www.login.mail-aol.host Open in urlscan Pro
199.188.201.16 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.login.mail-aol.host/
Submission Tags: @jcybersec_
Submission: On July 10 via api (July 10th 2020, 4:05:03 pm UTC) from GB

Summary HTTP 10 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 199.188.201.16, located in Los Angeles, United States and belongs to NAMECHEAP-NET, US. The main domain is www.login.mail-aol.host.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 10th 2020. Valid for: a year.

This is the only time www.login.mail-aol.host was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AOL (Online) Yahoo (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	199.188.201.16 199.188.201.16	22612 (NAMECHEAP...) (NAMECHEAP-NET)
9	2a00:1288:f03... 2a00:1288:f03d:1fa::4000	10310 (YAHOO-1) (YAHOO-1)
10	2

1 199.188.201.16 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET, US)

www.login.mail-aol.host	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1288:f03d:1fa::4000 (United Kingdom)

ASN10310 (YAHOO-1, US)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fc.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	yimg.com s.yimg.com	756 KB
1	yahoo.com fc.yahoo.com
1	mail-aol.host www.login.mail-aol.host	2 KB
10	3

	Domain	Requested by
8	s.yimg.com	www.login.mail-aol.host
1	fc.yahoo.com	www.login.mail-aol.host
1	www.login.mail-aol.host
10	3

This site contains links to these domains. Also see Links.

Domain
www.aol.co.uk
help.aol.co.uk

Subject Issuer	Validity	Valid
login.mail-aol.host Sectigo RSA Domain Validation Secure Server CA	`2020-07-10` - `2021-07-10`	a year	crt.sh
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-07-02` - `2020-08-16`	a month	crt.sh

This page contains 3 frames:

Primary Page: https://www.login.mail-aol.host/
Frame ID: 947D9C5AF018AFE796AD15F530AA2964
Requests: 8 HTTP requests in this frame

Frame: https://s.yimg.com/rq/darla/4-2-0/html/r-sf.html
Frame ID: 4CE5984C629263E9832E41CE887DC968
Requests: 1 HTTP requests in this frame

Frame: https://s.yimg.com/rq/darla/4-2-0/html/r-csc.html
Frame ID: C0944E5F46F7CEAB6C4CFD9FCD525ADD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

759 kB
Transfer

1323 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.aol.co.uk/
Title:

Search URL Search Domain Scan URL

URL: https://help.aol.co.uk/
Title: Help

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.login.mail-aol.host/ 7 KB
2 KB 648ms
177ms Document
text/html 199.188.201.16
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.login.mail-aol.host/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 199.188.201.16 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache / PHP/7.2.31
Resource Hash: 7c734e9b18f47579a3813f5fe31c9119dd32090433eab7f4afd9778c2fe0b514

Request headers

:method: GET
:authority: www.login.mail-aol.host
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 10 Jul 2020 16:04:43 GMT
server: Apache
x-powered-by: PHP/7.2.31
vary: Accept-Encoding
content-encoding: gzip
content-length: 2301
content-type: text/html; charset=UTF-8

GET
H2 200 aol-main.css
s.yimg.com/wm/mbr/6010dd1818178645c3b14f00ed116b0ef91ea369/ 431 KB
88 KB 18ms
17ms Stylesheet
text/css 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wm/mbr/6010dd1818178645c3b14f00ed116b0ef91ea369/aol-main.css

Requested by

Host: www.login.mail-aol.host
URL: https://www.login.mail-aol.host/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

d8a0284a00af6971b665220b20978b133edd4b8caaa0e611bd9a6e95b6c0fae4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.login.mail-aol.host/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 08 Jul 2020 20:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 157988
x-amz-server-side-encryption: AES256
status: 200
vary: Origin, Accept-Encoding
content-length: 89742
x-amz-id-2: n12MAzfweDr7aDms3kIAalVDbO2GFB/HfOjwqYbZVO0PSIGVgcumT4BPxys16U0qYhvJTkmBtHk=
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 08 Jul 2020 16:36:51 GMT
server: ATS
etag: "9e144b1bf269acf1cfb448bb5b64d237-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: FJ6Q3P6KFJ3YBN3G
x-xss-protection: 1; mode=block
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: text/css

GET
H2 200 aol-logo-black-v.0.0.2.png
s.yimg.com/wm/assets/images/ns/ 16 KB
16 KB 62ms
61ms Image
image/png 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/wm/assets/images/ns/aol-logo-black-v.0.0.2.png

Requested by

Host: www.login.mail-aol.host
URL: https://www.login.mail-aol.host/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.login.mail-aol.host/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Wed, 17 Jun 2020 17:34:05 GMT
x-amz-meta-created-date: Thu, 16 Nov 2017 19:59:27 GMT
age: 1981839
x-amz-server-side-encryption: AES256
status: 200
vary: Origin
x-amz-request-id: A7BB6A0740139F58
x-amz-id-2: IWgJuPyONf3Aj99OrjptfG+egpV+qi0mNqPxMIfaV8upoQMT1gh0D6biD20nkNNJTMfDIl6E/R4=
x-amz-meta-x-ysws-mbst-vtime: 1510862367682930
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 04 May 2018 01:23:57 GMT
server: ATS
etag: "f9e0f24b60732cd95150a37fb003b871"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=31536000; public
accept-ranges: bytes
content-length: 16340
x-amz-meta-x-ysws-access: public
x-amz-meta-mbst-etag: "YM:1:3570f846-88d6-4c90-bd91-179d937c363c00055e1f0ebaf172"
x-content-type-options: nosniff
expires: Sat, 04 May 2019 01:23:56 GMT

GET
H2 200 aol-logo-white-v0.0.4.png
s.yimg.com/wm/assets/images/ybar/ 4 KB
5 KB 62ms
62ms Image
image/png 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/wm/assets/images/ybar/aol-logo-white-v0.0.4.png

Requested by

Host: www.login.mail-aol.host
URL: https://www.login.mail-aol.host/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

d0ecaea4f4b91a678f16b572dbe3c9dc7212d1437a97a31f84ae74c167d5a4db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.login.mail-aol.host/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Mon, 12 Aug 2019 18:22:32 GMT
x-amz-meta-created-date: Wed, 18 Apr 2018 19:01:42 GMT
age: 28762932
x-amz-server-side-encryption: AES256
status: 200
vary: Origin
x-amz-request-id: C79A2AAAF45E9EB3
x-amz-id-2: 4/1hN93wvIzac1mdKLcvW3rFLf6diQ3Yeis/XeY31ieXDOJjQHB156rMgNAvgpAyIDDGLYD8ho8=
x-amz-meta-x-ysws-mbst-vtime: 1524078102670246
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 May 2018 20:51:15 GMT
server: ATS
etag: "f0d2ba5c63ab03f3b53158f293f651c7"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: public,max-age=31536000
accept-ranges: bytes
content-length: 4314
x-amz-meta-x-ysws-access: public
x-amz-meta-mbst-etag: "YM:1:d32351c9-ea78-46c0-b7a5-1066118ae37d00056a2415eb6ba6"
x-content-type-options: nosniff
expires: Fri, 03 May 2019 20:51:13 GMT

GET
H2 403 client.php
fc.yahoo.com/sdarla/php/ 0
0 71ms
50ms Script
text/html 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794224033&ref=https%3A%2F%2Flogin.aol.com%2Faccount%2Fchallenge%2Fpassword
Requested by: Host: www.login.mail-aol.host
URL: https://www.login.mail-aol.host/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.login.mail-aol.host/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 r-sf.html
s.yimg.com/rq/darla/4-2-0/html/ Frame 4CE5 0
0 60ms
60ms Document
text/html 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/darla/4-2-0/html/r-sf.html

Requested by

Host: www.login.mail-aol.host
URL: https://www.login.mail-aol.host/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: s.yimg.com
:scheme: https
:path: /rq/darla/4-2-0/html/r-sf.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.login.mail-aol.host/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.login.mail-aol.host/

Response headers

status: 200
x-amz-id-2: 12SLeFjn5O0yF6SlyqQi4+e9lBI37iEaLm7sDhTYq+AsvufdjO5ZX95sYeLMHyxjJ8zESU3SRnM=
x-amz-request-id: FC5DD650A8C80C27
date: Wed, 01 Jul 2020 00:48:37 GMT
last-modified: Wed, 01 Jul 2020 00:00:20 GMT
etag: "38af3d4f8c84f11502b04431eb9d3a13-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=31536000
accept-ranges: bytes
content-type: text/html; charset=utf-8
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
age: 832568
ats-carp-promotion: 1
content-encoding: gzip
content-length: 753
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff

GET
H2 200 capslock-v0.0.2.svg
s.yimg.com/wm/mbr/images/ 971 B
779 B 18ms
17ms Image
image/svg+xml 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/wm/mbr/images/capslock-v0.0.2.svg

Requested by

Host: www.login.mail-aol.host
URL: https://www.login.mail-aol.host/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

ec1322f4e6e2509a4448b85a1b820d38b5dd43e0be49c999477d2c0e859993db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://s.yimg.com/wm/mbr/6010dd1818178645c3b14f00ed116b0ef91ea369/aol-main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 May 2020 21:39:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4904744
x-amz-server-side-encryption: AES256
status: 200
vary: Origin, Accept-Encoding
content-length: 545
x-amz-id-2: Iw4qTy3brq8hT4y15iy40Fazyf8vZo/U/afOZocdTFCqPRvs4NJXrr4RGH/FetN83UxLOyNfXlM=
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 14 Nov 2019 20:33:02 GMT
server: ATS
etag: "ab452af7ea91b4389f87c0e068436b75-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 458F83CC87FB9756
x-xss-protection: 1; mode=block
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/svg+xml

GET
H2 200 hide-v0.0.1.svg
s.yimg.com/wm/mbr/images/ 860 KB
646 KB 19ms
18ms Image
image/svg+xml 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/wm/mbr/images/hide-v0.0.1.svg

Requested by

Host: www.login.mail-aol.host
URL: https://www.login.mail-aol.host/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

119acd68e288f17e86722a67e341ec74f7f6a377ec8e15b3914245f57caf6fbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://s.yimg.com/wm/mbr/6010dd1818178645c3b14f00ed116b0ef91ea369/aol-main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Mon, 04 May 2020 04:57:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5828846
x-amz-server-side-encryption: AES256
status: 200
vary: Origin, Accept-Encoding
content-length: 660584
x-amz-id-2: //oXjgXkaduXS2DRFoLJTsq4wmBMoc0rCHLV/Vj0XYqn6mSEhxtPIxGsIza4lGBQ83xp1AxglYw=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 16 Jul 2019 23:13:44 GMT
server: ATS
etag: "6bd15a1456d985027ba5ca91528e4b1e-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 6366CF6A363283F1
x-xss-protection: 1; mode=block
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/svg+xml

GET
H2 200 fuji-spinner-1.0.1.svg
s.yimg.com/wm/modern/images/ 5 KB
951 B 61ms
60ms Image
image/svg+xml 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/wm/modern/images/fuji-spinner-1.0.1.svg

Requested by

Host: www.login.mail-aol.host
URL: https://www.login.mail-aol.host/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

186034da48941b64b5f6b4d8a0176fb86e2ad6adda436b8eeef521b0166d06c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://s.yimg.com/wm/mbr/6010dd1818178645c3b14f00ed116b0ef91ea369/aol-main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Sun, 28 Jun 2020 21:33:00 GMT
content-encoding: gzip
x-amz-meta-created-date: Sat, 18 Mar 2017 00:20:34 GMT
age: 1017104
x-amz-server-side-encryption: AES256
status: 200
vary: Origin, Accept-Encoding
x-amz-request-id: 3C1BC5C0AF9D7536
x-amz-id-2: fpX0IoYdsN5m0FGriXOCSTNfOo1MpMIzDM+dtUXxq9rgByy+kGIHIvkzqPBkbzjruQvd9BToevw=
x-amz-meta-x-ysws-mbst-vtime: 1489796434429139
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 04 May 2018 05:02:09 GMT
server: ATS
etag: "1371fb7ea1d9f283b0964f6d9fedf183-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=31536000; public
accept-ranges: bytes
content-length: 614
x-amz-meta-x-ysws-access: public
x-amz-meta-mbst-etag: "YM:1:9245687e-14b4-4f74-a865-1fdb03b2bc6000054af6434304d3"
x-content-type-options: nosniff
expires: Sat, 04 May 2019 05:02:08 GMT

GET
H2 200 r-csc.html
s.yimg.com/rq/darla/4-2-0/html/ Frame C094 0
0 16ms
15ms Document
text/html 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/darla/4-2-0/html/r-csc.html

Requested by

Host: www.login.mail-aol.host
URL: https://www.login.mail-aol.host/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: s.yimg.com
:scheme: https
:path: /rq/darla/4-2-0/html/r-csc.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.login.mail-aol.host/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.login.mail-aol.host/

Response headers

status: 200
x-amz-id-2: N8iak8Oqpq3Wtw/ZnCtREUm3LnxEfk1Jq7916ivAygstR6D3tGo+DcFVSBL34uYmtxKSo+tCUQA=
x-amz-request-id: 0F15709A0FA19F63
date: Wed, 01 Jul 2020 02:08:12 GMT
last-modified: Wed, 01 Jul 2020 00:00:19 GMT
etag: "1ff9b6e511ccd76562520a75bae161d2-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=31536000
accept-ranges: bytes
content-type: text/html; charset=utf-8
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
content-encoding: gzip
content-length: 1160
age: 827793
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AOL (Online) Yahoo (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fc.yahoo.com
s.yimg.com
www.login.mail-aol.host
199.188.201.16
2a00:1288:f03d:1fa::4000
119acd68e288f17e86722a67e341ec74f7f6a377ec8e15b3914245f57caf6fbf
186034da48941b64b5f6b4d8a0176fb86e2ad6adda436b8eeef521b0166d06c5
7c734e9b18f47579a3813f5fe31c9119dd32090433eab7f4afd9778c2fe0b514
d0ecaea4f4b91a678f16b572dbe3c9dc7212d1437a97a31f84ae74c167d5a4db
d8a0284a00af6971b665220b20978b133edd4b8caaa0e611bd9a6e95b6c0fae4
ec1322f4e6e2509a4448b85a1b820d38b5dd43e0be49c999477d2c0e859993db
f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690

www.login.mail-aol.host Open in urlscan Pro 199.188.201.16 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

759 kBTransfer

1323 kBSize

0 Cookies

2 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

www.login.mail-aol.host Open in urlscan Pro
199.188.201.16 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

759 kB
Transfer

1323 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!