a3zl2blksup5vtuko91ajq-on.drv.tw Open in urlscan Pro
47.254.47.165  Malicious Activity! Public Scan

Submitted URL: http://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Effective URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Submission: On January 13 via api from US

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 19 HTTP transactions. The main IP is 47.254.47.165, located in San Mateo, United States and belongs to CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN. The main domain is a3zl2blksup5vtuko91ajq-on.drv.tw.
TLS certificate: Issued by Let's Encrypt Authority X3 on December 16th 2019. Valid for: 3 months.
This is the only time a3zl2blksup5vtuko91ajq-on.drv.tw was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
3 15 47.254.47.165 45102 (CNNIC-ALI...)
2 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
19 7
Domain Requested by
14 a3zl2blksup5vtuko91ajq-on.drv.tw 3 redirects a3zl2blksup5vtuko91ajq-on.drv.tw
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 drive.google.com 2 redirects
1 stats.g.doubleclick.net a3zl2blksup5vtuko91ajq-on.drv.tw
1 www.googletagmanager.com drv.tw
1 drv.tw a3zl2blksup5vtuko91ajq-on.drv.tw
1 doc-00-4c-docs.googleusercontent.com a3zl2blksup5vtuko91ajq-on.drv.tw
1 doc-14-4c-docs.googleusercontent.com a3zl2blksup5vtuko91ajq-on.drv.tw
0 cfs2.uzone.id Failed a3zl2blksup5vtuko91ajq-on.drv.tw
0 cfs.u-ad.info Failed a3zl2blksup5vtuko91ajq-on.drv.tw
19 10

This site contains links to these domains. Also see Links.

Domain
www.youtube.com
Subject Issuer Validity Valid
*.drv.tw
Let's Encrypt Authority X3
2019-12-16 -
2020-03-15
3 months crt.sh
*.googleusercontent.com
GTS CA 1O1
2019-12-10 -
2020-03-03
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2019-12-10 -
2020-03-03
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2019-12-10 -
2020-03-03
3 months crt.sh

This page contains 1 frames:

Primary Page: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Frame ID: A0B39917C63B29806454E5290D561008
Requests: 19 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html HTTP 307
    https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

19
Requests

89 %
HTTPS

86 %
IPv6

8
Domains

10
Subdomains

7
IPs

3
Countries

134 kB
Transfer

328 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html HTTP 307
    https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/fbsecurity.png HTTP 302
  • https://drive.google.com/uc?id=0B2LaLEdPRn9VSFdsTl9XUFRXSDA HTTP 302
  • https://doc-14-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9kal265167l557939626f6edg1639u6g/1578924000000/00245291201952525773/*/0B2LaLEdPRn9VSFdsTl9XUFRXSDA
Request Chain 10
  • https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/icon.png HTTP 302
  • https://drive.google.com/uc?id=0B2LaLEdPRn9VVVpCd2lneUxFZTg HTTP 302
  • https://doc-00-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gv7njco8tei1a0cl9u3a8o65obj3dejh/1578924000000/00245291201952525773/*/0B2LaLEdPRn9VVVpCd2lneUxFZTg
Request Chain 17
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=489406348&t=pageview&_s=1&dl=https%3A%2F%2Fa3zl2blksup5vtuko91ajq-on.drv.tw%2Fpage%2Fincorrect_email.html&ul=en-us&de=windows-1252&dt=Facebook&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1327339940&gjid=1409507596&cid=1420500792.1578925549&tid=UA-85417367-1&_gid=207436481.1578925549&_r=1&gtm=2ou121&z=1271222521 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85417367-1&cid=1420500792.1578925549&jid=1327339940&_gid=207436481.1578925549&gjid=1409507596&_v=j79&z=1271222521

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request incorrect_email.html
a3zl2blksup5vtuko91ajq-on.drv.tw/page/
Redirect Chain
  • http://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
  • https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
10 KB
5 KB
Document
General
Full URL
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
47.254.47.165 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
36cde7d0ca59d234763c29e05585c5b5c5a58737ed788693ea2ced40e2e9d5a9

Request headers

:method
GET
:authority
a3zl2blksup5vtuko91ajq-on.drv.tw
:scheme
https
:path
/page/incorrect_email.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
cookie
uid=rBEORV4cfeinUDAjBTLmAg==
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status
200
server
nginx/1.14.0 (Ubuntu)
date
Mon, 13 Jan 2020 14:25:46 GMT
content-type
text/html
last-modified
Tue, 22 Aug 2017 05:52:18 GMT
vary
Accept-Encoding
content-encoding
gzip
x-cache
BYPASS

Redirect headers

Server
nginx/1.14.0 (Ubuntu)
Date
Mon, 13 Jan 2020 14:25:44 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Upgrade-Insecure-Requests
Location
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
X-Cache
BYPASS
Set-Cookie
uid=rBEORV4cfeinUDAjBTLmAg==; domain=.drv.tw; path=/
k7LsZ6Kzebp.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/
2 KB
952 B
Stylesheet
General
Full URL
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/k7LsZ6Kzebp.css
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
47.254.47.165 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
8440eff1a8ab22fb1a5ee0861c2913be96342ed3235b3b28bb5c295cbd706d23

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 14:25:48 GMT
content-encoding
gzip
last-modified
Tue, 22 Aug 2017 05:52:22 GMT
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
x-cache
BYPASS
content-type
text/css
status
200
RdxXuLZOwAp.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/
105 KB
34 KB
Stylesheet
General
Full URL
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/RdxXuLZOwAp.css
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
47.254.47.165 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
3cb38c0015ac502e1101a8619a73aa550758c6c8764487287cbc59ef8cb14f82

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 14:25:48 GMT
content-encoding
gzip
last-modified
Tue, 22 Aug 2017 05:52:22 GMT
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
x-cache
BYPASS
content-type
text/css
status
200
INa-j1hStsU.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/
35 KB
9 KB
Stylesheet
General
Full URL
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/INa-j1hStsU.css
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
47.254.47.165 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
cd8fb946ef1c5efd94bfe1507eb7a9fbf3e6737ff2085da1b5728a06cfb4bf9e

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 14:25:47 GMT
content-encoding
gzip
last-modified
Tue, 22 Aug 2017 05:52:22 GMT
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
x-cache
BYPASS
content-type
text/css
status
200
diMQkJ1Odg6.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/
4 KB
2 KB
Stylesheet
General
Full URL
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/diMQkJ1Odg6.css
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
47.254.47.165 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
71262a119250662e3964e7a7095df56ee35b8b0102e9bb5ba63c779ed7b01721

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 14:25:48 GMT
content-encoding
gzip
last-modified
Tue, 22 Aug 2017 05:52:19 GMT
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
x-cache
BYPASS
content-type
text/css
status
200
1Vv4bii7bxR.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/
15 KB
5 KB
Stylesheet
General
Full URL
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/1Vv4bii7bxR.css
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
47.254.47.165 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
06337152ac163e643d15926d44a76e00007fc052b6608a2de1d9571c4d85ab78

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 14:25:48 GMT
content-encoding
gzip
last-modified
Tue, 22 Aug 2017 05:52:19 GMT
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
x-cache
BYPASS
content-type
text/css
status
200
IFFDgrjmTDl.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/
1 KB
1 KB
Stylesheet
General
Full URL
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/IFFDgrjmTDl.css
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
47.254.47.165 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
6c19a05a0eb40122d548ace01bec8f6902aa60df27f8e3caafecb76e84ecf518

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 14:25:47 GMT
last-modified
Tue, 22 Aug 2017 05:52:21 GMT
server
nginx/1.14.0 (Ubuntu)
etag
0B2LaLEdPRn9VcmdLSk9pMk1zWWRMdTFtaDJKL2Vwai9pS1RBPQ
vary
Accept-Encoding
x-cache
BYPASS
content-type
text/css
status
200
accept-ranges
bytes
content-length
1292
1j-MOx9XPgA.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/
6 KB
2 KB
Stylesheet
General
Full URL
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/1j-MOx9XPgA.css
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
47.254.47.165 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
a23faaf3c17c98031799d70ccff8d24f8510922e6a50ea319e93951a416aede2

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 14:25:47 GMT
content-encoding
gzip
last-modified
Tue, 22 Aug 2017 05:52:17 GMT
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
x-cache
BYPASS
content-type
text/css
status
200
VLogo77go.css
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/
341 B
555 B
Stylesheet
General
Full URL
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/VLogo77go.css
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
47.254.47.165 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
5cc83fcd3aa16ffcf007f81a43e8618639bbccc9ca174059a3696111cd413421

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 14:25:47 GMT
last-modified
Tue, 22 Aug 2017 05:52:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
0B2LaLEdPRn9VbWR3VFcwMC9OcFpEdmFQOGQ0TXozTkJPaVcwPQ
vary
Accept-Encoding
x-cache
BYPASS
content-type
text/css
status
200
accept-ranges
bytes
content-length
341
QSUIFyb0MPk.js
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/
8 KB
4 KB
Script
General
Full URL
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/QSUIFyb0MPk.js
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
47.254.47.165 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
29c829169f16b3ef04548b1283f299affccb5a9aea7f1e36557baba80d9d72ed

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 14:25:47 GMT
content-encoding
gzip
last-modified
Tue, 22 Aug 2017 05:52:22 GMT
server
nginx/1.14.0 (Ubuntu)
vary
Accept-Encoding
x-cache
BYPASS
content-type
application/javascript
status
200
0B2LaLEdPRn9VSFdsTl9XUFRXSDA
doc-14-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9kal265167l557939626f6edg1639u6g/1578924000000/00245291201952525773/*/
Redirect Chain
  • https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/fbsecurity.png
  • https://drive.google.com/uc?id=0B2LaLEdPRn9VSFdsTl9XUFRXSDA
  • https://doc-14-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9kal265167l557939626f6edg1639u6g/1578924000000/00245291201952525773/*/0B2LaLEdPRn9VSFdsTl9XUFRXSDA
11 KB
12 KB
Image
General
Full URL
https://doc-14-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9kal265167l557939626f6edg1639u6g/1578924000000/00245291201952525773/*/0B2LaLEdPRn9VSFdsTl9XUFRXSDA
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
UploadServer /
Resource Hash
06843a9f0ddc5fed3d1fb0d420195a43f5cd9be2209c3c889bc214ee5bb5657b

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-goog-hash
crc32c=lGzmmA==
date
Mon, 13 Jan 2020 14:25:47 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
server
UploadServer
access-control-allow-origin
*
x-guploader-uploadid
AEnB2UpYXs7D9X0K8NDRuRb5WV3yM_6t9ro1HRxF6o4r0DLVyFzSmRQmV2hkUHk-kYcPlg-rm65zU0jDyX1c8KgaTIdXaYsNwv0v9a5aBD7raCaBs9Sfes4
access-control-allow-methods
GET,OPTIONS
content-type
image/png
status
200
cache-control
private, max-age=0
access-control-allow-credentials
false
content-disposition
inline;filename="fbsecurity.png";filename*=UTF-8''fbsecurity.png
access-control-allow-headers
Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, google-cloud-resource-prefix, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Goog-Meeting-Botguardid, X-Goog-Meeting-Debugid, X-Goog-Meeting-Token, X-Client-Data, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id
content-length
10801
expires
Mon, 13 Jan 2020 14:25:47 GMT

Redirect headers

date
Mon, 13 Jan 2020 14:25:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
302
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
299
x-xss-protection
1; mode=block
pragma
no-cache
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
location
https://doc-14-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/9kal265167l557939626f6edg1639u6g/1578924000000/00245291201952525773/*/0B2LaLEdPRn9VSFdsTl9XUFRXSDA
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
script-src 'report-sample' 'nonce-R883afsq4HklwNP5S6JrSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
expires
Mon, 01 Jan 1990 00:00:00 GMT
0B2LaLEdPRn9VVVpCd2lneUxFZTg
doc-00-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gv7njco8tei1a0cl9u3a8o65obj3dejh/1578924000000/00245291201952525773/*/
Redirect Chain
  • https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/icon.png
  • https://drive.google.com/uc?id=0B2LaLEdPRn9VVVpCd2lneUxFZTg
  • https://doc-00-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gv7njco8tei1a0cl9u3a8o65obj3dejh/1578924000000/00245291201952525773/*/0B2LaLEdPRn9VVVpCd2lneUxFZTg
10 KB
12 KB
Image
General
Full URL
https://doc-00-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gv7njco8tei1a0cl9u3a8o65obj3dejh/1578924000000/00245291201952525773/*/0B2LaLEdPRn9VVVpCd2lneUxFZTg
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
UploadServer /
Resource Hash
8e0dfd331b1d82b104253734378a0067c7c97529c73fd398b2377bbf994c72a8

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-goog-hash
crc32c=qmsdMQ==
date
Mon, 13 Jan 2020 14:25:48 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
server
UploadServer
access-control-allow-origin
*
x-guploader-uploadid
AEnB2UpyzApgyg0ZR_nuWNIoCLx87d-bUZ1zbYjp8IAUSTHnCf3utCcxVb8H3pWVegFROlQB3lAB3xSQay1lILENmvb_CZFo7GTR2kVS9xRyub1hRyzbTmo
access-control-allow-methods
GET,OPTIONS
content-type
image/png
status
200
cache-control
private, max-age=0
access-control-allow-credentials
false
content-disposition
inline;filename="icon.png";filename*=UTF-8''icon.png
access-control-allow-headers
Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, google-cloud-resource-prefix, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Goog-Meeting-Botguardid, X-Goog-Meeting-Debugid, X-Goog-Meeting-Token, X-Client-Data, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id
content-length
10305
expires
Mon, 13 Jan 2020 14:25:48 GMT

Redirect headers

date
Mon, 13 Jan 2020 14:25:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
302
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
300
x-xss-protection
1; mode=block
pragma
no-cache
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
location
https://doc-00-4c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/gv7njco8tei1a0cl9u3a8o65obj3dejh/1578924000000/00245291201952525773/*/0B2LaLEdPRn9VVVpCd2lneUxFZTg
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
script-src 'report-sample' 'nonce-XWn6DR5qrMpRBjGlwnHROg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
expires
Mon, 01 Jan 1990 00:00:00 GMT
wd.js
drv.tw/inc/
365 B
540 B
Script
General
Full URL
https://drv.tw/inc/wd.js
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
47.254.47.165 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
621f59e87c01610c253ac2f9c3f8f7df5f6492c1d2f804088948278849124b33

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 14:25:48 GMT
last-modified
Mon, 04 Mar 2019 05:22:54 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5c7cb62e-16d"
x-cache
BYPASS
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
365
logo.png
a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/
2 KB
2 KB
Image
General
Full URL
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/logo.png
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
47.254.47.165 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
119935c3c8211af18cf3f1082f0544529c89d3019a9a9ed964efc93714b608a1

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/css/VLogo77go.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status
404
date
Mon, 13 Jan 2020 14:25:50 GMT
content-encoding
gzip
server
nginx/1.14.0 (Ubuntu)
content-type
text/html
js
www.googletagmanager.com/gtag/
73 KB
27 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-85417367-1
Requested by
Host: drv.tw
URL: https://drv.tw/inc/wd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d22b696b836d253f133724f135410fc743224e7f1e20a20908fc38067529591b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 13 Jan 2020 14:25:48 GMT
content-encoding
br
last-modified
Mon, 13 Jan 2020 12:00:00 GMT
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
27911
x-xss-protection
0
expires
Mon, 13 Jan 2020 14:25:48 GMT
request
cfs.u-ad.info/cfspushadsv2/
0
0

request
cfs2.uzone.id/cfspushadsv2/
0
0

analytics.js
www.google-analytics.com/
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-85417367-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
2854
date
Mon, 13 Jan 2020 13:38:14 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Mon, 13 Jan 2020 15:38:14 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=489406348&t=pageview&_s=1&dl=https%3A%2F%2Fa3zl2blksup5vtuko91ajq-on.drv.tw%2Fpage%2Fincorrect_email.html&ul=en-us&de=windows-1252&dt=Faceboo...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85417367-1&cid=1420500792.1578925549&jid=1327339940&_gid=207436481.1578925549&gjid=1409507596&_v=j79&z=1271222521
35 B
110 B
Image
General
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85417367-1&cid=1420500792.1578925549&jid=1327339940&_gid=207436481.1578925549&gjid=1409507596&_v=j79&z=1271222521
Requested by
Host: a3zl2blksup5vtuko91ajq-on.drv.tw
URL: https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c04::9d Brussels, Belgium, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://a3zl2blksup5vtuko91ajq-on.drv.tw/page/incorrect_email.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
date
Mon, 13 Jan 2020 14:25:49 GMT
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 13 Jan 2020 14:25:49 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85417367-1&cid=1420500792.1578925549&jid=1327339940&_gid=207436481.1578925549&gjid=1409507596&_v=j79&z=1271222521
content-type
text/html; charset=UTF-8
status
302
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
419
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cfs.u-ad.info
URL
https://cfs.u-ad.info/cfspushadsv2/request?id=1&enc=telkom2&params=4TtHaUQnUEiP6K%2fc5C582Ltpw5OIinlRzTN45TEb7SgaoNzYAu%2b17DvV55T7UnP7mTx43LyWkcy9gmrAhdkQUGBdSfeE%2bnEFPkOOyvQ78RlTdCxeultvrfxTdsWRENSQf7zO1QSGIxRDv7nZJrawHQRQxcWENuJzj9lPvG8D87XTqj8AvXV8nIPh7%2fiNp%2bCm2P%2fEyRsfkEWuKIV%2b%2fOkTzFvMATsxKKqA9r5EJwbrqtTqJWXdt%2fCc%2bL2pAVO3DOEjndubZpc%2fbHTzVUBgfp2UK%2bjohgY54m3%2f7scPZl5gkiaCnkZuunUidARE223qKzlZoTMzYWFk5udrC9%2bnh6nT%2fW5V1KobAK%2b5rK6mFYtqUEUp%2fKNwaWkXSeOVenYTSUVbT3vQOPjb3lpQIliz6Bv5lg5RcLTP85BL9DLskbdwxUYI8%2bn%2fOA4AwDMTKawKXuJIpyyYxrDVJ9yV48RkaIzdGDwqrEQEWSN3lu4DQgBDszuc9DPlNC7ZcUvhzOTBjsCd2iVyKD841JsfKQJp4vk0k1%2bedhJ8K%2fahcSx4GSCbCgwzz%2bSO5pb6rp0vkdGlWOKpuuvV5cEE8FKRnwVlH9H%2byUu8uI%2bQ2UT%2bNEama7vuakHBg8Uq%2fKWs5RTPEUxqH8Y4O7nKJkQOln4QLvb%2ffaHuz%2f%2buCKfcmjLqUz5hPVGcSvL3dMh5r1m4iAGsOlG12iiWaMFhl73MeSlRE0m6MgDQDKm4hNbXmJ3eMvz7xbkYOXQ%3d&idc_r=6507336702&domain=a3zl2blksup5vtuko91ajq-on.drv.tw&sw=1600&sh=1200
Domain
cfs2.uzone.id
URL
https://cfs2.uzone.id/cfspushadsv2/request?id=1&enc=telkom2&params=4TtHaUQnUEiP6K%2fc5C582ECSaLdwqSpnPYhpf2iTBJeEnCYG1MTzge1FZ9Rt9a%2bJUjYDTT2qT9w8SJcz9m6O3GV5qIm3vQRMn1eN4IFhMQkxpPuQTg9vzO3KexLuGGwETMMLazHsbgC6z2M%2fGpintiLNZOKRGHWNw1oEC%2b80vMr1KorxNmpbSvmmtkl8z8HI7yZszNz0kVSgD7RE3jHfNiZ5Vvy%2fo827mKvAx7vltbxZlrWfRzOIFNACCj3vqeo9T3QYtujgSKVNKndM%2bxyh1CgsJDd89MLKvP8mn%2bgX%2bfkHHDg8gQlluecSYtyOFBB8Qy6m5gIjbgTLv%2bPEXnQ0QAN0DtCrj54Ih%2fEoZjngpYl%2fXxLy8WVGQGiv7vnnj7DXTpI3LKTjf%2bc9O7zOucCYvqBTS9gjyOvD1Iu2fUG8SVSp3s3SCxAAQaTX5zX1wQNNTqcW2VxH3U9EfiF3FTccPGzFt1xhinMAa19sbkgUbZTxkKrsxgIofa3y9tC3wXDIkJJd5Fletl5HE5w5OHm4Wb8zAnH0Elyqswj16YNnvKA%3d&idc_r=2098315915&domain=a3zl2blksup5vtuko91ajq-on.drv.tw&sw=1600&sh=1200

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate number| __DEV__ function| define function| require function| requireDynamic function| requireLazy function| __d function| __e object| JX number| hasDeadImage object| MViewportPrelude function| Form1_Validator object| shortcut function| netbro_cache_analytics function| sync function| requestCfs function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

4 Cookies

Domain/Path Name / Value
.drv.tw/ Name: _gat_gtag_UA_85417367_1
Value: 1
.drv.tw/ Name: uid
Value: rBEORV4cfe6nUDAjBTMCAg==
.drv.tw/ Name: _gid
Value: GA1.2.207436481.1578925549
.drv.tw/ Name: _ga
Value: GA1.2.1420500792.1578925549

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a3zl2blksup5vtuko91ajq-on.drv.tw
cfs.u-ad.info
cfs2.uzone.id
doc-00-4c-docs.googleusercontent.com
doc-14-4c-docs.googleusercontent.com
drive.google.com
drv.tw
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
cfs.u-ad.info
cfs2.uzone.id
2a00:1450:4001:806::2001
2a00:1450:4001:820::2001
2a00:1450:4001:821::2008
2a00:1450:4001:821::200e
2a00:1450:4001:824::200e
2a00:1450:400c:c04::9d
47.254.47.165
06337152ac163e643d15926d44a76e00007fc052b6608a2de1d9571c4d85ab78
06843a9f0ddc5fed3d1fb0d420195a43f5cd9be2209c3c889bc214ee5bb5657b
119935c3c8211af18cf3f1082f0544529c89d3019a9a9ed964efc93714b608a1
29c829169f16b3ef04548b1283f299affccb5a9aea7f1e36557baba80d9d72ed
36cde7d0ca59d234763c29e05585c5b5c5a58737ed788693ea2ced40e2e9d5a9
3cb38c0015ac502e1101a8619a73aa550758c6c8764487287cbc59ef8cb14f82
5cc83fcd3aa16ffcf007f81a43e8618639bbccc9ca174059a3696111cd413421
621f59e87c01610c253ac2f9c3f8f7df5f6492c1d2f804088948278849124b33
6c19a05a0eb40122d548ace01bec8f6902aa60df27f8e3caafecb76e84ecf518
71262a119250662e3964e7a7095df56ee35b8b0102e9bb5ba63c779ed7b01721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8440eff1a8ab22fb1a5ee0861c2913be96342ed3235b3b28bb5c295cbd706d23
8e0dfd331b1d82b104253734378a0067c7c97529c73fd398b2377bbf994c72a8
a23faaf3c17c98031799d70ccff8d24f8510922e6a50ea319e93951a416aede2
cd8fb946ef1c5efd94bfe1507eb7a9fbf3e6737ff2085da1b5728a06cfb4bf9e
d22b696b836d253f133724f135410fc743224e7f1e20a20908fc38067529591b
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a