srv89832.ht-test.ru
Open in
urlscan Pro
78.110.50.127
Malicious Activity!
Public Scan
Effective URL: http://srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/index.php
Submission: On October 03 via api from QA
Summary
This is the only time srv89832.ht-test.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yahoo (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 78.110.50.127 78.110.50.127 | 31240 (HT-SYSTEM...) (HT-SYSTEMS-AS Uplinks:) | |
5 | 2a00:1288:f03... 2a00:1288:f03d:1fa::4000 | 10310 (YAHOO-1) (YAHOO-1) | |
1 | 2a00:1288:110... 2a00:1288:110:c304::1001 | 34010 (YAHOO-IRD) (YAHOO-IRD) | |
2 | 2a00:1288:110... 2a00:1288:110:c204::b000 | 34010 (YAHOO-IRD) (YAHOO-IRD) | |
1 | 2a00:1288:80:... 2a00:1288:80:800::7001 | 203220 (YAHOO-DEB) (YAHOO-DEB) | |
1 | 2a00:1288:f03... 2a00:1288:f03d:1fa::2000 | 10310 (YAHOO-1) (YAHOO-1) | |
21 | 7 |
ASN31240 (HT-SYSTEMS-AS Uplinks:, RU)
PTR: cl32-w.ht-systems.ru
srv89832.ht-test.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
ht-test.ru
1 redirects
srv89832.ht-test.ru |
754 KB |
5 |
yahoo.com
udc.yahoo.com geo.yahoo.com fc.yahoo.com beap-bc.yahoo.com |
11 KB |
5 |
yimg.com
l.yimg.com s.yimg.com |
737 KB |
21 | 3 |
Domain | Requested by | |
---|---|---|
11 | srv89832.ht-test.ru |
1 redirects
srv89832.ht-test.ru
|
4 | s.yimg.com |
srv89832.ht-test.ru
|
2 | geo.yahoo.com |
srv89832.ht-test.ru
|
1 | beap-bc.yahoo.com | |
1 | fc.yahoo.com |
srv89832.ht-test.ru
|
1 | udc.yahoo.com |
srv89832.ht-test.ru
|
1 | l.yimg.com |
srv89832.ht-test.ru
|
21 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.yahoo.com |
help.yahoo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.yahoo.com DigiCert SHA2 High Assurance Server CA |
2020-09-28 - 2020-11-11 |
a month | crt.sh |
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA |
2020-09-27 - 2020-11-11 |
a month | crt.sh |
This page contains 5 frames:
Primary Page:
http://srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/index.php
Frame ID: B26C978C1EA2E724A27EDDC67BE1FC0A
Requests: 17 HTTP requests in this frame
Frame:
http://srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/r-sf.htm
Frame ID: BC3401CD266F7CBC1C2B8605B439E7C0
Requests: 1 HTTP requests in this frame
Frame:
http://srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/r-csc.htm
Frame ID: 6F30E5B87F423DDD73BBB85DECF0BF47
Requests: 1 HTTP requests in this frame
Frame:
https://s.yimg.com/rq/darla/3-23-0/html/r-csc.html
Frame ID: 5E4E6A061C6CD0E3E4A8E381922F830D
Requests: 1 HTTP requests in this frame
Frame:
https://s.yimg.com/rq/darla/3-23-0/html/r-sf.html
Frame ID: C005E6D2B746B982C3527C47CADBCCA8
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/index.php
HTTP 301
http://srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/index.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
- headers server /php\/?([\d.]+)?/i
Red Hat (Operating Systems) Expand
Detected patterns
- headers server /Red Hat/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/index.php
HTTP 301
http://srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
index.php
srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/ Redirect Chain
|
21 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yahoo-main.css
srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/ |
311 KB 311 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
boot.js
srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/ |
7 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
g-r-min.js
srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/ |
205 KB 206 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png
srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rapid-3.js
srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/ |
46 KB 47 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bundle.js
srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/ |
138 KB 138 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
client.php
srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/ |
20 KB 20 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
g-r-min.js
l.yimg.com/rq/darla/3-23-0/js/ |
205 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
r-sf.htm
srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/ Frame BC34 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hide-v0.0.1.svg
s.yimg.com/wm/mbr/images/ |
860 KB 646 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
yql
udc.yahoo.com/v2/public/ |
0 827 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
c
geo.yahoo.com/ |
43 B 723 B |
Other
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.js
s.yimg.com/rq/darla/ |
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
r-csc.htm
srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/ Frame 6F30 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
client.php
fc.yahoo.com/sdarla/php/ |
20 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r-csc.html
s.yimg.com/rq/darla/3-23-0/html/ Frame 5E4E |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r-sf.html
s.yimg.com/rq/darla/3-23-0/html/ Frame C005 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
av
beap-bc.yahoo.com/ |
64 B 64 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
p
geo.yahoo.com/ |
43 B 723 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- srv89832.ht-test.ru
- URL
- http://srv89832.ht-test.ru/YAHOO-SECURITY-VALID/YAHOO%20AUTO%20NEW/x/secured/challenged_files/r-csc.htm
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yahoo (Online)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes object| oldError boolean| isGoodJS object| YUI_config string| COMET_URL object| I13N_config object| darlaConfig object| challenge string| mKeyPrefix object| pwchallenge boolean| isIOSDevice function| mbrSendError object| DARLA object| $sf undefined| $yac boolean| sf_auto_6-3-9-2020 undefined| Y object| _Y object| YAHOO object| rapidInstance object| jsModules boolean| mbrJSLoaded function| checkAssets number| lastApvTime object| DARLA_CONFIG2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ht-test.ru/ | Name: rxx Value: 2834l0hxofw.230pvqey&v=1 |
|
srv89832.ht-test.ru/ | Name: PHPSESSID Value: 19a969qsk1v58u32htbohl2h4m |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
beap-bc.yahoo.com
fc.yahoo.com
geo.yahoo.com
l.yimg.com
s.yimg.com
srv89832.ht-test.ru
udc.yahoo.com
srv89832.ht-test.ru
2a00:1288:110:c204::b000
2a00:1288:110:c304::1001
2a00:1288:80:800::7001
2a00:1288:f03d:1fa::2000
2a00:1288:f03d:1fa::4000
78.110.50.127
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338
119acd68e288f17e86722a67e341ec74f7f6a377ec8e15b3914245f57caf6fbf
26ff067a3a818ae78255a10d042d1ee61ffc52037b5b7d927bec104031e3e04b
2823556bb0127099623f6f41964cfe2c70ebfb804a2c352b33fba3802b32a700
338dd8bca3b89e5fddd118d70b5b142078d408dbcd7330881d08809a85df1ba6
3b6c542d89ded10db8129d5ebc336ef2ddf860006638969080c992166aa16cba
48db1569fe6973063c5f86f601b2c421aeac5dcb0a629181d7cf0dab82c8d433
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637
5af026f22ce0398fa928645cf5a76a1e6299ee227589f2cc02310a1f8c332e59
a8ce16e3e81873ddcc952b5029fdb0d75bd8e7e18df5a8ec098bfb96a9ac9d26
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4380ca2099385fd94f441eb2c6ea8f45aeef0a9c3304bcfd50383c78347ad81
d1f6e53daaa668098f4b28a3514f148ae57251319f078fe5b0e57d4eb9322269
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855