bool-m4.ml Open in urlscan Pro
35.183.106.79 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://bool-m4.ml/x-xx-x-x-x-x/Y!LastedUpgradexxxxxxxxxxxxxxxx-----------xxxxxxxxxxxx/cmd-login=84929bc0ed891b4547...
Submission Tags: @ipnigh
Submission: On October 01 via api (October 1st 2019, 1:09:42 am UTC) from GB

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 9 HTTP transactions. The main IP is 35.183.106.79, located in Montreal, Canada and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is bool-m4.ml.

This is the only time bool-m4.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) Yahoo (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	35.183.106.79 35.183.106.79	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
7	2a00:1288:f03... 2a00:1288:f03d:1fa::2000	10310 (YAHOO-1) (YAHOO-1 - Oath Holdings Inc.)
1	2001:4998:44:... 2001:4998:44:41d::3	36646 (YAHOO-NE1) (YAHOO-NE1 - Oath Holdings Inc.)
9	3

1 35.183.106.79 (Montreal, Canada)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-183-106-79.ca-central-1.compute.amazonaws.com

bool-m4.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1288:f03d:1fa::2000 (United Kingdom)

ASN10310 (YAHOO-1 - Oath Holdings Inc., US)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4998:44:41d::3 (United States)

ASN36646 (YAHOO-NE1 - Oath Holdings Inc., US)

yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	yimg.com s.yimg.com	186 KB
1	yahoo.com yahoo.com	790 B
1	bool-m4.ml bool-m4.ml	8 KB
9	3

	Domain	Requested by
7	s.yimg.com	bool-m4.ml
1	yahoo.com	bool-m4.ml
1	bool-m4.ml
9	3

This site contains no links.

Subject Issuer	Validity	Valid
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-09-17` - `2019-11-01`	a month	crt.sh
*.www.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-08-23` - `2020-02-19`	6 months	crt.sh

This page contains 1 frames:

Primary Page: http://bool-m4.ml/x-xx-x-x-x-x/Y!LastedUpgradexxxxxxxxxxxxxxxx-----------xxxxxxxxxxxx/cmd-login=84929bc0ed891b45479fa8b80b2d7a9a/login2.php?id=$id
Frame ID: 64923DF6BEC433414C46F10D11A3B2E8
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Pure CSS (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+(?:([\d.])+\/)?pure(?:-min)?\.css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

9
Requests

89 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

195 kB
Transfer

850 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login2.php Show response
bool-m4.ml/x-xx-x-x-x-x/Y!LastedUpgradexxxxxxxxxxxxxxxx-----------xxxxxxxxxxxx/cmd-login=84929bc0ed891b45479fa8b80b2d7a9a/ 8 KB
8 KB 222ms
122ms Document
text/html 35.183.106.79
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://bool-m4.ml/x-xx-x-x-x-x/Y!LastedUpgradexxxxxxxxxxxxxxxx-----------xxxxxxxxxxxx/cmd-login=84929bc0ed891b45479fa8b80b2d7a9a/login2.php?id=$id
Protocol: HTTP/1.1
Server: 35.183.106.79 Montreal, Canada, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-183-106-79.ca-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 9f521b578e4a93138bf9d77314a57518203b8a94eadf28467f5024e91bfbc878

Request headers

Host: bool-m4.ml
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 01 Oct 2019 01:09:25 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 combo
s.yimg.com/zz/ 28 KB
6 KB 19ms
18ms Stylesheet
text/css 2a00:1288:f03d:1fa::2000
Oath Holdings Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/zz/combo?yui-s:pure/0.5.0/pure-min.css&yui-s:pure/0.5.0/grids-responsive-min.css

Requested by

Host: bool-m4.ml
URL: http://bool-m4.ml/x-xx-x-x-x-x/Y!LastedUpgradexxxxxxxxxxxxxxxx-----------xxxxxxxxxxxx/cmd-login=84929bc0ed891b45479fa8b80b2d7a9a/login2.php?id=$id

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),

Reverse DNS

Software

ATS /

Resource Hash

56509fcb8d84185984927217765bf1afab5b5e217a3c06377bf1388377bb0d1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://bool-m4.ml/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 18 Apr 2019 18:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14279431
status: 200
vary: Accept-Encoding
content-length: 5607
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Apr 2019 18:38:55 GMT
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/css; charset=utf-8
cache-control: max-age=567648000, Public
expires: Sat, 05 Sep 2026 00:00:00 GMT

GET
H2 200 combo
s.yimg.com/zz/ 689 KB
149 KB 21ms
21ms Stylesheet
text/css 2a00:1288:f03d:1fa::2000
Oath Holdings Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/zz/combo?wm/mbr/0.1.5393/yahoo-main.css

Requested by

Host: bool-m4.ml
URL: http://bool-m4.ml/x-xx-x-x-x-x/Y!LastedUpgradexxxxxxxxxxxxxxxx-----------xxxxxxxxxxxx/cmd-login=84929bc0ed891b45479fa8b80b2d7a9a/login2.php?id=$id

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),

Reverse DNS

Software

ATS /

Resource Hash

08daafa83c25d790f95c856e9d83ca10420fcb3478bf7caf45f8dc60128141cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://bool-m4.ml/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 27 Jun 2019 04:15:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8283249
status: 200
vary: Accept-Encoding
content-length: 152513
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 27 Jun 2019 04:15:16 GMT
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/css
cache-control: max-age=536112000, Public
expires: Sun, 29 Apr 2035 20:47:50 GMT

GET
H2 200 combo
s.yimg.com/zz/ 19 KB
5 KB 62ms
62ms Stylesheet
text/css 2a00:1288:f03d:1fa::2000
Oath Holdings Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/zz/combo?kx/yucs/uh3s/atomic/88/css/atomic-min.css&kx/yucs/uh_common/meta/3/css/meta-min.css&kx/yucs/uh3s/uh/394/css/uh-center-aligned-min.css

Requested by

Host: bool-m4.ml
URL: http://bool-m4.ml/x-xx-x-x-x-x/Y!LastedUpgradexxxxxxxxxxxxxxxx-----------xxxxxxxxxxxx/cmd-login=84929bc0ed891b45479fa8b80b2d7a9a/login2.php?id=$id

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),

Reverse DNS

Software

ATS /

Resource Hash

9a690ab9c16eccf0d379602d649a3b27f1a8c0ccb7636feec13f3f35ec48950e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://bool-m4.ml/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 30 Jul 2019 02:40:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5437716
status: 200
vary: Accept-Encoding
content-length: 5188
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 30 Jul 2019 02:40:49 GMT
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/css
cache-control: max-age=315360000, Public
expires: Sat, 11 Jul 2026 18:16:58 GMT

GET
H2 200 combo
s.yimg.com/zz/ 95 KB
19 KB 52ms
51ms Stylesheet
text/css 2a00:1288:f03d:1fa::2000
Oath Holdings Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/zz/combo?os/stencil/3.0.1/desktop/styles-ltr.css

Requested by

Host: bool-m4.ml
URL: http://bool-m4.ml/x-xx-x-x-x-x/Y!LastedUpgradexxxxxxxxxxxxxxxx-----------xxxxxxxxxxxx/cmd-login=84929bc0ed891b45479fa8b80b2d7a9a/login2.php?id=$id

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),

Reverse DNS

Software

ATS /

Resource Hash

86527ec354b48ba17a5294dd3ec4825d98a43c3d65e4fb17c964c61a6e0f36c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://bool-m4.ml/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Thu, 02 May 2019 22:29:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13055979
status: 200
vary: Accept-Encoding
content-length: 19336
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 02 May 2019 22:29:46 GMT
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=536112000, Public
expires: Tue, 15 May 2035 04:34:18 GMT

GET
H2 200 hpkp-report-only.png
yahoo.com/ 98 B
790 B 392ms
148ms Image
image/png 2001:4998:44:41d::3
Oath Holdings Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yahoo.com/hpkp-report-only.png

Requested by

Host: bool-m4.ml
URL: http://bool-m4.ml/x-xx-x-x-x-x/Y!LastedUpgradexxxxxxxxxxxxxxxx-----------xxxxxxxxxxxx/cmd-login=84929bc0ed891b45479fa8b80b2d7a9a/login2.php?id=$id

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2001:4998:44:41d::3 , United States, ASN36646 (YAHOO-NE1 - Oath Holdings Inc., US),

Reverse DNS

Software

ATS /

Resource Hash

4863b190563f21cd5870f3a7ca19b5100c0d7949f29448d69b3a71c05759d1ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://bool-m4.ml/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Tue, 21 May 2019 11:15:59 GMT
x-amz-meta-created-date: Tue, 19 Feb 2013 22:14:15 GMT
age: 11454808
x-amz-server-side-encryption: AES256
status: 200
strict-transport-security: max-age=31536000
x-amz-request-id: 9075A29AFA56365C
x-amz-id-2: COTNNVU/s7DSPs8ikXqqle99a8YyGw0zVDYz5WgD2kylUovex6gIeAufq5baxw1b2H3odwUFgi4=
x-amz-meta-x-ysws-mbst-vtime: 1361312055197858
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 17 May 2018 03:17:51 GMT
server: ATS
x-frame-options: SAMEORIGIN
etag: "c94458f94435491291c5f0a48bb18d0d"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=567648000,public
accept-ranges: bytes
content-length: 98
x-amz-meta-x-ysws-access: public
x-amz-meta-mbst-etag: "YM:1:d1d2b329-389b-4d35-a8b9-cbd9369975cf0004d61b297a80a2"
x-content-type-options: nosniff
expires: Mon, 12 May 2036 03:17:50 GMT

GET
H2 200 yahoo_en-US_f_p_bestfit_2x.png
s.yimg.com/rz/d/ 3 KB
3 KB 62ms
62ms Image
image/png 2a00:1288:f03d:1fa::2000
Oath Holdings Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/rz/d/yahoo_en-US_f_p_bestfit_2x.png

Requested by

Host: bool-m4.ml
URL: http://bool-m4.ml/x-xx-x-x-x-x/Y!LastedUpgradexxxxxxxxxxxxxxxx-----------xxxxxxxxxxxx/cmd-login=84929bc0ed891b45479fa8b80b2d7a9a/login2.php?id=$id

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),

Reverse DNS

Software

ATS /

Resource Hash

19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://bool-m4.ml/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 01 Oct 2019 00:18:53 GMT
x-content-type-options: nosniff
age: 3034
x-amz-server-side-encryption: AES256
status: 200
vary: Origin
content-length: 3066
x-amz-id-2: ZXT6seEcIqvRvP/8abyb0yL8KP9+YAB+4NGmVc+RUrrrEQbhRhWqvCgNyKBLmN7CZTy0hHFKHlM=
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 30 Sep 2019 22:07:35 GMT
server: ATS
etag: "6919fd582e1387e697f8e772008530db"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 7D9A1339645E8E9C
x-xss-protection: 1; mode=block
cache-control: private
accept-ranges: bytes
content-type: image/png
expires: Tue, 01 Oct 2019 23:00:00 GMT

GET
H2 200 yahoo_en-US_f_pw_125x32.png
s.yimg.com/rz/l/ 3 KB
3 KB 17ms
14ms Image
image/png 2a00:1288:f03d:1fa::2000
Oath Holdings Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/rz/l/yahoo_en-US_f_pw_125x32.png

Requested by

Host: bool-m4.ml
URL: http://bool-m4.ml/x-xx-x-x-x-x/Y!LastedUpgradexxxxxxxxxxxxxxxx-----------xxxxxxxxxxxx/cmd-login=84929bc0ed891b45479fa8b80b2d7a9a/login2.php?id=$id

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),

Reverse DNS

Software

ATS /

Resource Hash

4b0f97134f7b261259d1b1deeefbddddbe868f21eccb60b37aa749d655e0e492

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://bool-m4.ml/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 22:41:06 GMT
x-content-type-options: nosniff
age: 8900
x-amz-server-side-encryption: AES256
status: 200
vary: Origin
content-length: 3063
x-amz-id-2: 9vUxKz8WChwdwazvEHwoYEYVEgSB5NOZHKjy8CFA8Ox0gFn4kGnk1VvuCGUVinf5YFzfSBrFfQY=
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 30 Sep 2019 22:19:07 GMT
server: ATS
etag: "9787cff0ba3d133d692b4bb7d9212a8c"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 222B1BEE871431B8
x-xss-protection: 1; mode=block
cache-control: private
accept-ranges: bytes
content-type: image/png
expires: Tue, 01 Oct 2019 23:00:00 GMT

GET
H2 200 fuji-spinner-1.0.1.svg
s.yimg.com/wm/modern/images/ 5 KB
1 KB 13ms
13ms Image
image/svg+xml 2a00:1288:f03d:1fa::2000
Oath Holdings Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/wm/modern/images/fuji-spinner-1.0.1.svg

Requested by

Host: bool-m4.ml
URL: http://bool-m4.ml/x-xx-x-x-x-x/Y!LastedUpgradexxxxxxxxxxxxxxxx-----------xxxxxxxxxxxx/cmd-login=84929bc0ed891b45479fa8b80b2d7a9a/login2.php?id=$id

Protocol

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),

Reverse DNS

Software

ATS /

Resource Hash

186034da48941b64b5f6b4d8a0176fb86e2ad6adda436b8eeef521b0166d06c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://s.yimg.com/zz/combo?wm/mbr/0.1.5393/yahoo-main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Tue, 03 Sep 2019 14:34:49 GMT
content-encoding: gzip
x-amz-meta-created-date: Sat, 18 Mar 2017 00:20:34 GMT
age: 2370877
x-amz-server-side-encryption: AES256
status: 200
vary: Origin, Accept-Encoding
x-amz-request-id: 6F6634FB644F081E
x-amz-id-2: XJsMgo9HzMiTg2hKKd6e3NfjVoN4xbRmVWCCP2PYAAUN31K6zUiN/p5ADo0WP9in69tpMCV58b0=
x-amz-meta-x-ysws-mbst-vtime: 1489796434429139
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 04 May 2018 05:02:09 GMT
server: ATS
etag: "1371fb7ea1d9f283b0964f6d9fedf183-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=31536000; public
accept-ranges: bytes
content-length: 614
x-amz-meta-x-ysws-access: public
x-amz-meta-mbst-etag: "YM:1:9245687e-14b4-4f74-a865-1fdb03b2bc6000054af6434304d3"
x-content-type-options: nosniff
expires: Sat, 04 May 2019 05:02:08 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) Yahoo (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bool-m4.ml
s.yimg.com
yahoo.com
2001:4998:44:41d::3
2a00:1288:f03d:1fa::2000
35.183.106.79
08daafa83c25d790f95c856e9d83ca10420fcb3478bf7caf45f8dc60128141cb
186034da48941b64b5f6b4d8a0176fb86e2ad6adda436b8eeef521b0166d06c5
19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208
4863b190563f21cd5870f3a7ca19b5100c0d7949f29448d69b3a71c05759d1ed
4b0f97134f7b261259d1b1deeefbddddbe868f21eccb60b37aa749d655e0e492
56509fcb8d84185984927217765bf1afab5b5e217a3c06377bf1388377bb0d1b
86527ec354b48ba17a5294dd3ec4825d98a43c3d65e4fb17c964c61a6e0f36c4
9a690ab9c16eccf0d379602d649a3b27f1a8c0ccb7636feec13f3f35ec48950e
9f521b578e4a93138bf9d77314a57518203b8a94eadf28467f5024e91bfbc878

bool-m4.ml Open in urlscan Pro 35.183.106.79 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

89 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

195 kBTransfer

850 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

bool-m4.ml Open in urlscan Pro
35.183.106.79 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

195 kB
Transfer

850 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!