ua-ir.com.ua
Open in
urlscan Pro
194.28.86.123
Malicious Activity!
Public Scan
Submission: On May 19 via automatic, source openphish
Summary
This is the only time ua-ir.com.ua was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yahoo (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 194.28.86.123 194.28.86.123 | 196645 (HOSTPRO-AS) (HOSTPRO-AS) | |
16 | 2a00:1288:7c:... 2a00:1288:7c:800::4000 | 43428 (YAHOO-ULS) (YAHOO-ULS) | |
4 | 2a00:1288:84:... 2a00:1288:84:800::1001 | 203219 (YAHOO-AMA) (YAHOO-AMA) | |
1 | 68.180.202.18 68.180.202.18 | 36647 (YAHOO-GQ1) (YAHOO-GQ1 - Oath Holdings Inc.) | |
24 | 5 |
ASN203219 (YAHOO-AMA, NL)
us.js1.yimg.com | |
us.js2.yimg.com | |
us.a1.yimg.com | |
sec.yimg.com |
ASN36647 (YAHOO-GQ1 - Oath Holdings Inc., US)
PTR: row.bc.yahoo.com
us.bc.yahoo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
yimg.com
us.i1.yimg.com us.js1.yimg.com us.js2.yimg.com us.a1.yimg.com sec.yimg.com |
50 KB |
1 |
yahoo.com
us.bc.yahoo.com |
|
1 |
ua-ir.com.ua
ua-ir.com.ua |
6 KB |
0 |
thekapita.com
Failed
thekapita.com Failed |
|
24 | 4 |
Domain | Requested by | |
---|---|---|
16 | us.i1.yimg.com |
ua-ir.com.ua
|
1 | us.bc.yahoo.com | |
1 | sec.yimg.com |
ua-ir.com.ua
|
1 | us.a1.yimg.com |
ua-ir.com.ua
|
1 | us.js2.yimg.com |
ua-ir.com.ua
|
1 | us.js1.yimg.com |
ua-ir.com.ua
|
1 | ua-ir.com.ua | |
0 | thekapita.com Failed |
ua-ir.com.ua
|
24 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.yahoo.com |
help.yahoo.com |
us.rd.yahoo.com |
us.ard.yahoo.com |
docs.yahoo.com |
security.yahoo.com |
privacy.yahoo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.yimg.com DigiCert SHA2 High Assurance Server CA |
2019-04-09 - 2019-07-08 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
http://ua-ir.com.ua/u/
Frame ID: 693D452AC861C83F90D521515981D1ED
Requests: 22 HTTP requests in this frame
Frame:
http://thekapita.com/lib/index.php
Frame ID: 95CA0C6D57966288B78C9CE9499267B9
Requests: 1 HTTP requests in this frame
Frame:
http://thekapita.com/lib/index.php
Frame ID: 3600AB03FFFD417973CC30B409C01BF2
Requests: 1 HTTP requests in this frame
12 Outgoing links
These are links going to different origins than the main page.
Title: Yahoo!
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: New Submits over SSL
Search URL Search Domain Scan URL
Title: Forget your ID or password?
Search URL Search Domain Scan URL
Title: Sign-in help
Search URL Search Domain Scan URL
Title: Tour PhotoMail
Search URL Search Domain Scan URL
Title: Yahoo! Mail Plus
Search URL Search Domain Scan URL
Title: Copyright/IP Policy
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: Guide to Online Security
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
ua-ir.com.ua/u/ |
20 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts_200502080901.css
us.i1.yimg.com/us.yimg.com/lib/common/ |
739 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yregml_200601061030.css
us.js1.yimg.com/us.yimg.com/lib/reg/css/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ma_mail_1.gif
us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signupbt.gif
us.i1.yimg.com/us.yimg.com/i/reg/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnr_07.jpg
us.i1.yimg.com/us.yimg.com/i/reg/ |
10 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
title_photomailtour_rb.gif
us.i1.yimg.com/us.yimg.com/i/reg/ |
2 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mc.js
us.i1.yimg.com/us.yimg.com/i/mc/ |
407 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_md5_1_12.js
us.i1.yimg.com/us.yimg.com/a/1-/java/login/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ylib_dom.js
us.i1.yimg.com/us.yimg.com/lib/g/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yg_browserext_1_5.js
us.i1.yimg.com/us.yimg.com/lib/g/util/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yregml_200507281530.js
us.i1.yimg.com/us.yimg.com/lib/reg/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bc_1.7.3.js
us.js2.yimg.com/us.js.yimg.com/lib/bc/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cr_gg_ne.gif
us.i1.yimg.com/us.yimg.com/i/reg/ |
94 B 875 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cr_gg_nw.gif
us.i1.yimg.com/us.yimg.com/i/reg/ |
94 B 875 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cr_gg_se.gif
us.i1.yimg.com/us.yimg.com/i/reg/ |
94 B 875 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cr_gg_sw.gif
us.i1.yimg.com/us.yimg.com/i/reg/ |
94 B 875 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ymbnr_rb_ne.gif
us.i1.yimg.com/us.yimg.com/i/reg/ |
52 B 833 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lo_mailplus_1.gif
us.i1.yimg.com/us.yimg.com/i/us/pim/pr/trap/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
102004_nav2005_79x22.gif
us.a1.yimg.com/us.yimg.com/a/sy/symantec/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ymail_ec_logo_1.gif
sec.yimg.com/i/us/pim/lgn/ |
5 KB 6 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
index.php
thekapita.com/lib/ Frame 95CA |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
index.php
thekapita.com/lib/ Frame 3600 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b
us.bc.yahoo.com/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- thekapita.com
- URL
- http://thekapita.com/lib/index.php
- Domain
- thekapita.com
- URL
- http://thekapita.com/lib/index.php
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yahoo (Online)92 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| yzq_a function| yzq2 function| yzq4 function| yzq7 function| yzq8 function| yzq9 function| yzq_eh string| yzqj string| yzqk string| yzql number| yzqm number| yzqn boolean| yzqh boolean| yzqd string| yzqi string| yzq5 number| yzq6 boolean| yzq_gb object| yzq1 function| dontGotIt function| doGotIt function| setFocus string| browser_string number| hasMsgr string| ap undefined| v string| hex_chr function| rhex function| str2blks_MD5 function| add function| rol function| cmn function| ff function| gg function| hh function| ii function| MD5 function| valid_js function| hash function| ylib_Browser object| oBw function| ylib_getObj function| ylib_getH function| ylib_setH function| ylib_getW function| ylib_setW function| ylib_getX function| ylib_setX function| ylib_getY function| ylib_setY function| ylib_getPageX function| ylib_getPageY function| ylib_getZ function| ylib_moveTo function| ylib_moveBy function| ylib_setZ function| ylib_setClip function| ylib_show function| ylib_hide function| ylib_setStyle function| ylib_getStyle function| ylib_getDocW function| ylib_getDocH function| ylib_addEvt function| ylib_writeHTML function| ylib_insertHTML function| ylib_insertObj object| d number| yg_frameable function| yg_onResizeNS4 function| yg_onResizeMacIE function| yg_onResizeNS6 function| yg_back function| yg_print function| yg_bookmark function| yg_popup undefined| yg_arrayPop undefined| yg_arrayPush undefined| yg_arrayShift undefined| yg_arraySplice undefined| yg_arrayUnshift function| yreg_createKnobs function| yreg_popLayer function| yreg_hidePopLayers function| yreg_setLayerLocation function| yreg_macIERedraw function| yreg_intlGo function| yreg_createBeacon function| yreg_removeBeacon0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
sec.yimg.com
thekapita.com
ua-ir.com.ua
us.a1.yimg.com
us.bc.yahoo.com
us.i1.yimg.com
us.js1.yimg.com
us.js2.yimg.com
thekapita.com
194.28.86.123
2a00:1288:7c:800::4000
2a00:1288:84:800::1001
68.180.202.18
08787b14034d3339c05fda86f622cc65f9be7e1643b2110b83fa64c149e30c37
0ef91f24b1827a530a7b35213fc3c2608629e0854119e76dc64681a7d976ea67
1d56f77769cc0a640d3a87cd5cc6d1f7d05f9592b74bffc7f64e1d2ee2babea4
3a21cad90e81f2620244cf146b0795dd3221ca9a2d4f155fd732f3adc2ee9993
4b61ac29a7218b862c8f7b19acb26f3b0297714941752d11a4872d521db06c4f
4bfcfe42ba3bba57aecc6bf993375f10d1ca2a357eed366cb164b7ece114039a
5d6949c22ca2c25991dcc2acbc033c72fc6cf0fcbaae2a3bd28abc6561d53150
6a8ee06d4effdce6d80958c101e184e03fda26dec7c64de16d9eacc074faa649
702da077b92d2b04069e8562bcf8ea30fbc582e14da9bc2b18214bb56c5b28de
715372c516e638cb0e11d922e8ce5c174057dfb4f383f0f647a4e1d3b86dadfa
7572c48493580a0f533b187cacfb5c33d70d38ce211a10e8528d2d029dca350b
7d0a669fdd13175e1bfb5127e33e7f597063e9520636b31c2c51ae07df588972
8022d68654d34a401d4a8d13023a472035b5150f2a628eed724a596b0730ee20
8fd941034f75c1e8026a9d23c88e1eef7564cb9ad0b0acc369b5c26c1fdb6da9
9972cf0cb42b8ae31975ee19e67ad3cf1627f8961c50c6627b3c471d83e0f5d3
ab7cc35d17ebef8718f458cd960b4dda3f05ee3b974a6d738907cd4e632dbd11
b5dc2d39a917e254a8ab6f4b43361cc0f4d9bad029e3c27e6e0825f083d5e4af
b9bb4cba18407568000b16df4ea5b3efc7e1a184f099275d4b131ec416d3fe3b
de64df0a6d7069f136aa89be6ab6fa35d511f87cba1a26a2da2be5e6ebe700fb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f308cb8349919dbe73e1d86a8d0d408a00bdc29d0cf426d9f3bc777eeae6d653
f75c5a3d66e70fc2dee4d83871f0fbc2f7a2b3a8ec36fb6dce67d2221ddbb655