnkpsplive/1/H.17/s03476204304953?AQB=1&pccr=true&vidn=2DFC27468507EB63-4000010B8000B640&&ndh=1&t=23/10/2018%2019%3A1%3A32%205%200&vmt=4A785FB7&g=https%3A//water.c0m.li/cil/earthlinx/myEarthLink%2520Secure%2520Login.html&cc=USD&ch=myEarthLink%20Secure%20Login&c1=cg%3A87&c3=out&c4=Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_13_5%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/67.0.3396.87%20Safari/537.36&c21=NO_UUID&v21=NO_UUID&c22=NO_ZIP&v22=NO_ZIP&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Requested by

Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.82.212.52 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),

Reverse DNS

earthlink.net.102.122.2o7.net

Software

Omniture DC/2.0.0 /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:33 GMT
X-Content-Type-Options: nosniff
X-C: ms-6.5.1
P3P: CP="This is not a P3P policy"
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Sat, 24 Nov 2018 19:01:33 GMT
Server: Omniture DC/2.0.0
xserver: www47
ETag: "3313566609670897664-4644232687354160338"
Vary: *
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Expires: Thu, 22 Nov 2018 19:01:33 GMT

Redirect headers

Date: Fri, 23 Nov 2018 19:01:33 GMT
X-Content-Type-Options: nosniff
X-C: ms-6.5.1
P3P: CP="This is not a P3P policy"
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Sat, 24 Nov 2018 19:01:33 GMT
Server: Omniture DC/2.0.0
xserver: www92
Location: https://s.earthlink.net/b/ss/earthlnkpsplive/1/H.17/s03476204304953?AQB=1&pccr=true&vidn=2DFC27468507EB63-4000010B8000B640&&ndh=1&t=23/10/2018%2019%3A1%3A32%205%200&vmt=4A785FB7&g=https%3A//water.c0m.li/cil/earthlinx/myEarthLink%2520Secure%2520Login.html&cc=USD&ch=myEarthLink%20Secure%20Login&c1=cg%3A87&c3=out&c4=Mozilla/5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_13_5%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/67.0.3396.87%20Safari/537.36&c21=NO_UUID&v21=NO_UUID&c22=NO_ZIP&v22=NO_ZIP&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Expires: Thu, 22 Nov 2018 19:01:33 GMT

GET
H/1.1 404
Not Found signin_img_2.jpg
water.c0m.li/img/signin/ 344 B
344 B 181ms
172ms Image
text/html 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://water.c0m.li/img/signin/signin_img_2.jpg
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 333f4216a9e8db7733ab783c873dc1df37f7f3e5e2990e41180ea27ad3b823d6

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: water.c0m.li
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Cookie: s_cc=true; gpv_p5=no%20value; s_sq=%5B%5BB%5D%5D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 23 Nov 2018 19:01:33 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 344
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK saved_resource.html Show response
water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/ Frame FF3B 149 B
390 B 177ms
172ms Document
text/html 159.65.71.145
DigitalOcean

General

Check archive.org

Show headers Download Go to

Full URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login_files/saved_resource.html
Requested by: Host: water.c0m.li
URL: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.65.71.145 Dallas, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: Apache /
Resource Hash: 97f9b10039b05e1af4a3c9b778fc72ba44cf68a376e4ec1d55f2558f16cf3e50

Request headers

Host: water.c0m.li
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html
Accept-Encoding: gzip, deflate
Cookie: s_cc=true; gpv_p5=no%20value; s_sq=%5B%5BB%5D%5D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://water.c0m.li/cil/earthlinx/myEarthLink%20Secure%20Login.html

Response headers

Date: Fri, 23 Nov 2018 19:01:33 GMT
Server: Apache
Last-Modified: Tue, 24 Oct 2017 09:55:24 GMT
Accept-Ranges: bytes
Content-Length: 149
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Earthlink (Telecommunication)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| urlParams string| s_account object| s function| s_doPlugins string| s_code string| s_objectID function| s_gi function| s_r function| s_d function| s_fe function| s_fa function| s_ft function| s_c object| s_c_il number| s_c_in string| widgetsOpen string| tcdacmd object| s_i_earthlnkpsplive string| csrfToken function| Popper object| OBR string| OB_releaseVer function| OBR$ object| outbrain object| outbrain_rater

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.c0m.li/	1969-12-31 23:59:59	Name: s_sq Value: %5B%5BB%5D%5D
			.c0m.li/	1970-01-18 20:36:41	Name: gpv_p5 Value: no%20value
			.c0m.li/	1969-12-31 23:59:59	Name: s_cc Value: true

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s.earthlink.net
u.nu
water.c0m.li
159.65.71.145
172.82.212.52
2a07:d880::5
0b2d5239c939743140b96b98c98c33d539161496b9d22d82d02c73af9d776a46
0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b
17c5de1e2baed4a56701eb883099236177fe9234c92416d31ebce7a0cdddbcac
29459dd1e4566c297c1a27c78bbebb3bca144d246e97e1494c12c59298cc5546
2c4e94821b47cf33602ff80defc9d0f3085447dd0d25d5c2c7839b65560301ca
2f212a6c52aa781c6c3aa834a70eaa2ca0b1fc627ceeab4ae5d87bd6bd961e18
333f4216a9e8db7733ab783c873dc1df37f7f3e5e2990e41180ea27ad3b823d6
46b2ccda52249b86593a44bad556801f0a5783c73bf56b15ef56aa67013950c9
5292e677fe712c80863414e9e73f3678d86d409f751392b6803b70a949fc1017
7769eef08de59d070e1fedf01a59b47770dfbf0e386ecd0b49ef50753665d6a4
7abf8fd346f413ae2fd27ef7d5fd95d0b72a4e15d6e7a59d5c4204cbde5c324e
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
979346a2ac7f149b93abd9777ca6407300f6e8bab341e7ec958354a8f9232ea5
97f9b10039b05e1af4a3c9b778fc72ba44cf68a376e4ec1d55f2558f16cf3e50
9bf87f7140c085febf881462c536ee73cf9183670811342d3dc1fd0f7a762a0d
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b72865c6b577b87b4628d9923a04ac037ff3f0e4e63658394942965ec3c04b58
db42be4b42f924f73a72a5878fa21f9a3e6d375715625ff30971f07f138deb94