urlscan.io logo urlscan.io
SecurityTrails logo

prof-in.ba Open in urlscan Pro
77.235.45.46  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://prof-in.ba/dokumenti/
Effective URL: http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
Submission: On November 16 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 77.235.45.46, located in Netherlands and belongs to LEASEWEB-NL-AMS-01 Netherlands, NL. The main domain is prof-in.ba.
This is the only time prof-in.ba was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

IP Address AS Autonomous System
4 77.235.45.46 60781 (LEASEWEB-...)
3 104.83.82.8 16625 (AKAMAI-AS)
4 2a00:1288:f03... 10310 (YAHOO-1)
1 2 2a00:1288:80:... 203220 (YAHOO-DEB)
1 1 52.213.3.166 16509 (AMAZON-02)
1 2a00:1288:110... 34010 (YAHOO-IRD)
14 6
4    77.235.45.46 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: web25.sd.eurovps.com
prof-in.ba
3    104.83.82.8 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-83-82-8.deploy.static.akamaitechnologies.com
secure.wlxrs.com
4    2a00:1288:f03d:1fa::2000 (United Kingdom)

ASN10310 (YAHOO-1, US)
s.yimg.com
2    2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, DE)
s1.yimg.com
mg.mail.yahoo.com
1    52.213.3.166 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-3-166.eu-west-1.compute.amazonaws.com
guce.yahoo.com
1    2a00:1288:110:c104::3000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)
login.yahoo.com
Apex Domain
Subdomains		 Transfer
5 yimg.com
s.yimg.com Failed
s1.yimg.com
92 KB
4 prof-in.ba
prof-in.ba
33 KB
3 yahoo.com
mg.mail.yahoo.com
guce.yahoo.com
login.yahoo.com
1 KB
3 wlxrs.com
secure.wlxrs.com
23 KB
14 4
Domain Requested by
4 s.yimg.com prof-in.ba
4 prof-in.ba prof-in.ba
3 secure.wlxrs.com prof-in.ba
1 login.yahoo.com prof-in.ba
1 guce.yahoo.com 1 redirects
1 mg.mail.yahoo.com 1 redirects
1 s1.yimg.com prof-in.ba
14 7

This site contains links to these domains. Also see Links.

Domain
overview.mail.yahoo.com
mobile.yahoo.com
help.yahoo.com
Subject Issuer Validity Valid
*.test.edgekey.net
DigiCert SHA2 Secure Server CA		 2019-10-13 -
2021-01-11		 a year crt.sh
*.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-10-06 -
2020-11-25		 2 months crt.sh
*.yimg.com
DigiCert SHA2 High Assurance Server CA		 2020-09-15 -
2020-12-16		 3 months crt.sh
*.login.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-09-01 -
2021-02-24		 6 months crt.sh

This page contains 2 frames:

Primary Page: http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
Frame ID: B6418CFBFEAF9EB6FFC2C671C9BC2E3D
Requests: 13 HTTP requests in this frame

Frame: https://login.yahoo.com/?.src=ym&lang=fr-FR&done=https%3A%2F%2Fmg.mail.yahoo.com%2Fmailfe%2Fresources%3Fo%3Diframe%26src%3Dlogin%26guce_referrer%3DaHR0cDovL3Byb2YtaW4uYmEvZG9rdW1lbnRpL2NhbWVvLnBocD9sb2dpbiZjb250aW51ZT10byZpbmJveD1YY2x1c2l2LTNEfA%26guce_referrer_sig%3DAQAAAAIixwjQpAtFtMvvZkIwd1x9kK2PQYTdah_OlgSmVmQMpp-8i5bjhx-JSPVZdNMsnc6i1h0qB8A-1md7GcOp54YMWHIxr_wKFbx_RzKbvBWgvDkM0b72NwI2lKYxOsuCfaSdPRPZOQF-FYmW9dRkX7Gg7HcMmC7bD2MKacOslHJF
Frame ID: 6D52B4F248333AE7D33A32F8C9C9C85F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://prof-in.ba/dokumenti/ Page URL
  2. http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D| Page URL
  3. http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D| Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Page Statistics

14
Requests

43 %
HTTPS

50 %
IPv6

4
Domains

7
Subdomains

6
IPs

3
Countries

148 kB
Transfer

484 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://prof-in.ba/dokumenti/ Page URL
  2. http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D| Page URL
  3. http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D| Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://mg.mail.yahoo.com/mailfe/resources?o=iframe&src=login HTTP 307
  • https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=MMepyB0&done=https%3A%2F%2Fmg.mail.yahoo.com%2Fmailfe%2Fresources%3Fo%3Diframe%26src%3Dlogin HTTP 302
  • https://login.yahoo.com/?.src=ym&lang=fr-FR&done=https%3A%2F%2Fmg.mail.yahoo.com%2Fmailfe%2Fresources%3Fo%3Diframe%26src%3Dlogin%26guce_referrer%3DaHR0cDovL3Byb2YtaW4uYmEvZG9rdW1lbnRpL2NhbWVvLnBocD9sb2dpbiZjb250aW51ZT10byZpbmJveD1YY2x1c2l2LTNEfA%26guce_referrer_sig%3DAQAAAAIixwjQpAtFtMvvZkIwd1x9kK2PQYTdah_OlgSmVmQMpp-8i5bjhx-JSPVZdNMsnc6i1h0qB8A-1md7GcOp54YMWHIxr_wKFbx_RzKbvBWgvDkM0b72NwI2lKYxOsuCfaSdPRPZOQF-FYmW9dRkX7Gg7HcMmC7bD2MKacOslHJF

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
prof-in.ba/dokumenti/ 		190 B
383 B 		Document
General
Check archive.org
Download Go to
Full URL
http://prof-in.ba/dokumenti/
Protocol
HTTP/1.1
Server
77.235.45.46 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
web25.sd.eurovps.com
Software
LiteSpeed /
Resource Hash
58a50db2dbf8f9f7945b9a0b05d4356062db6731c6582644f898936729521ccd

Request headers

Host
prof-in.ba
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Connection
Keep-Alive
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Content-Length
176
Content-Encoding
gzip
Date
Mon, 16 Nov 2020 21:47:20 GMT
Server
LiteSpeed
gade.php
prof-in.ba/dokumenti/ 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D|
Requested by
Host: prof-in.ba
URL: http://prof-in.ba/dokumenti/
Protocol
HTTP/1.1
Server
77.235.45.46 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
web25.sd.eurovps.com
Software
LiteSpeed /
Resource Hash
3445ca2b2c77873ae7388e9190655ce43a2753a7f14b8c1631c62657d1ac0beb

Request headers

Host
prof-in.ba
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://prof-in.ba/dokumenti/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://prof-in.ba/dokumenti/

Response headers

Connection
Keep-Alive
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Content-Length
3758
Content-Encoding
gzip
Date
Mon, 16 Nov 2020 21:47:20 GMT
Server
LiteSpeed
NYKpPzcj59cAccountCSSX.css
secure.wlxrs.com/jy5kqke3ytP4lb3i5ZDpNLiWSfajaQ-eDIOI7KaGMzOGtx7r-zkJzcZQdL-oXfcuo!qhAxV70lLofVjqeMaFkn0-MYEtUYM8BG5a7nbwMSo/Base/16.4.4507/ 		101 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.wlxrs.com/jy5kqke3ytP4lb3i5ZDpNLiWSfajaQ-eDIOI7KaGMzOGtx7r-zkJzcZQdL-oXfcuo!qhAxV70lLofVjqeMaFkn0-MYEtUYM8BG5a7nbwMSo/Base/16.4.4507/NYKpPzcj59cAccountCSSX.css?ZfDHJ0dwkwrfIMoja3-R7w
Requested by
Host: prof-in.ba
URL: http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D|
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.83.82.8 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-83-82-8.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4b0e6a62b21d3b6aeeada5430d4a2b9dc9cb9176c984b26ff92aefcffd71ed4b

Request headers

Referer
http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D|
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 16 Nov 2020 21:47:21 GMT
Content-Encoding
gzip
Last-Modified
Wed, 26 Feb 2014 18:00:31 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
Content-Type
image/x-icon
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
19739
invis.gif
secure.wlxrs.com/$live.controls.images/is/ 		43 B
262 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.wlxrs.com/$live.controls.images/is/invis.gif
Requested by
Host: prof-in.ba
URL: http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D|
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.83.82.8 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-83-82-8.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cb725f174a86bcf23b5b9f53e5b60d53eaa1524f88f4dcec165670a3b0eb6c2c

Request headers

Referer
http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D|
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 16 Nov 2020 21:47:21 GMT
Last-Modified
Mon, 05 May 2014 18:05:20 GMT
Server
AkamaiNetStorage
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Content-Type
image/gif
X3D.GIF
prof-in.ba/dokumenti/files/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://prof-in.ba/dokumenti/files/X3D.GIF
Requested by
Host: prof-in.ba
URL: http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D|
Protocol
HTTP/1.1
Server
77.235.45.46 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
web25.sd.eurovps.com
Software
LiteSpeed /
Resource Hash
2b6f24833781f501f585c7c583f5d9aa86aa17ff9cd3ab735e8455645a3d8ae9

Request headers

Referer
http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D|
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 16 Nov 2020 21:47:20 GMT
Last-Modified
Thu, 10 Sep 2020 21:17:20 GMT
Server
LiteSpeed
Content-Type
image/gif
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
5784
Expires
Mon, 23 Nov 2020 21:47:20 GMT
c4.png
secure.wlxrs.com/$live.controls.images/h/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.wlxrs.com/$live.controls.images/h/c4.png
Requested by
Host: prof-in.ba
URL: http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D|
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.83.82.8 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-83-82-8.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
d71fb752bc1ddebdc8753fa4706280f90e0f03191e610cf65428c34804365e1b

Request headers

Referer
http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D|
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 16 Nov 2020 21:47:22 GMT
Last-Modified
Wed, 05 Mar 2014 23:11:12 GMT
Server
AkamaiNetStorage
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2987
Content-Type
image/png
Primary Request cameo.php
prof-in.ba/dokumenti/ 		109 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
Protocol
HTTP/1.1
Server
77.235.45.46 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
web25.sd.eurovps.com
Software
LiteSpeed /
Resource Hash
e20e2a477aff1d93c472a8ddb37e775517a8cbf27be053f1c11d4a7090ec8fc6

Request headers

Host
prof-in.ba
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D|
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://prof-in.ba/dokumenti/gade.php?https://login.srf?wa=wsignin=Xclusiv-3D|

Response headers

Connection
Keep-Alive
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Content-Encoding
gzip
Date
Mon, 16 Nov 2020 21:47:24 GMT
Server
LiteSpeed
combo
s.yimg.com/zz/ 		0
0
combo
s.yimg.com/zz/ 		95 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/zz/combo?os/stencil/3.0.1/desktop/styles-ltr.css
Requested by
Host: prof-in.ba
URL: http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
86527ec354b48ba17a5294dd3ec4825d98a43c3d65e4fb17c964c61a6e0f36c4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 14 Jan 2020 12:57:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
26556566
status
200
vary
Accept-Encoding
content-length
19336
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 14 Jan 2020 12:57:58 GMT
server
ATS
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=536112000, Public
expires
Tue, 15 May 2035 04:34:18 GMT
yahoo_en-US_f_p_bestfit_2x.png
s1.yimg.com/rz/d/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.yimg.com/rz/d/yahoo_en-US_f_p_bestfit_2x.png
Requested by
Host: prof-in.ba
URL: http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, DE),
Reverse DNS
Software
ATS /
Resource Hash
19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 16 Nov 2020 21:01:04 GMT
x-content-type-options
nosniff
age
2782
x-amz-server-side-encryption
AES256
status
200
vary
Origin
content-length
3066
x-amz-id-2
RaNUcG/hW5Fn4qsM0CG4iggKk1DmKVBVY0BtCda1M9vicmpbDPFa0ccRrZrSyrF55XkDBUgE960=
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 15 Nov 2020 21:26:27 GMT
server
ATS
etag
"6919fd582e1387e697f8e772008530db"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
E0D0040D0D0E3C63
x-xss-protection
1; mode=block
cache-control
private
accept-ranges
bytes
content-type
image/png
expires
Tue, 17 Nov 2020 00:00:00 GMT
g-r-min.js
s.yimg.com/rq/darla/2-8-9/js/ 		154 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/rq/darla/2-8-9/js/g-r-min.js
Requested by
Host: prof-in.ba
URL: http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
54ccaf3674c7afc7753040ebe97c93bb6936821f39389e8c34f52acdeedffbd9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 16 Nov 2020 16:19:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
19656
x-amz-server-side-encryption
AES256
status
200
vary
Origin, Accept-Encoding
x-amz-request-id
1912AFD5E6285847
x-amz-id-2
FHRSA01cNFR8ugRpZKqDKkT1Z2tKq7vGRicxDpcKbqAYbQJD5xVtUP0n1jxiMnrHrPAMn18wG+E=
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 12 Jun 2018 23:27:37 GMT
server
ATS
etag
"1e275d43deb616840d0f4a396476622b-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
cache-control
public,max-age=86400
accept-ranges
bytes
combo
s.yimg.com/zz/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/zz/combo?/sf/assets/mbrlogin/js/3/login-yui-3.18.1-combined-min.js&/ss/rapid-3.19.js&/sf/assets/mbrlogin/js/5/mbr-min.js&/sf/assets/mbrlogin/js/5/cache-min.js&/sf/assets/mbrlogin/js/10/useractivity-min.js&/sf/assets/mbrlogin/js/5/fieldmon-min.js&/sf/assets/mbrlogin/js/1/ajax-min.js&/sf/assets/mbrlogin/js/1/poll-min.js&/sf/assets/mbrlogin/js/3/mbr-desktop-min.js&/sf/assets/mbrlogin/js/desktop/login/74/login-min.js&/sf/assets/mbrlogin/js/mobile/deviceswitcher/1/deviceswitcher-min.js&/sf/assets/mbrlogin/js/common/comscore/1/comscore-min.js&/sf/assets/mbrlogin/js/desktop/lad/12/lad-min.js&kx/yucs/uh3s/uh/414/js/uh-min.js&kx/yucs/uh2/common/145/js/jsonp-super-cached-min.js&kx/yucs/uh3s/uh/379/js/escregex-min.js&kx/yucs/uh3s/uh/376/js/persistence-min.js&kx/yucs/uh3s/uh/401/js/menu_group_plugin-min.js&kx/yucs/uh3s/uh/430/js/menu-plugin-min.js&kx/yucs/uh3s/uh/429/js/menu_handler_v2-min.js&kx/yucs/uh3s/uh/376/js/gallery-jsonp-min.js&kx/yucs/uh3s/uh/408/js/logo_debug-min.js&kx/yucs/uh3/uh/js/958/localeDateFormat-min.js&kx/yucs/uh3s/uh/409/js/timestamp_library-min.js&kx/yucs/uh3s/uh/376/js/usermenu_v2-min.js&kx/yucs/uh3/signout-link/10/js/signout-min.js&kx/yucs/uhc/rapid/48/js/uh_rapid-min.js&kx/yucs/uhc/meta/66/js/meta-min.js
Requested by
Host: prof-in.ba
URL: http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 16 Nov 2020 21:47:24 GMT
referrer-policy
no-referrer-when-downgrade
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
status
400
x-xss-protection
1; mode=block
x-content-type-options
nosniff
yahoo_mail_en-US_s_f_pw_351x40_mail.png
s.yimg.com/rz/d/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/rz/d/yahoo_mail_en-US_s_f_pw_351x40_mail.png
Requested by
Host: prof-in.ba
URL: http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
f2d2954c92bde1ca42361ce83e1d02f929f1463f4f9d1b11d4e5c430c9aff8b4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 16 Nov 2020 11:40:10 GMT
x-content-type-options
nosniff
age
36436
x-amz-server-side-encryption
AES256
status
200
vary
Origin
content-length
3273
x-amz-id-2
EEDKNMk2txC8PaGs+N1lMXFolgro8gcDPgqHJBrvWU7WrtB0IMNww4guaCoVaZQxYXz3fAmPXVA=
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 15 Nov 2020 21:28:12 GMT
server
ATS
etag
"f9cfa57285fa7b50680b36a34e249a58"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
AP9NFWANCR4T5YFP
x-xss-protection
1; mode=block
cache-control
private
accept-ranges
bytes
content-type
image/png
expires
Tue, 17 Nov 2020 00:00:00 GMT
/
login.yahoo.com/ Frame 6D52
Redirect Chain
  • https://mg.mail.yahoo.com/mailfe/resources?o=iframe&src=login
  • https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=MMepyB0&done=https%3A%2F%2Fmg.mail.yahoo.com%2Fmailfe%2Fresources%3Fo%3Diframe%26src%3Dlogin
  • https://login.yahoo.com/?.src=ym&lang=fr-FR&done=https%3A%2F%2Fmg.mail.yahoo.com%2Fmailfe%2Fresources%3Fo%3Diframe%26src%3Dlogin%26guce_referrer%3DaHR0cDovL3Byb2YtaW4uYmEvZG9rdW1lbnRpL2NhbWVvLnBocD...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://login.yahoo.com/?.src=ym&lang=fr-FR&done=https%3A%2F%2Fmg.mail.yahoo.com%2Fmailfe%2Fresources%3Fo%3Diframe%26src%3Dlogin%26guce_referrer%3DaHR0cDovL3Byb2YtaW4uYmEvZG9rdW1lbnRpL2NhbWVvLnBocD9sb2dpbiZjb250aW51ZT10byZpbmJveD1YY2x1c2l2LTNEfA%26guce_referrer_sig%3DAQAAAAIixwjQpAtFtMvvZkIwd1x9kK2PQYTdah_OlgSmVmQMpp-8i5bjhx-JSPVZdNMsnc6i1h0qB8A-1md7GcOp54YMWHIxr_wKFbx_RzKbvBWgvDkM0b72NwI2lKYxOsuCfaSdPRPZOQF-FYmW9dRkX7Gg7HcMmC7bD2MKacOslHJF
Requested by
Host: prof-in.ba
URL: http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:110:c104::3000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'self';child-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;connect-src 'self' https://geo.yahoo.com https://pr.comet.yahoo.com https://ws.progrss.yahoo.com https://udc.yahoo.com;default-src 'self' https://s.yimg.com https://s1.yimg.com https://login.yahoo.net;font-src https://s.yimg.com https://s1.yimg.com;frame-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;img-src 'self' data: https://yahoo.com https://ct.yimg.com https://s.yimg.com https://s1.yimg.com https://tw.yimg.com https://geo.yahoo.com https://socialprofiles.zenfs.com https://*.wc.yahoodns.net https://beap-bc.yahoo.com https://ws.progrss.yahoo.com https://log.fc.yahoo.com https://backyard.yahoo.com https://*.ah.yahoo.com https://pr-bh.ybp.yahoo.com https://fbcdn.net https://scontent.xx.fbcdn.net https://z-m-scontent.xx.fbcdn.net https://graph.facebook.com https://data.mail.yahoo.com https://platform-lookaside.fbsbx.com;media-src https://*.ah.yahoo.com;object-src 'none';report-uri https://csp.yahoo.com/beacon/csp?src=mbr_account;script-src 'unsafe-inline' 'self' https://s.yimg.com https://s1.yimg.com https://query.yahoo.com https://*.query.yahoo.com https://y.analytics.yahoo.com https://jsapi.login.yahoo.com https://fc.yahoo.com https://e2e.fc.yahoo.com https://pr.comet.yahoo.com 'nonce-/zQ+8zLtReXr7kZwKpryUaA1DiYuRJKr0fon/oWVAa7GjEG+' ;style-src * 'unsafe-inline'
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Host
login.yahoo.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://prof-in.ba/dokumenti/cameo.php?login&continue=to&inbox=Xclusiv-3D|

Response headers

X-Frame-Options
DENY
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Age
0
Pragma
no-cache
Expires
0
Referrer-Policy
origin-when-cross-origin
Cache-Control
no-cache, no-store, must-revalidate
set-cookie
AS=v=1&s=VSMW3Jt1&d=A5fb444ed|EqfHXfr.2SrND_8zdESyGsTZD7PDJDj1XbbVfXXNg2o53fzA8NiFF8CTnK9IhYYTxYBWT2xx.Re2DD_4jTJVp7spOZQUE_hh5hTAEYld47TMJLqcY594nFAUuJLtQZKadCW1J5Tl9o.vLafQuVuasU39dmDGCkH3P0iCZ_AuahGOa6g1zwbTlmVxpFab4oomdRhLurCX_P68su4MbFdIM14UQ4idpu.JwD0Em_Mw07ZTOt65sPPbBAyF4SaUASOUw0Y72wyaCyC3N2bkLPlJxN_mYSFZtnCdoslrvb.RitKTeZw4tE5ZGXS4UnbwzSsIE.PIxgT29MMWg7VzI1mbpPw.BxxL2cR8QIqiW3URN9bkey0OTUZiXCosW6J0QfZj4dW2sppdVagH_ob4Mfn.dt2x1wkEIuI_QMgaIrioIXfbBGAN0fCYcgR789NnDUxlZMPmgwgIgi7gTvnkhh9Olpp3QsIKwWdT0SE0p7dlBwSP2MRN0Wzn4HHiD6PgTR4OQE5MhZQlG1A76dUAkZda8tRHMHrwR7t1NRrQZtMWQCwqG9tBIMeJhWpleoufrqx_2OBIlkp.F6wEJi3mAyZN5qADAj2paBl9osujXxP1NtX_NWKd1JzF6wj3b4sMOZBCho7i9L0wfa6FT7rihBemL4XPpQZHu9lOcmRP79Dx6U8vtHYYp.P6LPPYkEGcJQBw8aFJsTUUhNVsV0lc0V6_.VcJvvQOjlNyX69BdIR.MCyjTzB.kbC42rCGC5Blydml_VvipsTREbREA8jQtdkmifx0sSz8lBiPB3OipQt48LwpINDJxdZvwiqNssjXdcdFdH8zD.GCjiC6rbCaXfz4c1ZRttqS7NiemoE1In3r0fj8y7F_p1h6RAmzOafYb66dLgp4IG3BX89Nbj5Oto9hDiiAdU868090lTH92u5vnVa3Gi7L7ChQICuZGqGTu01WnDyNNR3S_nQkoOe_NeQVvaDvlEFR7_BhD6kt1_D5RxHL2fRul8.noZ.f27f3pE5GHyzjgjDeYDucgW4GJA5Hn828B7KmEW8Lk0NR4ZkbOEU1l16eshuk7WkkMIhhOlbddO.cA1keaxiRlA--~A; path=/; domain=login.yahoo.com; secure; HttpOnly
Content-Type
text/html; charset=utf-8
Content-Security-Policy
base-uri 'self';child-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;connect-src 'self' https://geo.yahoo.com https://pr.comet.yahoo.com https://ws.progrss.yahoo.com https://udc.yahoo.com;default-src 'self' https://s.yimg.com https://s1.yimg.com https://login.yahoo.net;font-src https://s.yimg.com https://s1.yimg.com;frame-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;img-src 'self' data: https://yahoo.com https://ct.yimg.com https://s.yimg.com https://s1.yimg.com https://tw.yimg.com https://geo.yahoo.com https://socialprofiles.zenfs.com https://*.wc.yahoodns.net https://beap-bc.yahoo.com https://ws.progrss.yahoo.com https://log.fc.yahoo.com https://backyard.yahoo.com https://*.ah.yahoo.com https://pr-bh.ybp.yahoo.com https://fbcdn.net https://scontent.xx.fbcdn.net https://z-m-scontent.xx.fbcdn.net https://graph.facebook.com https://data.mail.yahoo.com https://platform-lookaside.fbsbx.com;media-src https://*.ah.yahoo.com;object-src 'none';report-uri https://csp.yahoo.com/beacon/csp?src=mbr_account;script-src 'unsafe-inline' 'self' https://s.yimg.com https://s1.yimg.com https://query.yahoo.com https://*.query.yahoo.com https://y.analytics.yahoo.com https://jsapi.login.yahoo.com https://fc.yahoo.com https://e2e.fc.yahoo.com https://pr.comet.yahoo.com 'nonce-/zQ+8zLtReXr7kZwKpryUaA1DiYuRJKr0fon/oWVAa7GjEG+' ;style-src * 'unsafe-inline'
Vary
Accept-Encoding
Content-Encoding
gzip
Date
Mon, 16 Nov 2020 21:47:25 GMT
Transfer-Encoding
chunked
Connection
close
Strict-Transport-Security
max-age=15552000
Server
ATS

Redirect headers

Connection
keep-alive
Server
guce
Strict-Transport-Security
max-age=31536000; includeSubDomains
Location
https://login.yahoo.com?.src=ym&lang=fr-FR&done=https%3A%2F%2Fmg.mail.yahoo.com%2Fmailfe%2Fresources%3Fo%3Diframe%26src%3Dlogin%26guce_referrer%3DaHR0cDovL3Byb2YtaW4uYmEvZG9rdW1lbnRpL2NhbWVvLnBocD9sb2dpbiZjb250aW51ZT10byZpbmJveD1YY2x1c2l2LTNEfA%26guce_referrer_sig%3DAQAAAAIixwjQpAtFtMvvZkIwd1x9kK2PQYTdah_OlgSmVmQMpp-8i5bjhx-JSPVZdNMsnc6i1h0qB8A-1md7GcOp54YMWHIxr_wKFbx_RzKbvBWgvDkM0b72NwI2lKYxOsuCfaSdPRPZOQF-FYmW9dRkX7Gg7HcMmC7bD2MKacOslHJF
Content-Length
0
Date
Mon, 16 Nov 2020 21:47:25 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s.yimg.com
URL
https://s.yimg.com/zz/combo?/sf/assets/mbrlogin/css/pure-0.3.0-min.css&/sf/assets/mbrlogin/css/18/mbr-min.css&/sf/assets/mbrlogin/css/6/sprite-min.css&/sf/assets/mbrlogin/css/19/mbr-desktop-min.css&/sf/assets/mbrlogin/css/desktop/header/2/header-min.css&/sf/assets/mbrlogin/css/desktop/contents/2/contents-min.css&/sf/assets/mbrlogin/css/desktop/login/1/flags-min.css&/sf/assets/mbrlogin/css/desktop/login/67/login-min.css&/sf/assets/mbrlogin/css/desktop/footer/8/footer-min.css&/sf/assets/mbrlogin/css/mobile/deviceswitcher/2/deviceswitcher-min.css&/sf/assets/mbrlogin/css/desktop/lad/1/lad-min.css&kx/yucs/uh3s/atomic/84/css/atomic-min.css&kx/yucs/uh_common/meta/3/css/meta-min.css&kx/yucs/uh3s/uh/394/css/uh-center-aligned-min.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| trustedTypes object| MBR_config function| validateForm object| DARLA object| $sf undefined| Y undefined| $yac object| _Y object| DARLA_CONFIG

0 Cookies