vepzzwfrrk1zvsrzadyfra-on.drv.tw
Open in
urlscan Pro
54.213.234.222
Malicious Activity!
Public Scan
Submission: On October 29 via manual from AU — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 14th 2021. Valid for: 3 months.
This is the only time vepzzwfrrk1zvsrzadyfra-on.drv.tw was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 54.213.234.222 54.213.234.222 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 69.16.175.10 69.16.175.10 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
1 | 104.16.18.94 104.16.18.94 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.74.200 142.250.74.200 | 15169 (GOOGLE) (GOOGLE) | |
2 | 142.250.185.142 142.250.185.142 | 15169 (GOOGLE) (GOOGLE) | |
1 | 74.125.206.156 74.125.206.156 | 15169 (GOOGLE) (GOOGLE) | |
10 | 8 |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-213-234-222.us-west-2.compute.amazonaws.com
vepzzwfrrk1zvsrzadyfra-on.drv.tw | |
drv.tw |
ASN33438 (HIGHWINDS2, US)
PTR: tlb.hwcdn.net
code.jquery.com |
ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f8.1e100.net
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f14.1e100.net
www.google-analytics.com |
ASN15169 (GOOGLE, US)
PTR: wk-in-f156.1e100.net
stats.g.doubleclick.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
drv.tw
vepzzwfrrk1zvsrzadyfra-on.drv.tw drv.tw |
26 KB |
2 |
google-analytics.com
www.google-analytics.com |
20 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
453 B |
1 |
googletagmanager.com
www.googletagmanager.com |
36 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com |
15 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
7 KB |
1 |
jquery.com
code.jquery.com |
24 KB |
10 | 7 |
Domain | Requested by | |
---|---|---|
2 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
2 | vepzzwfrrk1zvsrzadyfra-on.drv.tw |
vepzzwfrrk1zvsrzadyfra-on.drv.tw
|
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | www.googletagmanager.com |
drv.tw
|
1 | drv.tw |
vepzzwfrrk1zvsrzadyfra-on.drv.tw
|
1 | stackpath.bootstrapcdn.com |
vepzzwfrrk1zvsrzadyfra-on.drv.tw
|
1 | cdnjs.cloudflare.com |
vepzzwfrrk1zvsrzadyfra-on.drv.tw
|
1 | code.jquery.com |
vepzzwfrrk1zvsrzadyfra-on.drv.tw
|
10 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.drv.tw R3 |
2021-10-14 - 2022-01-12 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2021-10-11 - 2022-01-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://vepzzwfrrk1zvsrzadyfra-on.drv.tw/7uydfghgjui8y7t6r5ersfgnhjmuyt/fghjkiut6yrte5y6u7ikjhnbgcfvx/?c=[email-]
Frame ID: AD25598040B40303BA010AAD91BBFC71
Requests: 12 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
vepzzwfrrk1zvsrzadyfra-on.drv.tw/7uydfghgjui8y7t6r5ersfgnhjmuyt/fghjkiut6yrte5y6u7ikjhnbgcfvx/ |
20 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/ |
49 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ness.js
vepzzwfrrk1zvsrzadyfra-on.drv.tw/7uydfghgjui8y7t6r5ersfgnhjmuyt/fghjkiut6yrte5y6u7ikjhnbgcfvx/m/ |
39 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wd.js
drv.tw/inc/ |
365 B 584 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
89 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
48 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
2 B 221 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
1 B 453 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery function| Popper object| bootstrap string| IOLmc string| cKCmc number| ELFmc function| Eftnc function| UXdnc function| suZjc undefined| koNjc undefined| MpQjc function| gFukc undefined| wRSkc function| QMJkc function| gZhlc function| Iallc function| gxgic object| webkitEventStorage function| AbortSignalRenderer string| $i function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.drv.tw/ | Name: uid Value: rBoO0mF7RahVcWf7VlLTAg== |
|
.drv.tw/ | Name: _ga Value: GA1.2.1747629925.1635468715 |
|
.drv.tw/ | Name: _gid Value: GA1.2.1574317788.1635468715 |
|
.drv.tw/ | Name: _gat_gtag_UA_85417367_1 Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
code.jquery.com
drv.tw
stackpath.bootstrapcdn.com
stats.g.doubleclick.net
vepzzwfrrk1zvsrzadyfra-on.drv.tw
www.google-analytics.com
www.googletagmanager.com
104.16.18.94
104.18.11.207
142.250.185.142
142.250.74.200
54.213.234.222
69.16.175.10
74.125.206.156
0215b9ad81310904be100bdbdc1a42ddf0ac9513c5f97b8e702f83f4b9baffd1
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
4de8fc175826d9f78fce9f9f2b71a63fe832fc7507e0394125c823b0909fa54a
621f59e87c01610c253ac2f9c3f8f7df5f6492c1d2f804088948278849124b33
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bf87a4d20a05c51b607b734f0b6e4d818ece20347b5be1a0f0f73ce49835ef4
964b4e6a2746d63bff136a628753bbe96f077ba2181a846547690bc1ec6a1d6a
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62