retire-today.us Open in urlscan Pro
192.185.56.14  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/	84 KB 56 KB	482ms 120ms	Document text/html	192.185.56.14 Unified Layer
General Check archive.org Show headers Download Go to Full URL http://retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/ Protocol HTTP/1.1 Server 192.185.56.14 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US), Reverse DNS 192-185-56-14.unifiedlayer.com Software nginx/1.14.1 / Resource Hash e96b4ceb8e542ab57fcd21772f602d2963e75f940b01c34c841ac4b72698a1a6 Request headers Host retire-today.us Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Server nginx/1.14.1 Date Sun, 02 Dec 2018 04:34:14 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Last-Modified Thu, 08 Nov 2018 09:57:07 GMT Content-Encoding gzip
GET H/1.1	200 OK	whv2_001.js Show response l.yimg.com/d/lib/smb/js/hosting/cp/js_source/	669 B 1 KB	84ms 29ms	Script application/javascript	2a00:1288:7c:800::4000 YAHOO-ULS
General Check archive.org Show headers Download Go to Full URL http://l.yimg.com/d/lib/smb/js/hosting/cp/js_source/whv2_001.js Requested by Host: retire-today.us URL: http://retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/ Protocol HTTP/1.1 Server 2a00:1288:7c:800::4000 , United Kingdom, ASN43428 (YAHOO-ULS, GB), Reverse DNS Software ATS / Resource Hash d4b2dc7b27e58e185c603b96b6d2a115f483e0e2ee31e401f72b459aaef964ca Request headers Referer http://retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sat, 24 Nov 2018 06:07:20 GMT Content-Encoding gzip x-amz-meta-created-date Wed, 14 Nov 2012 07:24:48 GMT Age 685615 x-amz-server-side-encryption AES256 x-amz-meta-x-ysws-mbst-vtime 1352877888935606 Connection keep-alive x-amz-request-id 584933E7912B048B x-amz-id-2 TO7ml+UHyos5BfiR3XaqG7O2ViBjLaTQbq3niDwoEGu1XrMMSANGpM4PaKfahHGgZh6TsZbNVqA= Accept-Ranges bytes Referrer-Policy no-referrer-when-downgrade Last-Modified Fri, 18 May 2018 20:37:30 GMT Server ATS ETag "d149430ef145dfd7d23ccb40336ca12e-df" Vary Origin, Accept-Encoding Content-Type application/javascript Via http/1.1 e7.ycpi.lob.yahoo.com (ApacheTrafficServer [cRs f ]) Cache-Control public,max-age=315360000 Content-Length 374 x-amz-meta-x-ysws-access public x-amz-meta-mbst-etag "YM:1:4a637031-e1fa-4cd6-8e20-ffa3080995d70004ce6f6dfe96b6" Expires Mon, 15 May 2028 20:37:29 GMT
GET DATA	200 OK	truncated /	49 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2202d40e45d69a4efd1f5fc6c8d603d3e849cdcdd39460029589b9119a2949d9 Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET DATA	200 OK	truncated /	12 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7ad3cfa7242cbdc3b8f9126dbf8273043417c2581f11c95385dc46cc80702798 Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET H/1.1	404 Not Found	294.gif retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/files/	12 KB 12 KB	119ms 119ms	Image text/html	192.185.56.14 Unified Layer
General Check archive.org Show headers Download Go to Show image Full URL http://retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/files/294.gif Requested by Host: retire-today.us URL: http://retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/ Protocol HTTP/1.1 Server 192.185.56.14 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US), Reverse DNS 192-185-56-14.unifiedlayer.com Software nginx/1.14.1 / Resource Hash b98e58f0f2c62969d61ce2ec31043dacb8d378ecbbfcae138b6250d432e195dd Request headers Pragma no-cache Accept-Encoding gzip, deflate Host retire-today.us User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/ Connection keep-alive Cache-Control no-cache Referer http://retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sun, 02 Dec 2018 04:34:14 GMT Content-Encoding gzip Last-Modified Thu, 22 Nov 2018 02:35:33 GMT Server nginx/1.14.1 Connection keep-alive Transfer-Encoding chunked Content-Type text/html
GET H/1.1	502 Cannot find server.	visit.gif visit.webhosting.yahoo.com/	0 594 B	467ms 312ms	Image text/html	67.195.197.23 Yahoo!
General Check archive.org Show headers Download Go to Show image Full URL http://visit.webhosting.yahoo.com/visit.gif?&r=&b=Netscape%205.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_13_5%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/67.0.3396.87%20Safari/537.36&s=1600x1200&o=Linux%20x86_64&c=24&j=false&v=1.2 Requested by Host: retire-today.us URL: http://retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/ Protocol HTTP/1.1 Server 67.195.197.23 Sunnyvale, United States, ASN26101 (YAHOO-3 - Yahoo!, US), Reverse DNS mgrats2.geo.vip.bf1.yahoo.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer http://retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers
GET H/1.1	200 OK	a09b3f7c45b844565402a14d91bdb20f Show response np.lexity.com/embed/YW/	9 KB 4 KB	227ms 113ms	Script text/plain	34.238.132.116 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://np.lexity.com/embed/YW/a09b3f7c45b844565402a14d91bdb20f?id=9f0ee5f9e020 Requested by Host: retire-today.us URL: http://retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/ Protocol HTTP/1.1 Server 34.238.132.116 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-34-238-132-116.compute-1.amazonaws.com Software / Resource Hash 7007990791d4235df188833ebf6e0528a18f415ec3d055c47423d2d8660a8fcb Request headers Referer http://retire-today.us/Godd/excel%20attchment%20/open/file/folder/dropb/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Sun, 02 Dec 2018 04:34:15 GMT content-encoding gzip Connection keep-alive transfer-encoding chunked

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

number| ycsdone function| geovisit number| w string| v object| oveivfeq

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

l.yimg.com
np.lexity.com
retire-today.us
visit.webhosting.yahoo.com
192.185.56.14
2a00:1288:7c:800::4000
34.238.132.116
67.195.197.23
2202d40e45d69a4efd1f5fc6c8d603d3e849cdcdd39460029589b9119a2949d9
7007990791d4235df188833ebf6e0528a18f415ec3d055c47423d2d8660a8fcb
7ad3cfa7242cbdc3b8f9126dbf8273043417c2581f11c95385dc46cc80702798
b98e58f0f2c62969d61ce2ec31043dacb8d378ecbbfcae138b6250d432e195dd
d4b2dc7b27e58e185c603b96b6d2a115f483e0e2ee31e401f72b459aaef964ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e96b4ceb8e542ab57fcd21772f602d2963e75f940b01c34c841ac4b72698a1a6