urlscan.io logo urlscan.io
SecurityTrails logo

yalahbiina.online Open in urlscan Pro
80.209.239.232  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://dretgreerer.blob.core.windows.net/dfrtgdrfg/retyerytgrfrd.html#4LcrCm1253hDWd1mlkofktdwh179UEXRQWXLCLEVAUS331625%2F3317y12
Effective URL: http://yalahbiina.online/news?q=This%20link%20is%20locked!
Submission Tags: falconsandbox
Submission: On June 25 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 3 HTTP transactions. The main IP is 80.209.239.232, located in Lithuania and belongs to INTERNETO-VIZIJA, LT. The main domain is yalahbiina.online.
This is the only time yalahbiina.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 20.209.53.193 8075 (MICROSOFT...)
1 2 80.209.239.232 212531 (INTERNETO...)
1 1 151.101.66.132 54113 (FASTLY)
1 23.56.202.191 16625 (AKAMAI-AS)
3 3
Apex Domain
Subdomains		 Transfer
2 foxnews.com
feeds.foxnews.com — Cisco Umbrella Rank: 224874
moxie.foxnews.com — Cisco Umbrella Rank: 63461
42 KB
2 yalahbiina.online
yalahbiina.online
4 KB
1 windows.net
dretgreerer.blob.core.windows.net
561 B
3 3
Domain Requested by
2 yalahbiina.online 1 redirects dretgreerer.blob.core.windows.net
1 moxie.foxnews.com
1 feeds.foxnews.com 1 redirects
1 dretgreerer.blob.core.windows.net
3 4

This site contains links to these domains. Also see Links.

Domain
www.foxnews.com
Subject Issuer Validity Valid
*.blob.core.windows.net
Microsoft Azure TLS Issuing CA 05		 2023-06-15 -
2024-06-09		 a year crt.sh

This page contains 1 frames:

Primary Page: http://yalahbiina.online/news?q=This%20link%20is%20locked!
Frame ID: 7A6DA3B5203F17CC3AF87841104FB6FC
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Fox News World RSS Feed - trikoulinou.live

Page URL History Show full URLs

  1. https://dretgreerer.blob.core.windows.net/dfrtgdrfg/retyerytgrfrd.html Page URL
  2. http://yalahbiina.online/rd4LcrCm1253hDWd1mlkofktdwh179UEXRQWXLCLEVAUS331625%2F3317y12 HTTP 308
    http://yalahbiina.online/news?q=This%20link%20is%20locked! Page URL

Page Statistics

3
Requests

33 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

46 kB
Transfer

151 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dretgreerer.blob.core.windows.net/dfrtgdrfg/retyerytgrfrd.html Page URL
  2. http://yalahbiina.online/rd4LcrCm1253hDWd1mlkofktdwh179UEXRQWXLCLEVAUS331625%2F3317y12 HTTP 308
    http://yalahbiina.online/news?q=This%20link%20is%20locked! Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://feeds.foxnews.com/foxnews/world HTTP 301
  • https://moxie.foxnews.com/google-publisher/world.xml

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
retyerytgrfrd.html
dretgreerer.blob.core.windows.net/dfrtgdrfg/ 		158 B
561 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dretgreerer.blob.core.windows.net/dfrtgdrfg/retyerytgrfrd.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.209.53.193 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Length
158
Content-MD5
297RBUFPiLGhzG2MJyDUjA==
Content-Type
text/html
Date
Sun, 25 Jun 2023 16:38:25 GMT
ETag
0x8DB7597FDAE4C7E
Last-Modified
Sun, 25 Jun 2023 16:19:45 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type
BlockBlob
x-ms-lease-status
unlocked
x-ms-request-id
ce6f9e84-e01e-005f-1683-a7b36f000000
x-ms-version
2009-09-19
Primary Request news
yalahbiina.online/
Redirect Chain
  • http://yalahbiina.online/rd4LcrCm1253hDWd1mlkofktdwh179UEXRQWXLCLEVAUS331625%2F3317y12
  • http://yalahbiina.online/news?q=This%20link%20is%20locked!
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://yalahbiina.online/news?q=This%20link%20is%20locked!
Requested by
Host: dretgreerer.blob.core.windows.net
URL: https://dretgreerer.blob.core.windows.net/dfrtgdrfg/retyerytgrfrd.html
Protocol
HTTP/1.1
Server
80.209.239.232 , Lithuania, ASN212531 (INTERNETO-VIZIJA, LT),
Reverse DNS
4mnu.l.time4vps.cloud
Software
/
Resource Hash
f4246b88412f3a570341932c13641985a66f9f0fe44b7b5b29e58436631c1fb0

Request headers

Referer
https://dretgreerer.blob.core.windows.net/dfrtgdrfg/retyerytgrfrd.html#4LcrCm1253hDWd1mlkofktdwh179UEXRQWXLCLEVAUS331625%2F3317y12
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Type
text/html; charset=utf-8
Date
Sun, 25 Jun 2023 16:38:26 GMT
Transfer-Encoding
chunked
X-Address
gin_throttle_mw_360000000000_81.95.5.39
X-Ratelimit-Limit
10
X-Ratelimit-Remaining
8
X-Ratelimit-Reset
1687714706

Redirect headers

Content-Length
64
Content-Type
text/html; charset=utf-8
Date
Sun, 25 Jun 2023 16:38:26 GMT
Location
/news?q=This link is locked!
X-Address
gin_throttle_mw_360000000000_81.95.5.39
X-Ratelimit-Limit
10
X-Ratelimit-Remaining
9
X-Ratelimit-Reset
1687714706
world.xml
moxie.foxnews.com/google-publisher/
Redirect Chain
  • https://feeds.foxnews.com/foxnews/world
  • https://moxie.foxnews.com/google-publisher/world.xml
148 KB
42 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://moxie.foxnews.com/google-publisher/world.xml
Protocol
H2
Server
23.56.202.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-202-191.deploy.static.akamaitechnologies.com
Software
/ Express
Resource Hash
25d3bd0d3547b6eb4749efe16ea9500501f4fea83e5c35a2a21b681c5849c242

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://yalahbiina.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-cache-hits
190, 1
date
Sun, 25 Jun 2023 16:38:27 GMT
content-encoding
gzip
x-amzn-remapped-content-length
151192
x-moxiev2-version
1.0.0
x-origin
prod_moxie
x-powered-by
Express
x-amzn-requestid
f7849343-294d-4030-b825-605c9b590100
x-amz-apigw-id
HFXlNHK8oAMF4Nw=
content-length
42053
x-served-by
cache-iad-kiad7000170-IAD, cache-fra-etou8220061-FRA
x-forwarded-host
moxie.foxnews.com
x-timer
S1687711107.309189,VS0,VE3
x-amzn-trace-id
Root=1-64986c87-41d4256109eddb975cdffd12;Sampled=0;lineage=5b3254cd:0
etag
W/"24e98-DxX0DZQ4g9E7UYbSyC5u7raKDl8"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
text/xml; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=25
access-control-allow-credentials
false
access-control-max-age
86400
accept-ranges
bytes
x-debug-path
/prod/fn/google-publisher/world.xml
access-control-allow-headers
*
expires
Sun, 25 Jun 2023 16:38:52 GMT

Redirect headers

date
Sun, 25 Jun 2023 16:38:26 GMT
via
1.1 varnish
x-cache
HIT
content-length
0
x-served-by
cache-fra-eddf8230064-FRA
x-timer
S1687711107.898188,VS0,VE0
access-control-max-age
86400
access-control-allow-methods
GET,HEAD,POST,OPTIONS
location
https://moxie.foxnews.com/google-publisher/world.xml
access-control-allow-origin
*
access-control-expose-headers
etag
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
retry-after
0
x-cache-hits
0

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dretgreerer.blob.core.windows.net
feeds.foxnews.com
moxie.foxnews.com
yalahbiina.online
151.101.66.132
20.209.53.193
23.56.202.191
80.209.239.232
25d3bd0d3547b6eb4749efe16ea9500501f4fea83e5c35a2a21b681c5849c242
f4246b88412f3a570341932c13641985a66f9f0fe44b7b5b29e58436631c1fb0