a3zl2blksup5vtuko91ajq-on.drv.tw
Open in
urlscan Pro
47.254.47.165
Malicious Activity!
Public Scan
Effective URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Submission: On January 13 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on December 16th 2019. Valid for: 3 months.
This is the only time a3zl2blksup5vtuko91ajq-on.drv.tw was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 15 | 47.254.47.165 47.254.47.165 | 45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.) | |
2 2 | 2a00:1450:400... 2a00:1450:4001:824::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::2001 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:806::2001 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:821::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:400c:c04::9d | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
19 | 7 |
ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
a3zl2blksup5vtuko91ajq-on.drv.tw | |
drv.tw |
ASN15169 (GOOGLE - Google LLC, US)
drive.google.com |
ASN15169 (GOOGLE - Google LLC, US)
doc-14-4c-docs.googleusercontent.com |
ASN15169 (GOOGLE - Google LLC, US)
doc-00-4c-docs.googleusercontent.com |
ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com |
ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com |
ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
drv.tw
3 redirects
a3zl2blksup5vtuko91ajq-on.drv.tw drv.tw |
66 KB |
2 |
google-analytics.com
1 redirects
www.google-analytics.com |
18 KB |
2 |
googleusercontent.com
doc-14-4c-docs.googleusercontent.com doc-00-4c-docs.googleusercontent.com |
24 KB |
2 |
google.com
2 redirects
drive.google.com |
1 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
110 B |
1 |
googletagmanager.com
www.googletagmanager.com |
27 KB |
0 |
uzone.id
Failed
cfs2.uzone.id Failed |
|
0 |
u-ad.info
Failed
cfs.u-ad.info Failed |
|
19 | 8 |
Domain | Requested by | |
---|---|---|
14 | a3zl2blksup5vtuko91ajq-on.drv.tw |
3 redirects
a3zl2blksup5vtuko91ajq-on.drv.tw
|
2 | www.google-analytics.com |
1 redirects
www.googletagmanager.com
|
2 | drive.google.com | 2 redirects |
1 | stats.g.doubleclick.net |
a3zl2blksup5vtuko91ajq-on.drv.tw
|
1 | www.googletagmanager.com |
drv.tw
|
1 | drv.tw |
a3zl2blksup5vtuko91ajq-on.drv.tw
|
1 | doc-00-4c-docs.googleusercontent.com |
a3zl2blksup5vtuko91ajq-on.drv.tw
|
1 | doc-14-4c-docs.googleusercontent.com |
a3zl2blksup5vtuko91ajq-on.drv.tw
|
0 | cfs2.uzone.id Failed |
a3zl2blksup5vtuko91ajq-on.drv.tw
|
0 | cfs.u-ad.info Failed |
a3zl2blksup5vtuko91ajq-on.drv.tw
|
19 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.youtube.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.drv.tw Let's Encrypt Authority X3 |
2019-12-16 - 2020-03-15 |
3 months | crt.sh |
*.googleusercontent.com GTS CA 1O1 |
2019-12-10 - 2020-03-03 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2019-12-10 - 2020-03-03 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2019-12-10 - 2020-03-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Frame ID: A0B39917C63B29806454E5290D561008
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
HTTP 307
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
HTTP 307
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/fbsecurity.png HTTP 302
- https://drive.google.com/uc?id=0B2LaLEdPRn9VSFdsTl9XUFRXSDA HTTP 302
- https://doc-14-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9kal265167l557939626f6edg1639u6g/1578924000000/00245291201952525773/*/0B2LaLEdPRn9VSFdsTl9XUFRXSDA
- https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/icon.png HTTP 302
- https://drive.google.com/uc?id=0B2LaLEdPRn9VVVpCd2lneUxFZTg HTTP 302
- https://doc-00-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gv7njco8tei1a0cl9u3a8o65obj3dejh/1578924000000/00245291201952525773/*/0B2LaLEdPRn9VVVpCd2lneUxFZTg
- https://www.google-analytics.com/r/collect?v=1&_v=j79&a=489406348&t=pageview&_s=1&dl=https%3A%2F%2Fa3zl2blksup5vtuko91ajq-on.drv.tw%2Fpage%2Fincorrect_email.html&ul=en-us&de=windows-1252&dt=Facebook&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1327339940&gjid=1409507596&cid=1420500792.1578925549&tid=UA-85417367-1&_gid=207436481.1578925549&_r=1>m=2ou121&z=1271222521 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85417367-1&cid=1420500792.1578925549&jid=1327339940&_gid=207436481.1578925549&gjid=1409507596&_v=j79&z=1271222521
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
incorrect_email.html
a3zl2blksup5vtuko91ajq-on.drv.tw/page/ Redirect Chain
|
10 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
k7LsZ6Kzebp.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/ |
2 KB 952 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RdxXuLZOwAp.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/ |
105 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
INa-j1hStsU.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/ |
35 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
diMQkJ1Odg6.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1Vv4bii7bxR.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/ |
15 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IFFDgrjmTDl.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1j-MOx9XPgA.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
VLogo77go.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/ |
341 B 555 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QSUIFyb0MPk.js
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0B2LaLEdPRn9VSFdsTl9XUFRXSDA
doc-14-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9kal265167l557939626f6edg1639u6g/1578924000000/00245291201952525773/*/ Redirect Chain
|
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0B2LaLEdPRn9VVVpCd2lneUxFZTg
doc-00-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gv7njco8tei1a0cl9u3a8o65obj3dejh/1578924000000/00245291201952525773/*/ Redirect Chain
|
10 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wd.js
drv.tw/inc/ |
365 B 540 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/ |
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
73 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
request
cfs.u-ad.info/cfspushadsv2/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
request
cfs2.uzone.id/cfspushadsv2/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
stats.g.doubleclick.net/r/ Redirect Chain
|
35 B 110 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cfs.u-ad.info
- URL
- https://cfs.u-ad.info/cfspushadsv2/request?id=1&enc=telkom2¶ms=4TtHaUQnUEiP6K%2fc5C582Ltpw5OIinlRzTN45TEb7SgaoNzYAu%2b17DvV55T7UnP7mTx43LyWkcy9gmrAhdkQUGBdSfeE%2bnEFPkOOyvQ78RlTdCxeultvrfxTdsWRENSQf7zO1QSGIxRDv7nZJrawHQRQxcWENuJzj9lPvG8D87XTqj8AvXV8nIPh7%2fiNp%2bCm2P%2fEyRsfkEWuKIV%2b%2fOkTzFvMATsxKKqA9r5EJwbrqtTqJWXdt%2fCc%2bL2pAVO3DOEjndubZpc%2fbHTzVUBgfp2UK%2bjohgY54m3%2f7scPZl5gkiaCnkZuunUidARE223qKzlZoTMzYWFk5udrC9%2bnh6nT%2fW5V1KobAK%2b5rK6mFYtqUEUp%2fKNwaWkXSeOVenYTSUVbT3vQOPjb3lpQIliz6Bv5lg5RcLTP85BL9DLskbdwxUYI8%2bn%2fOA4AwDMTKawKXuJIpyyYxrDVJ9yV48RkaIzdGDwqrEQEWSN3lu4DQgBDszuc9DPlNC7ZcUvhzOTBjsCd2iVyKD841JsfKQJp4vk0k1%2bedhJ8K%2fahcSx4GSCbCgwzz%2bSO5pb6rp0vkdGlWOKpuuvV5cEE8FKRnwVlH9H%2byUu8uI%2bQ2UT%2bNEama7vuakHBg8Uq%2fKWs5RTPEUxqH8Y4O7nKJkQOln4QLvb%2ffaHuz%2f%2buCKfcmjLqUz5hPVGcSvL3dMh5r1m4iAGsOlG12iiWaMFhl73MeSlRE0m6MgDQDKm4hNbXmJ3eMvz7xbkYOXQ%3d&idc_r=6507336702&domain=a3zl2blksup5vtuko91ajq-on.drv.tw&sw=1600&sh=1200
- Domain
- cfs2.uzone.id
- URL
- https://cfs2.uzone.id/cfspushadsv2/request?id=1&enc=telkom2¶ms=4TtHaUQnUEiP6K%2fc5C582ECSaLdwqSpnPYhpf2iTBJeEnCYG1MTzge1FZ9Rt9a%2bJUjYDTT2qT9w8SJcz9m6O3GV5qIm3vQRMn1eN4IFhMQkxpPuQTg9vzO3KexLuGGwETMMLazHsbgC6z2M%2fGpintiLNZOKRGHWNw1oEC%2b80vMr1KorxNmpbSvmmtkl8z8HI7yZszNz0kVSgD7RE3jHfNiZ5Vvy%2fo827mKvAx7vltbxZlrWfRzOIFNACCj3vqeo9T3QYtujgSKVNKndM%2bxyh1CgsJDd89MLKvP8mn%2bgX%2bfkHHDg8gQlluecSYtyOFBB8Qy6m5gIjbgTLv%2bPEXnQ0QAN0DtCrj54Ih%2fEoZjngpYl%2fXxLy8WVGQGiv7vnnj7DXTpI3LKTjf%2bc9O7zOucCYvqBTS9gjyOvD1Iu2fUG8SVSp3s3SCxAAQaTX5zX1wQNNTqcW2VxH3U9EfiF3FTccPGzFt1xhinMAa19sbkgUbZTxkKrsxgIofa3y9tC3wXDIkJJd5Fletl5HE5w5OHm4Wb8zAnH0Elyqswj16YNnvKA%3d&idc_r=2098315915&domain=a3zl2blksup5vtuko91ajq-on.drv.tw&sw=1600&sh=1200
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)26 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate number| __DEV__ function| define function| require function| requireDynamic function| requireLazy function| __d function| __e object| JX number| hasDeadImage object| MViewportPrelude function| Form1_Validator object| shortcut function| netbro_cache_analytics function| sync function| requestCfs function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.drv.tw/ | Name: _gat_gtag_UA_85417367_1 Value: 1 |
|
.drv.tw/ | Name: uid Value: rBEORV4cfe6nUDAjBTMCAg== |
|
.drv.tw/ | Name: _gid Value: GA1.2.207436481.1578925549 |
|
.drv.tw/ | Name: _ga Value: GA1.2.1420500792.1578925549 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a3zl2blksup5vtuko91ajq-on.drv.tw
cfs.u-ad.info
cfs2.uzone.id
doc-00-4c-docs.googleusercontent.com
doc-14-4c-docs.googleusercontent.com
drive.google.com
drv.tw
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
cfs.u-ad.info
cfs2.uzone.id
2a00:1450:4001:806::2001
2a00:1450:4001:820::2001
2a00:1450:4001:821::2008
2a00:1450:4001:821::200e
2a00:1450:4001:824::200e
2a00:1450:400c:c04::9d
47.254.47.165
06337152ac163e643d15926d44a76e00007fc052b6608a2de1d9571c4d85ab78
06843a9f0ddc5fed3d1fb0d420195a43f5cd9be2209c3c889bc214ee5bb5657b
119935c3c8211af18cf3f1082f0544529c89d3019a9a9ed964efc93714b608a1
29c829169f16b3ef04548b1283f299affccb5a9aea7f1e36557baba80d9d72ed
36cde7d0ca59d234763c29e05585c5b5c5a58737ed788693ea2ced40e2e9d5a9
3cb38c0015ac502e1101a8619a73aa550758c6c8764487287cbc59ef8cb14f82
5cc83fcd3aa16ffcf007f81a43e8618639bbccc9ca174059a3696111cd413421
621f59e87c01610c253ac2f9c3f8f7df5f6492c1d2f804088948278849124b33
6c19a05a0eb40122d548ace01bec8f6902aa60df27f8e3caafecb76e84ecf518
71262a119250662e3964e7a7095df56ee35b8b0102e9bb5ba63c779ed7b01721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8440eff1a8ab22fb1a5ee0861c2913be96342ed3235b3b28bb5c295cbd706d23
8e0dfd331b1d82b104253734378a0067c7c97529c73fd398b2377bbf994c72a8
a23faaf3c17c98031799d70ccff8d24f8510922e6a50ea319e93951a416aede2
cd8fb946ef1c5efd94bfe1507eb7a9fbf3e6737ff2085da1b5728a06cfb4bf9e
d22b696b836d253f133724f135410fc743224e7f1e20a20908fc38067529591b
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a