y1a5nkwjlwf677spstghmw-on.drv.tw
Open in
urlscan Pro
47.254.27.93
Malicious Activity!
Public Scan
Submission: On February 11 via manual from HU
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on January 12th 2019. Valid for: 3 months.
This is the only time y1a5nkwjlwf677spstghmw-on.drv.tw was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 163.cn (Online) Yahoo (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 47.254.27.93 47.254.27.93 | 45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.) | |
1 | 185.100.85.10 185.100.85.10 | 200651 (FLOKINET) (FLOKINET) | |
1 | 2a01:4f9:2a:f... 2a01:4f9:2a:f67::2 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 103.129.252.34 103.129.252.34 | 137263 (NETEASE-A...) (NETEASE-AS-AP NETEASE HONG KONG LIMITED) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:2bf::753 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a00:1288:7c:... 2a00:1288:7c:800::4000 | 43428 (YAHOO-ULS) (YAHOO-ULS) | |
1 | 217.23.5.192 217.23.5.192 | 49981 (WORLDSTREAM) (WORLDSTREAM) | |
1 | 47.89.65.225 47.89.65.225 | 24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:821::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:400c:c08::9c | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
15 | 12 |
ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
y1a5nkwjlwf677spstghmw-on.drv.tw | |
drv.tw |
ASN200651 (FLOKINET, SC)
PTR: ro3.flokinet.is
techforum.name.ng |
ASN49981 (WORLDSTREAM, NL)
PTR: customer.worldstream.nl
www.fifavip.net |
ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)
docs.alibabagroup.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
google-analytics.com
1 redirects
www.google-analytics.com |
17 KB |
2 |
127.net
mimg.127.net |
14 KB |
2 |
drv.tw
y1a5nkwjlwf677spstghmw-on.drv.tw drv.tw |
6 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
102 B |
1 |
googletagmanager.com
www.googletagmanager.com |
32 KB |
1 |
alibabagroup.com
docs.alibabagroup.com |
8 KB |
1 |
fifavip.net
www.fifavip.net |
125 KB |
1 |
yimg.com
s1.yimg.com |
4 KB |
1 |
office365.com
r1.res.office365.com |
5 KB |
1 |
freeiconspng.com
www.freeiconspng.com |
107 KB |
1 |
techforum.name.ng
techforum.name.ng |
33 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
0 |
wdmleds.com
Failed
wdmleds.com Failed |
|
15 | 13 |
Domain | Requested by | |
---|---|---|
2 | www.google-analytics.com |
1 redirects
www.googletagmanager.com
|
2 | mimg.127.net |
y1a5nkwjlwf677spstghmw-on.drv.tw
|
1 | stats.g.doubleclick.net |
y1a5nkwjlwf677spstghmw-on.drv.tw
|
1 | www.googletagmanager.com |
drv.tw
|
1 | docs.alibabagroup.com |
y1a5nkwjlwf677spstghmw-on.drv.tw
|
1 | www.fifavip.net |
y1a5nkwjlwf677spstghmw-on.drv.tw
|
1 | s1.yimg.com |
y1a5nkwjlwf677spstghmw-on.drv.tw
|
1 | r1.res.office365.com |
y1a5nkwjlwf677spstghmw-on.drv.tw
|
1 | www.freeiconspng.com |
y1a5nkwjlwf677spstghmw-on.drv.tw
|
1 | drv.tw |
y1a5nkwjlwf677spstghmw-on.drv.tw
|
1 | techforum.name.ng |
y1a5nkwjlwf677spstghmw-on.drv.tw
|
1 | y1a5nkwjlwf677spstghmw-on.drv.tw | |
0 | 87.106.25.250 Failed |
y1a5nkwjlwf677spstghmw-on.drv.tw
|
0 | wdmleds.com Failed |
y1a5nkwjlwf677spstghmw-on.drv.tw
|
15 | 14 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
drv.tw Let's Encrypt Authority X3 |
2019-01-12 - 2019-04-12 |
3 months | crt.sh |
techforum.name.ng Let's Encrypt Authority X3 |
2019-01-25 - 2019-04-25 |
3 months | crt.sh |
freeiconspng.com COMODO RSA Domain Validation Secure Server CA |
2018-12-06 - 2019-12-24 |
a year | crt.sh |
*.res.outlook.com Microsoft IT TLS CA 5 |
2017-11-27 - 2019-11-27 |
2 years | crt.sh |
*.yimg.com DigiCert SHA2 High Assurance Server CA |
2018-11-15 - 2019-02-27 |
3 months | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2019-01-23 - 2019-04-17 |
3 months | crt.sh |
*.g.doubleclick.net Google Internet Authority G3 |
2019-01-23 - 2019-04-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Frame ID: AA53B4B7578550B12DA14C92025F70F0
Requests: 15 HTTP requests in this frame
Screenshot
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- env /^google_tag_manager$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://www.google-analytics.com/r/collect?v=1&_v=j73&a=843354281&t=pageview&_s=1&dl=https%3A%2F%2Fy1a5nkwjlwf677spstghmw-on.drv.tw%2Flidmap%2F&ul=en-us&de=windows-1252&dt=DHL%20%7C%20Tracking%20System&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=2104662917&gjid=2112056677&cid=1679193605.1549873862&tid=UA-85417367-1&_gid=50119757.1549873862&_r=1>m=2ou1r0&z=2047615001 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85417367-1&cid=1679193605.1549873862&jid=2104662917&_gid=50119757.1549873862&gjid=2112056677&_v=j73&z=2047615001
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/ |
6 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kryptojs-3.1.9-1-lib.js
techforum.name.ng/static/ |
203 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wd.js
drv.tw/inc/ |
861 B 920 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
8-DHL%20Logo-600x315.png
wdmleds.com/image/cache/catalog/Manufacturers%20Logos/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dhllogo.jpg
87.106.25.250/files/public-docs/decodomus/ebay/hintergrund/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dhl-icon-22.png
www.freeiconspng.com/uploads/ |
107 KB 107 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
163logo.gif
mimg.127.net/logo/ |
7 KB 7 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
landing-logo.png
r1.res.office365.com/owalanding/v1.2/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_en-US_f_p_bestfit_2x.png
s1.yimg.com/rz/d/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
@yeah_net%2001.jpg
www.fifavip.net/upload/images/ |
125 KB 125 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
126logo.gif
mimg.127.net/logo/ |
6 KB 7 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_header.png
docs.alibabagroup.com/assets2/images/en/global/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
91 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
stats.g.doubleclick.net/r/ Redirect Chain
|
35 B 102 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- wdmleds.com
- URL
- https://wdmleds.com/image/cache/catalog/Manufacturers%20Logos/8-DHL%20Logo-600x315.png
- Domain
- 87.106.25.250
- URL
- http://87.106.25.250/files/public-docs/decodomus/ebay/hintergrund/dhllogo.jpg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 163.cn (Online) Yahoo (Online)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| CryptoJS string| passphrase string| encryptedMsg string| encryptedHMAC string| encryptedHTML string| decryptedHMAC string| plainHTML function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
87.106.25.250
docs.alibabagroup.com
drv.tw
mimg.127.net
r1.res.office365.com
s1.yimg.com
stats.g.doubleclick.net
techforum.name.ng
wdmleds.com
www.fifavip.net
www.freeiconspng.com
www.google-analytics.com
www.googletagmanager.com
y1a5nkwjlwf677spstghmw-on.drv.tw
87.106.25.250
wdmleds.com
103.129.252.34
185.100.85.10
217.23.5.192
2a00:1288:7c:800::4000
2a00:1450:4001:81a::2008
2a00:1450:4001:821::200e
2a00:1450:400c:c08::9c
2a01:4f9:2a:f67::2
2a02:26f0:6c00:2bf::753
47.254.27.93
47.89.65.225
19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208
2891c414a5ea17266f67963ca6f0f41dab77e1cc186f60bb297f6b3b4b88cd44
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
4b65646e580b883fa13c46a43b399b98e7627a866f44de26bc08284628c15f38
738407b95fbe22af925b1456d51fd178a739de78be264d369c82d146659714cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
b6adfabfa4f522603dd7024c090d8313005f3d2d1665aa150de885136e2d585c
bca93ae70253de74237224bada1562886aaa759334b174d13471357721bc8982
c032bbbbe7b4bd543effba6b1fba85679380f7cb1071af121c25e769f6065b70
c0db264826259f2ef7ef166660b455117bea76b2acdd34e8c746476c43d7eb98
c3dea8e92cde179e96b9f109dd8d498ec7d0d98f2cbd90ca581bf7ca41f33cdb
d18e6296a534078009774d635cbf390933c93c8758e2a3a990cb9b1a3d9c7199
dcd1d0fe5ba638cd9ea8f62146f205bd01538647a782ea508fa576435ddfb749