urlscan.io logo urlscan.io
SecurityTrails logo

y1a5nkwjlwf677spstghmw-on.drv.tw Open in urlscan Pro
47.254.27.93  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Submission: On February 11 via manual from HU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 8 countries across 13 domains to perform 15 HTTP transactions. The main IP is 47.254.27.93, located in San Mateo, United States and belongs to CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN. The main domain is y1a5nkwjlwf677spstghmw-on.drv.tw.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 12th 2019. Valid for: 3 months.
This is the only time y1a5nkwjlwf677spstghmw-on.drv.tw was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 163.cn (Online) Yahoo (Online)

Domain & IP information

IP Address AS Autonomous System
2 47.254.27.93 45102 (CNNIC-ALI...)
1 185.100.85.10 200651 (FLOKINET)
1 2a01:4f9:2a:f... 24940 (HETZNER-AS)
2 103.129.252.34 137263 (NETEASE-A...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a00:1288:7c:... 43428 (YAHOO-ULS)
1 217.23.5.192 49981 (WORLDSTREAM)
1 47.89.65.225 24429 (TAOBAO Zh...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
15 12
2    47.254.27.93 (San Mateo, United States)

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
y1a5nkwjlwf677spstghmw-on.drv.tw
drv.tw
1    185.100.85.10 (Bucharest, Romania)

ASN200651 (FLOKINET, SC)
PTR: ro3.flokinet.is
techforum.name.ng
1    2a01:4f9:2a:f67::2 (Germany)

ASN24940 (HETZNER-AS, DE)
www.freeiconspng.com
2    103.129.252.34 (None, )

ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)
mimg.127.net
1    2a02:26f0:6c00:2bf::753 (European Union)

ASN20940 (AKAMAI-ASN1, US)
r1.res.office365.com
1    2a00:1288:7c:800::4000 (United Kingdom)

ASN43428 (YAHOO-ULS, GB)
s1.yimg.com
1    217.23.5.192 (Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: customer.worldstream.nl
www.fifavip.net
1    47.89.65.225 (San Mateo, United States)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)
docs.alibabagroup.com
1    2a00:1450:4001:81a::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
2    2a00:1450:4001:821::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
1    2a00:1450:400c:c08::9c (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net
Domain Requested by
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 mimg.127.net y1a5nkwjlwf677spstghmw-on.drv.tw
1 stats.g.doubleclick.net y1a5nkwjlwf677spstghmw-on.drv.tw
1 www.googletagmanager.com drv.tw
1 docs.alibabagroup.com y1a5nkwjlwf677spstghmw-on.drv.tw
1 www.fifavip.net y1a5nkwjlwf677spstghmw-on.drv.tw
1 s1.yimg.com y1a5nkwjlwf677spstghmw-on.drv.tw
1 r1.res.office365.com y1a5nkwjlwf677spstghmw-on.drv.tw
1 www.freeiconspng.com y1a5nkwjlwf677spstghmw-on.drv.tw
1 drv.tw y1a5nkwjlwf677spstghmw-on.drv.tw
1 techforum.name.ng y1a5nkwjlwf677spstghmw-on.drv.tw
1 y1a5nkwjlwf677spstghmw-on.drv.tw
0 87.106.25.250 Failed y1a5nkwjlwf677spstghmw-on.drv.tw
0 wdmleds.com Failed y1a5nkwjlwf677spstghmw-on.drv.tw
15 14

This site contains no links.

Subject Issuer Validity Valid
drv.tw
Let's Encrypt Authority X3		 2019-01-12 -
2019-04-12		 3 months crt.sh
techforum.name.ng
Let's Encrypt Authority X3		 2019-01-25 -
2019-04-25		 3 months crt.sh
freeiconspng.com
COMODO RSA Domain Validation Secure Server CA		 2018-12-06 -
2019-12-24		 a year crt.sh
*.res.outlook.com
Microsoft IT TLS CA 5		 2017-11-27 -
2019-11-27		 2 years crt.sh
*.yimg.com
DigiCert SHA2 High Assurance Server CA		 2018-11-15 -
2019-02-27		 3 months crt.sh
*.google-analytics.com
Google Internet Authority G3		 2019-01-23 -
2019-04-17		 3 months crt.sh
*.g.doubleclick.net
Google Internet Authority G3		 2019-01-23 -
2019-04-17		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Frame ID: AA53B4B7578550B12DA14C92025F70F0
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i

Page Statistics

15
Requests

60 %
HTTPS

55 %
IPv6

13
Domains

14
Subdomains

12
IPs

8
Countries

351 kB
Transfer

604 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://www.google-analytics.com/r/collect?v=1&_v=j73&a=843354281&t=pageview&_s=1&dl=https%3A%2F%2Fy1a5nkwjlwf677spstghmw-on.drv.tw%2Flidmap%2F&ul=en-us&de=windows-1252&dt=DHL%20%7C%20Tracking%20System&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=2104662917&gjid=2112056677&cid=1679193605.1549873862&tid=UA-85417367-1&_gid=50119757.1549873862&_r=1&gtm=2ou1r0&z=2047615001 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85417367-1&cid=1679193605.1549873862&jid=2104662917&_gid=50119757.1549873862&gjid=2112056677&_v=j73&z=2047615001

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/ 		6 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.254.27.93 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
c032bbbbe7b4bd543effba6b1fba85679380f7cb1071af121c25e769f6065b70

Request headers

Host
y1a5nkwjlwf677spstghmw-on.drv.tw
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 08:30:59 GMT
Server
Apache/2.4.18 (Ubuntu)
Vary
Accept-Encoding
ETag
aYzo5NUY2OUVGRjEyNzYxQzc2ITExMC4yNTc
Last-Modified
Thu, 07 Feb 2019 16:34:32 GMT
Content-Encoding
gzip
Cache-Control
max-age=60
Expires
Mon, 11 Feb 2019 08:31:59 GMT
Content-Length
4769
Keep-Alive
timeout=30, max=100
Connection
Keep-Alive
Content-Type
text/html
kryptojs-3.1.9-1-lib.js
techforum.name.ng/static/ 		203 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://techforum.name.ng/static/kryptojs-3.1.9-1-lib.js
Requested by
Host: y1a5nkwjlwf677spstghmw-on.drv.tw
URL: https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.100.85.10 Bucharest, Romania, ASN200651 (FLOKINET, SC),
Reverse DNS
ro3.flokinet.is
Software
nginx /
Resource Hash
bca93ae70253de74237224bada1562886aaa759334b174d13471357721bc8982
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
public
date
Mon, 11 Feb 2019 08:31:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 04 Feb 2019 00:31:39 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=2592000
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
expires
Wed, 13 Mar 2019 08:31:01 GMT
wd.js
drv.tw/inc/ 		861 B
920 B 		Script
General
Check archive.org
Download Go to
Full URL
https://drv.tw/inc/wd.js
Requested by
Host: y1a5nkwjlwf677spstghmw-on.drv.tw
URL: https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.254.27.93 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
Apache/2.4.18 (Ubuntu) /
Resource Hash
c0db264826259f2ef7ef166660b455117bea76b2acdd34e8c746476c43d7eb98

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
drv.tw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 08:31:01 GMT
Content-Encoding
gzip
Last-Modified
Sun, 16 Dec 2018 03:45:22 GMT
Server
Apache/2.4.18 (Ubuntu)
ETag
"35d-57d1b7e7710a6-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=30, max=100
Content-Length
569
8-DHL%20Logo-600x315.png
wdmleds.com/image/cache/catalog/Manufacturers%20Logos/ 		0
0
dhllogo.jpg
87.106.25.250/files/public-docs/decodomus/ebay/hintergrund/ 		0
0
dhl-icon-22.png
www.freeiconspng.com/uploads/ 		107 KB
107 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.freeiconspng.com/uploads/dhl-icon-22.png
Requested by
Host: y1a5nkwjlwf677spstghmw-on.drv.tw
URL: https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a01:4f9:2a:f67::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
c3dea8e92cde179e96b9f109dd8d498ec7d0d98f2cbd90ca581bf7ca41f33cdb

Request headers

Referer
https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 08:31:01 GMT
MS-Author-Via
DAV
Last-Modified
Tue, 14 Mar 2017 23:16:00 GMT
Server
nginx
ETag
"125859-1aaf1-54ab902cdcc00"
Content-Type
image/png
Cache-Control
max-age=2592000, public, no-cache, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
109297
163logo.gif
mimg.127.net/logo/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/logo/163logo.gif
Requested by
Host: y1a5nkwjlwf677spstghmw-on.drv.tw
URL: https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Protocol
HTTP/1.1
Server
103.129.252.34 -, , ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
d18e6296a534078009774d635cbf390933c93c8758e2a3a990cb9b1a3d9c7199

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 08:31:01 GMT
Last-Modified
Tue, 10 Feb 2009 07:01:48 GMT
Server
nginx
ETag
"4991265c-1a0f"
X-Cache
HIT from HKGM
Content-Type
image/gif
Access-Control-Allow-Origin
*.163.com *.126.com *.yeah.net *.tryfun.com
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6671
Expires
Mon, 11 Feb 2019 09:22:12 GMT
landing-logo.png
r1.res.office365.com/owalanding/v1.2/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r1.res.office365.com/owalanding/v1.2/images/landing-logo.png
Requested by
Host: y1a5nkwjlwf677spstghmw-on.drv.tw
URL: https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:2bf::753 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
2891c414a5ea17266f67963ca6f0f41dab77e1cc186f60bb297f6b3b4b88cd44

Request headers

Referer
https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 08:31:01 GMT
Last-Modified
Mon, 23 Jan 2017 23:02:21 GMT
Server
Apache
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=630720000, s-maxage=630720000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
5145
yahoo_en-US_f_p_bestfit_2x.png
s1.yimg.com/rz/d/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.yimg.com/rz/d/yahoo_en-US_f_p_bestfit_2x.png
Requested by
Host: y1a5nkwjlwf677spstghmw-on.drv.tw
URL: https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:7c:800::4000 , United Kingdom, ASN43428 (YAHOO-ULS, GB),
Reverse DNS
Software
ATS /
Resource Hash
19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 11 Feb 2019 08:31:02 GMT
via
https/1.1 e15.ycpi.lob.yahoo.com (ApacheTrafficServer [cMsSfW])
x-content-type-options
nosniff
age
0
x-amz-server-side-encryption
AES256
status
200
strict-transport-security
max-age=15552000
content-length
3066
x-amz-id-2
9dzaDnMoBDfxzTvdhGTkZICAOf3eUPpN53CbDB8pmFFDfW96PGH9nWcSwayNJFDNVaidaxzThl0=
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 10 Feb 2019 22:08:04 GMT
server
ATS
etag
"6919fd582e1387e697f8e772008530db"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
x-amz-request-id
AC559A3052925662
x-xss-protection
1; mode=block
cache-control
private
public-key-pins-report-only
max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
accept-ranges
bytes
content-type
image/png
expires
Tue, 12 Feb 2019 00:00:00 GMT
@yeah_net%2001.jpg
www.fifavip.net/upload/images/ 		125 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.fifavip.net/upload/images/@yeah_net%2001.jpg
Requested by
Host: y1a5nkwjlwf677spstghmw-on.drv.tw
URL: https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Protocol
HTTP/1.1
Server
217.23.5.192 , Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
customer.worldstream.nl
Software
Apache/2.4.27 (Win32) OpenSSL/1.0.2l mod_fcgid/2.3.9 /
Resource Hash
b6adfabfa4f522603dd7024c090d8313005f3d2d1665aa150de885136e2d585c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 08:31:01 GMT
Last-Modified
Tue, 27 Oct 2015 03:09:41 GMT
Server
Apache/2.4.27 (Win32) OpenSSL/1.0.2l mod_fcgid/2.3.9
ETag
"1f485-5230d68b6042f"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
128133
126logo.gif
mimg.127.net/logo/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/logo/126logo.gif
Requested by
Host: y1a5nkwjlwf677spstghmw-on.drv.tw
URL: https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Protocol
HTTP/1.1
Server
103.129.252.34 -, , ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
4b65646e580b883fa13c46a43b399b98e7627a866f44de26bc08284628c15f38

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 08:31:01 GMT
Last-Modified
Tue, 10 Feb 2009 07:01:48 GMT
Server
nginx
ETag
"4991265c-19c1"
X-Cache
HIT from HKGM
Content-Type
image/gif
Access-Control-Allow-Origin
*.163.com *.126.com *.yeah.net *.tryfun.com
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6593
Expires
Mon, 11 Feb 2019 08:42:42 GMT
logo_header.png
docs.alibabagroup.com/assets2/images/en/global/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://docs.alibabagroup.com/assets2/images/en/global/logo_header.png
Requested by
Host: y1a5nkwjlwf677spstghmw-on.drv.tw
URL: https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Protocol
HTTP/1.1
Server
47.89.65.225 San Mateo, United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
738407b95fbe22af925b1456d51fd178a739de78be264d369c82d146659714cd
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 11 Feb 2019 06:49:27 GMT
Via
cache25.l2de1[0,200-0,H], cache57.l2de1[1,0], cache4.it1[0,200-0,H], cache4.it1[0,0]
X-Content-Type-Options
nosniff
Age
6095
X-Cache
HIT TCP_MEM_HIT dirn:6:285462758
X-Swift-CacheTime
86136
X-Swift-SaveTime
Mon, 11 Feb 2019 06:53:51 GMT
Content-Length
7247
X-XSS-protection
1;mode=block
Last-Modified
Fri, 10 Aug 2018 02:51:22 GMT
Server
Tengine
Connection
keep-alive
ETag
"740002-1c4f-5730bd19b3e80"
Strict-Transport-Security
max-age=0
Ali-Swift-Global-Savetime
1549867767
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Accept-Ranges
bytes
Timing-Allow-Origin
*, *
EagleId
2f59410415498738627188756e
Expires
Tue, 12 Feb 2019 06:49:27 GMT
js
www.googletagmanager.com/gtag/ 		91 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-85417367-1
Requested by
Host: drv.tw
URL: https://drv.tw/inc/wd.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81a::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
dcd1d0fe5ba638cd9ea8f62146f205bd01538647a782ea508fa576435ddfb749
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 11 Feb 2019 08:31:01 GMT
content-encoding
br
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
server
Google Tag Manager (scaffolding)
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
32270
x-xss-protection
1; mode=block
expires
Mon, 11 Feb 2019 08:31:01 GMT
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-85417367-1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 16 Jan 2019 20:01:45 GMT
server
Golfe2
age
2514
date
Mon, 11 Feb 2019 07:49:07 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
17543
expires
Mon, 11 Feb 2019 09:49:07 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j73&a=843354281&t=pageview&_s=1&dl=https%3A%2F%2Fy1a5nkwjlwf677spstghmw-on.drv.tw%2Flidmap%2F&ul=en-us&de=windows-1252&dt=DHL%20%7C%20Tracking%20Sy...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85417367-1&cid=1679193605.1549873862&jid=2104662917&_gid=50119757.1549873862&gjid=2112056677&_v=j73&z=2047615001
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85417367-1&cid=1679193605.1549873862&jid=2104662917&_gid=50119757.1549873862&gjid=2112056677&_v=j73&z=2047615001
Requested by
Host: y1a5nkwjlwf677spstghmw-on.drv.tw
URL: https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9c , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://y1a5nkwjlwf677spstghmw-on.drv.tw/lidmap/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
date
Mon, 11 Feb 2019 08:31:01 GMT
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 11 Feb 2019 08:31:01 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85417367-1&cid=1679193605.1549873862&jid=2104662917&_gid=50119757.1549873862&gjid=2112056677&_v=j73&z=2047615001
content-type
text/html; charset=UTF-8
status
302
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
418
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
wdmleds.com
URL
https://wdmleds.com/image/cache/catalog/Manufacturers%20Logos/8-DHL%20Logo-600x315.png
Domain
87.106.25.250
URL
http://87.106.25.250/files/public-docs/decodomus/ebay/hintergrund/dhllogo.jpg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: 163.cn (Online) Yahoo (Online)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| CryptoJS string| passphrase string| encryptedMsg string| encryptedHMAC string| encryptedHTML string| decryptedHMAC string| plainHTML function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

87.106.25.250
docs.alibabagroup.com
drv.tw
mimg.127.net
r1.res.office365.com
s1.yimg.com
stats.g.doubleclick.net
techforum.name.ng
wdmleds.com
www.fifavip.net
www.freeiconspng.com
www.google-analytics.com
www.googletagmanager.com
y1a5nkwjlwf677spstghmw-on.drv.tw
87.106.25.250
wdmleds.com
103.129.252.34
185.100.85.10
217.23.5.192
2a00:1288:7c:800::4000
2a00:1450:4001:81a::2008
2a00:1450:4001:821::200e
2a00:1450:400c:c08::9c
2a01:4f9:2a:f67::2
2a02:26f0:6c00:2bf::753
47.254.27.93
47.89.65.225
19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208
2891c414a5ea17266f67963ca6f0f41dab77e1cc186f60bb297f6b3b4b88cd44
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
4b65646e580b883fa13c46a43b399b98e7627a866f44de26bc08284628c15f38
738407b95fbe22af925b1456d51fd178a739de78be264d369c82d146659714cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
b6adfabfa4f522603dd7024c090d8313005f3d2d1665aa150de885136e2d585c
bca93ae70253de74237224bada1562886aaa759334b174d13471357721bc8982
c032bbbbe7b4bd543effba6b1fba85679380f7cb1071af121c25e769f6065b70
c0db264826259f2ef7ef166660b455117bea76b2acdd34e8c746476c43d7eb98
c3dea8e92cde179e96b9f109dd8d498ec7d0d98f2cbd90ca581bf7ca41f33cdb
d18e6296a534078009774d635cbf390933c93c8758e2a3a990cb9b1a3d9c7199
dcd1d0fe5ba638cd9ea8f62146f205bd01538647a782ea508fa576435ddfb749