urlscan.io logo urlscan.io
SecurityTrails logo

yahsec45.com Open in urlscan Pro
173.255.128.184  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://yahsec45.com/yh/yahoo/
Submission: On February 20 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 4 countries across 7 domains to perform 20 HTTP transactions. The main IP is 173.255.128.184, located in United States and belongs to UK2NET-AS, GB. The main domain is yahsec45.com.
This is the only time yahsec45.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

IP Address AS Autonomous System
1 173.255.128.184 13213 (UK2NET-AS)
1 2a00:1288:f03... 10310 (YAHOO-1)
2 2a00:1288:f03... 10310 (YAHOO-1)
1 2 172.217.19.102 15169 (GOOGLE)
1 2a02:26f0:f70... 20940 (AKAMAI-ASN1)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a05:d018:d29... 16509 (AMAZON-02)
2 152.195.39.165 15133 (EDGECAST)
1 152.199.23.180 15133 (EDGECAST)
20 9
1    173.255.128.184 (United States)

ASN13213 (UK2NET-AS, GB)
PTR: slmp-550-138-shared.slc.westdc.net
yahsec45.com
1    2a00:1288:f03d:1fa::4000 (United Kingdom)

ASN10310 (YAHOO-1, US)
6.ras.yahoo.com
2    2a00:1288:f03d:1fa::2000 (United Kingdom)

ASN10310 (YAHOO-1, US)
s.yimg.com
2    172.217.19.102 (United States)

ASN15169 (GOOGLE, US)
PTR: muc03s07-in-f102.1e100.net
ad.doubleclick.net
1    2a02:26f0:f700:4bb::1ec4 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)
secure.insightexpressai.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
2    2a05:d018:d29:3605:675d:6b7d:32db:18ea (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
2    152.195.39.165 (United States)

ASN15133 (EDGECAST, US)
tag.sp.advertising.com
1    152.199.23.180 (United States)

ASN15133 (EDGECAST, US)
opus.analytics.yahoo.com
Apex Domain
Subdomains		 Transfer
4 yahoo.com
6.ras.yahoo.com — Cisco Umbrella Rank: 3778
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 422
opus.analytics.yahoo.com — Cisco Umbrella Rank: 5529
5 KB
2 advertising.com
tag.sp.advertising.com — Cisco Umbrella Rank: 6321
1 KB
2 doubleclick.net
ad.doubleclick.net — Cisco Umbrella Rank: 164
831 B
2 yimg.com
s.yimg.com — Cisco Umbrella Rank: 459
872 KB
1 bing.com
c.bing.com — Cisco Umbrella Rank: 241
604 B
1 insightexpressai.com
secure.insightexpressai.com — Cisco Umbrella Rank: 1335
2 KB
1 yahsec45.com
yahsec45.com
1 MB
20 7
Domain Requested by
2 tag.sp.advertising.com s.yimg.com
tag.sp.advertising.com
2 pr-bh.ybp.yahoo.com srcdoc
2 ad.doubleclick.net 1 redirects srcdoc
2 s.yimg.com srcdoc
1 opus.analytics.yahoo.com tag.sp.advertising.com
1 c.bing.com 1 redirects
1 secure.insightexpressai.com srcdoc
1 6.ras.yahoo.com srcdoc
1 yahsec45.com
20 9

This site contains links to these domains. Also see Links.

Domain
www.yahoo.com
help.yahoo.com
login.yahoo.com
legal.yahoo.com
Subject Issuer Validity Valid
*.pubgw.ads.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-01-19 -
2023-03-08		 2 months crt.sh
*.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-01-19 -
2023-03-08		 2 months crt.sh
*.insightexpressai.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-14 -
2023-03-15		 a year crt.sh
tag.sp.advertising.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-28 -
2023-03-31		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-11-08 -
2023-05-03		 6 months crt.sh
opus.analytics.yahoo.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-26 -
2023-06-26		 a year crt.sh

This page contains 7 frames:

Primary Page: http://yahsec45.com/yh/yahoo/
Frame ID: F8B2E390E7C91C1EFDE592B60EC082C8
Requests: 7 HTTP requests in this frame

Frame: https://6.ras.yahoo.com/adcount%7C2.0%7C5113.1%7C5043043%7C0%7C5112%7CAdId=11216530;BnId=3;ct=3323444950;st=10964;adcid=1;itime=419253395;reqtype=5;guid=akb0ujthi3g2v;;impref=1676419253184680828;imprefseq=66153311086051453;imprefts=1676419253;adclntid=1004;spaceid=794200018;adposition=RICH;lmsid=;revshare=;pvid=E87lxzk4LjGqLB6fYyHAXwCdMjAuMQAAAADGF2ls;sectionid=;kvsecure-darla=4-10-1%7Cysd%7C2;kvsecure=true;kvmn=y963896142;kvy-bucket=mbr-app-password-classifier%2Cmbr-push-upsell-exp2%2Cmbr-enbl-commchnl-r-sess-ext-control%2Cno-sms-option%2Cmbr-personal-info-access;kvpgcolo=bf1;kvssp=ssp;kvadtc_dvmktname=unknown;kvadtc_dvosplt=windows_10;kvadtc_dvbrand=google;kvadtc_dvtype=desktop;kvadtc_dvmodel=chrome_-_windows;kvrepo_dvosplt=windows_10;kvadtc_dvosversion=NT%2010.0;kvadtc_crmcc=UNKNOWN;kvadtc_crmnc=UNKNOWN;gdpr=0;us_privacy=1YNN;
Frame ID: 6FF9E6D3928DA3179C2EE71974311E78
Requests: 1 HTTP requests in this frame

Frame: https://s.yimg.com/ch/e6d5ed5f-cbcf-4e92-8ef3-2e6cfd655a0c.jpeg
Frame ID: 2D3B9B9BF791C37A00251E6996B8AD06
Requests: 4 HTTP requests in this frame

Frame: https://pr-bh.ybp.yahoo.com/sync/msn/35431D1843AB67E412CF0FA6427966D9
Frame ID: A3DA1888727BC2F24EC0804E269DE1EF
Requests: 1 HTTP requests in this frame

Frame: https://s.yimg.com/rq/sbox/bv.js
Frame ID: 31F55AF6896C0E7CF48B3047BD02E51E
Requests: 2 HTTP requests in this frame

Frame: https://tag.sp.advertising.com/bid-apid/bid-apid-idsync.html
Frame ID: 3EEC0560D32400BB6B440492A78B8A84
Requests: 2 HTTP requests in this frame

Frame: https://opus.analytics.yahoo.com/opus/tag/opus-frame.html?id=4
Frame ID: 40ACCA233EBB1811DCB7C015B650E7E8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Yahoo

Page Statistics

20
Requests

40 %
HTTPS

56 %
IPv6

7
Domains

9
Subdomains

9
IPs

4
Countries

2099 kB
Transfer

2104 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://ad.doubleclick.net/ddm/trackimp/N7293.150726.DARTSEARCHYAHOO/B28725489.358395439;dc_trk_aid=549402178;dc_trk_cid=185941469;ord=767895966328542727;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd= HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N7293.150726.DARTSEARCHYAHOO/B28725489.358395439;dc_pre=CMWkiJiXpP0CFXuFgwcdfGcBCw;dc_trk_aid=549402178;dc_trk_cid=185941469;ord=767895966328542727;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=
Request Chain 11
  • https://c.bing.com/c.gif?Red3=OATHMS_pd HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/msn/35431D1843AB67E412CF0FA6427966D9

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
yahsec45.com/yh/yahoo/ 		1 MB
1 MB 		Document
General
Check archive.org
Download Go to
Full URL
http://yahsec45.com/yh/yahoo/
Protocol
HTTP/1.1
Server
173.255.128.184 , United States, ASN13213 (UK2NET-AS, GB),
Reverse DNS
slmp-550-138-shared.slc.westdc.net
Software
Apache /
Resource Hash
a092b1c9904dc9f80e94e621901f0a276765f47a70aaa51db29ff0f5dfc18d7b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Upgrade, Keep-Alive
Content-Length
1098070
Content-Type
text/html; charset=UTF-8
Date
Mon, 20 Feb 2023 13:14:54 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Upgrade
h2,h2c
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://yahsec45.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://yahsec45.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560

Request headers

Referer
http://yahsec45.com/
Origin
http://yahsec45.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa

Request headers

Referer
http://yahsec45.com/
Origin
http://yahsec45.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://yahsec45.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4

Request headers

Referer
http://yahsec45.com/
Origin
http://yahsec45.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type
font/woff2
adcount%7C2.0%7C5113.1%7C5043043%7C0%7C5112%7CAdId=11216530;BnId=3;ct=3323444950;st=10964;adcid=1;itime=419253395;reqtype=5;guid=akb0ujthi3g2v;;impref=1676419253184680828;imprefseq=6615331108605145...
6.ras.yahoo.com/ Frame 6FF9 		1 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://6.ras.yahoo.com/adcount%7C2.0%7C5113.1%7C5043043%7C0%7C5112%7CAdId=11216530;BnId=3;ct=3323444950;st=10964;adcid=1;itime=419253395;reqtype=5;guid=akb0ujthi3g2v;;impref=1676419253184680828;imprefseq=66153311086051453;imprefts=1676419253;adclntid=1004;spaceid=794200018;adposition=RICH;lmsid=;revshare=;pvid=E87lxzk4LjGqLB6fYyHAXwCdMjAuMQAAAADGF2ls;sectionid=;kvsecure-darla=4-10-1%7Cysd%7C2;kvsecure=true;kvmn=y963896142;kvy-bucket=mbr-app-password-classifier%2Cmbr-push-upsell-exp2%2Cmbr-enbl-commchnl-r-sess-ext-control%2Cno-sms-option%2Cmbr-personal-info-access;kvpgcolo=bf1;kvssp=ssp;kvadtc_dvmktname=unknown;kvadtc_dvosplt=windows_10;kvadtc_dvbrand=google;kvadtc_dvtype=desktop;kvadtc_dvmodel=chrome_-_windows;kvrepo_dvosplt=windows_10;kvadtc_dvosversion=NT%2010.0;kvadtc_crmcc=UNKNOWN;kvadtc_crmnc=UNKNOWN;gdpr=0;us_privacy=1YNN;
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Feb 2023 13:14:55 GMT
strict-transport-security
max-age=15552000
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
content-type
application/x-javascript
cache-control
no-store, no-cache
content-length
1
x-xss-protection
1; mode=block
expires
Mon, 15 Jun 1998 00:00:00 GMT
e6d5ed5f-cbcf-4e92-8ef3-2e6cfd655a0c.jpeg
s.yimg.com/ch/ Frame 2D3B 		871 KB
872 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/ch/e6d5ed5f-cbcf-4e92-8ef3-2e6cfd655a0c.jpeg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
9cfb5f7370ed748b6348092d046660c99af08c82249a797ba441315a43ba5177
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 14 Feb 2023 06:32:23 GMT
x-amz-version-id
null
x-content-type-options
nosniff
strict-transport-security
max-age=15552000
x-amz-request-id
GF8Q8DNX0YJR98SB
age
542553
x-amz-server-side-encryption
AES256
content-length
891719
x-amz-id-2
re34EvpjJhWwt3d1ZduqfZYsg6WmtGo/xZPbj+pKtyqfo8QOiTybx3Wx5FmmzV0Lol4WslkkDYw=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 10 Feb 2023 16:52:44 GMT
server
ATS
etag
"bdc46da230c13a620f56be9775a21e82"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
content-type
image/jpeg
cache-control
max-age=15552000, public
accept-ranges
bytes
B28725489.358395439;dc_pre=CMWkiJiXpP0CFXuFgwcdfGcBCw;dc_trk_aid=549402178;dc_trk_cid=185941469;ord=767895966328542727;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=
ad.doubleclick.net/ddm/trackimp/N7293.150726.DARTSEARCHYAHOO/ Frame 2D3B
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N7293.150726.DARTSEARCHYAHOO/B28725489.358395439;dc_trk_aid=549402178;dc_trk_cid=185941469;ord=767895966328542727;dc_lat=;dc_rdid=;tag_for_child_directed_tre...
  • https://ad.doubleclick.net/ddm/trackimp/N7293.150726.DARTSEARCHYAHOO/B28725489.358395439;dc_pre=CMWkiJiXpP0CFXuFgwcdfGcBCw;dc_trk_aid=549402178;dc_trk_cid=185941469;ord=767895966328542727;dc_lat=;d...
42 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/trackimp/N7293.150726.DARTSEARCHYAHOO/B28725489.358395439;dc_pre=CMWkiJiXpP0CFXuFgwcdfGcBCw;dc_trk_aid=549402178;dc_trk_cid=185941469;ord=767895966328542727;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=?
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
172.217.19.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
muc03s07-in-f102.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Feb 2023 13:14:55 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 20 Feb 2023 13:14:55 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ad.doubleclick.net/ddm/trackimp/N7293.150726.DARTSEARCHYAHOO/B28725489.358395439;dc_pre=CMWkiJiXpP0CFXuFgwcdfGcBCw;dc_trk_aid=549402178;dc_trk_cid=185941469;ord=767895966328542727;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;ltd=?
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
follow-only-when-prerender-shown
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adServerESI.aspx
secure.insightexpressai.com/adServer/ Frame 2D3B 		35 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.insightexpressai.com/adServer/adServerESI.aspx?script=false&bannerID=11280706&rnd=8613499285784487964&DID=&redir=https://secure.insightexpressai.com/adserver/1pixel.gif
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f700:4bb::1ec4 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
22816a00dfe9fcdc30063d22717ab9cbab3aeb2a8e9844e9d774d256dc48b7c8
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Security-Policy
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 20 Feb 2023 13:14:55 GMT
P3P
CP="NOI DSP COR NID CUR ADMa OUR STP STA"
Connection
keep-alive
Content-Length
35
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
unsafe-url
Vary
Accept-Encoding
X-Frame-Options
ALLOWALL
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache
Feature-Policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Expires
Mon, 20 Feb 2023 13:14:55 GMT
truncated
/ Frame 2D3B 		565 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b8954ed878ae615531f62b8d9a95a79d9a86a84f4af1504bcbec32d8e62d7ebd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type
image/png
35431D1843AB67E412CF0FA6427966D9
pr-bh.ybp.yahoo.com/sync/msn/ Frame A3DA
Redirect Chain
  • https://c.bing.com/c.gif?Red3=OATHMS_pd
  • https://pr-bh.ybp.yahoo.com/sync/msn/35431D1843AB67E412CF0FA6427966D9
43 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/msn/35431D1843AB67E412CF0FA6427966D9
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Server
2a05:d018:d29:3605:675d:6b7d:32db:18ea Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Mon, 20 Feb 2023 13:14:55 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43

Redirect headers

pragma
no-cache
date
Mon, 20 Feb 2023 13:14:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B4018DC9CFD0410F82A98AFB3D09C112 Ref B: FRAEDGE2012 Ref C: 2023-02-20T13:14:55Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://pr-bh.ybp.yahoo.com/sync/msn/35431D1843AB67E412CF0FA6427966D9
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
bv.js
s.yimg.com/rq/sbox/ Frame 31F5 		357 B
616 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/rq/sbox/bv.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software
ATS /
Resource Hash
303bbc0d2be952f516322124d7c57675f80b4cfc62d476a5819ca54f95124a5c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Mon, 20 Feb 2023 13:05:03 GMT
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
x-amz-request-id
A6JXKCM00V4VKZF3
age
593
x-amz-server-side-encryption
AES256
content-length
357
x-amz-id-2
Vrqc5t2gY4oj4jAJZz74SYeQtxFBZ5SNBvmCzQpEwtYQue6S932QhrsPx9pdMT1qUjH2W5sh5Aw=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 20 Jul 2018 21:04:26 GMT
server
ATS
etag
"87ea17b7d8be94b4b9cb35670f009dd6"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
content-type
application/javascript; charset=utf-8
cache-control
public,max-age=1800
accept-ranges
bytes
bid-apid-idsync.html
tag.sp.advertising.com/bid-apid/ Frame 3EEC 		136 B
441 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tag.sp.advertising.com/bid-apid/bid-apid-idsync.html
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/rq/sbox/bv.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.39.165 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6795) /
Resource Hash
682fc76515bc4d8bde6358c50349eaabb46e6f087051920e744a013161ee22cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
298
content-encoding
gzip
content-length
124
content-type
text/html
date
Mon, 20 Feb 2023 13:14:55 GMT
etag
"f3441e2c340de93b6af4903c3c078bb8+gzip"
last-modified
Tue, 03 Dec 2019 21:01:22 GMT
server
ECS (frb/6795)
vary
Accept-Encoding
x-amz-id-2
N9Y3yl36KFjJJm7f5v3HfLTnMnfxwjM1ORL57Wy5NB1siUEHqfLYfD6LkONw39ALDYXQSohIhtM=
x-amz-request-id
YW8N1CA4W7K390N0
x-amz-server-side-encryption
AES256
x-amzn-internal-status
304
x-cache
HIT
fac-sync
pr-bh.ybp.yahoo.com/ Frame 31F5 		43 B
448 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/fac-sync?cb=0.2339248355472925
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3605:675d:6b7d:32db:18ea Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Mon, 20 Feb 2023 13:14:55 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
*
content-length
43
bid-apid-idsync.js
tag.sp.advertising.com/bid-apid/ Frame 3EEC 		2 KB
935 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.sp.advertising.com/bid-apid/bid-apid-idsync.js
Requested by
Host: tag.sp.advertising.com
URL: https://tag.sp.advertising.com/bid-apid/bid-apid-idsync.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.39.165 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/673A) /
Resource Hash
d01dbcadec79258da0830d4f94ed24ad5aa179c7018b4d5166b2dfdf21cb3f10

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Mon, 20 Feb 2023 13:14:56 GMT
content-encoding
gzip
last-modified
Tue, 03 Dec 2019 21:01:22 GMT
server
ECS (frb/673A)
age
231
x-amz-request-id
3N0B9YJWERVSGQ7C
etag
"4419c7e7a776ab0345f8252d24a603e8+gzip"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
content-length
730
x-amz-id-2
cKx8BA5iYOfkQ7SMrnFkbcWlMagMn9qPpcWPSvSAokdlbibtCRAISoOU3MreJ0PQdiDRlqPcM2U=
x-amzn-internal-status
304
opus-frame.html
opus.analytics.yahoo.com/opus/tag/ Frame 40AC 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://opus.analytics.yahoo.com/opus/tag/opus-frame.html?id=4
Requested by
Host: tag.sp.advertising.com
URL: https://tag.sp.advertising.com/bid-apid/bid-apid-idsync.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.180 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CBC) /
Resource Hash
9401d45b15dac98d3adc3803a52be3bae9777cfc6f2e5565115bf2d0d02eefc2
Security Headers
Name Value
Content-Security-Policy default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
392646
content-encoding
gzip
content-length
3427
content-security-policy
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'
content-type
text/html
date
Mon, 20 Feb 2023 13:14:56 GMT
etag
"b159463bfd2d3b755e89e683e21cd266+gzip"
last-modified
Wed, 18 Aug 2021 13:30:04 GMT
server
ECAcc (frc/4CBC)
vary
Accept-Encoding
x-amz-id-2
T3G2HwUUWkeNtQseyRI0aPbnqzNu0JXt8Gwsrarf5IGy2QbyLrHSGloM98GDq3KJaztT1KsshHY=
x-amz-request-id
WBS3SD1V41BD8MPB
x-cache
HIT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless object| oncontentvisibilityautostatechange function| savepage_ShadowLoader

8 Cookies

Domain/Path Name / Value
.bing.com/ Name: MUID
Value: 35431D1843AB67E412CF0FA6427966D9
.c.bing.com/ Name: MR
Value: 0
.insightexpressai.com/ Name: DW
Value: 00000000-0000-0041-9d9c-471676898895
.insightexpressai.com/ Name: IXAI66128
Value: FTF
.insightexpressai.com/ Name: DW_Time
Value: 1676898895
.insightexpressai.com/ Name: TID
Value: 00000000-0000-0041-9d9c-471676898895
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.yahoo.com/ Name: A3
Value: d=AQABBE9y82MCEPRO8wx5si-p8jr2K6nux5wFEgEBAQHD9GP9YwAAAAAA_eMAAA&S=AQAAAsRP3UBWPdNe2tB6Ysc8UJU

2 Console Messages

Source Level URL
Text
other warning URL: http://yahsec45.com/yh/yahoo/(Line 24319)
Message:
Unrecognized feature: 'vr'.
security error URL: about:srcdoc(Line 3)
Message:
The Content Security Policy '' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6.ras.yahoo.com
ad.doubleclick.net
c.bing.com
opus.analytics.yahoo.com
pr-bh.ybp.yahoo.com
s.yimg.com
secure.insightexpressai.com
tag.sp.advertising.com
yahsec45.com
152.195.39.165
152.199.23.180
172.217.19.102
173.255.128.184
2620:1ec:c11::200
2a00:1288:f03d:1fa::2000
2a00:1288:f03d:1fa::4000
2a02:26f0:f700:4bb::1ec4
2a05:d018:d29:3605:675d:6b7d:32db:18ea
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338
11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59
22816a00dfe9fcdc30063d22717ab9cbab3aeb2a8e9844e9d774d256dc48b7c8
2c4f56b09ea38d7da7a27f27d86becf6ef7a3fd7ea9c37e87c1f3bb5d1028871
303bbc0d2be952f516322124d7c57675f80b4cfc62d476a5819ca54f95124a5c
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637
678e1e2014092dc3f8a41061ba39b91632d1234c70ba385b1da1a7c46fc53f62
682fc76515bc4d8bde6358c50349eaabb46e6f087051920e744a013161ee22cf
889597f5a7277689960ba1ea87c17fad5fe6b908fbdb4d9903cca8b4e3ce27cc
9401d45b15dac98d3adc3803a52be3bae9777cfc6f2e5565115bf2d0d02eefc2
9cfb5f7370ed748b6348092d046660c99af08c82249a797ba441315a43ba5177
a092b1c9904dc9f80e94e621901f0a276765f47a70aaa51db29ff0f5dfc18d7b
abba381cff917c6d470634a1276207ad10d81e12272890963154adb0836d9d20
b88255769b6102cb67efd6a25b6dbe836297903a8f973ac88fe0cfe2be25b839
b8954ed878ae615531f62b8d9a95a79d9a86a84f4af1504bcbec32d8e62d7ebd
b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa
be9cc1b412619881cc6192771335efd42e46b8bce69ed714bdb78cfdc596f381
d01dbcadec79258da0830d4f94ed24ad5aa179c7018b4d5166b2dfdf21cb3f10
d31b43f353b065086aa6fe38a0f82fedae6113f32a2a7091a9a963f04c3d70a1
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4
db864180b1d4db286a50dc6c050e5f5ad749c8648bccd1c8f4b032914c6e3897
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e487c9f11436c470692db2066205ec2be795b477c75dd3cb390e5bb65847efbf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560