haganandhill.co.zw
Open in
urlscan Pro
41.221.145.2
Malicious Activity!
Public Scan
Effective URL: http://haganandhill.co.zw/yhoo/login.php?cmd=login_submit&id=9b6429694fa2d160f6a0a23bf8bdde6d9b6429694fa2d160f6a0a23bf8bdd...
Submission: On June 02 via automatic, source phishtank — Scanned from DE
Summary
This is the only time haganandhill.co.zw was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yahoo (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 41.221.145.2 41.221.145.2 | 36986 (AINET) (AINET) | |
1 2 | 192.186.220.3 192.186.220.3 | 398101 (GO-DADDY-...) (GO-DADDY-COM-LLC) | |
10 | 2 |
ASN398101 (GO-DADDY-COM-LLC, US)
PTR: ip-192-186-220-3.ip.secureserver.net
csscheckbox.com | |
www.csscheckbox.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
haganandhill.co.zw
1 redirects
haganandhill.co.zw |
44 KB |
2 |
csscheckbox.com
1 redirects
csscheckbox.com www.csscheckbox.com |
1 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
10 | haganandhill.co.zw |
1 redirects
haganandhill.co.zw
|
1 | www.csscheckbox.com |
haganandhill.co.zw
|
1 | csscheckbox.com | 1 redirects |
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://haganandhill.co.zw/yhoo/login.php?cmd=login_submit&id=9b6429694fa2d160f6a0a23bf8bdde6d9b6429694fa2d160f6a0a23bf8bdde6d&session=9b6429694fa2d160f6a0a23bf8bdde6d9b6429694fa2d160f6a0a23bf8bdde6d
Frame ID: F7EB51BA6D0DA2EEE2F6AD9A5A4F8235
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Yahoo - loginPage URL History Show full URLs
-
http://haganandhill.co.zw/yhoo/
HTTP 302
http://haganandhill.co.zw/yhoo/login.php?cmd=login_submit&id=9b6429694fa2d160f6a0a23bf8bdde6d9b6429694... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://haganandhill.co.zw/yhoo/
HTTP 302
http://haganandhill.co.zw/yhoo/login.php?cmd=login_submit&id=9b6429694fa2d160f6a0a23bf8bdde6d9b6429694fa2d160f6a0a23bf8bdde6d&session=9b6429694fa2d160f6a0a23bf8bdde6d9b6429694fa2d160f6a0a23bf8bdde6d Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- http://csscheckbox.com/checkboxes/u/csscheckbox_110982a95c1522afa7c1257ae77615f4.png HTTP 301
- http://www.csscheckbox.com/checkboxes/u/csscheckbox_110982a95c1522afa7c1257ae77615f4.png
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
haganandhill.co.zw/yhoo/ Redirect Chain
|
4 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
y1.png
haganandhill.co.zw/yhoo/images/ |
715 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
h1.png
haganandhill.co.zw/yhoo/images/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
h3.png
haganandhill.co.zw/yhoo/images/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
h4.png
haganandhill.co.zw/yhoo/images/ |
1004 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
h2.png
haganandhill.co.zw/yhoo/images/ |
654 B 997 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
h6.png
haganandhill.co.zw/yhoo/images/ |
470 B 812 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yh.png
haganandhill.co.zw/yhoo/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
xnt.png
haganandhill.co.zw/yhoo/images/ |
726 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csscheckbox_110982a95c1522afa7c1257ae77615f4.png
www.csscheckbox.com/checkboxes/u/ Redirect Chain
|
790 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yahoo (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
csscheckbox.com
haganandhill.co.zw
www.csscheckbox.com
192.186.220.3
41.221.145.2
0732f0686d4d41c8c3bc6bd9ebb1a6a362fe1425deafa9f551bf8cf6650ca40a
12cc03667cc34584956a7e6e4764794bf36621429946b682573f5aa9613ae21e
32d38187140c08b5364b668a587ecfa3a70f6a215972a79cd02462d00f2133e9
3f70d782713a51cadb9dceecb09678f93b5955c9ed9082f0788b14bfbbf15694
42303b7856450ab9ab53369beb7c735e803c3eb6f39878da7ea554befe53b3f1
6f7fbf4285a2b01cded1fe2d06ead7a7e0dfb3aed886649d5dd57f0569fffbe7
b0ae5c6ab3c8fbe8e141d0903d46d3f67d3b34fc3592807a781aeb6d6e8f8717
d2bdb3d519d3eaab655224842b0f04c6a3f769a8ab0089938aada289a953c360
e50ebe9145f6ad2db664457321127401ab65dd3b89070f70af10817bdea7c06d
fe3ba57bf3286fa438d4cc07718402648807baef4f012727faa6f55adc6c67e4