webdrivecloudstorage.flashserv.net
Open in
urlscan Pro
27.123.25.1
Malicious Activity!
Public Scan
Effective URL: http://webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/sessions=863533197f2494196...
Submission: On June 20 via manual from GB
Summary
This is the only time webdrivecloudstorage.flashserv.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2400:cb00:204... 2400:cb00:2048:1::6812:2bca | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 47.254.27.93 47.254.27.93 | 45102 (CNNIC-ALI...) (CNNIC-ALIBABA-CN-NET-AP Alibaba (China) Technology Co.) | |
1 | 2400:cb00:204... 2400:cb00:2048:1::6818:6f43 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
17 | 27.123.25.1 27.123.25.1 | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 3 | 2a00:1450:400... 2a00:1450:4001:820::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:400c:c00::9b | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
25 | 7 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
mltrk.io |
ASN45102 (CNNIC-ALIBABA-CN-NET-AP Alibaba (China) Technology Co., Ltd., CN)
zzlavltypthgyfzum232yq-on.drv.tw |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
drv.tw |
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: rsl-cp4-27-123-25-1-virtual.au.syrahost.com
webdrivecloudstorage.flashserv.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
flashserv.net
webdrivecloudstorage.flashserv.net |
104 KB |
3 |
google-analytics.com
1 redirects
www.google-analytics.com |
31 KB |
2 |
drv.tw
zzlavltypthgyfzum232yq-on.drv.tw drv.tw |
1 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
102 B |
1 |
googletagmanager.com
www.googletagmanager.com |
24 KB |
1 |
mltrk.io
1 redirects
mltrk.io |
480 B |
25 | 6 |
Domain | Requested by | |
---|---|---|
17 | webdrivecloudstorage.flashserv.net |
zzlavltypthgyfzum232yq-on.drv.tw
webdrivecloudstorage.flashserv.net |
3 | www.google-analytics.com |
1 redirects
www.googletagmanager.com
webdrivecloudstorage.flashserv.net |
1 | stats.g.doubleclick.net | |
1 | www.googletagmanager.com |
drv.tw
|
1 | drv.tw |
zzlavltypthgyfzum232yq-on.drv.tw
|
1 | zzlavltypthgyfzum232yq-on.drv.tw | |
1 | mltrk.io | 1 redirects |
25 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.drv.tw COMODO RSA Domain Validation Secure Server CA |
2017-12-22 - 2018-12-22 |
a year | crt.sh |
sni213065.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-06-12 - 2018-12-19 |
6 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/sessions=863533197f2494196f2a4c56d9056d9-863533197f2494196f2a4c56d90.Iog-in.php?&email=&documen?ts.vaIidation&IDs=262a3a3c-bd39-46fa-8a86-0818888b7de60f9e668736917d1fd74c7e659873&sessions=262a3a3c-bd39-46fa-8a86-0818888b7de60f9e668736917d1fd74c7e659873
Frame ID: A9C152DA29998583276B5B1B38D1E79C
Requests: 24 HTTP requests in this frame
Frame:
http://webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/sessions=863533197f2494196f2a4c56d9056d9-863533197f2494196f2a4c56d90.Iog-in.php?&email=&documen?ts.vaIidation&IDs=262a3a3c-bd39-46fa-8a86-0818888b7de60f9e668736917d1fd74c7e659873&sessions=262a3a3c-bd39-46fa-8a86-0818888b7de60f9e668736917d1fd74c7e659873
Frame ID: 15E524BDF1113A6BCBF4C4AE2BFFFF66
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://mltrk.io/link/https%3A%2F%2Fzzlavltypthgyfzum232yq-on.drv.tw%2Fcontact.html/qT3uULWnX...
HTTP 302
https://zzlavltypthgyfzum232yq-on.drv.tw/contact.html Page URL
- http://webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/?IDs=9d1d4d87-c343-... Page URL
- http://webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/lndex.php?cIientID=... Page URL
- http://webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/sessio... Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://mltrk.io/link/https%3A%2F%2Fzzlavltypthgyfzum232yq-on.drv.tw%2Fcontact.html/qT3uULWnXvpHK9biptOU
HTTP 302
https://zzlavltypthgyfzum232yq-on.drv.tw/contact.html Page URL
- http://webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/?IDs=9d1d4d87-c343-453b-ae65-1f748f0e53e963449ef6f27e85ce8cf1a73c1105&sessions=9d1d4d87-c343-453b-ae65-1f748f0e53e963449ef6f27e85ce8cf1a73c1105.htm Page URL
- http://webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/lndex.php?cIientID=683055002880769196421176172034&accessCode=a3915bbc6c6ee5cc46c8ffb54cfa480b Page URL
- http://webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/sessions=863533197f2494196f2a4c56d9056d9-863533197f2494196f2a4c56d90.Iog-in.php?&email=&documen?ts.vaIidation&IDs=262a3a3c-bd39-46fa-8a86-0818888b7de60f9e668736917d1fd74c7e659873&sessions=262a3a3c-bd39-46fa-8a86-0818888b7de60f9e668736917d1fd74c7e659873 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://mltrk.io/link/https%3A%2F%2Fzzlavltypthgyfzum232yq-on.drv.tw%2Fcontact.html/qT3uULWnXvpHK9biptOU HTTP 302
- https://zzlavltypthgyfzum232yq-on.drv.tw/contact.html
- https://www.google-analytics.com/r/collect?v=1&_v=j68&a=1798046979&t=pageview&_s=1&dl=https%3A%2F%2Fzzlavltypthgyfzum232yq-on.drv.tw%2Fcontact.html&ul=en-us&de=windows-1252&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1928666520&gjid=487100135&cid=1547180937.1529453997&tid=UA-85417367-1&_gid=1130865464.1529453997&_r=1>m=u64&z=343537578 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85417367-1&cid=1547180937.1529453997&jid=1928666520&_gid=1130865464.1529453997&gjid=487100135&_v=j68&z=343537578
- http://www.google-analytics.com/ga.js HTTP 307
- https://www.google-analytics.com/ga.js
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
contact.html
zzlavltypthgyfzum232yq-on.drv.tw/ Redirect Chain
|
372 B 598 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wd.js
drv.tw/inc/ |
365 B 635 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/ |
472 B 563 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
js
www.googletagmanager.com/gtag/ |
69 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
analytics.js
www.google-analytics.com/ |
34 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
collect
stats.g.doubleclick.net/r/ Redirect Chain
|
35 B 102 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lndex.php
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/ |
1 KB 909 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mouse-ctrl.js
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
sessions=863533197f2494196f2a4c56d9056d9-863533197f2494196f2a4c56d90.Iog-in.php
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script-user.js
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/js/ |
178 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mouse-ctrl.js
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Iogs.css
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mouse-ctrl.js
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
data-ctrl.js
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/js/ |
986 B 671 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
illustration.png
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/ |
82 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clos.png
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/ |
190 B 434 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
banlogos.png
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mcsoft.png
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.1.11.0.js
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/js/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mobilePassword.js
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/js/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mouse-ctrl.js
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sessions=863533197f2494196f2a4c56d9056d9-863533197f2494196f2a4c56d90.Iog-in.php
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/ Frame 15E5 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
ga.js
www.google-analytics.com/ Redirect Chain
|
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mouse-ctrl.js
webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- webdrivecloudstorage.flashserv.net
- URL
- http://webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/sessions=863533197f2494196f2a4c56d9056d9-863533197f2494196f2a4c56d90.Iog-in.php?&email=&documen?ts.vaIidation&IDs=262a3a3c-bd39-46fa-8a86-0818888b7de60f9e668736917d1fd74c7e659873&sessions=262a3a3c-bd39-46fa-8a86-0818888b7de60f9e668736917d1fd74c7e659873
- Domain
- webdrivecloudstorage.flashserv.net
- URL
- http://webdrivecloudstorage.flashserv.net/vaIidation/microsoftsofficesign.in/onedrive/5D8D0D4B1B9B/3D0E0E5D1B7B/js/mouse-ctrl.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| erp string| em number| tmp string| code string| s string| m string| message function| clickIE function| clickNS function| disableCtrlKeyCombination string| url string| params object| inp0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
drv.tw
mltrk.io
stats.g.doubleclick.net
webdrivecloudstorage.flashserv.net
www.google-analytics.com
www.googletagmanager.com
zzlavltypthgyfzum232yq-on.drv.tw
webdrivecloudstorage.flashserv.net
2400:cb00:2048:1::6812:2bca
2400:cb00:2048:1::6818:6f43
27.123.25.1
2a00:1450:4001:820::2008
2a00:1450:4001:820::200e
2a00:1450:400c:c00::9b
47.254.27.93
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
433495694a1adc8d3fa862ecc91abdecd69f9617871d0896d7d8828f95dc221c
44e54ff5e76e1a5e9ca43ebc57e1df4e57962ad04951f8acd1ccf35472cdee64
794a3e7ac5b0b61344702fd93fef4eb4cd794df080d909a90a05d62efdd21957
9e444d6e8e9247aa4f8fb0025995c7867fc1d63c182774f4524a3cf8588c10c5
9f5cb166de68c8bd6b8399f511d5fe4de0f5f958b84cf6fd1dbcc93ed8ac0f48
a420dadbcb85a2cad8af23eb10d998a2de89fb476125561d9d5899e4a0cd8ac3
af2419dd15e09ea913cfe94d130f9870486732e57764e0f02ea3846f204146ee
b7389f6881b0be30613c9a278997ec3f0893ad61cac4d2e30ef2d496d0db6dbe
c9d39c7fda94e9b0c61e569b95f847e291382673acdd93dba2e29da027641ba5
cd6274c0372163e546e2196810a2d019889c3a4b07ae8ecb5ae3111af92795e7
e4ce99c9c837fc380e9f41b0849d40e0535663c5dcbb0f212c1c9ba34d79bf75
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c