www.ssocmdlogin.mnglock.com
Open in
urlscan Pro
101.99.75.21
Malicious Activity!
Public Scan
Submission: On May 25 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by ssocmdlogin.mnglock.com on May 25th 2020. Valid for: a year.
This is the only time www.ssocmdlogin.mnglock.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AOL (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 101.99.75.21 101.99.75.21 | 45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd) | |
7 | 2a00:1288:f03... 2a00:1288:f03d:1fa::4000 | 10310 (YAHOO-1) (YAHOO-1) | |
9 | 3 |
ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)
www.ssocmdlogin.mnglock.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
yimg.com
s.yimg.com l.yimg.com Failed |
107 KB |
2 |
yahoo.com
fc.yahoo.com |
17 KB |
1 |
mnglock.com
www.ssocmdlogin.mnglock.com |
46 KB |
9 | 3 |
Domain | Requested by | |
---|---|---|
5 | s.yimg.com |
www.ssocmdlogin.mnglock.com
|
2 | fc.yahoo.com |
www.ssocmdlogin.mnglock.com
|
1 | www.ssocmdlogin.mnglock.com | |
0 | l.yimg.com Failed |
s.yimg.com
|
9 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.aol.com |
oidc.mail.aol.com |
policies.oath.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ssocmdlogin.mnglock.com ssocmdlogin.mnglock.com |
2020-05-25 - 2021-05-25 |
a year | crt.sh |
*.yahoo.com DigiCert SHA2 High Assurance Server CA |
2020-05-19 - 2020-07-03 |
a month | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.ssocmdlogin.mnglock.com/
Frame ID: D8053EA50F2C738FE1307CEE4611F1EE
Requests: 8 HTTP requests in this frame
Frame:
https://s.yimg.com/rq/darla/3-15-0/html/r-sf.html
Frame ID: AEC5EF278449DF008686724F0FFD5FBD
Requests: 1 HTTP requests in this frame
Frame:
https://s.yimg.com/rq/darla/3-15-0/html/r-csc.html
Frame ID: EF59FE36580FE389025E5DB5F2C0698E
Requests: 1 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.ssocmdlogin.mnglock.com/ |
144 KB 46 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.js
s.yimg.com/rq/darla/ |
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
g-r-min.js
s.yimg.com/rq/darla/3-15-0/js/ |
205 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aol-logo-black-v.0.0.2.png
s.yimg.com/wm/assets/images/ns/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
client.php
fc.yahoo.com/sdarla/php/ |
20 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
g-r-min.js
l.yimg.com/rq/darla/3-25-1/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r-sf.html
s.yimg.com/rq/darla/3-15-0/html/ Frame AEC5 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
181 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r-csc.html
s.yimg.com/rq/darla/3-15-0/html/ Frame EF59 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
client.php
fc.yahoo.com/sdarla/php/ |
20 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- l.yimg.com
- URL
- http://l.yimg.com/rq/darla/3-25-1/js/g-r-min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AOL (Online)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| sFATrCj function| etUbQpv number| pageStartTime object| DARLA object| $sf undefined| $yac boolean| sf_auto_1-25-4-2020 undefined| Y object| _Y object| I13N_config object| COUNTRY_CODES_MAP object| mbrConfig object| darlaConfig string| bucket string| currentURL boolean| isASDK undefined| comscoreBeaconUrl object| DARLA_CONFIG0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fc.yahoo.com
l.yimg.com
s.yimg.com
www.ssocmdlogin.mnglock.com
l.yimg.com
101.99.75.21
2a00:1288:f03d:1fa::4000
00787ab8e0dfcdf1b64841a2752d003e289434226e829c7d4b4072bab3b579e4
265022b05243373aacaaff7390b71a5bd8964aaacc06e92a31c7398f26cc2448
2e438279b80416ffe8758f70d63266c6e959c877354324ce6ef1fdd730ab6cdb
3439c6811bb7e4afdef051434b36bf650eb42915ca52df41624f598cd3dbb3c7
a405fe6baa75686f693a2bc59aafcd7e66ca03b46338e1e745fd769d05a45d17
beda08cf133742da414a64d415ec68804378c115eaf47ce8a638e10127613174
f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690