download-here.ml Open in urlscan Pro
138.68.41.139 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html
Submission: On February 18 via manual (February 18th 2019, 2:40:36 pm UTC) from US

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 138.68.41.139, located in Santa Clara, United States and belongs to DIGITALOCEAN-ASN - DigitalOcean, LLC, US. The main domain is download-here.ml.
TLS certificate: Issued by Let's Encrypt Authority X3 on February 16th 2019. Valid for: 3 months.

This is the only time download-here.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

	IP Address	AS Autonomous System
12	138.68.41.139 138.68.41.139	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
1 2	104.121.166.105 104.121.166.105	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	52.36.85.238 52.36.85.238	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	23.43.125.145 23.43.125.145	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	18.185.185.214 18.185.185.214	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
17	5

12 138.68.41.139 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)

download-here.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.121.166.105 (Amsterdam, Netherlands) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-121-166-105.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.36.85.238 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-36-85-238.us-west-2.compute.amazonaws.com

seg.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.43.125.145 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-43-125-145.deploy.static.akamaitechnologies.com

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.185.214 (Cambridge, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-185-185-214.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	download-here.ml download-here.ml	411 KB
5	sharethis.com 1 redirects seg.sharethis.com ws.sharethis.com l.sharethis.com	5 KB
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com	1 KB
17	3

	Domain	Requested by
12	download-here.ml	download-here.ml
2	l.sharethis.com	1 redirects
2	ws.sharethis.com	download-here.ml
2	sb.scorecardresearch.com	1 redirects download-here.ml
1	seg.sharethis.com	download-here.ml
17	5

This site contains no links.

Subject Issuer	Validity	Valid
download-here.ml Let's Encrypt Authority X3	`2019-02-16` - `2019-05-17`	3 months	crt.sh
*.scorecardresearch.com COMODO RSA Organization Validation Secure Server CA	`2018-11-28` - `2019-12-26`	a year	crt.sh
*.sharethis.com Go Daddy Secure Certificate Authority - G2	`2017-09-26` - `2020-09-29`	3 years	crt.sh

This page contains 4 frames:

Primary Page: https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html
Frame ID: E5E9AD0CCDED929F2CFEA076CF26CB07
Requests: 13 HTTP requests in this frame

Frame: https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/getSegment.htm
Frame ID: D4D7DEA41BDA6F5FE6B4D0A2D9E4B2C3
Requests: 2 HTTP requests in this frame

Frame: https://seg.sharethis.com/getSegment.php?purl=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo!MailUpgrade.html&jsref=&rnd=1550500820903
Frame ID: 89116D4EB5C82B500A135BEFEB9B40EB
Requests: 1 HTTP requests in this frame

Frame: https://ws.sharethis.com/secure/index.html
Frame ID: CDDA5558BC7591503ED9425D0DC745FB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

5
IPs

2
Countries

415 kB
Transfer

430 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://sb.scorecardresearch.com/b?c1=7&c2=8097938&rn=1052411410&c7=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo%2521%2520Mail%2520Upgrade_files%2FgetSegment.htm&c3=8097938&c8=ShareThis%20Segmenter&c9=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo!MailUpgrade.html&cv=2.2&cs=js HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=8097938&rn=1052411410&c7=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo%2521%2520Mail%2520Upgrade_files%2FgetSegment.htm&c3=8097938&c8=ShareThis%20Segmenter&c9=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo!MailUpgrade.html&cv=2.2&cs=js

Request Chain 14

https://l.sharethis.com/pview?event=pview&source=share4x&publisher=null&hostname=download-here.ml&location=%2Fn%2FNEWYAHOO%2FYahoo!MailUpgrade.html&url=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo!MailUpgrade.html&sessionID=1550500820595.57646&fpc=6edbe6c-169010cf674-566daf97-1&ts1550500820903.0 HTTP 301
https://l.sharethis.com/sc?cm=ZGAXXFxqw9QAAAATFFBEAw%3D%3D&uid=true&url=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo%21MailUpgrade.html&sop=false

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Yahoo!MailUpgrade.html Show response download-here.ml/n/NEWYAHOO/	12 KB 12 KB	615ms 163ms	Document text/html	138.68.41.139 DigitalOcean
General Check archive.org Show headers Download Go to Full URL https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 138.68.41.139 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `604fb033b645f2b9ae386effd307651e1490676197669f8f595eef529e8fbd0b` Request headers Host download-here.ml Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:19 GMT Server Apache Last-Modified Wed, 16 Jul 2014 18:07:42 GMT Accept-Ranges bytes Content-Length 11798 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	buttons.css download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	23 KB 24 KB	179ms 158ms	Stylesheet text/css	138.68.41.139 DigitalOcean
General Check archive.org Show headers Download Go to Full URL https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/buttons.css Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 138.68.41.139 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `822afa8620d12cc8fabc0de752af5e68845457e834b0fc75c3eb6562f0c97c18` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host download-here.ml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:19 GMT Last-Modified Wed, 16 Jul 2014 12:56:02 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 23891
GET H/1.1	200 OK	mail-bg-v3.png download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	37 KB 38 KB	535ms 161ms	Image image/png	138.68.41.139 DigitalOcean
General Check archive.org Show headers Download Go to Show image Full URL https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/mail-bg-v3.png Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 138.68.41.139 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `e40949fef718c5b1f84aecec489db51618eee0746343a5745b84caef1f08abfd` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host download-here.ml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:20 GMT Last-Modified Wed, 16 Jul 2014 12:56:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 38171
GET H/1.1	200 OK	paper-hole_v2.png download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	169 KB 169 KB	542ms 163ms	Image image/png	138.68.41.139 DigitalOcean
General Check archive.org Show headers Download Go to Show image Full URL https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/paper-hole_v2.png Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 138.68.41.139 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `d9ac0cabe482dcbca87e18c9a81e32a8005ee21cce55be9806821d52d857aef9` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host download-here.ml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:20 GMT Last-Modified Wed, 16 Jul 2014 12:56:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 172826
GET H/1.1	200 OK	jVal.css download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	2 KB 2 KB	480ms 159ms	Stylesheet text/css	138.68.41.139 DigitalOcean
General Check archive.org Show headers Download Go to Full URL https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/jVal.css Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 138.68.41.139 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `b35745e800e632b0aa428e986b447dad09c176fad80e0f86c49835d31e12c685` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host download-here.ml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:19 GMT Last-Modified Wed, 16 Jul 2014 12:56:02 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1723
GET H/1.1	200 OK	buttons_002.css download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	17 KB 18 KB	522ms 157ms	Stylesheet text/css	138.68.41.139 DigitalOcean
General Check archive.org Show headers Download Go to Full URL https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/buttons_002.css Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 138.68.41.139 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `a65ea805e6801a47485849e2c6668facb5c458ffcad3c60393cb28f63e28cbf9` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host download-here.ml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:20 GMT Last-Modified Wed, 16 Jul 2014 12:56:02 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 17762
GET H/1.1	200 OK	javascriptfunctions.js Show response download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	2 KB 2 KB	510ms 158ms	Script application/javascript	138.68.41.139 DigitalOcean
General Check archive.org Show headers Download Go to Full URL https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/javascriptfunctions.js Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 138.68.41.139 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `063fa79fdfb74c97ec80902a50fc478b92a6ad681d94b8776b7c88fe817e5f70` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host download-here.ml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:20 GMT Last-Modified Wed, 16 Jul 2014 12:56:02 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2129
GET H/1.1	200 OK	jquery_002.js Show response download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	89 KB 90 KB	206ms 158ms	Script application/javascript	138.68.41.139 DigitalOcean
General Check archive.org Show headers Download Go to Full URL https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/jquery_002.js Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 138.68.41.139 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `daa9a7565d6e53d5c8bb9c5117760da97bf488259401444aac11f71abbfa63a6` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host download-here.ml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:20 GMT Last-Modified Wed, 16 Jul 2014 12:56:02 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 91555
GET H/1.1	200 OK	jVal.js Show response download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	8 KB 8 KB	159ms 159ms	Script application/javascript	138.68.41.139 DigitalOcean
General Check archive.org Show headers Download Go to Full URL https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/jVal.js Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 138.68.41.139 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `ddfcde6b3d91c22bf284f701b9d3320512cf8301ee43505abd058d042400e7f6` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host download-here.ml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:20 GMT Last-Modified Wed, 16 Jul 2014 12:56:02 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 8131
GET H/1.1	200 OK	buttons.js Show response download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	45 KB 45 KB	158ms 157ms	Script application/javascript	138.68.41.139 DigitalOcean
General Check archive.org Show headers Download Go to Full URL https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/buttons.js Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 138.68.41.139 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `a4a09a2806c0bdffdffee03073f56732acba6a435473d227c8c57a9073c41ea8` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host download-here.ml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:20 GMT Last-Modified Wed, 16 Jul 2014 12:56:02 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 45997
GET H/1.1	200 OK	yahoolog.png download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/	3 KB 3 KB	157ms 157ms	Image image/png	138.68.41.139 DigitalOcean
General Check archive.org Show headers Download Go to Show image Full URL https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/yahoolog.png Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 138.68.41.139 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `f2b46b60179796b76b63b4d0d08364128a91ed5681cdb857775be64a7fd45134` Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host download-here.ml User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Connection keep-alive Cache-Control no-cache Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:20 GMT Last-Modified Wed, 16 Jul 2014 12:56:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 2606
GET H/1.1	200 OK	getSegment.htm Show response download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/ Frame D4D7	799 B 1 KB	164ms 162ms	Document text/html	138.68.41.139 DigitalOcean
General Check archive.org Show headers Download Go to Full URL https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/getSegment.htm Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 138.68.41.139 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software Apache / Resource Hash `ed862c231506f3ee5216049c8af5fc5a1a6c6b47006a92ec5f5e31efbcd57a90` Request headers Host download-here.ml Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Accept-Encoding gzip, deflate, br Cookie __switchTo5x=66; __unam=6edbe6c-169010cf674-566daf97-1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Response headers Date Mon, 18 Feb 2019 14:40:20 GMT Server Apache Last-Modified Wed, 16 Jul 2014 12:56:02 GMT Accept-Ranges bytes Content-Length 799 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html
GET H/1.1	204 No Content	b2 sb.scorecardresearch.com/ Frame D4D7 Redirect Chain https://sb.scorecardresearch.com/b?c1=7&c2=8097938&rn=1052411410&c7=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo%2521%2520Mail%2520Upgrade_files%2FgetSegment.htm&c3=8097938&c8=ShareThis%20... https://sb.scorecardresearch.com/b2?c1=7&c2=8097938&rn=1052411410&c7=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo%2521%2520Mail%2520Upgrade_files%2FgetSegment.htm&c3=8097938&c8=ShareThis%2...	0 248 B	20ms 20ms	Image text/plain	104.121.166.105 Akamai Technologies
General Check archive.org Show headers Download Go to Show image Full URL https://sb.scorecardresearch.com/b2?c1=7&c2=8097938&rn=1052411410&c7=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo%2521%2520Mail%2520Upgrade_files%2FgetSegment.htm&c3=8097938&c8=ShareThis%20Segmenter&c9=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo!MailUpgrade.html&cv=2.2&cs=js Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/getSegment.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 104.121.166.105 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US), Reverse DNS a104-121-166-105.deploy.static.akamaitechnologies.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/getSegment.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Pragma no-cache Date Mon, 18 Feb 2019 14:40:20 GMT Cache-Control private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate Connection keep-alive Content-Length 0 Expires Mon, 01 Jan 1990 00:00:00 GMT Redirect headers Location https://sb.scorecardresearch.com/b2?c1=7&c2=8097938&rn=1052411410&c7=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo%2521%2520Mail%2520Upgrade_files%2FgetSegment.htm&c3=8097938&c8=ShareThis%20Segmenter&c9=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo!MailUpgrade.html&cv=2.2&cs=js Pragma no-cache Date Mon, 18 Feb 2019 14:40:20 GMT Cache-Control private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate Connection keep-alive Content-Length 0 Expires Mon, 01 Jan 1990 00:00:00 GMT
GET H/1.1	204 No Content	getSegment.php seg.sharethis.com/ Frame 8911	0 0	762ms 184ms	Document text/plain	52.36.85.238 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://seg.sharethis.com/getSegment.php?purl=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo!MailUpgrade.html&jsref=&rnd=1550500820903 Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/buttons.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.36.85.238 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-52-36-85-238.us-west-2.compute.amazonaws.com Software nginx/1.6.3 / Resource Hash Request headers Host seg.sharethis.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Response headers Date Mon, 18 Feb 2019 14:40:21 GMT Server nginx/1.6.3 Connection keep-alive
GET H/1.1	200 OK	buttons-secure.css ws.sharethis.com/button/css/	23 KB 4 KB	50ms 7ms	Stylesheet text/css	23.43.125.145 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ws.sharethis.com/button/css/buttons-secure.css Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/buttons.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.43.125.145 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-43-125-145.deploy.static.akamaitechnologies.com Software nginx/1.12.2 / Resource Hash `95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05` Request headers Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:20 GMT Content-Encoding gzip Last-Modified Tue, 12 Feb 2019 23:30:25 GMT Server nginx/1.12.2 ETag W/"5c635711-5a76" Vary Accept-Encoding Content-Type text/css Connection keep-alive Content-Length 3851
GET H/1.1	200 OK	sc l.sharethis.com/ Redirect Chain https://l.sharethis.com/pview?event=pview&source=share4x&publisher=null&hostname=download-here.ml&location=%2Fn%2FNEWYAHOO%2FYahoo!MailUpgrade.html&url=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO... https://l.sharethis.com/sc?cm=ZGAXXFxqw9QAAAATFFBEAw%3D%3D&uid=true&url=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo%21MailUpgrade.html&sop=false	51 B 51 B	8ms 7ms	Image text/plain	18.185.185.214 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://l.sharethis.com/sc?cm=ZGAXXFxqw9QAAAATFFBEAw%3D%3D&uid=true&url=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo%21MailUpgrade.html&sop=false Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.185.185.214 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-18-185-185-214.eu-central-1.compute.amazonaws.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 18 Feb 2019 14:40:20 GMT Access-Control-Max-Age 1728000 Content-Type text/plain; charset=utf-8 Access-Control-Allow-Origin * Access-Control-Expose-Headers stid Cache-Control no-cache, no-store, must-revalidate Access-Control-Allow-Credentials true Connection keep-alive Stid ZGAXXFxqw9QAAAATFFBEAw== Access-Control-Allow-Headers * Content-Length 51 Redirect headers Date Mon, 18 Feb 2019 14:40:20 GMT Location /sc?cm=ZGAXXFxqw9QAAAATFFBEAw%3D%3D&uid=true&url=https%3A%2F%2Fdownload-here.ml%2Fn%2FNEWYAHOO%2FYahoo%21MailUpgrade.html&sop=false Access-Control-Max-Age 1728000 P3p policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM" Access-Control-Allow-Origin * Access-Control-Expose-Headers stid Cache-Control no-cache, no-store, must-revalidate Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/html; charset=utf-8 Access-Control-Allow-Headers * Content-Length 178 Stid ZGAXXFxqw9QAAAATFFBEAw==
GET H/1.1	200 OK	index.html ws.sharethis.com/secure/ Frame CDDA	0 0	46ms 7ms	Document text/html	23.43.125.145 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ws.sharethis.com/secure/index.html Requested by Host: download-here.ml URL: https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/buttons.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.43.125.145 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-43-125-145.deploy.static.akamaitechnologies.com Software nginx/1.12.2 / Resource Hash Request headers Host ws.sharethis.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer https://download-here.ml/n/NEWYAHOO/Yahoo!MailUpgrade.html Response headers Content-Encoding gzip Content-Type text/html ETag W/"5c635710-1ade" Last-Modified Tue, 12 Feb 2019 23:30:24 GMT Server nginx/1.12.2 Vary Accept-Encoding Content-Length 2089 Date Mon, 18 Feb 2019 14:40:20 GMT Connection keep-alive

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.download-here.ml/	1970-01-19 05:13:55	Name: __unam Value: 6edbe6c-169010cf674-566daf97-1
			.download-here.ml/	1970-01-19 05:53:40	Name: __switchTo5x Value: 66

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://download-here.ml/n/NEWYAHOO/Yahoo%21%20Mail%20Upgrade_files/buttons.js(Line 1) Message: Please specify a ShareThis Publisher Key For help, contact support@sharethis.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

download-here.ml
l.sharethis.com
sb.scorecardresearch.com
seg.sharethis.com
ws.sharethis.com
104.121.166.105
138.68.41.139
18.185.185.214
23.43.125.145
52.36.85.238
063fa79fdfb74c97ec80902a50fc478b92a6ad681d94b8776b7c88fe817e5f70
604fb033b645f2b9ae386effd307651e1490676197669f8f595eef529e8fbd0b
822afa8620d12cc8fabc0de752af5e68845457e834b0fc75c3eb6562f0c97c18
95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05
a4a09a2806c0bdffdffee03073f56732acba6a435473d227c8c57a9073c41ea8
a65ea805e6801a47485849e2c6668facb5c458ffcad3c60393cb28f63e28cbf9
b35745e800e632b0aa428e986b447dad09c176fad80e0f86c49835d31e12c685
d9ac0cabe482dcbca87e18c9a81e32a8005ee21cce55be9806821d52d857aef9
daa9a7565d6e53d5c8bb9c5117760da97bf488259401444aac11f71abbfa63a6
ddfcde6b3d91c22bf284f701b9d3320512cf8301ee43505abd058d042400e7f6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40949fef718c5b1f84aecec489db51618eee0746343a5745b84caef1f08abfd
ed862c231506f3ee5216049c8af5fc5a1a6c6b47006a92ec5f5e31efbcd57a90
f2b46b60179796b76b63b4d0d08364128a91ed5681cdb857775be64a7fd45134

download-here.ml Open in urlscan Pro 138.68.41.139 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

3 Domains

5 Subdomains

5 IPs

2 Countries

415 kBTransfer

430 kBSize

2 Cookies

0 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

26 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

download-here.ml Open in urlscan Pro
138.68.41.139 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

5
IPs

2
Countries

415 kB
Transfer

430 kB
Size

2
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!