37.1.209.213
Open in
urlscan Pro
37.1.209.213
Malicious Activity!
Public Scan
Effective URL: http://37.1.209.213/xD252Hx3?host=autoankauf-in-eschweiler.de/&mark=08052022_1shab_1000k_5deHtml_320k_noSUB&keyword=...
Submission: On March 10 via manual from CO — Scanned from DE
Summary
This is the only time 37.1.209.213 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bancolombia (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 2606:4700:20:... 2606:4700:20::681a:7af | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 148.251.234.93 148.251.234.93 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 47.88.48.79 47.88.48.79 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
1 | 2a02:4780:1:2... 2a02:4780:1:276:0:39b7:63a3:3 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
1 | 20.50.153.39 20.50.153.39 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
28 | 2a02:4780:1:2... 2a02:4780:1:276:0:39b7:63a3:4 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
1 | 54.86.140.52 54.86.140.52 | 14618 (AMAZON-AES) (AMAZON-AES) | |
3 | 2a00:1450:400... 2a00:1450:4001:811::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:806::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2001:4860:480... 2001:4860:4802:32::36 | 15169 (GOOGLE) (GOOGLE) | |
1 | 37.1.209.213 37.1.209.213 | 29802 (HVC-AS) (HVC-AS) | |
1 | 2a00:1450:400... 2a00:1450:400c:c09::9a | 15169 (GOOGLE) (GOOGLE) | |
43 | 11 |
ASN13335 (CLOUDFLARENET, US)
shorturl.asia | |
www.shorturl.asia |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
gbio2jtq8uz0wrwppm9pna.on.drv.tw |
ASN47583 (AS-HOSTINGER, CY)
mitmassets.ml |
ASN47583 (AS-HOSTINGER, CY)
www.eithmacer.tk | |
eithmacer.tk |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-86-140-52.compute-1.amazonaws.com
images-cdn.info |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
eithmacer.tk
www.eithmacer.tk eithmacer.tk |
812 KB |
4 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 25 region1.google-analytics.com — Cisco Umbrella Rank: 2388 |
20 KB |
3 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 42 |
198 KB |
2 |
drv.tw
gbio2jtq8uz0wrwppm9pna.on.drv.tw www.drv.tw — Cisco Umbrella Rank: 998773 |
1 KB |
2 |
shorturl.asia
2 redirects
shorturl.asia — Cisco Umbrella Rank: 452505 www.shorturl.asia — Cisco Umbrella Rank: 511733 |
2 KB |
1 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 76 |
359 B |
1 |
images-cdn.info
images-cdn.info — Cisco Umbrella Rank: 886149 |
229 B |
1 |
mitmassets.ml
mitmassets.ml |
9 KB |
1 |
iplogger.com
1 redirects
iplogger.com — Cisco Umbrella Rank: 361528 |
505 B |
43 | 9 |
Domain | Requested by | |
---|---|---|
27 | www.eithmacer.tk |
mitmassets.ml
|
3 | www.googletagmanager.com |
www.drv.tw
www.googletagmanager.com |
2 | region1.google-analytics.com |
www.googletagmanager.com
|
2 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | images-cdn.info |
gbio2jtq8uz0wrwppm9pna.on.drv.tw
|
1 | eithmacer.tk |
mitmassets.ml
|
1 | www.drv.tw |
gbio2jtq8uz0wrwppm9pna.on.drv.tw
|
1 | mitmassets.ml |
gbio2jtq8uz0wrwppm9pna.on.drv.tw
|
1 | gbio2jtq8uz0wrwppm9pna.on.drv.tw | |
1 | iplogger.com | 1 redirects |
1 | www.shorturl.asia | 1 redirects |
1 | shorturl.asia | 1 redirects |
43 | 13 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
drv.tw R3 |
2023-01-05 - 2023-04-05 |
3 months | crt.sh |
mitmassets.ml R3 |
2023-01-07 - 2023-04-07 |
3 months | crt.sh |
www.drv.tw GeoTrust Global TLS RSA4096 SHA256 2022 CA1 |
2022-10-26 - 2023-04-26 |
6 months | crt.sh |
eithmacer.tk ZeroSSL RSA Domain Secure Site CA |
2023-03-06 - 2023-06-04 |
3 months | crt.sh |
images-cdn.info Go Daddy Secure Certificate Authority - G2 |
2022-07-03 - 2023-06-29 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-02-20 - 2023-05-15 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2023-02-20 - 2023-05-15 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://37.1.209.213/xD252Hx3?host=autoankauf-in-eschweiler.de/&mark=08052022_1shab_1000k_5deHtml_320k_noSUB&keyword=free-spin-and-win-airtime&template=&se_referrer=
Frame ID: 43EEAC25C1803087EA400DCCE0C981B2
Requests: 43 HTTP requests in this frame
Screenshot
Page Title
404 Not FoundPage URL History Show full URLs
-
https://shorturl.asia/ZOuKw
HTTP 302
https://www.shorturl.asia//ZOuKw HTTP 302
https://iplogger.com/21rZ33 HTTP 302
https://gbio2jtq8uz0wrwppm9pna.on.drv.tw/ Page URL
- http://37.1.209.213/xD252Hx3?host=autoankauf-in-eschweiler.de/&mark=08052022_1shab_1000k_5deHtml... Page URL
Detected technologies
Google Analytics (Analytics) ExpandDetected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://shorturl.asia/ZOuKw
HTTP 302
https://www.shorturl.asia//ZOuKw HTTP 302
https://iplogger.com/21rZ33 HTTP 302
https://gbio2jtq8uz0wrwppm9pna.on.drv.tw/ Page URL
- http://37.1.209.213/xD252Hx3?host=autoankauf-in-eschweiler.de/&mark=08052022_1shab_1000k_5deHtml_320k_noSUB&keyword=free-spin-and-win-airtime&template=&se_referrer= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://shorturl.asia/ZOuKw HTTP 302
- https://www.shorturl.asia//ZOuKw HTTP 302
- https://iplogger.com/21rZ33 HTTP 302
- https://gbio2jtq8uz0wrwppm9pna.on.drv.tw/
43 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
gbio2jtq8uz0wrwppm9pna.on.drv.tw/ Redirect Chain
|
210 B 442 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rsc2.php
mitmassets.ml/ |
30 KB 9 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wd.js
www.drv.tw/inc/ |
690 B 841 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
www.eithmacer.tk/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
www.eithmacer.tk/css/ |
110 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylesheet.css
www.eithmacer.tk/css/ |
3 KB 468 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
www.eithmacer.tk/js/ |
87 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.jclock-min.js
www.eithmacer.tk/js/ |
4 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
www.eithmacer.tk/js/ |
87 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
www.eithmacer.tk/images/ |
7 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-error.png
www.eithmacer.tk/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
info.png
www.eithmacer.tk/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
demo.png
www.eithmacer.tk/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
seguridad.png
www.eithmacer.tk/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reglamento.png
www.eithmacer.tk/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
politica.png
www.eithmacer.tk/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pub.png
www.eithmacer.tk/images/ |
47 KB 47 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.jclockNew.js
www.eithmacer.tk/js/ |
8 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
200.gif
eithmacer.tk/ |
82 KB 83 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
con-a.gif
www.eithmacer.tk/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
100.gif
www.eithmacer.tk/images/ |
82 KB 82 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_font.css
www.eithmacer.tk/css/ |
110 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
www.eithmacer.tk/css/ |
4 MB 452 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
www.eithmacer.tk/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banner.svg
www.eithmacer.tk/images/ |
7 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
candado.svg
www.eithmacer.tk/images/ |
528 B 364 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Tiempo.png
www.eithmacer.tk/images/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cellphone.svg
www.eithmacer.tk/images/ |
14 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mob_logo_footer@2x.png
www.eithmacer.tk/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
superintendencia.svg
www.eithmacer.tk/images/ |
31 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
success.svg
www.eithmacer.tk/images/ |
739 B 400 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image.gif
images-cdn.info/444/ |
43 B 229 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
115 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
197 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
234 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 267 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 54 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
2 B 220 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
xD252Hx3
37.1.209.213/ |
555 B 373 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
1 B 359 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
collect
region1.google-analytics.com/g/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
collect
region1.google-analytics.com/g/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- region1.google-analytics.com
- URL
- https://region1.google-analytics.com/g/collect?v=2&tid=G-NBGQJBJMEG>m=45je3360&_p=2038947816&cid=1556362189.1678420009&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1678420008&sct=1&seg=0&dl=https%3A%2F%2Fgbio2jtq8uz0wrwppm9pna.on.drv.tw%2F&dt=&en=scroll&epn.percent_scrolled=90&_et=51&up.d2w_sid=gbio2jtq8uz0wrwppm9pna
- Domain
- region1.google-analytics.com
- URL
- https://region1.google-analytics.com/g/collect?v=2&tid=G-LHL0SH0Z7S>m=45je3360&_p=2038947816&cid=1556362189.1678420009&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1678420009&sct=1&seg=0&dl=https%3A%2F%2Fgbio2jtq8uz0wrwppm9pna.on.drv.tw%2F&dt=&en=scroll&epn.percent_scrolled=90&_et=15&up.d2w_sid=gbio2jtq8uz0wrwppm9pna
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bancolombia (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.shorturl.asia/ | Name: sess_shorturl Value: 75dn1lak6ptvjgiajb3s6amjil52k19n |
|
iplogger.com/ | Name: clhf03028ja Value: 81.95.5.39 |
|
iplogger.com/ | Name: 442734361365181735 Value: 3 |
|
gbio2jtq8uz0wrwppm9pna.on.drv.tw/ | Name: uid Value: rBSZwGQKqCZiUmTli2uDAg== |
|
.drv.tw/ | Name: _ga Value: GA1.2.1556362189.1678420009 |
|
.drv.tw/ | Name: _gid Value: GA1.2.267919230.1678420009 |
|
.drv.tw/ | Name: _gat_gtag_UA_85417367_1 Value: 1 |
|
.drv.tw/ | Name: _ga_LHL0SH0Z7S Value: GS1.1.1678420009.1.0.1678420009.0.0.0 |
|
.drv.tw/ | Name: _ga_NBGQJBJMEG Value: GS1.1.1678420008.1.0.1678420009.0.0.0 |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
eithmacer.tk
gbio2jtq8uz0wrwppm9pna.on.drv.tw
images-cdn.info
iplogger.com
mitmassets.ml
region1.google-analytics.com
shorturl.asia
stats.g.doubleclick.net
www.drv.tw
www.eithmacer.tk
www.google-analytics.com
www.googletagmanager.com
www.shorturl.asia
region1.google-analytics.com
148.251.234.93
20.50.153.39
2001:4860:4802:32::36
2606:4700:20::681a:7af
2a00:1450:4001:806::200e
2a00:1450:4001:811::2008
2a00:1450:400c:c09::9a
2a02:4780:1:276:0:39b7:63a3:3
2a02:4780:1:276:0:39b7:63a3:4
37.1.209.213
47.88.48.79
54.86.140.52
0c0de3f6bc97f62c119904265d25c39a6ef4bcee8d983681c26d69e0794e4b29
13df691e5ad1109013261983ff6272aa37353f3b28525a9e8b0b29355a1ebec4
154f6011b5877da0db5acb1e291e2192b1a66d5a95e866752567385980adbd22
16500a9442f5d74ef5441e40066fb565c8d598fbae470b7d8cd86eabc5051b41
1800e5e993450b4f547840ccb7abf5cd1f285f6cf9784b3ec23675528a49ff8c
1abcd2f7fe8d351a982065e3bd7f0bd4d7e7ac0ca399e9f290354a1931cf2d0e
2c7a6ea74a49a6adc3fad622078895e9b2589448214913d8c035764148aca7d0
2ef0d183548bde3c3a438b7ff8c074e3d9f8fcc427c9a927ed36e58b84daeee8
35500fe4c97323624f089389243374c56e666e25478685a849c2456461a6163d
364f42a09d3f64f224316745e0dbd890d8d0314f5a87d56d1ea818ae1b0f96b8
37f886a70c0f7e4dbf8b28312144c971b1da50ebae35b3527656703c8e7c8475
3948d809ecb004386fb76288a98d0e1e91eabb075de90f288c8a9d37a73fcd02
3fbcb5c2a5e1ee67614a3ab11d53c2c065ec10a02a745a1db003ffed5576e648
42ae300deb01aa4f8b80d3c50cd2b57e3d7cd25402f9f5313c078d5aa10edbd5
4d31c93eab87267a6e5e827fedd488a02c824a79ded4f00ef19f7431eaedab12
4f33b00ff60ba75c03cfd1a1a5d0be37fb7bba6718ef54bf9898a53e1c72f87f
595a7026d07b9493e1105decb18040bd4bfe0ea4bf69f36cc019b7c0478143ef
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
61541605fc80557ad8cbc03b7d7ea64e94732198e536d4618dea0cb70191eb48
7b4d681b13b2beeab7a0dbd807eac72b762dec8e3bb18410776270a51860ac86
83aae1af3f49faf159b1435378ddfd473f5b569ba4cbc8364f7b46ab6884b98b
9b82d7bf1dd3280181d4f9e2c89a2d234ab336b0e84504d3f51a664be2edaa31
aaa35316092404e43895e22c25d7a0789111df85c0236f5d3f10ab4683dd9f91
b3aa3f129e09e1e097d1cf41e7bb064a0201c150c47d4fdd4a6bb5a2c5b4ac8f
b652905a67429a0ee600ab622fd0d12e4a18e61e22723f3ddcb3ee2b8074d0a4
c6abf874d8228e1e37ece02cbd25c86ac1d64200331f7b91b085885eaa5e3074
cb074d374513bb153747eb58b4e153ef4a21e7da47a16968b2e0100d8eaad816
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e2ad3520e585168a7618386939c2a837dbfc968be7d5254e1301383403f87836
f27f79e97e6af6f6003291117a51ded4ac0271248d26e5acf840f666d12d38b2
f68c633109e951014c6c401f878be7196c8894f6723215afb18388dbbbb83f1d
fcd3de6501f5b4c3bb783db15ccdde5e0c8558a04234152dc3332156c8acba2e
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e