www.ssocmdlogin.mnglock.com
Open in
urlscan Pro
101.99.75.21
Malicious Activity!
Public Scan
Submission Tags: @jcybersec_
Submission: On May 25 via api from GB
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 25th 2020. Valid for: 3 months.
This is the only time www.ssocmdlogin.mnglock.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AOL (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 101.99.75.21 101.99.75.21 | 45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd) | |
7 | 2a00:1288:f03... 2a00:1288:f03d:1fa::4000 | 10310 (YAHOO-1) (YAHOO-1) | |
9 | 3 |
ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)
www.ssocmdlogin.mnglock.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
yimg.com
s.yimg.com l.yimg.com Failed |
107 KB |
2 |
yahoo.com
fc.yahoo.com |
17 KB |
1 |
mnglock.com
www.ssocmdlogin.mnglock.com |
46 KB |
9 | 3 |
Domain | Requested by | |
---|---|---|
5 | s.yimg.com |
www.ssocmdlogin.mnglock.com
|
2 | fc.yahoo.com |
www.ssocmdlogin.mnglock.com
|
1 | www.ssocmdlogin.mnglock.com | |
0 | l.yimg.com Failed |
s.yimg.com
|
9 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.aol.com |
oidc.mail.aol.com |
policies.oath.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ssocmdlogin.mnglock.com cPanel, Inc. Certification Authority |
2020-05-25 - 2020-08-23 |
3 months | crt.sh |
*.yahoo.com DigiCert SHA2 High Assurance Server CA |
2020-05-19 - 2020-07-03 |
a month | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.ssocmdlogin.mnglock.com/
Frame ID: 4BA6717C0267D6020DF7BB81AEEFF057
Requests: 8 HTTP requests in this frame
Frame:
https://s.yimg.com/rq/darla/3-15-0/html/r-sf.html
Frame ID: 646938E469DA3F9FFC294FA4FD2F8675
Requests: 1 HTTP requests in this frame
Frame:
https://s.yimg.com/rq/darla/3-15-0/html/r-csc.html
Frame ID: AD5CB4CC12E985DCAB15D793478075F8
Requests: 1 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.ssocmdlogin.mnglock.com/ |
144 KB 46 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.js
s.yimg.com/rq/darla/ |
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
g-r-min.js
s.yimg.com/rq/darla/3-15-0/js/ |
205 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol-logo-black-v.0.0.2.png
s.yimg.com/wm/assets/images/ns/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
client.php
fc.yahoo.com/sdarla/php/ |
20 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
g-r-min.js
l.yimg.com/rq/darla/3-25-1/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r-sf.html
s.yimg.com/rq/darla/3-15-0/html/ Frame 6469 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
181 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r-csc.html
s.yimg.com/rq/darla/3-15-0/html/ Frame AD5C |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
client.php
fc.yahoo.com/sdarla/php/ |
20 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- l.yimg.com
- URL
- http://l.yimg.com/rq/darla/3-25-1/js/g-r-min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AOL (Online)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| sFATrCj function| etUbQpv number| pageStartTime object| DARLA object| $sf undefined| $yac boolean| sf_auto_1-25-4-2020 undefined| Y object| _Y object| I13N_config object| COUNTRY_CODES_MAP object| mbrConfig object| darlaConfig string| bucket string| currentURL boolean| isASDK undefined| comscoreBeaconUrl object| DARLA_CONFIG1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.ssocmdlogin.mnglock.com/ | Name: PHPSESSID Value: 1b6e8e2c4af775e504d44a36be8f612c |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fc.yahoo.com
l.yimg.com
s.yimg.com
www.ssocmdlogin.mnglock.com
l.yimg.com
101.99.75.21
2a00:1288:f03d:1fa::4000
00787ab8e0dfcdf1b64841a2752d003e289434226e829c7d4b4072bab3b579e4
21c7599e22cc0ea95c67b81bff34ce85af4258f445d9fd864f8b646fc5cdab13
2e438279b80416ffe8758f70d63266c6e959c877354324ce6ef1fdd730ab6cdb
3439c6811bb7e4afdef051434b36bf650eb42915ca52df41624f598cd3dbb3c7
beda08cf133742da414a64d415ec68804378c115eaf47ce8a638e10127613174
e8f389d92514e4b327e43ead311d9aac7615554c978643cf28f49e46280247b1
f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690