urlscan.io logo urlscan.io
SecurityTrails logo

tm.login.trendmicro.com Open in urlscan Pro
2600:9000:214f:ca00:1d:e820:2c80:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://curly-field-bd79.wareareto.workers.dev/
Effective URL: https://tm.login.trendmicro.com/simplesaml/saml2/idp/SSOService.php?wkey=swg
Submission: On May 04 via api from CH — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 12 HTTP transactions. The main IP is 2600:9000:214f:ca00:1d:e820:2c80:93a1, located in United States and belongs to AMAZON-02, US. The main domain is tm.login.trendmicro.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on July 13th 2021. Valid for: a year.
This is the only time tm.login.trendmicro.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 18.136.211.104 16509 (AMAZON-02)
2 5 3.125.85.254 16509 (AMAZON-02)
5 2600:9000:214... 16509 (AMAZON-02)
12 5
2    2606:4700:3032::6815:5d4e (United States)

ASN13335 (CLOUDFLARENET, US)
curly-field-bd79.wareareto.workers.dev
1    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    18.136.211.104 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-136-211-104.ap-southeast-1.compute.amazonaws.com
kongkangbatang.co.vu
5    3.125.85.254 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-85-254.eu-central-1.compute.amazonaws.com
auth.ztsa-iag.trendmicro.com
5    2600:9000:214f:ca00:1d:e820:2c80:93a1 (United States)

ASN16509 (AMAZON-02, US)
login.trendmicro.com
tm.login.trendmicro.com
Domain Requested by
5 auth.ztsa-iag.trendmicro.com 2 redirects www.gstatic.com
auth.ztsa-iag.trendmicro.com
3 tm.login.trendmicro.com tm.login.trendmicro.com
2 login.trendmicro.com login.trendmicro.com
2 curly-field-bd79.wareareto.workers.dev www.gstatic.com
1 kongkangbatang.co.vu 1 redirects
1 www.gstatic.com curly-field-bd79.wareareto.workers.dev
12 6

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-04-06 -
2023-04-05		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
*.eu.ztsa-iag.trendmicro.com
Entrust Certification Authority - L1K		 2022-02-22 -
2023-03-21		 a year crt.sh
*.login.trendmicro.com
Entrust Certification Authority - L1K		 2021-07-13 -
2022-08-11		 a year crt.sh

This page contains 1 frames:

Primary Page: https://tm.login.trendmicro.com/simplesaml/saml2/idp/SSOService.php?wkey=swg
Frame ID: 9165572B7ACD05768E1286C4B2C1489F
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://curly-field-bd79.wareareto.workers.dev/ Page URL
  2. http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn... HTTP 307
    https://auth.ztsa-iag.trendmicro.com/auth?forward=http%3A%2F%2Fkongkangbatang.co.vu%2FSafety_Information.php%3Ffb... HTTP 307
    http://auth.ztsa-iag.trendmicro.com/ntlm?forward=http%3A%2F%2Fkongkangbatang.co.vu%2FSafety_Information.php%3Ffb... HTTP 307
    https://auth.ztsa-iag.trendmicro.com/doLogin.php?action=saml&forward=http://kongkangbatang.co.vu/Safety_Informati... Page URL
  3. https://login.trendmicro.com/simplesaml/saml2/idp/SSOService.php Page URL
  4. https://tm.login.trendmicro.com/simplesaml/saml2/idp/SSOService.php?wkey=swg Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

12
Requests

92 %
HTTPS

60 %
IPv6

4
Domains

6
Subdomains

5
IPs

3
Countries

684 kB
Transfer

2215 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://curly-field-bd79.wareareto.workers.dev/ Page URL
  2. http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo/ HTTP 307
    https://auth.ztsa-iag.trendmicro.com/auth?forward=http%3A%2F%2Fkongkangbatang.co.vu%2FSafety_Information.php%3Ffbclid%3DIwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo%2F&client=6804d8db5c97701421fd4f73369c2f71cd8859c72004bf950c8fd9c7da858c1dbf10cd79dc2486554fe8e033cd730bf4 HTTP 307
    http://auth.ztsa-iag.trendmicro.com/ntlm?forward=http%3A%2F%2Fkongkangbatang.co.vu%2FSafety_Information.php%3Ffbclid%3DIwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo%2F&authId=55cfd3e8-ece7-4d6d-b9be-387d8a7cb1dd HTTP 307
    https://auth.ztsa-iag.trendmicro.com/doLogin.php?action=saml&forward=http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo/ Page URL
  3. https://login.trendmicro.com/simplesaml/saml2/idp/SSOService.php Page URL
  4. https://tm.login.trendmicro.com/simplesaml/saml2/idp/SSOService.php?wkey=swg Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo/ HTTP 307
  • https://auth.ztsa-iag.trendmicro.com/auth?forward=http%3A%2F%2Fkongkangbatang.co.vu%2FSafety_Information.php%3Ffbclid%3DIwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo%2F&client=6804d8db5c97701421fd4f73369c2f71cd8859c72004bf950c8fd9c7da858c1dbf10cd79dc2486554fe8e033cd730bf4 HTTP 307
  • http://auth.ztsa-iag.trendmicro.com/ntlm?forward=http%3A%2F%2Fkongkangbatang.co.vu%2FSafety_Information.php%3Ffbclid%3DIwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo%2F&authId=55cfd3e8-ece7-4d6d-b9be-387d8a7cb1dd HTTP 307
  • https://auth.ztsa-iag.trendmicro.com/doLogin.php?action=saml&forward=http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo/

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
curly-field-bd79.wareareto.workers.dev/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://curly-field-bd79.wareareto.workers.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:5d4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
adf9eef25d981a1b44c11e05cd265d375b43cf8668725d2c5e2b1c8b9158a379

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-ray
705f6da03c3991dd-FRA
content-encoding
br
content-type
text/html;charset=UTF-8
date
Wed, 04 May 2022 07:12:28 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DNrq1q%2FwzRnw9ki%2BdY4Foe5lb2EV0usSV4tM4%2BOsq8PwavVAhFBBGw4DfRIR0mQOWEshBXbV84sIE2c0Z7MI%2BFf%2BWcQ1osXJp2s3FwUbbyIzicVP3pNRuDNstrF9rEgVOA0odKfQQR7UtJLKLAfrpukjdmEMYCOLJCeyRY231XC6qZu3Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
m=view
www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.HVisBlA9oTw.O/d=1/rs=AGEqA5k4hgNmTukFS50ThM1GoWJuUJetUQ/ 		493 KB
167 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.HVisBlA9oTw.O/d=1/rs=AGEqA5k4hgNmTukFS50ThM1GoWJuUJetUQ/m=view
Requested by
Host: curly-field-bd79.wareareto.workers.dev
URL: https://curly-field-bd79.wareareto.workers.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b3f650ffb33ca8a8eb2803cd4e3ace93b98a2aa38c48b1eac7a372a9b8061c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://curly-field-bd79.wareareto.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date
Wed, 04 May 2022 03:00:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15104
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170239
x-xss-protection
0
last-modified
Tue, 24 Aug 2021 12:38:45 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"apps-sites","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-sites"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="apps-sites"
expires
Thu, 04 May 2023 03:00:44 GMT
jserror
curly-field-bd79.wareareto.workers.dev/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://curly-field-bd79.wareareto.workers.dev/jserror?script=https%3A%2F%2Fcurly-field-bd79.wareareto.workers.dev%2F&error=Ib&line=Not%20available
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.HVisBlA9oTw.O/d=1/rs=AGEqA5k4hgNmTukFS50ThM1GoWJuUJetUQ/m=view
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:5d4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://curly-field-bd79.wareareto.workers.dev/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Wed, 04 May 2022 07:12:28 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83TJs839ArMuE9Ya4Fe0KGFy09DX5jeGXN0lvgCoZk9maz5ePKGWA6BNJeDZIlV2HytTqnn2mRqxIuigtQDLMODXABv1k77ItqOxjMqIC0wffL%2FHHhlHqTDBJbuZDqCP%2FTcBnVvanraRBHhRbxCGG1wdCkFMyBlTfan3KtwHkSrePCiRBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html;charset=UTF-8
cf-ray
705f6da20fbd91dd-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
doLogin.php
auth.ztsa-iag.trendmicro.com/
Redirect Chain
  • http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo/
  • https://auth.ztsa-iag.trendmicro.com/auth?forward=http%3A%2F%2Fkongkangbatang.co.vu%2FSafety_Information.php%3Ffbclid%3DIwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo%2F&client=6804d...
  • http://auth.ztsa-iag.trendmicro.com/ntlm?forward=http%3A%2F%2Fkongkangbatang.co.vu%2FSafety_Information.php%3Ffbclid%3DIwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo%2F&authId=55cfd3...
  • https://auth.ztsa-iag.trendmicro.com/doLogin.php?action=saml&forward=http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo/
6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.ztsa-iag.trendmicro.com/doLogin.php?action=saml&forward=http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo/
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/atari/_/js/k=atari.vw.en_US.HVisBlA9oTw.O/d=1/rs=AGEqA5k4hgNmTukFS50ThM1GoWJuUJetUQ/m=view
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.125.85.254 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-125-85-254.eu-central-1.compute.amazonaws.com
Software
nginx/1.20.1 / PHP/7.4.3
Resource Hash
5838c292b9a6fe5b99e58b871692ec9c5de0bc923c81b376d6f95563e24b7ada

Request headers

Referer
https://curly-field-bd79.wareareto.workers.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 04 May 2022 07:12:29 GMT
Server
nginx/1.20.1
Transfer-Encoding
chunked
X-Powered-By
PHP/7.4.3

Redirect headers

Connection
keep-alive
Content-Length
2
Content-Type
TEXT/HTML
Date
Wed, 04 May 2022 07:12:29 GMT
Location
https://auth.ztsa-iag.trendmicro.com/doLogin.php?action=saml&forward=http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo/
post.js
auth.ztsa-iag.trendmicro.com/simplesaml/resources/ 		66 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.ztsa-iag.trendmicro.com/simplesaml/resources/post.js
Requested by
Host: auth.ztsa-iag.trendmicro.com
URL: https://auth.ztsa-iag.trendmicro.com/doLogin.php?action=saml&forward=http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.125.85.254 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-125-85-254.eu-central-1.compute.amazonaws.com
Software
nginx/1.20.1 /
Resource Hash
7777791e48c48e257b8f828b539bd29cde10c60091f93aecff8a44712d419857

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.ztsa-iag.trendmicro.com/doLogin.php?action=saml&forward=http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 04 May 2022 07:12:29 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Apr 2022 09:21:28 GMT
Server
nginx/1.20.1
ETag
W/"62627398-1060a"
Transfer-Encoding
chunked
Content-Type
text/html
Connection
keep-alive
post.css
auth.ztsa-iag.trendmicro.com/simplesaml/resources/ 		66 KB
43 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.ztsa-iag.trendmicro.com/simplesaml/resources/post.css
Requested by
Host: auth.ztsa-iag.trendmicro.com
URL: https://auth.ztsa-iag.trendmicro.com/doLogin.php?action=saml&forward=http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.125.85.254 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-125-85-254.eu-central-1.compute.amazonaws.com
Software
nginx/1.20.1 /
Resource Hash
7777791e48c48e257b8f828b539bd29cde10c60091f93aecff8a44712d419857

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.ztsa-iag.trendmicro.com/doLogin.php?action=saml&forward=http://kongkangbatang.co.vu/Safety_Information.php?fbclid=IwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 04 May 2022 07:12:29 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Apr 2022 09:21:28 GMT
Server
nginx/1.20.1
ETag
W/"62627398-1060a"
Transfer-Encoding
chunked
Content-Type
text/html
Connection
keep-alive
SSOService.php
login.trendmicro.com/simplesaml/saml2/idp/ 		5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.trendmicro.com/simplesaml/saml2/idp/SSOService.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:1d:e820:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
3b7b8661bb281d90176ca6b76380e6384bdcccef6152dc3c1861551de9590470
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://auth.ztsa-iag.trendmicro.com
Referer
https://auth.ztsa-iag.trendmicro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Security-Policy
frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
Content-Type
text/html; charset=UTF-8
Date
Wed, 04 May 2022 07:12:29 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubdomains
Transfer-Encoding
chunked
Via
1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
X-Amz-Cf-Id
vPMnzg7z_aThGdX1Yz11ZWICBP0T1uyOkQGVVbtleX92hzYKdWg-8Q==
X-Amz-Cf-Pop
FRA53-C1
X-Cache
Miss from cloudfront
X-Content-Security-Policy
frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
x-content-type-options
nosniff
x-xss-protection
1
loading.gif
login.trendmicro.com/simplesaml/slo/img/ 		863 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.trendmicro.com/simplesaml/slo/img/loading.gif
Requested by
Host: login.trendmicro.com
URL: https://login.trendmicro.com/simplesaml/saml2/idp/SSOService.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:1d:e820:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
7ad4339eea9dd82a41ab7d6358604a0be1cea40c4912e36d02d1c85a28b786f7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.trendmicro.com/simplesaml/saml2/idp/SSOService.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 04 May 2022 07:12:30 GMT
Via
1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
X-Amz-Cf-Pop
FRA53-C1
X-Cache
Miss from cloudfront
Connection
keep-alive
Content-Length
863
x-xss-protection
1
Last-Modified
Fri, 15 Oct 2021 03:21:11 GMT
Server
nginx
ETag
"6168f3a7-35f"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Content-Type
image/gif
Content-Security-Policy
frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
Accept-Ranges
bytes
X-Amz-Cf-Id
MGtOemtP3xp0HcNYboiKaSU0Q76gZi5nz9pbDIHjXDGSND0x-S-r4Q==
X-Content-Security-Policy
frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
Primary Request SSOService.php
tm.login.trendmicro.com/simplesaml/saml2/idp/ 		727 B
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tm.login.trendmicro.com/simplesaml/saml2/idp/SSOService.php?wkey=swg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:1d:e820:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
949f1e4b7f884752c7316d964432f32f5d394a874f2582e3bef39ee9734b9880
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://login.trendmicro.com
Referer
https://login.trendmicro.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Security-Policy
frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
Content-Type
text/html; charset=UTF-8
Date
Wed, 04 May 2022 07:12:31 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubdomains
Transfer-Encoding
chunked
Via
1.1 fc7091924e65025d5bfb92361ec3e660.cloudfront.net (CloudFront)
X-Amz-Cf-Id
jwDsLXfqeWz1JmCRqxTUszB7onOXQnCNCu6b_kGJwG6CX4Je6MuJrw==
X-Amz-Cf-Pop
FRA53-C1
X-Cache
Miss from cloudfront
X-Content-Security-Policy
frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
x-content-type-options
nosniff
x-xss-protection
1
main.css
tm.login.trendmicro.com/simplesaml/assets/css/ 		148 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://tm.login.trendmicro.com/simplesaml/assets/css/main.css
Requested by
Host: tm.login.trendmicro.com
URL: https://tm.login.trendmicro.com/simplesaml/saml2/idp/SSOService.php?wkey=swg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:1d:e820:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
bdc4939874112ea6811e66900f9cef972b645472151aa1cf8d04202cedfba43c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tm.login.trendmicro.com/simplesaml/saml2/idp/SSOService.php?wkey=swg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 04 May 2022 07:12:31 GMT
Via
1.1 fc7091924e65025d5bfb92361ec3e660.cloudfront.net (CloudFront)
x-content-type-options
nosniff
X-Amz-Cf-Pop
FRA53-C1
Transfer-Encoding
chunked
X-Cache
Miss from cloudfront
Connection
keep-alive
Content-Encoding
gzip
x-xss-protection
1
Last-Modified
Thu, 28 Apr 2022 03:07:18 GMT
Server
nginx
ETag
W/"626a04e6-24ede"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains
Content-Type
text/css
Content-Security-Policy
frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
X-Amz-Cf-Id
g0XeMm0zymdiFxPPno3ZUa-KXy4h5xMHbAgpQvCPzIMh6nIRxJ5d-A==
X-Content-Security-Policy
frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
main.js
tm.login.trendmicro.com/simplesaml/assets/js/ 		1 MB
389 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tm.login.trendmicro.com/simplesaml/assets/js/main.js
Requested by
Host: tm.login.trendmicro.com
URL: https://tm.login.trendmicro.com/simplesaml/saml2/idp/SSOService.php?wkey=swg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:1d:e820:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tm.login.trendmicro.com/simplesaml/saml2/idp/SSOService.php?wkey=swg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date
Wed, 04 May 2022 07:12:31 GMT
Via
1.1 6080b2713e502211e152f21f5c59c5a6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
X-Amz-Cf-Pop
FRA53-C1
Transfer-Encoding
chunked
X-Cache
Miss from cloudfront
Connection
keep-alive
Content-Encoding
gzip
x-xss-protection
1
Last-Modified
Wed, 04 May 2022 02:57:18 GMT
Server
nginx
ETag
W/"6271eb8e-163d19"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains
Content-Type
application/javascript
Content-Security-Policy
frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
X-Amz-Cf-Id
ws2USvWFP-P1E2m9HhN5oxrAVEWtNe9tu5Fao2rL36MV2Ydm2EBy2A==
X-Content-Security-Policy
frame-ancestors 'self' *.trendmicro.com *.trendmicro.co.jp;
img_bg_darkmode.png
tm.login.trendmicro.com/simplesaml/assets/static/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
tm.login.trendmicro.com
URL
https://tm.login.trendmicro.com/simplesaml/assets/static/img_bg_darkmode.png

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails

13 Cookies

Domain/Path Name / Value
kongkangbatang.co.vu/ Name: _zk_sc_tc2_http
Value: 1
.co.vu/ Name: _zk_sc_tc1_http
Value: 1
auth.ztsa-iag.trendmicro.com/ Name: tmicss_client
Value: 6804d8db5c97701421fd4f73369c2f71cd8859c72004bf950c8fd9c7da858c1dbf10cd79dc2486554fe8e033cd730bf4
auth.ztsa-iag.trendmicro.com/ Name: syncflag
Value: 63cb48c352a34cb736d002a5cc0a2b23
auth.ztsa-iag.trendmicro.com/ Name: tmicss_url
Value: aHR0cDovL2tvbmdrYW5nYmF0YW5nLmNvLnZ1L1NhZmV0eV9JbmZvcm1hdGlvbi5waHA%2FZmJjbGlkPUl3QVIwRHBIenlNbVI5UTFtOGh2bFgzT19GVTVBTGtyb1J5X3FoSXpoQVhXcm4xM2xkVm5fM1kxU1Fmam8v
auth.ztsa-iag.trendmicro.com/ Name: SimpleSAMLSessionID
Value: 550a93a1c4a2461d92591726a2ece943
tm.login.trendmicro.com/ Name: pls_login_SimpleSAMLSessionID
Value: 8f223d2ff8fd1c2257557ed602b7b26e
tm.login.trendmicro.com/ Name: prevAuthStateId
Value: _ce8408eceed14325e6a38bfd986f1dd9627b1c9141%3Ahttps%3A%2F%2Fauth.ztsa-iag.trendmicro.com%2FdoLogin.php%3Faction%3Dsaml%26forward%3Dhttp%3A%2F%2Fkongkangbatang.co.vu%2FSafety_Information.php%3Ffbclid%3DIwAR0DpHzyMmR9Q1m8hvlX3O_FU5ALkroRy_qhIzhAXWrn13ldVn_3Y1SQfjo%2F
tm.login.trendmicro.com/ Name: TrendIdPCredentialSource
Value: AD
tm.login.trendmicro.com/ Name: fedDestination
Value: aHR0cHM6Ly9hdXRoLnp0c2EtaWFnLnRyZW5kbWljcm8uY29tL2RvTG9naW4ucGhwP2FjdGlvbj1zYW1sJmZvcndhcmQ9aHR0cDovL2tvbmdrYW5nYmF0YW5nLmNvLnZ1L1NhZmV0eV9JbmZvcm1hdGlvbi5waHA%2FZmJjbGlkPUl3QVIwRHBIenlNbVI5UTFtOGh2bFgzT19GVTVBTGtyb1J5X3FoSXpoQVhXcm4xM2xkVm5fM1kxU1Fmam8v
tm.login.trendmicro.com/ Name: requestId
Value: 2AA5627D-DDBB-4121-97EB-D70CAC5AB631
tm.login.trendmicro.com/ Name: authToken
Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJwbHMiLCJhdWQiOiJwbHMuaWFtIiwianRpIjoiZTg0Nzg3NTEtZGZmOS00ZDNiLThiMmEtMWY4NzczMzcwNjRkIiwic3ViIjoiMkFBNTYyN0QtRERCQi00MTIxLTk3RUItRDcwQ0FDNUFCNjMxIiwidW5pcXVlX25hbWUiOiIyQUE1NjI3RC1EREJCLTQxMjEtOTdFQi1ENzBDQUM1QUI2MzEiLCJuYmYiOjE2NTE2NDgzNTEsImV4cCI6MTY1MTY0OTU1MSwiaWF0IjoxNjUxNjQ4MzUxfQ.2nawXrVVG6i7JqQQbJYe8hEpSKJAzS5_RociXuJa4ZI
tm.login.trendmicro.com/ Name: TimeOutCheckID
Value: c7e42dc56d