prof-in.ba
Open in
urlscan Pro
77.235.45.46
Malicious Activity!
Public Scan
Effective URL: http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
Submission: On November 16 via manual from US
Summary
This is the only time prof-in.ba was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yahoo (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 77.235.45.46 77.235.45.46 | 60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands) | |
3 | 104.83.82.8 104.83.82.8 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
4 | 2a00:1288:f03... 2a00:1288:f03d:1fa::2000 | 10310 (YAHOO-1) (YAHOO-1) | |
1 2 | 2a00:1288:80:... 2a00:1288:80:800::7001 | 203220 (YAHOO-DEB) (YAHOO-DEB) | |
1 1 | 52.213.3.166 52.213.3.166 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1288:110... 2a00:1288:110:c104::3000 | 34010 (YAHOO-IRD) (YAHOO-IRD) | |
14 | 6 |
ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: web25.sd.eurovps.com
prof-in.ba |
ASN16625 (AKAMAI-AS, US)
PTR: a104-83-82-8.deploy.static.akamaitechnologies.com
secure.wlxrs.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-3-166.eu-west-1.compute.amazonaws.com
guce.yahoo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
yimg.com
s.yimg.com Failed s1.yimg.com |
92 KB |
4 |
prof-in.ba
prof-in.ba |
33 KB |
3 |
yahoo.com
2 redirects
mg.mail.yahoo.com guce.yahoo.com login.yahoo.com |
1 KB |
3 |
wlxrs.com
secure.wlxrs.com |
23 KB |
14 | 4 |
Domain | Requested by | |
---|---|---|
4 | s.yimg.com |
prof-in.ba
|
4 | prof-in.ba |
prof-in.ba
|
3 | secure.wlxrs.com |
prof-in.ba
|
1 | login.yahoo.com |
prof-in.ba
|
1 | guce.yahoo.com | 1 redirects |
1 | mg.mail.yahoo.com | 1 redirects |
1 | s1.yimg.com |
prof-in.ba
|
14 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
overview.mail.yahoo.com |
mobile.yahoo.com |
help.yahoo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.test.edgekey.net DigiCert SHA2 Secure Server CA |
2019-10-13 - 2021-01-11 |
a year | crt.sh |
*.yahoo.com DigiCert SHA2 High Assurance Server CA |
2020-10-06 - 2020-11-25 |
2 months | crt.sh |
*.yimg.com DigiCert SHA2 High Assurance Server CA |
2020-09-15 - 2020-12-16 |
3 months | crt.sh |
*.login.yahoo.com DigiCert SHA2 High Assurance Server CA |
2020-09-01 - 2021-02-24 |
6 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
Frame ID: B6418CFBFEAF9EB6FFC2C671C9BC2E3D
Requests: 13 HTTP requests in this frame
Frame:
https://login.yahoo.com/?.src=ym&lang=fr-FR&done=https%3A%2F%2Fmg.mail.yahoo.com%2Fmailfe%2Fresources%3Fo%3Diframe%26src%3Dlogin%26guce_referrer%3DaHR0cDovL3Byb2YtaW4uYmEvZG9rdW1lbnRpL2NhbWVvLnBocD9sb2dpbiZjb250aW51ZT10byZpbmJveD1YY2x1c2l2LTNEfA%26guce_referrer_sig%3DAQAAAAIixwjQpAtFtMvvZkIwd1x9kK2PQYTdah_OlgSmVmQMpp-8i5bjhx-JSPVZdNMsnc6i1h0qB8A-1md7GcOp54YMWHIxr_wKFbx_RzKbvBWgvDkM0b72NwI2lKYxOsuCfaSdPRPZOQF-FYmW9dRkX7Gg7HcMmC7bD2MKacOslHJF
Frame ID: 6D52B4F248333AE7D33A32F8C9C9C85F
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://prof-in.ba/dokumenti/ Page URL
- http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D| Page URL
- http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D| Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: About Mail
Search URL Search Domain Scan URL
Title: Features
Search URL Search Domain Scan URL
Title: Get the App
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://prof-in.ba/dokumenti/ Page URL
- http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D| Page URL
- http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D| Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://mg.mail.yahoo.com/mailfe/resources?o=iframe&src=login HTTP 307
- https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=MMepyB0&done=https%3A%2F%2Fmg.mail.yahoo.com%2Fmailfe%2Fresources%3Fo%3Diframe%26src%3Dlogin HTTP 302
- https://login.yahoo.com/?.src=ym&lang=fr-FR&done=https%3A%2F%2Fmg.mail.yahoo.com%2Fmailfe%2Fresources%3Fo%3Diframe%26src%3Dlogin%26guce_referrer%3DaHR0cDovL3Byb2YtaW4uYmEvZG9rdW1lbnRpL2NhbWVvLnBocD9sb2dpbiZjb250aW51ZT10byZpbmJveD1YY2x1c2l2LTNEfA%26guce_referrer_sig%3DAQAAAAIixwjQpAtFtMvvZkIwd1x9kK2PQYTdah_OlgSmVmQMpp-8i5bjhx-JSPVZdNMsnc6i1h0qB8A-1md7GcOp54YMWHIxr_wKFbx_RzKbvBWgvDkM0b72NwI2lKYxOsuCfaSdPRPZOQF-FYmW9dRkX7Gg7HcMmC7bD2MKacOslHJF
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
prof-in.ba/dokumenti/ |
190 B 383 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gade.php
prof-in.ba/dokumenti/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NYKpPzcj59cAccountCSSX.css
secure.wlxrs.com/jy5kqke3ytP4lb3i5ZDpNLiWSfajaQ-eDIOI7KaGMzOGtx7r-zkJzcZQdL-oXfcuo!qhAxV70lLofVjqeMaFkn0-MYEtUYM8BG5a7nbwMSo/Base/16.4.4507/ |
101 KB 20 KB |
Stylesheet
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
invis.gif
secure.wlxrs.com/$live.controls.images/is/ |
43 B 262 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
X3D.GIF
prof-in.ba/dokumenti/files/ |
6 KB 6 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c4.png
secure.wlxrs.com/$live.controls.images/h/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
cameo.php
prof-in.ba/dokumenti/ |
109 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
combo
s.yimg.com/zz/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
combo
s.yimg.com/zz/ |
95 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_en-US_f_p_bestfit_2x.png
s1.yimg.com/rz/d/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
g-r-min.js
s.yimg.com/rq/darla/2-8-9/js/ |
154 KB 66 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
combo
s.yimg.com/zz/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_mail_en-US_s_f_pw_351x40_mail.png
s.yimg.com/rz/d/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
login.yahoo.com/ Frame 6D52 Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- s.yimg.com
- URL
- https://s.yimg.com/zz/combo?/sf/assets/mbrlogin/css/pure-0.3.0-min.css&/sf/assets/mbrlogin/css/18/mbr-min.css&/sf/assets/mbrlogin/css/6/sprite-min.css&/sf/assets/mbrlogin/css/19/mbr-desktop-min.css&/sf/assets/mbrlogin/css/desktop/header/2/header-min.css&/sf/assets/mbrlogin/css/desktop/contents/2/contents-min.css&/sf/assets/mbrlogin/css/desktop/login/1/flags-min.css&/sf/assets/mbrlogin/css/desktop/login/67/login-min.css&/sf/assets/mbrlogin/css/desktop/footer/8/footer-min.css&/sf/assets/mbrlogin/css/mobile/deviceswitcher/2/deviceswitcher-min.css&/sf/assets/mbrlogin/css/desktop/lad/1/lad-min.css&kx/yucs/uh3s/atomic/84/css/atomic-min.css&kx/yucs/uh_common/meta/3/css/meta-min.css&kx/yucs/uh3s/uh/394/css/uh-center-aligned-min.css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yahoo (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| trustedTypes object| MBR_config function| validateForm object| DARLA object| $sf undefined| Y undefined| $yac object| _Y object| DARLA_CONFIG0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
guce.yahoo.com
login.yahoo.com
mg.mail.yahoo.com
prof-in.ba
s.yimg.com
s1.yimg.com
secure.wlxrs.com
s.yimg.com
104.83.82.8
2a00:1288:110:c104::3000
2a00:1288:80:800::7001
2a00:1288:f03d:1fa::2000
52.213.3.166
77.235.45.46
19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208
2b6f24833781f501f585c7c583f5d9aa86aa17ff9cd3ab735e8455645a3d8ae9
3445ca2b2c77873ae7388e9190655ce43a2753a7f14b8c1631c62657d1ac0beb
4b0e6a62b21d3b6aeeada5430d4a2b9dc9cb9176c984b26ff92aefcffd71ed4b
54ccaf3674c7afc7753040ebe97c93bb6936821f39389e8c34f52acdeedffbd9
58a50db2dbf8f9f7945b9a0b05d4356062db6731c6582644f898936729521ccd
86527ec354b48ba17a5294dd3ec4825d98a43c3d65e4fb17c964c61a6e0f36c4
cb725f174a86bcf23b5b9f53e5b60d53eaa1524f88f4dcec165670a3b0eb6c2c
d71fb752bc1ddebdc8753fa4706280f90e0f03191e610cf65428c34804365e1b
e20e2a477aff1d93c472a8ddb37e775517a8cbf27be053f1c11d4a7090ec8fc6
f2d2954c92bde1ca42361ce83e1d02f929f1463f4f9d1b11d4e5c430c9aff8b4