stencilevents.com - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 108.179.255.61, located in Houston, United States and belongs to CYRUSONE - CyrusOne LLC, US. The main domain is stencilevents.com.

This is the only time stencilevents.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

	IP Address	AS Autonomous System
5	108.179.255.61 108.179.255.61	20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC)
1	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
6	3

5 108.179.255.61 (Houston, United States)

ASN20013 (CYRUSONE - CyrusOne LLC, US)

stencilevents.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, DE)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	stencilevents.com stencilevents.com	110 KB
1	yimg.com s.yimg.com	3 KB
6	2

	Domain	Requested by
5	stencilevents.com	stencilevents.com
1	s.yimg.com	stencilevents.com
6	2

This site contains links to these domains. Also see Links.

Domain
aleso.dollyshowmasy.gq
overview.mail.yahoo.com
mobile.yahoo.com
help.yahoo.com
login.yahoo.com

Subject Issuer	Validity	Valid
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2017-06-19` - `2017-08-02`	a month	crt.sh

This page contains 1 frames:

Primary Page: http://stencilevents.com/admin/yahoo/
Frame ID: 18933.1
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

6
Requests

17 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

114 kB
Transfer

376 kB
Size

0
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://aleso.dollyshowmasy.gq/uite/yahoo/
Title: Yahoo

Search URL Search Domain Scan URL

URL: https://overview.mail.yahoo.com/
Title: About Mail

Search URL Search Domain Scan URL

URL: https://overview.mail.yahoo.com/#features
Title: Features

Search URL Search Domain Scan URL

URL: https://mobile.yahoo.com/mail/?src=gta
Title: Get the App

Search URL Search Domain Scan URL

URL: https://help.yahoo.com/kb/index?locale=en_US&page=product&y=PROD_ACCT
Title: Help

Search URL Search Domain Scan URL

URL: https://aleso.dollyshowmasy.gq/uite/yahoo/#country-codes-menu
Title: United States (+1) +1

Search URL Search Domain Scan URL

URL: https://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3A%2F%2Fmail.yahoo.com&tsl_help=1
Title: Need help?

Search URL Search Domain Scan URL

URL: https://aleso.dollyshowmasy.gq/uite/yahoo/
Title: Sign up

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response stencilevents.com/admin/yahoo/	89 KB 15 KB	251ms 135ms	Document text/html	108.179.255.61 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://stencilevents.com/admin/yahoo/ Protocol HTTP/1.1 Server 108.179.255.61 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS Software nginx/1.12.1 / Resource Hash `2c6700dc706ab48a35858b2e59353c0707a35066fb2b9a566a1a0056222add2e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 16 Jul 2017 03:30:16 GMT Content-Encoding gzip Last-Modified Fri, 14 Apr 2017 06:57:06 GMT Server nginx/1.12.1 Connection keep-alive Transfer-Encoding chunked Content-Type text/html
GET H/1.1	200 OK	combo.css stencilevents.com/admin/yahoo/index_files/	101 KB 35 KB	236ms 124ms	Stylesheet text/css	108.179.255.61 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://stencilevents.com/admin/yahoo/index_files/combo.css Requested by Host: stencilevents.com URL: http://stencilevents.com/admin/yahoo/ Protocol HTTP/1.1 Server 108.179.255.61 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS Software nginx/1.12.1 / Resource Hash `41eb6f6f4122f78a7a454794934451f8e2f73fe2fc165e8997825d39371c9e1c` Request headers Referer http://stencilevents.com/admin/yahoo/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 16 Jul 2017 03:30:16 GMT Content-Encoding gzip Last-Modified Thu, 13 Apr 2017 05:02:08 GMT Server nginx/1.12.1 Connection keep-alive Transfer-Encoding chunked Content-Type text/css
GET H/1.1	200 OK	combo stencilevents.com/admin/yahoo/index_files/	95 KB 24 KB	241ms 126ms	Stylesheet text/plain	108.179.255.61 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://stencilevents.com/admin/yahoo/index_files/combo Requested by Host: stencilevents.com URL: http://stencilevents.com/admin/yahoo/ Protocol HTTP/1.1 Server 108.179.255.61 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS Software nginx/1.12.1 / Resource Hash `86527ec354b48ba17a5294dd3ec4825d98a43c3d65e4fb17c964c61a6e0f36c4` Request headers Referer http://stencilevents.com/admin/yahoo/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 16 Jul 2017 03:30:16 GMT Content-Encoding gzip Last-Modified Thu, 13 Apr 2017 05:02:08 GMT Server nginx/1.12.1 Connection keep-alive Transfer-Encoding chunked Content-Type text/plain
GET H/1.1	200 OK	yahoo_en-US_f_p_bestfit_2x.png stencilevents.com/admin/yahoo/index_files/	3 KB 3 KB	127ms 127ms	Image image/png	108.179.255.61 CyrusOne LLC
General Check archive.org Show headers Download Go to Show image Full URL http://stencilevents.com/admin/yahoo/index_files/yahoo_en-US_f_p_bestfit_2x.png Requested by Host: stencilevents.com URL: http://stencilevents.com/admin/yahoo/ Protocol HTTP/1.1 Server 108.179.255.61 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS Software nginx/1.12.1 / Resource Hash `19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208` Request headers Referer http://stencilevents.com/admin/yahoo/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 16 Jul 2017 03:30:16 GMT Last-Modified Thu, 13 Apr 2017 05:02:08 GMT Server nginx/1.12.1 Connection keep-alive Accept-Ranges bytes Content-Length 3066 Content-Type image/png
GET H/1.1	200 OK	jquery.min.js.download Show response stencilevents.com/admin/yahoo/index_files/	84 KB 34 KB	126ms 125ms	Script application/javascript	108.179.255.61 CyrusOne LLC
General Check archive.org Show headers Download Go to Full URL http://stencilevents.com/admin/yahoo/index_files/jquery.min.js.download Requested by Host: stencilevents.com URL: http://stencilevents.com/admin/yahoo/ Protocol HTTP/1.1 Server 108.179.255.61 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US), Reverse DNS Software nginx/1.12.1 / Resource Hash `dfa729d82a3effadab1000181cb99108f232721e3b0af74cfae4c12704b35a32` Request headers Referer http://stencilevents.com/admin/yahoo/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 16 Jul 2017 03:30:16 GMT Content-Encoding gzip Last-Modified Thu, 13 Apr 2017 05:02:08 GMT Server nginx/1.12.1 Connection keep-alive Transfer-Encoding chunked Content-Type application/javascript
GET S	200	yahoo_mail_en-US_s_f_pw_351x40_mail.png s.yimg.com/rz/d/	3 KB 3 KB	29ms 7ms	Image image/png	2a00:1288:80:800::7001 YAHOO-DEB
General Check archive.org Show headers Download Go to Show image Full URL https://s.yimg.com/rz/d/yahoo_mail_en-US_s_f_pw_351x40_mail.png Requested by Host: stencilevents.com URL: http://stencilevents.com/admin/yahoo/ Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, DE), Reverse DNS Software ATS / Resource Hash `f2d2954c92bde1ca42361ce83e1d02f929f1463f4f9d1b11d4e5c430c9aff8b4` Request headers Referer http://stencilevents.com/admin/yahoo/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers date Sat, 15 Jul 2017 23:12:22 GMT via HTTP/1.1 web6.use26.mobstor.bf1.yahoo.com UserFiberFramework/1.0, http/1.1 e14.ycpi.deb.yahoo.com (ApacheTrafficServer [cRs f ]) x-ysws-request-id 0fbacb64-3d99-4c1d-912d-645f28a5d5c7 server ATS age 15474 etag "YM:1:2c161940-7be3-42fb-acbb-9ae0f74229ff000554624f70f1a9" content-type image/png status 200 cache-control private last-modified Sat, 15 Jul 2017 22:01:39 GMT accept-ranges bytes content-length 3273 x-ysws-visited-replicas gops.use26.mobstor.vip.bf1.yahoo.com expires Sun, 16 Jul 2017 23:12:21 GMT
GET DATA	200 OK	truncated /	690 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fc343dd0e8312ef89fe43434a1fc3b09388d29659671c365c95086b1917f1012` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s.yimg.com
stencilevents.com
108.179.255.61
2a00:1288:80:800::7001
19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208
2c6700dc706ab48a35858b2e59353c0707a35066fb2b9a566a1a0056222add2e
41eb6f6f4122f78a7a454794934451f8e2f73fe2fc165e8997825d39371c9e1c
86527ec354b48ba17a5294dd3ec4825d98a43c3d65e4fb17c964c61a6e0f36c4
dfa729d82a3effadab1000181cb99108f232721e3b0af74cfae4c12704b35a32
f2d2954c92bde1ca42361ce83e1d02f929f1463f4f9d1b11d4e5c430c9aff8b4
fc343dd0e8312ef89fe43434a1fc3b09388d29659671c365c95086b1917f1012

stencilevents.com Open in urlscan Pro 108.179.255.61 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

6 Requests

17 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

114 kBTransfer

376 kBSize

0 Cookies

8 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

stencilevents.com Open in urlscan Pro
108.179.255.61 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

17 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

114 kB
Transfer

376 kB
Size

0
Cookies

6 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!