www.marshalsnyder.xyz Open in urlscan Pro
107.178.96.67  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response www.marshalsnyder.xyz/dd/	20 KB 7 KB	318ms 151ms	Document text/html	107.178.96.67 Input Output Floo...
General Check archive.org Show headers Download Go to Full URL http://www.marshalsnyder.xyz/dd/login.php Protocol HTTP/1.1 Server 107.178.96.67 Phoenix, United States, ASN53755 (IOFLOOD - Input Output Flood LLC, US), Reverse DNS Software LiteSpeed / Resource Hash e447d415b4352128baf4abe8c81e1873dbdc508c699f901d70bb67a4ae7c890d Request headers Host www.marshalsnyder.xyz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Content-Length 7041 Content-Encoding gzip Date Mon, 21 Jan 2019 23:02:45 GMT Server LiteSpeed Connection Keep-Alive
GET H2	200	combo s.yimg.com/zz/	28 KB 6 KB	34ms 33ms	Stylesheet text/css	2a00:1288:7c:800::4000 YAHOO-ULS
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/zz/combo?yui-s:pure/0.5.0/pure-min.css&yui-s:pure/0.5.0/grids-responsive-min.css Requested by Host: www.marshalsnyder.xyz URL: http://www.marshalsnyder.xyz/dd/login.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:7c:800::4000 , United Kingdom, ASN43428 (YAHOO-ULS, GB), Reverse DNS Software ATS / Resource Hash 56509fcb8d84185984927217765bf1afab5b5e217a3c06377bf1388377bb0d1b Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer http://www.marshalsnyder.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 14 Dec 2018 20:54:58 GMT content-encoding gzip x-content-type-options nosniff age 3290868 status 200 strict-transport-security max-age=15552000 content-length 5607 x-xss-protection 1; mode=block referrer-policy no-referrer-when-downgrade last-modified Fri, 14 Dec 2018 20:54:58 GMT server ATS expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Accept-Encoding content-type text/css; charset=utf-8 via http/1.0 c4.ycs.ne1.yahoo.com (ApacheTrafficServer [cRs f ]), http/1.1 e14.ycpi.lob.yahoo.com (ApacheTrafficServer [cRs f ]) cache-control max-age=567648000, Public public-key-pins-report-only max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only" expires Sat, 05 Sep 2026 00:00:00 GMT
GET H2	200	aol-main.css s.yimg.com/wm/mbr/3abab89cfa50d084085842b04ca1c9fec0f99b3b/	211 KB 48 KB	177ms 176ms	Stylesheet text/css	2a00:1288:7c:800::4000 YAHOO-ULS
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/wm/mbr/3abab89cfa50d084085842b04ca1c9fec0f99b3b/aol-main.css Requested by Host: www.marshalsnyder.xyz URL: http://www.marshalsnyder.xyz/dd/login.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:7c:800::4000 , United Kingdom, ASN43428 (YAHOO-ULS, GB), Reverse DNS Software ATS / Resource Hash afb496e94ddf1b87b8885e4a6a89581e4e3122b411da2f1db5c9e62c5aeb50f7 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer http://www.marshalsnyder.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 21 Jan 2019 23:02:47 GMT content-encoding gzip x-content-type-options nosniff age 0 x-amz-server-side-encryption AES256 status 200 strict-transport-security max-age=15552000 x-amz-request-id B44C0EB05C782AA6 x-amz-id-2 AIL/Q3aG7oeGfj0cumeAHLh9sK7FyCgXKeo+Gdi0SqMS4zHpjdgJ2HRrPoAW+b+g1i9wEKEjvCE= referrer-policy no-referrer-when-downgrade last-modified Mon, 17 Sep 2018 16:34:45 GMT server ATS etag "cdec1e660089200253e486b0d166bb6a-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding content-type text/css via https/1.1 e14.ycpi.lob.yahoo.com (ApacheTrafficServer [cMsSfW]) x-xss-protection 1; mode=block cache-control public,max-age=315360000 public-key-pins-report-only max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only" accept-ranges bytes
GET H2	200	boot.js Show response s.yimg.com/rq/darla/	7 KB 4 KB	35ms 33ms	Script application/javascript	2a00:1288:7c:800::4000 YAHOO-ULS
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/rq/darla/boot.js Requested by Host: www.marshalsnyder.xyz URL: http://www.marshalsnyder.xyz/dd/login.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:7c:800::4000 , United Kingdom, ASN43428 (YAHOO-ULS, GB), Reverse DNS Software ATS / Resource Hash d5be06464f8420d8051df9a03965574cad41c0f01a2bedc4c5ca1d7ff8bc059d Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer http://www.marshalsnyder.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 21 Jan 2019 15:24:12 GMT content-encoding gzip x-content-type-options nosniff age 27515 x-amz-server-side-encryption AES256 status 200 strict-transport-security max-age=15552000 content-length 3608 x-amz-id-2 BzBFU5jH/mwov1lEB84tc6kU6fmx5lR+aX5tGXk9ZkCNERLdMgHciivqy9tE5U1TV4+q5plJwTY= referrer-policy no-referrer-when-downgrade last-modified Wed, 16 Jan 2019 20:08:57 GMT server ATS etag "aa2a7ad1ab74e3129c24a22aa9bfdd9b-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding x-amz-request-id 7196AC7E8BA5A290 via http/1.1 e14.ycpi.lob.yahoo.com (ApacheTrafficServer [cRs f ]) x-xss-protection 1; mode=block cache-control public,max-age=86400 public-key-pins-report-only max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only" accept-ranges bytes content-type application/javascript; charset=utf-8
GET H2	200	g-r-min.js Show response s.yimg.com/rq/darla/3-4-3/js/	203 KB 86 KB	35ms 34ms	Script application/x-javascript	2a00:1288:7c:800::4000 YAHOO-ULS
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/rq/darla/3-4-3/js/g-r-min.js Requested by Host: www.marshalsnyder.xyz URL: http://www.marshalsnyder.xyz/dd/login.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:7c:800::4000 , United Kingdom, ASN43428 (YAHOO-ULS, GB), Reverse DNS Software ATS / Resource Hash bdc64936a41377b3f86d44398cf2b929d94dcc99a001b48ce51a9baf83de3815 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer http://www.marshalsnyder.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 09 Jan 2019 18:24:18 GMT content-encoding gzip x-content-type-options nosniff age 1053509 x-amz-server-side-encryption AES256 status 200 strict-transport-security max-age=15552000 content-length 87521 x-amz-id-2 us+qxUTiUB5xmymbQZr92Am2jD21JYMNn00JDEUkeTkkmwZuUnR3Tqu1Rj+Eutg1QZqVwsXbqhc= referrer-policy no-referrer-when-downgrade last-modified Wed, 01 Aug 2018 20:02:08 GMT server ATS etag "4e03a875fb9b799a2b0884a7dee64d14-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding x-amz-request-id AC502ED9FF464672 via http/1.1 e14.ycpi.lob.yahoo.com (ApacheTrafficServer [cRs f ]) x-xss-protection 1; mode=block cache-control public,max-age=31536000 public-key-pins-report-only max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only" accept-ranges bytes content-type application/x-javascript; charset=utf-8
GET H2	200	aol-logo-black-v.0.0.2.png s.yimg.com/wm/assets/images/ns/	16 KB 16 KB	123ms 122ms	Image image/png	2a00:1288:7c:800::4000 YAHOO-ULS
General Check archive.org Show headers Download Go to Show image Full URL https://s.yimg.com/wm/assets/images/ns/aol-logo-black-v.0.0.2.png Requested by Host: www.marshalsnyder.xyz URL: http://www.marshalsnyder.xyz/dd/login.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:7c:800::4000 , United Kingdom, ASN43428 (YAHOO-ULS, GB), Reverse DNS Software ATS / Resource Hash f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer http://www.marshalsnyder.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 21 Jan 2019 23:02:47 GMT via https/1.1 e14.ycpi.lob.yahoo.com (ApacheTrafficServer [cMsSfW]) x-amz-meta-created-date Thu, 16 Nov 2017 19:59:27 GMT age 0 x-amz-server-side-encryption AES256 status 200 content-length 16340 strict-transport-security max-age=15552000 x-amz-request-id 774BCDC7DA079711 x-amz-id-2 upR9ovdt8/I/R0m7HNVcyBJHdeXD24o1H7mcgBWYWz3Iix6Q4vovh7b9iSj5m7zzqHOy/T2cijQ= accept-ranges bytes referrer-policy no-referrer-when-downgrade last-modified Fri, 04 May 2018 01:23:57 GMT server ATS etag "f9e0f24b60732cd95150a37fb003b871" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin content-type image/png x-xss-protection 1; mode=block cache-control max-age=31536000; public public-key-pins-report-only max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only" x-amz-meta-x-ysws-mbst-vtime 1510862367682930 x-amz-meta-x-ysws-access public x-amz-meta-mbst-etag "YM:1:3570f846-88d6-4c90-bd91-179d937c363c00055e1f0ebaf172" x-content-type-options nosniff expires Sat, 04 May 2019 01:23:56 GMT
GET H2	200	bundle.js Show response s.yimg.com/wm/mbr/3abab89cfa50d084085842b04ca1c9fec0f99b3b/	125 KB 34 KB	87ms 86ms	Script application/javascript	2a00:1288:7c:800::4000 YAHOO-ULS
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/wm/mbr/3abab89cfa50d084085842b04ca1c9fec0f99b3b/bundle.js Requested by Host: www.marshalsnyder.xyz URL: http://www.marshalsnyder.xyz/dd/login.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:7c:800::4000 , United Kingdom, ASN43428 (YAHOO-ULS, GB), Reverse DNS Software ATS / Resource Hash f1e1b9390d4497fbd0f027e3d3562d2a8fbe4a7acd829c904a6cbeea07883eee Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer http://www.marshalsnyder.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Sat, 19 Jan 2019 18:46:43 GMT content-encoding gzip x-content-type-options nosniff age 188164 x-amz-server-side-encryption AES256 status 200 strict-transport-security max-age=15552000 content-length 34523 x-amz-id-2 KRbglEiwuhxHNCOEZaaJauVAMTcvuvlVPTqXqhtxOqdM/1luJsmqDR6gSmgE2vjqIg0zpdLC1Kg= referrer-policy no-referrer-when-downgrade last-modified Mon, 17 Sep 2018 16:34:44 GMT server ATS etag "11305ce4ad122ee44d98fad6158137da-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding x-amz-request-id 3F5ADE5D470276D7 via http/1.1 e14.ycpi.lob.yahoo.com (ApacheTrafficServer [cHs f ]) x-xss-protection 1; mode=block cache-control public,max-age=315360000 public-key-pins-report-only max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only" accept-ranges bytes content-type application/javascript
GET H/1.1	200 OK	g-r-min.js Show response l.yimg.com/rq/darla/3-7-0/js/	204 KB 86 KB	70ms 29ms	Script application/javascript	2a00:1288:7c:800::4000 YAHOO-ULS
General Check archive.org Show headers Download Go to Full URL http://l.yimg.com/rq/darla/3-7-0/js/g-r-min.js Requested by Host: s.yimg.com URL: https://s.yimg.com/rq/darla/boot.js Protocol HTTP/1.1 Server 2a00:1288:7c:800::4000 , United Kingdom, ASN43428 (YAHOO-ULS, GB), Reverse DNS Software ATS / Resource Hash b79862144b44285de4ec7529375471d89faa6a713bdd906f890863b87bf33902 Request headers Referer http://www.marshalsnyder.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 16 Jan 2019 20:10:12 GMT Content-Encoding gzip Age 442356 x-amz-server-side-encryption AES256 Connection keep-alive Content-Length 87825 x-amz-id-2 R/XWpMlCghGKXD2CBP/1HqS0tXoB4VN6UwvX2ENZWpEQLhLI95pItjsiBI3vT5ToBH9InrvsQSU= Referrer-Policy no-referrer-when-downgrade Last-Modified Wed, 16 Jan 2019 20:08:59 GMT Server ATS ETag "535d0ceabba6c2db9d412f8d6d53c634-df" Vary Origin, Accept-Encoding x-amz-request-id D689AB6A755ABEF4 Via http/1.1 e30.ycpi.lob.yahoo.com (ApacheTrafficServer [cRs f ]) Cache-Control public,max-age=31536000 Accept-Ranges bytes Content-Type application/javascript; charset=utf-8
GET H2	200	r-sf.html s.yimg.com/rq/darla/3-4-3/html/ Frame 2328	0 0	28ms 28ms	Document text/html	2a00:1288:7c:800::4000 YAHOO-ULS
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/rq/darla/3-4-3/html/r-sf.html Requested by Host: www.marshalsnyder.xyz URL: http://www.marshalsnyder.xyz/dd/login.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:7c:800::4000 , United Kingdom, ASN43428 (YAHOO-ULS, GB), Reverse DNS Software ATS / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority s.yimg.com :scheme https :path /rq/darla/3-4-3/html/r-sf.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 referer http://www.marshalsnyder.xyz/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://www.marshalsnyder.xyz/ Response headers status 200 x-amz-id-2 rh9+URXftfs0f3PJpG2qO6Tu0Jg5FtFbBo4Ql1E927bFZFn3Am2AtLwotNpjekxukjjW91X1E9A= x-amz-request-id 1C2484FDE69B6994 date Mon, 21 Jan 2019 02:39:04 GMT last-modified Wed, 01 Aug 2018 20:02:07 GMT etag "faa232450fda2581d30c314cc44a0b3f-df" x-amz-server-side-encryption AES256 cache-control public,max-age=31536000 accept-ranges bytes content-type text/html; charset=utf-8 server ATS referrer-policy no-referrer-when-downgrade vary Origin, Accept-Encoding content-encoding gzip content-length 639 age 73423 strict-transport-security max-age=15552000 via http/1.1 e14.ycpi.lob.yahoo.com (ApacheTrafficServer [cRs f ]) expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" x-xss-protection 1; mode=block x-content-type-options nosniff public-key-pins-report-only max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
GET H2	200	fuji-spinner-1.0.1.svg s.yimg.com/wm/modern/images/	5 KB 952 B	28ms 28ms	Image image/svg+xml	2a00:1288:7c:800::4000 YAHOO-ULS
General Check archive.org Show headers Download Go to Show image Full URL https://s.yimg.com/wm/modern/images/fuji-spinner-1.0.1.svg Requested by Host: www.marshalsnyder.xyz URL: http://www.marshalsnyder.xyz/dd/login.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:7c:800::4000 , United Kingdom, ASN43428 (YAHOO-ULS, GB), Reverse DNS Software ATS / Resource Hash 186034da48941b64b5f6b4d8a0176fb86e2ad6adda436b8eeef521b0166d06c5 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://s.yimg.com/wm/mbr/3abab89cfa50d084085842b04ca1c9fec0f99b3b/aol-main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Sat, 19 Jan 2019 22:27:04 GMT content-encoding gzip x-amz-meta-created-date Sat, 18 Mar 2017 00:20:34 GMT age 174943 x-amz-server-side-encryption AES256 status 200 content-length 614 strict-transport-security max-age=15552000 x-amz-request-id 4C8B884270955675 x-amz-id-2 2ZaCiKdwLMdKqgxYfyxv1RSNGo45VF2KsECMqli//Dleu5HW2Y5lITL4LwQXQLbkfvtC3d0vcus= accept-ranges bytes referrer-policy no-referrer-when-downgrade last-modified Fri, 04 May 2018 05:02:09 GMT server ATS etag "1371fb7ea1d9f283b0964f6d9fedf183-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding content-type image/svg+xml via http/1.1 e14.ycpi.lob.yahoo.com (ApacheTrafficServer [cRs f ]) x-xss-protection 1; mode=block cache-control max-age=31536000; public public-key-pins-report-only max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only" x-amz-meta-x-ysws-mbst-vtime 1489796434429139 x-amz-meta-x-ysws-access public x-amz-meta-mbst-etag "YM:1:9245687e-14b4-4f74-a865-1fdb03b2bc6000054af6434304d3" x-content-type-options nosniff expires Sat, 04 May 2019 05:02:08 GMT
GET H2	200	client.php Show response fc.yahoo.com/sdarla/php/	9 KB 5 KB	183ms 182ms	Script text/javascript	2a00:1288:7c:800::4000 YAHOO-ULS
General Check archive.org Show headers Download Go to Full URL https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150003036&ref=https%3A%2F%2Flogin.aol.com%2Faccount%2Fchallenge%2Fpassword Requested by Host: s.yimg.com URL: https://s.yimg.com/wm/mbr/3abab89cfa50d084085842b04ca1c9fec0f99b3b/bundle.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:7c:800::4000 , United Kingdom, ASN43428 (YAHOO-ULS, GB), Reverse DNS Software ATS / Resource Hash f6fb88eb2c2d53d12c63b747afbe0a0bfd5c70fdc5b7e09aebced0f629c3a177 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer http://www.marshalsnyder.xyz/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 21 Jan 2019 23:02:46 GMT content-encoding gzip x-content-type-options nosniff age 0 x-dns-prefetch-control off p3p policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" status 200 strict-transport-security max-age=15552000 content-length 4619 x-xss-protection 1; mode=block referrer-policy no-referrer-when-downgrade server ATS expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Accept-Encoding content-type text/javascript;charset=UTF-8 via https/1.1 e14.ycpi.lob.yahoo.com (ApacheTrafficServer [cMsSf ]) cache-control private,no-cache,no-store public-key-pins-report-only max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only" x-robots-tag noindex, noarchive, nosnippet, nofollow

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) AOL (Online) Yahoo (Online)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| oldError boolean| isGoodJS object| YUI_config object| I13N_config string| COMET_URL object| darlaConfig object| challenge function| mbrSendError object| DARLA object| $sf undefined| $yac boolean| sf_auto_1-21-0-2019 undefined| Y object| _Y object| jsModules boolean| mbrJSLoaded function| checkAssets object| DARLA_CONFIG

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://s.yimg.com/rq/darla/3-4-3/js/g-r-min.js(Line 3) Message: DARLA notice: 425
console-api	log	URL: https://s.yimg.com/rq/darla/3-4-3/js/g-r-min.js(Line 3) Message: DARLA notice: 426

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fc.yahoo.com
l.yimg.com
s.yimg.com
www.marshalsnyder.xyz
107.178.96.67
2a00:1288:7c:800::4000
186034da48941b64b5f6b4d8a0176fb86e2ad6adda436b8eeef521b0166d06c5
56509fcb8d84185984927217765bf1afab5b5e217a3c06377bf1388377bb0d1b
afb496e94ddf1b87b8885e4a6a89581e4e3122b411da2f1db5c9e62c5aeb50f7
b79862144b44285de4ec7529375471d89faa6a713bdd906f890863b87bf33902
bdc64936a41377b3f86d44398cf2b929d94dcc99a001b48ce51a9baf83de3815
d5be06464f8420d8051df9a03965574cad41c0f01a2bedc4c5ca1d7ff8bc059d
e447d415b4352128baf4abe8c81e1873dbdc508c699f901d70bb67a4ae7c890d
f1e1b9390d4497fbd0f027e3d3562d2a8fbe4a7acd829c904a6cbeea07883eee
f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690
f6fb88eb2c2d53d12c63b747afbe0a0bfd5c70fdc5b7e09aebced0f629c3a177