www.ssocmdlogin.mnglock.com Open in urlscan Pro
101.99.75.21  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.ssocmdlogin.mnglock.com/	144 KB 46 KB	1109ms 204ms	Document text/html	101.99.75.21 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Full URL https://www.ssocmdlogin.mnglock.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 101.99.75.21 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS Software LiteSpeed / PHP/7.3.16 Resource Hash 00787ab8e0dfcdf1b64841a2752d003e289434226e829c7d4b4072bab3b579e4 Request headers :method GET :authority www.ssocmdlogin.mnglock.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 200 x-powered-by PHP/7.3.16 set-cookie PHPSESSID=d453db2d2de93011b12b26f405bc1092; path=/; secure expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache content-type text/html; charset=UTF-8 content-encoding br vary Accept-Encoding date Mon, 25 May 2020 15:31:55 GMT server LiteSpeed alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-24=":443"; ma=2592000, h3-25=":443"; ma=2592000
GET H2	200	boot.js Show response s.yimg.com/rq/darla/	7 KB 4 KB	17ms 17ms	Script application/javascript	2a00:1288:f03d:1fa::4000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/rq/darla/boot.js Requested by Host: www.ssocmdlogin.mnglock.com URL: https://www.ssocmdlogin.mnglock.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash beda08cf133742da414a64d415ec68804378c115eaf47ce8a638e10127613174 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.ssocmdlogin.mnglock.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers ats-carp-promotion 1 date Sun, 24 May 2020 20:33:58 GMT content-encoding gzip x-content-type-options nosniff age 68282 x-amz-server-side-encryption AES256 status 200 vary Origin, Accept-Encoding content-length 3609 x-amz-id-2 AHVQg8/IOAZmTU5HUfp1+ZMbwdHpbw4WY0GOdAErdsrUGvwI/hHm16uSgvQDCZI9pF+o94taxbs= referrer-policy no-referrer-when-downgrade last-modified Mon, 04 May 2020 17:45:17 GMT server ATS etag "30e5ab85f44a354129f3948534b64999-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" strict-transport-security max-age=15552000 x-amz-request-id 20ED1320804A6884 x-xss-protection 1; mode=block cache-control public,max-age=86400 accept-ranges bytes content-type application/javascript; charset=utf-8
GET H2	200	g-r-min.js Show response s.yimg.com/rq/darla/3-15-0/js/	205 KB 87 KB	959ms 958ms	Script application/javascript	2a00:1288:f03d:1fa::4000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/rq/darla/3-15-0/js/g-r-min.js Requested by Host: www.ssocmdlogin.mnglock.com URL: https://www.ssocmdlogin.mnglock.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash 2e438279b80416ffe8758f70d63266c6e959c877354324ce6ef1fdd730ab6cdb Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.ssocmdlogin.mnglock.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 25 May 2020 15:31:59 GMT content-encoding gzip x-content-type-options nosniff age 2 x-amz-server-side-encryption AES256 status 200 vary Origin, Accept-Encoding x-amz-request-id 75B7B8C93D3B9E24 x-amz-id-2 kzXGR5y+9mINOlLTb45+HUXjlKTZWWogx1aQG5zFIhRJXqiX9U667WAnO/EbJSxA72qgCP7dOOs= referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Jun 2019 17:42:58 GMT server ATS etag "adcde346338859fcb5c2ea7436f454a9-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" strict-transport-security max-age=15552000 content-type application/javascript; charset=utf-8 x-xss-protection 1; mode=block cache-control public,max-age=31536000 accept-ranges bytes
GET H2	200	aol-logo-black-v.0.0.2.png s.yimg.com/wm/assets/images/ns/	16 KB 16 KB	16ms 16ms	Image image/png	2a00:1288:f03d:1fa::4000 YAHOO-1
General Check archive.org Show headers Download Go to Show image Full URL https://s.yimg.com/wm/assets/images/ns/aol-logo-black-v.0.0.2.png Requested by Host: www.ssocmdlogin.mnglock.com URL: https://www.ssocmdlogin.mnglock.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.ssocmdlogin.mnglock.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers ats-carp-promotion 1 date Mon, 13 Apr 2020 12:11:40 GMT x-amz-meta-created-date Thu, 16 Nov 2017 19:59:27 GMT age 3640819 x-amz-server-side-encryption AES256 status 200 vary Origin x-amz-request-id 16166B0ACD2591FD x-amz-id-2 j5uJPduJrO14GEOltaiVrsePQLm9HM1kRhV/X2Vy61qRbL1XRrG2eEH/ykqDVKmmobkaFJNaEec= x-amz-meta-x-ysws-mbst-vtime 1510862367682930 referrer-policy no-referrer-when-downgrade last-modified Fri, 04 May 2018 01:23:57 GMT server ATS etag "f9e0f24b60732cd95150a37fb003b871" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" strict-transport-security max-age=15552000 content-type image/png x-xss-protection 1; mode=block cache-control max-age=31536000; public accept-ranges bytes content-length 16340 x-amz-meta-x-ysws-access public x-amz-meta-mbst-etag "YM:1:3570f846-88d6-4c90-bd91-179d937c363c00055e1f0ebaf172" x-content-type-options nosniff expires Sat, 04 May 2019 01:23:56 GMT
GET H2	200	client.php Show response fc.yahoo.com/sdarla/php/	20 KB 9 KB	197ms 195ms	Script text/javascript	2a00:1288:f03d:1fa::4000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794200033&ref=https%3A%2F%2Flogin.aol.com%2F%3Fsrc%3Dmail%26redirect_uri%3Dhttps%253A%252F%252Foidc.mail.aol.com%252Fcallback%26lang%3Den-US%26client_id%3Ddj0yJmk9VlN3cDhpNm1Id0szJmQ9WVdrOVdtRm1aMVU1Tm1zbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD1mYQ--%26language%3Den-US Requested by Host: www.ssocmdlogin.mnglock.com URL: https://www.ssocmdlogin.mnglock.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash a405fe6baa75686f693a2bc59aafcd7e66ca03b46338e1e745fd769d05a45d17 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.ssocmdlogin.mnglock.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 25 May 2020 15:31:57 GMT content-encoding gzip x-content-type-options nosniff age 0 x-dns-prefetch-control off p3p policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" status 200 vary Accept-Encoding content-length 8278 x-xss-protection 1; mode=block referrer-policy no-referrer-when-downgrade server ATS expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" strict-transport-security max-age=15552000 content-type text/javascript;charset=UTF-8 cache-control private,no-cache,no-store x-robots-tag noindex, noarchive, nosnippet, nofollow
GET		g-r-min.js l.yimg.com/rq/darla/3-25-1/js/	0 0
GET H2	200	r-sf.html s.yimg.com/rq/darla/3-15-0/html/ Frame AEC5	0 0	16ms 16ms	Document text/html	2a00:1288:f03d:1fa::4000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/rq/darla/3-15-0/html/r-sf.html Requested by Host: www.ssocmdlogin.mnglock.com URL: https://www.ssocmdlogin.mnglock.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority s.yimg.com :scheme https :path /rq/darla/3-15-0/html/r-sf.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.ssocmdlogin.mnglock.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://www.ssocmdlogin.mnglock.com/ Response headers status 200 x-amz-id-2 neeW+oLxgIAQ76WIak6FM9jOLI9d/cndbJixEypSH+9YFkOIgGVf+UXNcLTwiPn/59eyXAe0hDw= x-amz-request-id DCB1B8FAA40E2325 date Mon, 20 Apr 2020 12:00:07 GMT last-modified Tue, 18 Jun 2019 17:42:56 GMT etag "38af3d4f8c84f11502b04431eb9d3a13-df" x-amz-server-side-encryption AES256 cache-control public,max-age=31536000 accept-ranges bytes content-type text/html; charset=utf-8 server ATS referrer-policy no-referrer-when-downgrade vary Origin, Accept-Encoding content-encoding gzip content-length 753 age 3036714 strict-transport-security max-age=15552000 expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" x-xss-protection 1; mode=block x-content-type-options nosniff
GET DATA	200 OK	truncated /	181 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3439c6811bb7e4afdef051434b36bf650eb42915ca52df41624f598cd3dbb3c7 Request headers Referer https://www.ssocmdlogin.mnglock.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET H2	200	r-csc.html s.yimg.com/rq/darla/3-15-0/html/ Frame EF59	0 0	23ms 22ms	Document text/html	2a00:1288:f03d:1fa::4000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/rq/darla/3-15-0/html/r-csc.html Requested by Host: www.ssocmdlogin.mnglock.com URL: https://www.ssocmdlogin.mnglock.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority s.yimg.com :scheme https :path /rq/darla/3-15-0/html/r-csc.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.ssocmdlogin.mnglock.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://www.ssocmdlogin.mnglock.com/ Response headers status 200 x-amz-id-2 c6VK1ixvxP6Zt/ntSSkLOo08dcwGj78dCt6wEhWIljW8swMWybepTX+7wysZuSOgEQzcv3OoiDE= x-amz-request-id CA119E9DA228501E date Fri, 15 May 2020 08:25:58 GMT last-modified Tue, 18 Jun 2019 17:42:56 GMT etag "1450e69fc39d02269ab6b4563d2978a1-df" x-amz-server-side-encryption AES256 cache-control public,max-age=31536000 accept-ranges bytes content-type text/html; charset=utf-8 server ATS referrer-policy no-referrer-when-downgrade vary Origin, Accept-Encoding age 889563 content-encoding gzip content-length 1143 strict-transport-security max-age=15552000 expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" x-xss-protection 1; mode=block x-content-type-options nosniff
GET H2	200	client.php Show response fc.yahoo.com/sdarla/php/	20 KB 8 KB	280ms 279ms	Script text/javascript	2a00:1288:f03d:1fa::4000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794200033&ref=https%3A%2F%2Flogin.aol.com%2F%3Fsrc%3Dmail%26redirect_uri%3Dhttps%253A%252F%252Foidc.mail.aol.com%252Fcallback%26lang%3Den-US%26client_id%3Ddj0yJmk9VlN3cDhpNm1Id0szJmQ9WVdrOVdtRm1aMVU1Tm1zbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD1mYQ--%26language%3Den-US Requested by Host: www.ssocmdlogin.mnglock.com URL: https://www.ssocmdlogin.mnglock.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash 265022b05243373aacaaff7390b71a5bd8964aaacc06e92a31c7398f26cc2448 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.ssocmdlogin.mnglock.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 25 May 2020 15:31:59 GMT content-encoding gzip x-content-type-options nosniff age 0 x-dns-prefetch-control off p3p policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" status 200 vary Accept-Encoding content-length 8268 x-xss-protection 1; mode=block referrer-policy no-referrer-when-downgrade server ATS expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" strict-transport-security max-age=15552000 content-type text/javascript;charset=UTF-8 cache-control private,no-cache,no-store x-robots-tag noindex, noarchive, nosnippet, nofollow

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

l.yimg.com

URL

http://l.yimg.com/rq/darla/3-25-1/js/g-r-min.js

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AOL (Online)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| sFATrCj function| etUbQpv number| pageStartTime object| DARLA object| $sf undefined| $yac boolean| sf_auto_1-25-4-2020 undefined| Y object| _Y object| I13N_config object| COUNTRY_CODES_MAP object| mbrConfig object| darlaConfig string| bucket string| currentURL boolean| isASDK undefined| comscoreBeaconUrl object| DARLA_CONFIG

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fc.yahoo.com
l.yimg.com
s.yimg.com
www.ssocmdlogin.mnglock.com
l.yimg.com
101.99.75.21
2a00:1288:f03d:1fa::4000
00787ab8e0dfcdf1b64841a2752d003e289434226e829c7d4b4072bab3b579e4
265022b05243373aacaaff7390b71a5bd8964aaacc06e92a31c7398f26cc2448
2e438279b80416ffe8758f70d63266c6e959c877354324ce6ef1fdd730ab6cdb
3439c6811bb7e4afdef051434b36bf650eb42915ca52df41624f598cd3dbb3c7
a405fe6baa75686f693a2bc59aafcd7e66ca03b46338e1e745fd769d05a45d17
beda08cf133742da414a64d415ec68804378c115eaf47ce8a638e10127613174
f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690