urlscan.io logo urlscan.io
SecurityTrails logo

ghvghcfgcg.duckdns.org Open in urlscan Pro
54.180.143.88  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://ghvghcfgcg.duckdns.org/yahoo/
Submission: On May 25 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 11 HTTP transactions. The main IP is 54.180.143.88, located in Incheon, Korea, Republic Of and belongs to AMAZON-02, US. The main domain is ghvghcfgcg.duckdns.org.
This is the only time ghvghcfgcg.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

IP Address AS Autonomous System
1 54.180.143.88 16509 (AMAZON-02)
8 2a00:1288:f03... 10310 (YAHOO-1)
1 2 104.111.214.103 16625 (AKAMAI-AS)
1 2a00:1288:110... 34010 (YAHOO-IRD)
11 5
Domain Requested by
7 s.yimg.com ghvghcfgcg.duckdns.org
fc.yahoo.com
s.yimg.com
2 sb.scorecardresearch.com 1 redirects ghvghcfgcg.duckdns.org
1 geo.yahoo.com
1 fc.yahoo.com ghvghcfgcg.duckdns.org
1 ghvghcfgcg.duckdns.org
11 5

This site contains links to these domains. Also see Links.

Domain
ca.yahoo.com
policies.oath.com
Subject Issuer Validity Valid
*.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-05-19 -
2020-07-03		 a month crt.sh
*.scorecardresearch.com
Sectigo RSA Organization Validation Secure Server CA		 2019-12-16 -
2020-12-25		 a year crt.sh

This page contains 3 frames:

Primary Page: http://ghvghcfgcg.duckdns.org/yahoo/
Frame ID: C574439D7AF03E048862C32AE565638A
Requests: 10 HTTP requests in this frame

Frame: https://s.yimg.com/rq/darla/3-25-1/html/r-csc.html
Frame ID: D1FB51A4AB3E8D658E1C854D3BAFEEF7
Requests: 1 HTTP requests in this frame

Frame: https://s.yimg.com/rq/darla/3-25-1/html/r-sf.html
Frame ID: 7AA72F2C2E167C988FB401BD5B13ED16
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i
Overall confidence: 100%
Detected patterns
  • headers server /Win32|Win64/i
Overall confidence: 100%
Detected patterns
  • headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

11
Requests

82 %
HTTPS

50 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

492 kB
Transfer

645 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=794308018&ns_c=UTF-8&ns__t=1577184261195&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1 HTTP 302
  • https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=794308018&ns_c=UTF-8&ns__t=1577184261195&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ghvghcfgcg.duckdns.org/yahoo/ 		375 KB
375 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ghvghcfgcg.duckdns.org/yahoo/
Protocol
HTTP/1.1
Server
54.180.143.88 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-180-143-88.ap-northeast-2.compute.amazonaws.com
Software
Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.2.29 / PHP/7.2.29
Resource Hash
d788b261d015feaf256043eb3a93fe1a2d93d373b86266bbb85d781acbd9aaef

Request headers

Host
ghvghcfgcg.duckdns.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 25 May 2020 00:39:01 GMT
Server
Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.2.29
X-Powered-By
PHP/7.2.29
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
s.yimg.com/rz/p/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
Requested by
Host: ghvghcfgcg.duckdns.org
URL: http://ghvghcfgcg.duckdns.org/yahoo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://ghvghcfgcg.duckdns.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

ats-carp-promotion
1
date
Sun, 24 May 2020 12:01:27 GMT
x-content-type-options
nosniff
age
45459
x-amz-server-side-encryption
AES256
status
200
vary
Origin
content-length
1346
x-amz-id-2
RHEqgZX80TWXAld3BCkFIUpB6wefxiUErWWGT7PwH8K1svuwVUVAnr4CrMunAW2TTT+zme0OoLg=
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 23 May 2020 21:32:07 GMT
server
ATS
etag
"cd166981c96c6d0f4b5a7d798c25878e"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
9772DAFA5FB72A32
x-xss-protection
1; mode=block
cache-control
public,max-age=86400
accept-ranges
bytes
content-type
image/png
expires
Sun, 24 May 2020 23:00:00 GMT
yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png
s.yimg.com/rz/p/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png
Requested by
Host: ghvghcfgcg.duckdns.org
URL: http://ghvghcfgcg.duckdns.org/yahoo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://ghvghcfgcg.duckdns.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 24 May 2020 23:28:28 GMT
x-content-type-options
nosniff
age
4237
x-amz-server-side-encryption
AES256
status
200
vary
Origin
content-length
1391
x-amz-id-2
nDq9ihHhGhLXRMQ/idhJxG/2EWXSpzaq7hJRYo6mETzQK994ldxAQK2l9O4uxAlatdaqVQHdkvk=
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 24 May 2020 21:32:17 GMT
server
ATS
etag
"dd31f56b9e4dff40eb87447c3dc55b84"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
92F0E00929A9462E
x-xss-protection
1; mode=block
cache-control
public,max-age=86400
accept-ranges
bytes
content-type
image/png
expires
Mon, 25 May 2020 23:00:00 GMT
rapid-3.53.3.js
s.yimg.com/wm/mbr/js/ 		46 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wm/mbr/js/rapid-3.53.3.js
Requested by
Host: ghvghcfgcg.duckdns.org
URL: http://ghvghcfgcg.duckdns.org/yahoo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
7bd440561281e97648a7c7e9905f727cf5a244824fed4572aa978efeadbbc500
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://ghvghcfgcg.duckdns.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 22 May 2020 01:08:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
257453
x-amz-server-side-encryption
AES256
status
200
vary
Origin, Accept-Encoding
x-amz-request-id
BC884B7BD274DD1A
x-amz-id-2
FXptzceOhp/6+Qe9RfVmU0N8T1qbDehvyo06m33C6Rp7IYKO7r+K/s860LKqsoa6S2JlRyCct24=
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 28 Mar 2019 21:32:12 GMT
server
ATS
etag
"4bda224130c3ac287f18c9b0d9062205-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
content-type
application/javascript
x-xss-protection
1; mode=block
cache-control
public,max-age=315360000
accept-ranges
bytes
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f8b3cec38178f350625a2e3f4051a503a1460a1ac0e55eb15402eafb5211bcb0

Request headers

Referer
http://ghvghcfgcg.duckdns.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
p2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=794308018&ns_c=UTF-8&ns__t=1577184261195&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1
  • https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=794308018&ns_c=UTF-8&ns__t=1577184261195&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1
43 B
406 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=794308018&ns_c=UTF-8&ns__t=1577184261195&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1
Requested by
Host: ghvghcfgcg.duckdns.org
URL: http://ghvghcfgcg.duckdns.org/yahoo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.214.103 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-214-103.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer
http://ghvghcfgcg.duckdns.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 25 May 2020 00:39:04 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=794308018&ns_c=UTF-8&ns__t=1577184261195&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1
Pragma
no-cache
Date
Mon, 25 May 2020 00:39:04 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
client.php
fc.yahoo.com/sdarla/php/ 		11 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794308018&ref=https%3A%2F%2Flogin.yahoo.com%2F
Requested by
Host: ghvghcfgcg.duckdns.org
URL: http://ghvghcfgcg.duckdns.org/yahoo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
e912ee1b5721d5705a0add39acd647a1dbcaa22e209e01b6080ac141445702e3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://ghvghcfgcg.duckdns.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 25 May 2020 00:39:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
x-dns-prefetch-control
off
p3p
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
status
200
vary
Accept-Encoding
content-length
5656
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
ATS
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
content-type
text/javascript;charset=UTF-8
cache-control
private,no-cache,no-store
x-robots-tag
noindex, noarchive, nosnippet, nofollow
boot.js
s.yimg.com/rq/darla/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/rq/darla/boot.js
Requested by
Host: fc.yahoo.com
URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794308018&ref=https%3A%2F%2Flogin.yahoo.com%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
beda08cf133742da414a64d415ec68804378c115eaf47ce8a638e10127613174
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://ghvghcfgcg.duckdns.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

ats-carp-promotion
1
date
Sun, 24 May 2020 20:33:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14710
x-amz-server-side-encryption
AES256
status
200
vary
Origin, Accept-Encoding
content-length
3609
x-amz-id-2
AHVQg8/IOAZmTU5HUfp1+ZMbwdHpbw4WY0GOdAErdsrUGvwI/hHm16uSgvQDCZI9pF+o94taxbs=
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 04 May 2020 17:45:17 GMT
server
ATS
etag
"30e5ab85f44a354129f3948534b64999-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
20ED1320804A6884
x-xss-protection
1; mode=block
cache-control
public,max-age=86400
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
g-r-min.js
s.yimg.com/rq/darla/3-25-1/js/ 		202 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/rq/darla/3-25-1/js/g-r-min.js
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/boot.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
65b710c8dbaa88616cd7d61effcd31e08fccad4fe38df0f62d1fc0af1ff0108e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://ghvghcfgcg.duckdns.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 05 May 2020 06:31:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1706842
x-amz-server-side-encryption
AES256
status
200
vary
Origin, Accept-Encoding
content-length
87277
x-amz-id-2
a6WiKkz/Wo5jMDBz2zLvfRndEFUpcdd7JBv7ree3/wwRmKFmhW+NBiZwquEFvHORg/DpjEq+p5o=
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 04 May 2020 17:45:20 GMT
server
ATS
etag
"d89ebccf17211410def1dfce73e9cf60-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
F868C882F0037FD5
x-xss-protection
1; mode=block
cache-control
public,max-age=31536000
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
r-csc.html
s.yimg.com/rq/darla/3-25-1/html/ Frame D1FB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/rq/darla/3-25-1/html/r-csc.html
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/3-25-1/js/g-r-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
s.yimg.com
:scheme
https
:path
/rq/darla/3-25-1/html/r-csc.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://ghvghcfgcg.duckdns.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://ghvghcfgcg.duckdns.org/

Response headers

status
200
x-amz-id-2
Z/yDWMdtW6EtG5HLjxxoClNKAxdx9bmlfV9ECwtkAxWdwd6d1I9mk3IzVq1mk0nsOJmCjadAYq0=
x-amz-request-id
8AD7813554BB3BD3
date
Tue, 12 May 2020 22:09:40 GMT
last-modified
Mon, 04 May 2020 17:45:18 GMT
etag
"1ff9b6e511ccd76562520a75bae161d2-df"
x-amz-server-side-encryption
AES256
cache-control
public,max-age=31536000
accept-ranges
bytes
content-type
text/html; charset=utf-8
server
ATS
referrer-policy
no-referrer-when-downgrade
vary
Origin, Accept-Encoding
age
1045766
ats-carp-promotion
1
content-encoding
gzip
content-length
1160
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block
x-content-type-options
nosniff
r-sf.html
s.yimg.com/rq/darla/3-25-1/html/ Frame 7AA7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/rq/darla/3-25-1/html/r-sf.html
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/3-25-1/js/g-r-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
s.yimg.com
:scheme
https
:path
/rq/darla/3-25-1/html/r-sf.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://ghvghcfgcg.duckdns.org/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://ghvghcfgcg.duckdns.org/

Response headers

status
200
x-amz-id-2
7w/QWfPmbuaU4cylwGzJXOh7KdSPFH3QdhBLn5kZrAfpEMnzaxfec8UubJzV0cJdUtLQmOBt1DU=
x-amz-request-id
0B73F953B71CEF91
date
Tue, 05 May 2020 10:38:59 GMT
last-modified
Mon, 04 May 2020 17:45:18 GMT
etag
"38af3d4f8c84f11502b04431eb9d3a13-df"
x-amz-server-side-encryption
AES256
cache-control
public,max-age=31536000
accept-ranges
bytes
content-type
text/html; charset=utf-8
server
ATS
referrer-policy
no-referrer-when-downgrade
vary
Origin, Accept-Encoding
age
1692007
ats-carp-promotion
1
content-encoding
gzip
content-length
753
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block
x-content-type-options
nosniff
p
geo.yahoo.com/ 		43 B
715 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://geo.yahoo.com/p?_E=adperf&outcm=performance&etrg=backgroundPost&usergenf=0&etag=performance%2Cdarla&s=794308018&pvid=B_xV7zEwLjIrPMDOFbbFeANWMmEwMQAAAAA0ussI&D_bv=1.0.0&D_ts=0&D_v=sdarla_3-25-1&D_l=120%2C9%2C3017%2C2671%2C0%2C0%2C355%2C120%2C7&D_m=0&test=&D_e=&D_p=7%2C0%2CRICH%2C1440x1024%2C999999%2C999999%2C999999%2C0%2C0%2C112%2C-1%2C-1%2C-1%2C-1%2C2%2CB_xV7zEwLjIrPMDOFbbFeANWMmEwMQAAAAA0ussI%3A-1%3ARICH%2C2%2C2%2C0%2C2%2C0%2C2%2C0%2C0%2C0%2C1%2C0%2C2%2C0%2C0%2C0%2C0%2C0%2C0%2C3%2Chttp%253A%2F%2Fghvghcfgcg.duckdns.org%2Fyahoo%2F%2C%2C0%2C2%2C3%2C0%2C0%2C5000%2C0%2C-1%2C-1%2C-1%2C105%2C105%3B&D_res=%7B%22RICH%22%3A%5B%7B%22name%22%3A%22https%3A%2F%2Feu-central-1.onemobile.yahoo.com%2Fadmax%2FadEvent.do%3Ftidi%3D770771327%26sitepid%3D217660%26posi%3D941602%26grp%3D%253F%253F%253F%26nl%3D1590367144899%26rts%3D1590367144863%26pix%3D1%26et%3D1%26a%3DB_xV7zEwLjIrPMDOFbbFeANWMmEwMQAAAAA0ussI-0%26m%3DaXAtMTAtMjItMTA4LTIw%26b%3DMTA4Mzg7Q0EgLSBIb3VzZS9QU0EgQmFja3VwOz8_Pzs7Ozs0NTBlNGJmYTg1ZmQ0MzA3OGFlNDgxZTM0MzczNzM0YjstMTsxNTkwMzYzMDAw%26xdi%3DPz8_fD8_P3w_Pz98MA..%26xoi%3DMHxERVU.%26hb%3Dtrue%26type%3D0%26af%3D7%26brxdPublisherId%3D26720242308%26brxdSiteId%3D8521051%26dety%3D5%22%2C%22dur%22%3A49%2C%22st%22%3A59%2C%22ssl%22%3Anull%2C%22dns%22%3Anull%2C%22conn%22%3Anull%7D%2C%7B%22name%22%3A%22https%3A%2F%2Fs.yimg.com%2Fdh%2Fap%2Fdefault%2F151202%2FUK_Mail___onnet_Login_A.jpg%22%2C%22dur%22%3A36%2C%22st%22%3A59%2C%22ssl%22%3A0%2C%22dns%22%3A0%2C%22conn%22%3A0%7D%2C%7B%22name%22%3A%22https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F3-25-1%2Fjs%2Fsfext-min.js%22%2C%22dur%22%3A19%2C%22st%22%3A23%2C%22ssl%22%3A0%2C%22dns%22%3A0%2C%22conn%22%3A0%7D%2C%7B%22first-paint%22%3A105%2C%22first-contentful-paint%22%3A105%7D%5D%7D&t=1590367145846
Protocol
HTTP/1.1
Server
2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
http://ghvghcfgcg.duckdns.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 25 May 2020 00:39:05 GMT
X-Content-Type-Options
nosniff
Server
ATS
Age
0
X-Frame-Options
DENY
P3P
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control
no-cache, no-store, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate number| pageStartTime object| I13N_config string| mKeyPrefix object| COUNTRY_CODES_MAP object| mbrConfig object| darlaConfig string| bucket string| currentURL boolean| isASDK string| comscoreBeaconUrl undefined| rapidInstance object| DARLA_CONFIG object| DARLA object| $sf undefined| $yac boolean| sf_auto_1-25-4-2020 undefined| Y object| _Y

0 Cookies

2 Console Messages

Source Level URL
Text
console-api log URL: https://s.yimg.com/rq/darla/3-25-1/js/g-r-min.js(Line 3)
Message:
DARLA notice: 425
console-api log URL: https://s.yimg.com/rq/darla/3-25-1/js/g-r-min.js(Line 3)
Message:
DARLA notice: 426