s.yimg.com
Open in
urlscan Pro
2a00:1288:f03d:1fa::4000
Malicious Activity!
Public Scan
Submission: On February 24 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on January 19th 2023. Valid for: 2 months.
This is the only time s.yimg.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Yahoo (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
25 | 2a00:1288:f03... 2a00:1288:f03d:1fa::4000 | 10310 (YAHOO-1) (YAHOO-1) | |
1 2 | 142.250.185.230 142.250.185.230 | 15169 (GOOGLE) (GOOGLE) | |
27 | 3 |
ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net
ad.doubleclick.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
yimg.com
s.yimg.com — Cisco Umbrella Rank: 466 s1.yimg.com — Cisco Umbrella Rank: 90257 |
413 KB |
2 |
doubleclick.net
1 redirects
ad.doubleclick.net — Cisco Umbrella Rank: 171 |
782 B |
27 | 2 |
Domain | Requested by | |
---|---|---|
23 | s.yimg.com |
s.yimg.com
|
2 | ad.doubleclick.net | 1 redirects |
2 | s1.yimg.com |
s.yimg.com
|
27 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
sg.yahoo.com |
help.yahoo.com |
edit.yahoo.com |
login.yahoo.com |
open.login.yahoo.com |
legalredirect.yahoo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA |
2023-01-19 - 2023-03-08 |
2 months | crt.sh |
*.ec.yimg.com DigiCert SHA2 High Assurance Server CA |
2022-12-14 - 2023-03-15 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://s.yimg.com/cv/ae/india/demo/loginad/29oct15/index_launch.html
Frame ID: 6E0A153F1134B83FFBC386DF266FE8FA
Requests: 17 HTTP requests in this frame
Frame:
https://s.yimg.com/cv/ae/india/demo/loginad/29oct15/loginad_demo_wallpaper_SG.html
Frame ID: 527B365EFF8B7EF55E21373B9648048F
Requests: 17 HTTP requests in this frame
9 Outgoing links
These are links going to different origins than the main page.
Title: Yahoo
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: I can't access my account
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Create New Account
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Google
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 16- https://ad.doubleclick.net/ddm/trackimp/N2621.289019.SG.YAHOO.COM/B8892123.120484372;dc_trk_aid=293346961;dc_trk_cid=64189057;ord=$%7BREQUESTID%7D HTTP 302
- https://ad.doubleclick.net/ddm/trackimp/N2621.289019.SG.YAHOO.COM/B8892123.120484372;dc_pre=CKavo_X-rf0CFV2G_Qcdjn8Byg;dc_trk_aid=293346961;dc_trk_cid=64189057;ord=$%7BREQUESTID%7D
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index_launch.html
s.yimg.com/cv/ae/india/demo/loginad/29oct15/ |
111 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yregbase_sec_ui_1_9.css
s.yimg.com/lq/i/reg/css/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
container-min-1.css
s.yimg.com/lq/lib/reg/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
combo
s.yimg.com/zz/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_en-SG_f_p_bestfit.png
s1.yimg.com/rz/d/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
combo
s.yimg.com/zz/ |
36 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
combo
s.yimg.com/zz/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
combo
s.yimg.com/zz/ |
87 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
combo
s.yimg.com/zz/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
combo
s.yimg.com/zz/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_container-min_json-min_connection_main-min-new.js
s.yimg.com/lq/lib/reg/js/ |
129 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uh_sprite_2_16.png
s.yimg.com/dh/ap/ap/default/120503/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo_en-SG_f_pw_351x40.png
s1.yimg.com/rz/d/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginad_demo_wallpaper_SG.html
s.yimg.com/cv/ae/india/demo/loginad/29oct15/ Frame 527B |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo-login-sprite-1.4.png
s.yimg.com/sf/assets/dl/images/ |
5 KB 5 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p.gif
s.yimg.com/cv/eng/externals/131110/a/ Frame 527B |
43 B 425 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
combo
s.yimg.com/zz/ Frame 527B |
26 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
B8892123.120484372;dc_pre=CKavo_X-rf0CFV2G_Qcdjn8Byg;dc_trk_aid=293346961;dc_trk_cid=64189057;ord=$%7BREQUESTID%7D
ad.doubleclick.net/ddm/trackimp/N2621.289019.SG.YAHOO.COM/ Frame 527B Redirect Chain
|
42 B 220 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1440x1024xzr0837c2.jpg
s.yimg.com/cv/ae/sg/audience/090910/ Frame 527B |
191 KB 191 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 527B |
715 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 527B |
380 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spc.gif
s.yimg.com/ja/ap/hk/ Frame 527B |
43 B 405 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kalVideo1441952615.mp4
s.yimg.com/cv/ae/sea/sg/ Frame 527B |
50 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 527B |
547 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 527B |
552 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 527B |
195 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 527B |
515 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 527B |
242 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yui-min.js
s.yimg.com/lq/lib/yui-ssl/3.4.1/build/yui/ |
66 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
combo
s.yimg.com/lq/ |
104 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
combo
s.yimg.com/zz/ |
19 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kalVideo1441952615.mp4
s.yimg.com/cv/ae/sea/sg/ Frame 527B |
22 KB 23 KB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kalVideo1441952615.mp4
s.yimg.com/cv/ae/sea/sg/ Frame 527B |
932 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
$%7BINTERACTION_URL%7Dseq$675130496,label$video_view_videoauto1_start,type$click,time$0.35823043281631173undefined
s.yimg.com/cv/ae/india/demo/loginad/29oct15/ Frame 527B |
243 B 243 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- s.yimg.com
- URL
- https://s.yimg.com/zz/combo?/sf/assets/mbrlogin/css/mobile/deviceswitcher/2/deviceswitcher-min.css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Yahoo (Online)69 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless number| startTime number| loadTime boolean| av object| YAHOO object| yahoo_util_event function| mmCheckTheBox string| fbSigninLnk string| googSigninLnk function| YUI boolean| ps3 boolean| bb boolean| isIE object| aeaJson object| pwqaJson undefined| verifyJson undefined| selEmail number| pwqaPresent number| aeaPresent object| captchaData object| s_result function| setFocusOnCaptcha function| adipcl function| adbdcl string| cpwcFlag object| callback object| callback1 function| getXmlDomObj object| secChalStr function| closeCaptchaWindow function| removeVoiceCaptchaJS function| showUserLocked function| showSecChalPopup function| hideSecChalPopup function| showSecondChallenge function| digitToMonth function| showPWQA function| showAEA function| createAEA function| showVerify function| getCv5 function| removeDuplicatePassRaw function| makerequest function| sbmCp string| errClNm object| cPanel number| perceivedAd number| actualAd number| timeoutLimit string| crumb number| verify string| partner string| src string| intl undefined| perceivedAd2 undefined| actualAd2 undefined| baseSpaceID undefined| intlSpaceID function| dontGotIt function| doGotIt object| Y string| browser_string number| hasMsgr undefined| Dom undefined| winProps function| loadUHJS object| ucs string| _yuid1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ad.doubleclick.net
s.yimg.com
s1.yimg.com
s.yimg.com
142.250.185.230
2a00:1288:f03d:1fa::4000
00044241effb74741f9283b663ea5fea21f55525747ac4178625d81876110a10
00f7045adf1121ad1d80dfd50ea32d4c34170edfc0b603465e7f0423f3270cc9
0c15cb0ade55f3bcbf6b0c150a7fead2e40c57dca107451664da7d24ff9c4439
0c7260fac65e4f7ac5cf524f8ca96efd419cbb5a9b18a3e06e44c448581e9093
11ec04e3948e25a0d78d2f77c04940b8e38a086624ec36fa4605a2a69b133e94
18358e2109f63ac776bd524dda21e268f1fa4cbad20f904b4ff237a79d5a1ef1
1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75
28faf8d2a505ea397d010eb90261ef505b12137f97bdbf4db5edf4cb209b9e29
2990f4ae6c7cf896d98c51eac683ab5178630657b957f1ca75474b0b3c74c767
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3af0bd111b9fccb1029f6697e9bf825776ff525034304dcb724fde5edeb94a44
40b569665f7587b33766dc8a8d6d8afa5172a6f6e7cb60f294596168a7c5f5a3
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5d3e49532eb33deec698f5c939c8beabd8194a771d0bd0a8c4d5dda46c2cb8f1
5d9fbe10352f08a3efe1ade2b62135c2b7b0e586855a52aeb8e2f71ddef7b585
61093cfdb4f126ec44d49f4e7250624c320817fcb6f21166465646fb7ab5fe51
62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945
717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53
8c2112cc388b889bb741fb99b95bbad55ae67f20df33ce02e4ce05604271394c
9f4d029fecc30f08ee5f7e6b12191545714a4e4968b2d2f5027f6db018c8ca14
ad1f60d9915106c7aec0d9739901c772d4aec6dd0a6b18bd1686fef492ce3a95
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
befad4eb70371a019345ed230e386622e2f116d318495ee5091d1eeca9a99356
c63e2674df229b5556a507e1166871e9841340dbdb8929b8ed0916c30a6fd543
cbae844abf1afe1dcb40374d76db92eb45cc05056800031360ffdd91c8c51402
d01c81a759db45b4ee10bfb7db313fccb30c3b97165b42e9b9095625aa3855c9
eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fe76aa8ce3a7b9d96a4ca711e047e54255181441268e9e80824430c7deee55ca