k58designs.com
Open in
urlscan Pro
192.185.108.167
Malicious Activity!
Public Scan
URL:
https://k58designs.com/update/yhoo/f6c5649ec1637681b4c42cd7546e.php?sam=77Inboxaspxn120079f4639932c8be471606aa8a&Id1200...
Submission: On May 18 via manual from US
Submission: On May 18 via manual from US
Summary
This website contacted 5 IPs
in 3 countries
across 4 domains to perform 12 HTTP transactions.
The main IP is 192.185.108.167, located in
Houston, United States and
belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US.
The main domain is k58designs.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 26th 2019. Valid for: 3 months.
This is the only time k58designs.com was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on March 26th 2019. Valid for: 3 months.
This is the only time k58designs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yahoo (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 192.185.108.167 192.185.108.167 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
| 7 | 2a00:1288:84:... 2a00:1288:84:800::1002 | 203219 (YAHOO-AMA) (YAHOO-AMA) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 2a00:1288:7c:... 2a00:1288:7c:800::4000 | 43428 (YAHOO-ULS) (YAHOO-ULS) | |
| 12 | 5 |
1
192.185.108.167
(Houston, United States)
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: ns627.websitewelcome.com
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: ns627.websitewelcome.com
| k58designs.com |
1
2a00:1450:4001:808::200a
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| ajax.googleapis.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 8 |
yimg.com
s.yimg.com Failed s1.yimg.com |
30 KB |
| 1 |
googleapis.com
ajax.googleapis.com |
32 KB |
| 1 |
k58designs.com
k58designs.com |
8 KB |
| 0 |
aspnetcdn.com
Failed
ajax.aspnetcdn.com Failed |
|
| 12 | 4 |
| Domain | Requested by | |
|---|---|---|
| 7 | s.yimg.com |
k58designs.com
ajax.googleapis.com |
| 1 | s1.yimg.com |
k58designs.com
|
| 1 | ajax.googleapis.com |
k58designs.com
|
| 1 | k58designs.com | |
| 0 | ajax.aspnetcdn.com Failed |
k58designs.com
|
| 12 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| k58designs.com Let's Encrypt Authority X3 |
2019-03-26 - 2019-06-24 |
3 months | crt.sh |
| *.yahoo.com DigiCert SHA2 High Assurance Server CA |
2019-04-22 - 2019-06-06 |
a month | crt.sh |
| *.googleapis.com Google Internet Authority G3 |
2019-04-30 - 2019-07-23 |
3 months | crt.sh |
| *.yimg.com DigiCert SHA2 High Assurance Server CA |
2019-04-09 - 2019-07-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://k58designs.com/update/yhoo/f6c5649ec1637681b4c42cd7546e.php?sam=77Inboxaspxn120079f4639932c8be471606aa8a&Id120079f4639932c8be471606aa8a&docb511742c1ff554eb7939b6196e85&email=&jivb511742c1ff554eb7939b6196e85&xls1d&id=fav&do
Frame ID: E6BD45570D95058EB7914E5254027B00
Requests: 12 HTTP requests in this frame
Screenshot
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- url /\.php(?:$|\?)/i
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
f6c5649ec1637681b4c42cd7546e.php
k58designs.com/update/yhoo/ |
18 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
combo
s.yimg.com/zz/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
combo
s.yimg.com/zz/ |
466 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
combo
s.yimg.com/zz/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
combo
s.yimg.com/zz/ |
330 B 348 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
combo
s.yimg.com/zz/ |
382 B 381 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
combo
s.yimg.com/zz/ |
2 KB 857 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.0/ |
91 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
combo
s.yimg.com/zz/ |
95 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
yahoo_en-US_f_p_bestfit_2x.png
s1.yimg.com/rz/d/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
jquery.validate.min.js
ajax.aspnetcdn.com/ajax/jquery.validate/1.12.0/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
yahoo_mail_en-US_s_f_pw_351x40_mail.png
s.yimg.com/rz/d/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- s.yimg.com
- URL
- https://s.yimg.com/zz/combo?/sf/assets/mbrlogin/css/pure-0.3.0-min.css&/sf/assets/mbrlogin/css/24/mbr-min.css&/sf/assets/mbrlogin/css/9/sprite-min.css&/sf/assets/mbrlogin/css/20/mbr-desktop-min.css&/sf/assets/mbrlogin/css/desktop/header/2/header-min.css&/sf/assets/mbrlogin/css/desktop/contents/2/contents-min.css&/sf/assets/mbrlogin/css/desktop/login/1/flags-min.css&/sf/assets/mbrlogin/css/desktop/login/74/login-min.css&/sf/assets/mbrlogin/css/desktop/footer/8/footer-min.css&/sf/assets/mbrlogin/css/mobile/deviceswitcher/2/deviceswitcher-min.css&/sf/assets/mbrlogin/css/desktop/lad/1/lad-min.css&kx/yucs/uh3s/atomic/84/css/atomic-min.css&kx/yucs/uh_common/meta/3/css/meta-min.css&kx/yucs/uh3s/uh/394/css/uh-center-aligned-min.css
- Domain
- ajax.aspnetcdn.com
- URL
- http://ajax.aspnetcdn.com/ajax/jquery.validate/1.12.0/jquery.validate.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yahoo (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.aspnetcdn.com
ajax.googleapis.com
k58designs.com
s.yimg.com
s1.yimg.com
ajax.aspnetcdn.com
s.yimg.com
192.185.108.167
2a00:1288:7c:800::4000
2a00:1288:84:800::1002
2a00:1450:4001:808::200a
19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208
1c498f235bfb98d52d72176bca335eba92a1a6f5675c5445dcae82319b7b7e6d
546a0f2cb1fe0910e04dc4197d04d45e8dde1ea1540005474dd5764b1786a85b
66f7b01cdf9c7f3d829020751275571299aaedc797d77243f2656ae980843646
6aef12ae44fc3b46536b156840b68f55808bbc128448db267b9272135bf97342
7fa0d5c3f538c76f878e012ac390597faecaabfe6fb9d459b919258e76c5df8e
86527ec354b48ba17a5294dd3ec4825d98a43c3d65e4fb17c964c61a6e0f36c4
88d8929af7afc045253543dfd647fd647783dc937f903d7e969f13eed41700ad
cfb31c01f5155aa5e99efe1bab036e220a71d7cd0dfc8c541fa9cf5e6f092aab
f2d2954c92bde1ca42361ce83e1d02f929f1463f4f9d1b11d4e5c430c9aff8b4