d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app Open in urlscan Pro
2a05:d014:275:cb01:1f85:932b:b797:22f9 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
Submission: On July 29 via api (July 29th 2021, 1:38:24 pm UTC) from US

Summary HTTP 9 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 2a05:d014:275:cb01:1f85:932b:b797:22f9, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app.
TLS certificate: Issued by DigiCert TLS Hybrid ECC SHA384 2020 CA1 on March 9th 2021. Valid for: a year.

This is the only time d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	2a05:d014:275... 2a05:d014:275:cb01:1f85:932b:b797:22f9	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
1 2	13.224.99.40 13.224.99.40	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
9	5

2 2a05:d014:275:cb01:1f85:932b:b797:22f9 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1288:80:800::7000 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

fc.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.99.40 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-99-40.zrh50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7001 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	yahoo.com fc.yahoo.com	27 KB
2	yimg.com s.yimg.com	90 KB
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com	778 B
2	netlify.app d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app	36 KB
9	4

	Domain	Requested by
4	fc.yahoo.com	d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app
2	s.yimg.com	fc.yahoo.com s.yimg.com
2	sb.scorecardresearch.com	1 redirects d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app
2	d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app	d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app
9	4

This site contains links to these domains. Also see Links.

Domain
www.yahoo.com
help.yahoo.com
login.yahoo.com
info.yahoo.com

Subject Issuer	Validity	Valid
*.netlify.app DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-03-09` - `2022-03-01`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-07-08` - `2021-08-25`	2 months	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-07-26` - `2021-09-15`	2 months	crt.sh

This page contains 1 frames:

Primary Page: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
Frame ID: 591064B61FB6FECCD5CDC6AE492CA17B
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Netlify (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^Netlify/i

Page Statistics

9
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

153 kB
Transfer

407 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.yahoo.com/
Title:

Search URL Search Domain Scan URL

URL: https://help.yahoo.com/kb/index?locale=en_US&page=product&y=PROD_ACCT
Title: Help

Search URL Search Domain Scan URL

URL: https://login.yahoo.com/forgot?done=https%3A%2F%2Fmail.yahoo.com%2F%3Fguccounter%3D1
Title: Trouble signing in?

Search URL Search Domain Scan URL

URL: https://login.yahoo.com/account/create?done=https%3A%2F%2Fmail.yahoo.com%2F%3Fguccounter%3D1&specId=yidReg
Title: Sign up

Search URL Search Domain Scan URL

URL: https://info.yahoo.com/legal/us/yahoo/terms/en-us
Title: Terms

Search URL Search Domain Scan URL

URL: https://info.yahoo.com/privacy/us/yahoo
Title: Privacy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=150002529&ns_c=UTF-8&ns__t=1524568238416&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1 HTTP 302
https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=150002529&ns_c=UTF-8&ns__t=1524568238416&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1

9 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/ 130 KB
33 KB 198ms
170ms Document
text/html 2a05:d014:275:cb01:1f85:932b:b797:22f9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a05:d014:275:cb01:1f85:932b:b797:22f9 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

9a034b46fb462e3cf7b23045709eb6b7ab5cf200acde44dc328781185673a08d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control: public, max-age=0, must-revalidate
content-type: text/html; charset=UTF-8
date: Thu, 29 Jul 2021 13:38:07 GMT
etag: "2b765feb28d5f2afacc3cbe93aa8d349-ssl-df"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-nf-request-id: 01FBS7S3EDXYHPKSGAX0195V10
vary: Accept-Encoding
age: 1
server: Netlify
content-encoding: br

GET
H2 200 yahoo_en-US_f_p_bestfit_2x.png
d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/ 3 KB
3 KB 117ms
117ms Image
image/png 2a05:d014:275:cb01:1f85:932b:b797:22f9
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/yahoo_en-US_f_p_bestfit_2x.png

Requested by

Host: d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app
URL: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a05:d014:275:cb01:1f85:932b:b797:22f9 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:path: /yahoo_en-US_f_p_bestfit_2x.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app
referer: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nf-request-id: 01FBS7S3V1HF4VKJKDMXRSEXXJ
date: Thu, 29 Jul 2021 13:38:07 GMT
server: Netlify
age: 0
etag: "263d5023474fd107e1b03dec1ce22c28-ssl"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/png
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 3066

GET
H2 200 client.php Show response
fc.yahoo.com/sdarla/php/ 16 KB
7 KB 153ms
146ms Script
text/javascript 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150002529&ref=https%3A%2F%2Flogin.yahoo.com%2F

Requested by

Host: d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app
URL: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

da12384fb1d74a11b97011611399fb2f07961a1262576fc9322b6d7c9214a955

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 13:38:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-dns-prefetch-control: off
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
vary: Accept-Encoding
content-length: 6635
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript;charset=UTF-8
cache-control: private,no-cache,no-store
x-robots-tag: noindex, noarchive, nosnippet, nofollow

GET
H2

200

p2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=150002529&ns_c=UTF-8&ns__t=1524568238416&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1
https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=150002529&ns_c=UTF-8&ns__t=1524568238416&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1

64 B
331 B

46ms
45ms

Image
image/gif

13.224.99.40
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=150002529&ns_c=UTF-8&ns__t=1524568238416&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1
Requested by: Host: d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app
URL: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.99.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-99-40.zrh50.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Referer: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 13:38:07 GMT
via: 1.1 e6b325a976b10aa826ec63757afbdedb.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: FqYQF489O1GL5z2B--yzjkTKzYTVFAQMKD2RduNS5EN9vVp8m94TiQ==

Redirect headers

date: Thu, 29 Jul 2021 13:38:07 GMT
via: 1.1 e6b325a976b10aa826ec63757afbdedb.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=150002529&ns_c=UTF-8&ns__t=1524568238416&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1
content-length: 160
x-amz-cf-id: Ou6BXzeYlLKsVkNlFbG8zr-pboCfalVdH9VFDpmzm6i7QnjrIpQObQ==

GET
DATA 200
OK truncated
/ 650 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a540d6790659adf104de6f73b3be7526e1729da358976fa63f366e2ca01c58d

Request headers

Referer: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 boot.js Show response
s.yimg.com/rq/darla/ 7 KB
4 KB 21ms
7ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/darla/boot.js

Requested by

Host: fc.yahoo.com
URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150002529&ref=https%3A%2F%2Flogin.yahoo.com%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

fcbaeadfffc791269a437216ee74bc95aabf4a2ee0a61b152e302a973e78fe63

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Thu, 29 Jul 2021 04:58:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31199
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 3608
x-amz-id-2: 7CakuR934X2uvLOWLGIHtqrMZHOuaUnEpIDpdnd0S141XrhANUzNuTDQF+7cx6lZKN7nvyFEKTI=
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 08 Apr 2021 18:32:56 GMT
server: ATS
etag: "06346d00bce3015d21a196043c398a1b-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: H9HRXRPNKCRCYQ4S
x-xss-protection: 1; mode=block
cache-control: public,max-age=86400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H2 200 client.php Show response
fc.yahoo.com/sdarla/php/ 16 KB
7 KB 139ms
139ms Script
text/javascript 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150002529&ref=https%3A%2F%2Flogin.yahoo.com%2F

Requested by

Host: d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app
URL: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

91db8fc09890a1981b05b4bc21cc8037276d19549ed46be26f3725cdca3b5a4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 13:38:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-dns-prefetch-control: off
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
vary: Accept-Encoding
content-length: 6923
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript;charset=UTF-8
cache-control: private,no-cache,no-store
x-robots-tag: noindex, noarchive, nosnippet, nofollow

GET
H2 200 g-r-min.js Show response
s.yimg.com/rq/darla/4-8-0/js/ 203 KB
86 KB 7ms
7ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/darla/4-8-0/js/g-r-min.js

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/boot.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

9626a3ccc1114446c855c33931928ac95d0a0287566d37129b36a190800ecc51

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Tue, 27 Jul 2021 12:11:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 178018
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 87834
x-amz-id-2: LI/8CM3B/FdnBrFh25efFqF9mXunfZbuKHhsqKnuMF+W2G8e3ZaNde28X6IQiJw8DW2TOR1c6zM=
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 08 Apr 2021 18:33:00 GMT
server: ATS
etag: "8b572948cbdd2baf5f540d9955656397-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: A0Z2JCGF9999PFK1
x-xss-protection: 1; mode=block
cache-control: public,max-age=31536000
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H2 200 client.php Show response
fc.yahoo.com/sdarla/php/ 16 KB
7 KB 147ms
147ms Script
text/javascript 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150002529&ref=https%3A%2F%2Flogin.yahoo.com%2F

Requested by

Host: d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app
URL: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

932a851b0811c436cf4a9ce925149f0ddc828c4f614f94690659a4f0d825166a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 13:38:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-dns-prefetch-control: off
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
vary: Accept-Encoding
content-length: 6621
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript;charset=UTF-8
cache-control: private,no-cache,no-store
x-robots-tag: noindex, noarchive, nosnippet, nofollow

GET
H2 200 client.php Show response
fc.yahoo.com/sdarla/php/ 16 KB
7 KB 144ms
144ms Script
text/javascript 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150002529&ref=https%3A%2F%2Flogin.yahoo.com%2F

Requested by

Host: d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app
URL: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

47e2732fc5a74cf35ffa7f8c2a6ee06809f62b23451b62f5ccdb473ba2d67a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 13:38:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-dns-prefetch-control: off
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
vary: Accept-Encoding
content-length: 6603
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript;charset=UTF-8
cache-control: private,no-cache,no-store
x-robots-tag: noindex, noarchive, nosnippet, nofollow

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://s.yimg.com/rq/darla/4-8-0/js/g-r-min.js(Line 3) Message: DARLA notice: 425
console-api	log	URL: https://s.yimg.com/rq/darla/4-8-0/js/g-r-min.js(Line 3) Message: DARLA notice: 426

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app
fc.yahoo.com
s.yimg.com
sb.scorecardresearch.com
13.224.99.40
2a00:1288:80:800::7000
2a00:1288:80:800::7001
2a05:d014:275:cb01:1f85:932b:b797:22f9
19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208
1a540d6790659adf104de6f73b3be7526e1729da358976fa63f366e2ca01c58d
47e2732fc5a74cf35ffa7f8c2a6ee06809f62b23451b62f5ccdb473ba2d67a68
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
91db8fc09890a1981b05b4bc21cc8037276d19549ed46be26f3725cdca3b5a4f
932a851b0811c436cf4a9ce925149f0ddc828c4f614f94690659a4f0d825166a
9626a3ccc1114446c855c33931928ac95d0a0287566d37129b36a190800ecc51
9a034b46fb462e3cf7b23045709eb6b7ab5cf200acde44dc328781185673a08d
da12384fb1d74a11b97011611399fb2f07961a1262576fc9322b6d7c9214a955
fcbaeadfffc791269a437216ee74bc95aabf4a2ee0a61b152e302a973e78fe63

d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app Open in urlscan Pro 2a05:d014:275:cb01:1f85:932b:b797:22f9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

153 kBTransfer

407 kBSize

0 Cookies

6 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

25 JavaScript Global Variables

0 Cookies

2 Console Messages

Security Headers

Indicators

d0cu51gn-y4h00-s3cur3-v3r1fy-d0cuwin1051235.netlify.app Open in urlscan Pro
2a05:d014:275:cb01:1f85:932b:b797:22f9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

153 kB
Transfer

407 kB
Size

0
Cookies

9 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!