r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app Open in urlscan Pro
145.40.68.46 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvf...
Effective URL:
https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvf...
Submission Tags: phishing
Submission: On August 10 via api (August 10th 2022, 10:46:06 am UTC) from US — Scanned from NL

Summary HTTP 9 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 9 HTTP transactions. The main IP is 145.40.68.46, located in Amsterdam, Netherlands and belongs to PACKET, US. The main domain is r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app.
TLS certificate: Issued by R3 on July 12th 2022. Valid for: 3 months.

This is the only time r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	145.40.68.46 145.40.68.46	54825 (PACKET) (PACKET)
2	2a00:1288:110... 2a00:1288:110:c204::b000	34010 (YAHOO-IRD) (YAHOO-IRD)
3	2a00:1288:f03... 2a00:1288:f03d:1fa::4000	10310 (YAHOO-1) (YAHOO-1)
1	13.32.121.21 13.32.121.21	16509 (AMAZON-02) (AMAZON-02)
9	5

1 145.40.68.46 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
PTR: am6-bnm00

r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:110:c204::b000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

udc.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
geo.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1288:f03d:1fa::4000 (United Kingdom)

ASN10310 (YAHOO-1, US)

fc.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-21.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	yahoo.com udc.yahoo.com — Cisco Umbrella Rank: 2113 geo.yahoo.com — Cisco Umbrella Rank: 1234 fc.yahoo.com — Cisco Umbrella Rank: 1281	745 B
1	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 145	342 B
1	ic0.app r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app	315 KB
0	yimg.com Failed l.yimg.com Failed
9	4

	Domain	Requested by
3	fc.yahoo.com	r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
1	sb.scorecardresearch.com	r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
1	geo.yahoo.com	r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
1	udc.yahoo.com	r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
1	r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
0	l.yimg.com Failed	r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
9	6

This site contains links to these domains. Also see Links.

Domain
uk.yahoo.com
policies.oath.com

Subject Issuer	Validity	Valid
boundary.dfinity.network R3	`2022-07-12` - `2022-10-10`	3 months	crt.sh
yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-07-12` - `2023-01-04`	6 months	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-07-25` - `2022-09-14`	2 months	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zmwjle&vbjkwquxk=siwtouigicbltxho&thwv=qtsv12lkvwbthhn2c19b2mbaz5qj&otzdxwzver=ym3gmegknusba5b67hcqvxozmf&pbnaobcqx=6whydrkoxtpcu9twtjvafvtj2&eegvsqbsu=m4jf81fy9ndyvgl7gzcuxt
Frame ID: EB2465BCBDFE4611FE1074FF046D97E5
Requests: 15 HTTP requests in this frame

Frame: data://truncated
Frame ID: 373A767ED62C8AA9F2EC4D3F4668A44B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Yahoo – login

Page URL History Show full URLs

http://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb... HTTP 307
https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb... Page URL

Page Statistics

9
Requests

78 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

5
IPs

3
Countries

316 kB
Transfer

776 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://uk.yahoo.com/

Search URL Search Domain Scan URL

URL: https://policies.oath.com/ie/en/oath/terms/otos/index.html
Title: Terms

Search URL Search Domain Scan URL

URL: https://policies.oath.com/ie/en/oath/privacy/index.html
Title: Privacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zmwjle&vbjkwquxk=siwtouigicbltxho&thwv=qtsv12lkvwbthhn2c19b2mbaz5qj&otzdxwzver=ym3gmegknusba5b67hcqvxozmf&pbnaobcqx=6whydrkoxtpcu9twtjvafvtj2&eegvsqbsu=m4jf81fy9ndyvgl7gzcuxt HTTP 307
https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zmwjle&vbjkwquxk=siwtouigicbltxho&thwv=qtsv12lkvwbthhn2c19b2mbaz5qj&otzdxwzver=ym3gmegknusba5b67hcqvxozmf&pbnaobcqx=6whydrkoxtpcu9twtjvafvtj2&eegvsqbsu=m4jf81fy9ndyvgl7gzcuxt Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.html Show response
r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/
Redirect Chain

http://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zm...
https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24z...

453 KB
315 KB

278ms
153ms

Document
text/html

145.40.68.46
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zmwjle&vbjkwquxk=siwtouigicbltxho&thwv=qtsv12lkvwbthhn2c19b2mbaz5qj&otzdxwzver=ym3gmegknusba5b67hcqvxozmf&pbnaobcqx=6whydrkoxtpcu9twtjvafvtj2&eegvsqbsu=m4jf81fy9ndyvgl7gzcuxt
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 145.40.68.46 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS: am6-bnm00
Software: nginx/1.21.3 /
Resource Hash: c9ae70ecf66dc825ef19017652b75ac20c3324dae6bfb3cf08fe2666db1304b9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Cookie
access-control-allow-methods: GET, POST, HEAD, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
content-encoding: gzip
content-length: 319705
content-type: text/html
date: Wed, 10 Aug 2022 10:46:01 GMT
ic-certificate: certificate=:2dn3o2R0cmVlgwGDAYMBgwJIY2FuaXN0ZXKDAYMBggRYIE1zjwtho9AA8m3pECUcdjdPcJc1Fqy1yejPKCgzCMJKgwGCBFggUNuVssZ1DbGA999pwuVVY4TFangcDicitY6M9l9TLLWDAYIEWCD6dtiYvf1I6z2DFiJk6TeciyHseJlWmPhKBpbqfQpfkIMBggRYINNrnyAm6fRQpRIM21ETdTkPAHCOopajLFbgvwD6awApgwGDAYIEWCA/U8Mg06bpOddUafyh7bZmH3qpdEEJB4pYL+WwiI7RA4MBggRYIPN1rGOJIWrPfL/mzyFStLyYdd4FBQ6C3aUQlFamHfn2gwGCBFgg7JE/yPTFDKTMwa2kX0EfesTZix8VOjyOzUXBZY3qmvCDAYIEWCCuOc8my4vX6j6uDicEWa4XQeCJ5e8QZvaZwZHR4GUw1IMBggRYIAn8vKOWAS+2K2Tz29G1L0t3orYe2wnEt3jhD+t1VRs5gwGDAYMCSgAAAAAAcBhTAQGDAYMBgwGDAk5jZXJ0aWZpZWRfZGF0YYIDWCDsACi062rNXj5NrexC3uQOcDJlQ5gIu5tU6CqfXAiW2YIEWCCDxWvxTd49KN5mxpK1/J2X6d2YW2rXKw/m+E6KjfPcsoIEWCDwR+afFan49YUZxxXt4HwemJ8JLbvnr6DAhdVycBwokoIEWCBfluH1JoY1y6BRnQM7d2SdXvBwEokOw/974mWzLAIaMIIEWCAuBDZnLQvt71tNZQDSJQEpNM8OS6B2UbMBqoCARclSloIEWCDA8uoCYbJAQXb9lPAMb56HxIlma7qW8pBM4/OLZUGBNoIEWCCfFR+v/6XKXb/4UcIPSS2MOETkD3jIr7syYcOoKKzKeoIEWCBDnwAJu8ZyrQioM0ZTS0DMKGRDF0TkWNWwsS/b4aCCIoIEWCAgVDE+5z3Xbg3SC7qDl9kXc9pSESN+ZtWzGv6PIr0p8oIEWCDcxxvKzCsTaNscC8bWdZSECMqkZNev18Id8qAsiaozBYMBggRYIN5zNFXD9hBhNGYqRgLjaOysxnJ9+na3QEAtulMdGWQkgwJEdGltZYIDScaYwpSovv2EF2lzaWduYXR1cmVYMLdieN0spwFxJ02G/nd201t/2VECEm0GuLahWF9YwV6XyUvdgp6ZgTFbHQwCIDj032pkZWxlZ2F0aW9uomlzdWJuZXRfaWRYHUUXi2akB6TVnApNZzO9os4/N8ERtCV+xBkI9PgCa2NlcnRpZmljYXRlWQJX2dn3omR0cmVlgwGCBFggkiDrOyyJRfhRXIS4jMWYNsdUmkpGojS+6SpywVRmJOKDAYMCRnN1Ym5ldIMBgwGDAYIEWCCC25A9dzqfIMBsVVn+ztbhqv6zKO+tGkizMWOhB3uGXIMBggRYIEZqcChs+azpgBylPiKvbuBZoJT9YEmGBtSEtoVAWDB9gwGCBFggagzQgbJohggv5MU6t01+o/KKM6CPd+xSm1JtpoC4lGeDAYMCWB1FF4tmpAek1ZwKTWczvaLOPzfBEbQlfsQZCPT4AoMBgwJPY2FuaXN0ZXJfcmFuZ2VzggNYG9nZ94GCSgAAAAAAcAAAAQFKAAAAAAB///8BAYMCSnB1YmxpY19rZXmCA1iFMIGCMB0GDSsGAQQBgtx8BQMBAgEGDCsGAQQBgtx8BQMCAQNhAJVfUvc8LexZpjeylOULk0211t4p5zu8+E59hqSsQbrXtTn5gXreiRaWHZ3Wv5JXAQ1YVxVuj+aq/Pb9BoeV5wvTOZs0ETAMnMyOug0GjBDkz7b04n0ZWx6teF1hjrOTuYIEWCAAm+bqf6+s6PfCS94lWkfuSudBPVAeM77aP3K1oe9ONoIEWCB3iEGM3zmswsJXHveM9YA5XCZ4sDN7PP6TlDhm8Fh/poIEWCAthWu6e2yAFxzo5dEhu35EULNWWmRNkTXp/liEKBwfuYMCRHRpbWWCA0mu8LrdpueZhBdpc2lnbmF0dXJlWDCUI0DzcrinbAedFtTE2U8L4wph9uj8TO1qqas30NVYJgoTqoybVwZ1Xb0miJlHpk0=:, tree=:2dn3gwJLaHR0cF9hc3NldHODAYIEWCBQRSaXlx4GCJ5Fnul7lwdLzGsj8EObjqD3hr0JdWpTL4MBgwJLL2xvZ2luLmh0bWyCA1ggya5w7PZtyCXvGQF2UrdawgwzJNrmv7PPCP4mZtsTBLmCBFggkCFc5sdWqPe4M9BgTnNjfa+ub/ENoR0zLjG9F+yX7yo=:
server: nginx/1.21.3
x-cache-status: MISS

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zmwjle&vbjkwquxk=siwtouigicbltxho&thwv=qtsv12lkvwbthhn2c19b2mbaz5qj&otzdxwzver=ym3gmegknusba5b67hcqvxozmf&pbnaobcqx=6whydrkoxtpcu9twtjvafvtj2&eegvsqbsu=m4jf81fy9ndyvgl7gzcuxt
Non-Authoritative-Reason: HSTS

GET
DATA 200
OK truncated Show response
/ 7 KB
0 Script
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84e4ea328500595da6141364964bb4d7a83023f2cd7072aadda7a47d2cc629f4

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Content-Type: application/javascript;charset=utf-8

GET g-r-min.js
l.yimg.com/rq/darla/3-23-1/js/ 0
0

GET
DATA 200
OK truncated Show response
/ 205 KB
0 Script
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10b59e4a2b98df779964e859a6edaec936aadabae97f753c747fcbed7769efcf

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Content-Type: application/javascript;charset=utf-8

GET
DATA 200
OK truncated Show response
/ 46 KB
0 Script
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a8ce16e3e81873ddcc952b5029fdb0d75bd8e7e18df5a8ec098bfb96a9ac9d26

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Content-Type: application/javascript;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Content-Type: image/svg+xml;charset=utf-8

POST
H2 204 yql Show response
udc.yahoo.com/v2/public/ 0
299 B 334ms
51ms XHR
text/plain 2a00:1288:110:c204::b000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to

Full URL

https://udc.yahoo.com/v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=794224018&yhlCT=2&yhlBTMS=1660128362140&yhlClientVer=3.53.3&yhlRnd=RpQUudosCpHAQVB7&yhlCompressed=0

Requested by

Host: r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
URL: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zmwjle&vbjkwquxk=siwtouigicbltxho&thwv=qtsv12lkvwbthhn2c19b2mbaz5qj&otzdxwzver=ym3gmegknusba5b67hcqvxozmf&pbnaobcqx=6whydrkoxtpcu9twtjvafvtj2&eegvsqbsu=m4jf81fy9ndyvgl7gzcuxt

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/
accept-language: nl-NL,nl;q=0.9
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 10 Aug 2022 10:46:02 GMT
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin
p3p: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
access-control-allow-origin: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
cache-control: no-store, no-cache, private, max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=31536000
expires: -1

POST
H2 200 c
geo.yahoo.com/ 43 B
446 B 189ms
69ms Ping
image/gif 2a00:1288:110:c204::b000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to

Full URL

https://geo.yahoo.com/c?s=794224018&t=lPHVd6b6O23CCa4V,0.2008935966891503&_I=&_AO=0&_NOL=0&_R=&_K=3.53.3%05_pl%031%04A_v%033.53.3%04A_cn%03VERSIONED-PROD%04_bt%03rapid%04A_pr%03https%04A_tzoff%030%04A_sid%03EfFd0poJprQU7Si0%04_w%03login.yahoo.com%2F%04pt%03utility%04ver%03nodejs%04pct%03sign-in%04pg_name%03yahoo%20Login%20-%20Landing%20Page%04pstcat%03username-verify%04gm_np%03yahoo%04p_sec%03login%04p_subsec%03login%04context%03primary%04_rx%032efdxrw5r7n.2tv6ynpm%26v%3D1%04_ts%031660128362%04_ms%03141%04A_sr%031600x1200%04A_vr%031600x1200%04A_do%031%04A_ib%031600x1200%04A_ob%031600x1200%04A_srr%031&_C=mKey%03primary_login_launch%04intrctn%03click%04corActn%03click%04sec%03primary_login_launch%04_p%030

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

pragma: no-cache
date: Wed, 10 Aug 2022 10:46:02 GMT
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
cache-control: no-cache, no-store, private
x-envoy-upstream-service-time: 1
content-type: image/gif
content-length: 43

GET
H2 403 client.php
fc.yahoo.com/sdarla/php/ 0
0 372ms
87ms Script
text/html 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794224018&ref=https%3A%2F%2Flogin.yahoo.com%2F
Requested by: Host: r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
URL: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zmwjle&vbjkwquxk=siwtouigicbltxho&thwv=qtsv12lkvwbthhn2c19b2mbaz5qj&otzdxwzver=ym3gmegknusba5b67hcqvxozmf&pbnaobcqx=6whydrkoxtpcu9twtjvafvtj2&eegvsqbsu=m4jf81fy9ndyvgl7gzcuxt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/
accept-language: nl-NL,nl;q=0.9
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Content-Type: image/png

GET
H2 200 p
sb.scorecardresearch.com/ 43 B
342 B 111ms
32ms Image
image/gif 13.32.121.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=794224018&ns_c=UTF-8&ns__t=1580619747149&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1
Requested by: Host: r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
URL: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zmwjle&vbjkwquxk=siwtouigicbltxho&thwv=qtsv12lkvwbthhn2c19b2mbaz5qj&otzdxwzver=ym3gmegknusba5b67hcqvxozmf&pbnaobcqx=6whydrkoxtpcu9twtjvafvtj2&eegvsqbsu=m4jf81fy9ndyvgl7gzcuxt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-21.fra60.r.cloudfront.net
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date: Wed, 10 Aug 2022 10:46:02 GMT
via: 1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
content-length: 43
x-amz-cf-id: 21OjaOZVwTdyrDiFklKZ0e43K-ASW7upuMAG9xQ8neo_FGG1bvwEOQ==
x-cache: Miss from cloudfront
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame 373A 60 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4daf5a5ec393bf23d0d32fa4b01c58318cd56dc97c12d5cf4c6afb1efa682046

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Content-Type: image/jpeg

GET
H2 403 client.php
fc.yahoo.com/sdarla/php/ 0
0 87ms
87ms Script
text/html 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794224018&ref=https%3A%2F%2Flogin.yahoo.com%2F
Requested by: Host: r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
URL: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zmwjle&vbjkwquxk=siwtouigicbltxho&thwv=qtsv12lkvwbthhn2c19b2mbaz5qj&otzdxwzver=ym3gmegknusba5b67hcqvxozmf&pbnaobcqx=6whydrkoxtpcu9twtjvafvtj2&eegvsqbsu=m4jf81fy9ndyvgl7gzcuxt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

GET
H2 403 client.php
fc.yahoo.com/sdarla/php/ 0
0 87ms
87ms Script
text/html 2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to

Full URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794224018&ref=https%3A%2F%2Flogin.yahoo.com%2F
Requested by: Host: r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
URL: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zmwjle&vbjkwquxk=siwtouigicbltxho&thwv=qtsv12lkvwbthhn2c19b2mbaz5qj&otzdxwzver=ym3gmegknusba5b67hcqvxozmf&pbnaobcqx=6whydrkoxtpcu9twtjvafvtj2&eegvsqbsu=m4jf81fy9ndyvgl7gzcuxt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/
User-Agent: ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: l.yimg.com
URL: http://l.yimg.com/rq/darla/3-23-1/js/g-r-min.js

Domain: l.yimg.com
URL: http://l.yimg.com/rq/darla/3-23-1/js/g-r-min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.ic0.app/	1970-01-20 13:54:24	Name: rxx Value: 2efdxrw5r7n.2tv6ynpm&v=1

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: data:application/javascript;charset=utf-8,var%20DARLA%2C%24sf%2C%24yac%3B!function()%7Bfunction%20t(t%2Ce%2Cr)%7Bvar%20n%3Dt%7C%7C%22%22%2Co%3D%2F%5C-min%5C.js%24%2Fgi%2Ci%3D%2F%5C.html%24%2Fgi%3Breturn%20n%26%26(e%26%26-1!%3Dn%5Bnt%5D(xt)%26%26(n%3Dn%5Brt%5D(xt%2Ce))%2Cr%26%26(-1!%3Dn%5Bnt%5D(o)%3Fn%3Dn%5Brt%5D(o%2C%22-debug.js%22)%3A-1!%3Dn%5Bnt%5D(i)%26%26(n%3Dn%5Brt%5D(i%2C%22-debug.html%22))))%2Cn%7Dfunction%20e(e)%7Bvar%20r%2Cn%3DU%3Bif(e)%7Be%5Bft%5D%7C%7C(e%5Bft%5D%3DY)%2Ce%5But%5D%7C%7C(e%5But%5D%3DH)%2Ce%5Bht%5D%7C%7C(e%5Bht%5D%3DG)%2Cn%3De.debug%2Cr%3De.lib_ver%7C%7C%22%22%3Btry%7Br%3Dr.match(xt)%5B0%5D%7Dcatch(o)%7Br%3D%22%22%7De%5Bft%5D%3Dt(e%5Bft%5D%2Cr%2Cn)%2Ce%5Bht%5D%3Dt(e%5Bht%5D%2Cr%2Cn)%2Ce%5But%5D%3Dt(e%5But%5D%2Cr%2Cn)%7D%7Dfunction%20r(t)%7Bvar%20e%2Cr%3DX%3Btry%7Bif(t%26%26typeof%20t%3D%3DV)for(e%20in%20t)%7Br%3DU%3Bbreak%7D%7Dcatch(n)%7Br%3DX%7Dreturn%20r%7Dfunction%20n()%7Bqt%5Bct%5D%3D%7B%7D%2Cqt.firstPos%3Dz%2Cqt.meta%3D%7B%7D%2Cqt%5BW%5D%3D%7B%7D%2CFt%3D%7B%7D%2CNt%3D%7B%7D%7Dfunction%20o()%7Bvar%20t%2Ce%2Cr%2Cn%2Co%2Ci%2Ca%2Cc%2Cs%2Ch%2Cu%3D0%3Bfor(t%3Dg()%3Be%3Dt%5Bu%2B%2B%5D%3B)if(r%3De.id%7C%7C%22%22%2Cr%7C%7C(r%3D%22sf_tag_%22%2B(new%20Date).getTime()%2B%22_%22%2BMath.round(100Math.random())%2Ce.id%3Dr)%2C!Ft%5Br%5D)%7Btry%7Be.setAttribute(%22type%22%2CK%2B%22-processed%22)%7Dcatch(d)%7B%7Dif(Ft%5Br%5D%3Dr%2Co%3De.text%7C%7Ce.innerHTML%7C%7Ce.innerText%7C%7C%22%22)%7Btry%7Bo%3Do%5Brt%5D(Dt%2C%22%22)%5Brt%5D(Tt%2C%22%22)%3Btry%7Bo%3DJSON.parse(o)%7Dcatch(l)%7Bi%3Dnew%20Ct(%22return%20%22%2Bo)%2Co%3Di()%2Ci%3Dz%7D%7Dcatch(l)%7Bi%3Do%3Dz%3Bcontinue%7Dif(o)if(c%3Do%5Bct%5D)%7Bfor(n%3D0%3Ba%3Dc%5Bn%2B%2B%5D%3B)s%3Da.id%2Cs%26%26(Nt%5Bs%5D%7C%7C(Nt%5Bs%5D%3D1%2Cqt%5Bct%5D%5Bs%5D%3Da%2Cqt%5Bct%5D%5Bs%5D.dataTagID%3Dr%2Cqt.firstPos%7C%7C(qt.firstPos%3Da)))%3Bo%5BW%5D%26%26(qt%5BW%5D%3Df(qt%5BW%5D%2Co%5BW%5D))%2Co.meta%26%26(qt.meta%3Df(qt.meta%2Co.meta))%7Delse%7Bif(s%3Do.id%2C!s)continue%3Bif(Nt%5Bs%5D)continue%3Bh%3Do.html%7C%7Co.src%7C%7C%22%22%2Ch%26%26%22string%22%3D%3Dtypeof%20h%26%26(Nt%5Bs%5D%3D1%2Cqt%5Bct%5D%5Bs%5D%3Do%2Cqt%5Bct%5D%5Bs%5D.dataTagID%3Dr%2Cqt.firstPos%7C%7C(qt.firstPos%3Do)%2Co.baseConf%26%26(qt%5BW%5D%3Df(qt%5BW%5D%2Co.baseConf)))%7D%7D%7D%7Dfunction%20i()%7Bvar%20t%3Btry%7BMt%26%26!Et%26%26%24sf.host.boot(Gt)%7Dcatch(t)%7Bs(531%2Ct%5Bdt%5D)%7D%7Dfunction%20a()%7Btry%7B%24sf.host.onReady()%7Dcatch(t)%7B%7D%7Dfunction%20c()%7Bvar%20t%2Ce%2Cr%3Dz%3Btry%7BPt%3Dwindow%2Cr%3Dj%26%26j.host%2Ct%3Dr%26%26r.boot%2Cj%3DPt%26%26Pt.%24sf%2Cj%26%26(D%3Dj.lib%2Cr%3DMt%3Fr%3Fr%3Aj.host%3Az)%2CD%26%26(T%3DD.lang%2Cx%3DD.dom%2CT%26%26(P%3DT.cstr%2CR%3DT.cnum%2CC%3DT.cbool))%2CMt%26%26r%26%26(F%3Dr.Config%2CN%3Dr.PosConfig%2Cq%3Dr.PosMeta%2CI%3Dr.Position)%7Dcatch(n)%7Be%3DU%7Dreturn%20e!%3D%3DU%26%26j%26%26D%26%26r%26%26T%26%26x%26%26P%26%26R%26%26F%26%26N%26%26q%26%26I%3Fr%26%26t%26%26!r.boot%26%26(r.boot%3D_)%3AF%3DN%3Dq%3DI%3Dz%2Cr%7Dfunction%20s(t%2Ce)%7Btry%7BD%26%26D.log%26%26D.logger.note(t%2Ce)%7Dcatch(r)%7B%7D%7Dfunction%20f(t%2Ce%2Cr)%7Bvar%20n%2Co%2Ci%3Bif(t%7C%7C(t%3D%7B%7D)%2C!e%7C%7Ctypeof%20e!%3DV%7C%7Ce%20instanceof%20Lt%3D%3DU)return%20t%3Bif(e.nodeType)return%20t%3Bfor(o%20in%20e)try%7Bif(n%3De%5Bo%5D%2Ci%3Dtypeof%20n%2Ci%3D%3DV%26%26n%26%26(n%3Dtypeof%20t%5Bo%5D%3D%3DV%26%26t%5Bo%5D%3Ff(t%5Bo%5D%2Cn%2Cr)%3Af(%7B%7D%2Cn%2Cr))%2Cr%26%26o%20in%20t)continue%3Bt%5Bo%5D%3Dn%7Dcatch(a)%7Bcontinue%7Dreturn%20t%7Dfunction%20h()%7Bvar%20t%2Ce%2Cn%2Ci%2Ca%2Cs%3D%7B%7D%3Bc()%3Btry%7Bt%3Dj%26%26j.host%7Dcatch(h)%7Bt%3Dz%7Dtry%7Bi%3Dt%26%26t%5BW%5D%7Dcatch(h)%7Bi%3Dz%7Dtry%7Ba%3Dt%26%26F()%7Dcatch(h)%7Ba%3Dz%7Dtry%7Be%3DPt.DARLA_CONFIG%7Dcatch(h)%7Be%3Dz%7Dtry%7Bn%3DPt.%24YAC_CONF%7Dcatch(h)%7Bn%3Dz%7Dreturn%20s%3Di%3Ff(s%2Ci%2CX)%3As%2Cs%3De%3Ff(s%2Ce%2CX)%3As%2Cs%3Dn%3Ff(s%2Cn%2CX)%3As%2Cs%3Da%3Ff(s%2Ca%2CX)%3As%2Co()%2Cs%3Df(s%2Cqt%5BW%5D%2CX)%2Cr(s)%26%26(s%3Dz)%2Cs%7Dfunction%20u(t%2Ce)%7Bvar%20r%3D%5B%22%3C%22%2C%24t%2C%22%20type%3D'text%2Fjava%22%2C%24t%2C%22'%20src%3D'%22%2Ct%2C%22'%22%2C%22%22%2C%22%22%2C%22%22%2C%22%3E%3C%2F%22%2C%24t%2C%22%3E%22%5D%3Breturn%20e%26%26(r%5B7%5D%3D%22id%3D'%22%2Cr%5B8%5D%3De%2Cr%5B9%5D%3D%22'%22)%2Cr.join(%22%22)%7Dfunction%20d()%7B%7Dfunction%20l(t%2Ce)%7Bvar%20r%3Ddocument%3Bt%3Dt%7C%7C0%2Ct%26%26s(t)%2CMt%7C%7C(r.open(%22text%2Fhtml%22%2C%22replace%22)%2Cr.write(%22%3C!--%20sf%20err%20(%22%2Ct%7C%7C0%2C%22)%20%22%2Ce%7C%7C%22%22%2C%22%20--%3E%22)%2Cr.close())%2Cr%3Dz%7Dfunction%20y(t)%7Breturn%20t%26%26t.tagName%26%26t.tagName.toLowerCase()%7C%7C%22%22%7Dfunction%20m(t)%7Breturn%20t%26%26Rt%26%26Rt.getElementById(t)%7C%7Cz%7Dfunction%20p(t)%7Breturn%20t%26%26Rt%26%26Rt.getElementsByTagName(t)%7C%7C%5B%5D%7Dfunction%20g()%7Bvar%20t%2Ce%2Cr%3Dz%2Cn%3D%22querySelectorAll%22%2Co%3D0%3Bif(kt%3D%3D%3Dz)try%7Bkt%3Dn%20in%20document%7Dcatch(i)%7Bkt%3DU%7Dif(kt)try%7Br%3DRt%5Bn%5D(%24t%2B%22%5Btype%3D'%22%2BK%2B%22'%5D%22)%7Dcatch(i)%7Br%3Dz%7Dif(!r)for(t%3Dp(%24t)%2Cr%3D%5B%5D%3Be%3Dt%5Bo%2B%2B%5D%3B)e.type%3D%3DK%26%26r.push(e)%3Breturn%20r%7C%7C%5B%5D%7Dfunction%20v()%7Bvar%20t%2Ce%3Dm(jt)%3Bif(e)try%7Bb.call(e)%7Dcatch(t)%7Bs(532%2Ct%5Bdt%5D)%7Delse%20s(533)%7Dfunction%20b()%7Bvar%20t%2Ce%3Dthis%2Cr%3DU%3By(e)!%3D%24t%26%26(e%3Dm(jt))%2Ce%26%26(t%3De.readyState%2Ce%5BQ%5D%3F%22loaded%22!%3Dt%26%26%22complete%22!%3Dt%7C%7C(r%3DX%2Ce%5BQ%5D%3Dz)%3A(r%3DX%2Ce.onload%3Dz)%2Cr%26%26(e%3Dz%2Cc()%2Cj%26%26D%26%26T%26%26x%3F(b%3Dd%2Ca()%2C_(Gt))%3As(534)))%7Dfunction%20w()%7Bvar%20t%2Cr%2Cn%2Co%2Ca%2Cf%2Cu%3Bif(!Et%26%26Mt)if(r%3Dc()%2Cu%3D!!F%2Cj%7C%7C(Pt.%24sf%3Dj%3D%7B%7D)%2Cr%7C%7C(%24sf.host%3Dr%3D%7B%7D)%2Cr.boot)%7Bif(x%26%26!St)try%7BSt%3DX%2Cx.wait(i)%7Dcatch(d)%7Bs(539%2Cd%5Bdt%5D)%7D%7Delse%20if(r.boot%3D_%2Ct%3Dh()%7C%7C%7B%7D%2Ce(t)%2Cn%3Dt%5Bft%5D%2Cu)_(Gt)%3Belse%20if(f%3Dot%20in%20t%26%26t%5Bot%5D%3D%3D%3DU%7C%7Cit%20in%20t%26%26t%5Bit%5D%3D%3D%3DU%3FU%3AX%2Cf%3Df%26%26!!n%26%26!Bt%2Cf%26%26(a%3Dm(jt)%2Ca%26%26y(a)%3D%3D%24t%26%26a.src%3D%3Dn%26%26(f%3DU%2CBt%3DX))%2Cf%26%26!Bt)try%7Bo%3Dp(%22head%22)%5B0%5D%2Ca%3DRt.createElement(%24t)%2Ca.id%3Djt%2Ca.type%3D%22text%2Fjava%22%2B%24t%2Ca.className%3D%22sf_lib%22%2CPt.ActiveXObject%3Fa%5BQ%5D%3Db%3Aa.onload%3Db%2Ca.src%3Dn%2CBt%3DX%2CsetTimeout(v%2Cpt)%2Co.appendChild(a)%7Dcatch(d)%7Bs(535%2Cd%5Bdt%5D)%7D%7Dfunction%20A(t%2Ce)%7Bvar%20r%2Cn%2Co%3DU%2Ci%3D%5B%22hasError%22%2C%22hasErr%22%2C%22err%22%2C%22error%22%5D%2Ca%3D0%3Bif(t%26%26C)%7Bfor(%3Br%3Di%5Ba%2B%2B%5D%3B)if(r%20in%20t%26%26C(t%5Br%5D))%7Bo%3DX%3Bbreak%7Do%7C%7Ce%7C%7C(n%3Dt.meta%2Cn%26%26(o%3DA(n%2CX)))%7Dreturn%20o%7Dfunction%20%24(t)%7Bvar%20e%2Cn%2Co%2Ci%2Ca%2Cc%2Ch%2Cd%2Cy%2Cp%2Cg%3Dz%2Cv%3Dj%26%26j.ext%3Bif(t)if(Mt)%7Bif(o%3Dt.id)%7Bif(i%3DN.item(o)%2Ci.id%3Do%2Ci.pos%3Do%2Ca%3Dt%5BW%5D%2Cr(a)%7C%7C(i%3Df(i%2Ca%2CX)%2Ci.dest%7C%7C(i.dest%3Da.dest%7C%7C%22%22)%2Ci.w%7C%7C(i.w%3Da.w%7C%7C0)%2Ci.h%7C%7C(i.h%3Da.h%7C%7C0)%2Ci%3DN(i))%2Ci%26%26(d%3DP(i.dest)%2Cd%7C%7C(d%3Dqt%5Bct%5D%5Bo%5D.dataTagID%2Cd%26%26(i%3DN(i%2Cd))))%2Cr(i))return%20void%20s(429%2Co)%3Bif(!d)return%20void%20s(430%2Co)%3Bif(c%3Dm(d)%2C!c)return%20void%20s(431%2Co)%3Bh%3Dt.meta%2Ch%3Dr(h)%3Fz%3Anew%20q(h)%2Cn%3Dnew%20I(t%2Cz%2Ch%2Ci)%2Cg%3Dn%7D%7Delse%7Btry%7By%3Dtop.document%7Dcatch(b)%7By%3Dz%7Dif(e%3Dt%5Bst%5D%7C%7C%22%22%2Ce%3De%7C%7Cu(t.src)%2Cy%7C%7Ce%26%26!A(t))if(y%7C%7C!Ot%7C%7CIt)y%3FsetTimeout(function()%7Bl(514)%7D%2C100)%3AsetTimeout(function()%7Bl(537)%7D%2C100)%3Belse%7BIt%3DX%3Btry%7B%24sf.host%3Dz%2Cdelete%20%24sf.host%2CI%3DN%3DF%3Dq%3Dz%7Dcatch(b)%7B%7Dtry%7BRt.write(e)%7Dcatch(b)%7B%7D%7Delse%7Bif(v%26%26v.msg)try%7Bv.msg(%22noad%22)%7Dcatch(b)%7B%7Delse%20try%7By%3Ddocument.referrer%2Cy%26%26-1!%3Dy%5Btt%5D(%22http%22)%3F(p%3Dy%5Btt%5D(%22%2F%22%2C9)%2Cp%3D-1%3D%3Dp%3Fy.length%3Ap%2Cy%3Dy.substring(0%2Cp))%3Ay%3D%22%22%2Cy.length%3E8%26%26top%5Byt%5D(%22noad%3D1%26id%3D%22%2B(t.id%7C%7Ct.pos%7C%7C%22unknown%22)%2Cy)%7Dcatch(b)%7B%7DsetTimeout(function()%7Bl(539)%7D%2C100)%7D%7Delse%20s(432)%3Breturn%20g%7Dfunction%20_(t)%7Bvar%20n%2Ca%2Cc%2Cf%2Cu%2Cd%2Cl%2Cy%2Cp%3Bif(Mt%26%26(!j%7C%7C!T%7C%7C!x))return%20s(542)%2CU%3Bif(Et)return%20s(538)%2CU%3Bif(Mt)%7Bif(d%3Dh()%2Cr(qt%5Bct%5D)%26%26!St)%7BSt%3DX%3Btry%7Bx.wait(i)%7Dcatch(p)%7Bs(542%2Cp%5Bdt%5D)%7Dreturn%7Dd%7C%7C(d%3D%7B%7D)%2Ce(d)%2CEt%3DX%3Btry%7Bd%26%26(d%5Blt%5D%7C%7Cd%5Bmt%5D%7C%7C(d%5Bmt%5D%3DJ)%2Cd%3DF(d))%7Dcatch(g)%7Bd%3Dz%7Dif(r(d)%7C%7C!d%5Bft%5D)return%20d%3Dz%2CEt%3DU%2Cs(543)%2CU%3Bif(t%3D%3D%3DGt%26%26d%26%26(d%5Bat%5D%3D%3D%3DU%7C%7Cd%5Bot%5D%3D%3D%3DU))return%20void(Et%3DU)%3Btry%7Bu%3Dnew%20DARLA.Response(%22prefetched%22%2Cqt.meta)%7Dcatch(p)%7Breturn%20s(545%2Cp%5Bdt%5D)%2Cvoid(Et%3DU)%7Df%3Dqt%5Bct%5D%3Bfor(a%20in%20f)if(n%3Df%5Ba%5D%2Cc%3D%24(n)%2Cc%26%26t%3D%3D%3DGt%26%26d%5Bat%5D!%3D%3DU%26%26d%5Bot%5D!%3D%3DU)%7Btry%7Bu.add(c)%2Cn.r%3D1%7Dcatch(p)%7B%7Dif(y%3Dm(n.dataTagID))try%7By.setAttribute(%22type%22%2CK%2B%22-booted%22)%7Dcatch(p)%7B%7D%7Dtry%7Bl%3Du.length()%7Dcatch(p)%7Bl%3D0%2Cs(433%2Cp%5Bdt%5D)%7Dif(l)%7Btry%7BDARLA._callingRenderFromBoot%3D!0%2Cj.host%5BZ%5D(u)%7Dcatch(p)%7Bs(540%2Cp%5Bdt%5D)%7Dreturn%20X%7Dif(Yt)return%3Bif(Yt%3Dd.init%2CYt%26%26Pt.DARLA%26%26(d%5Blt%5D%7C%7Cd%5Bmt%5D))try%7BDARLA.event(%22sf_init%22%2CYt)%7Dcatch(p)%7Bs(541%2Cp%5Bdt%5D)%7D%7Delse%20o()%2CEt%3DX%2C%24(qt.firstPos)%3Breturn%20X%7Dvar%20j%2CD%2CT%2Cx%2CP%2CR%2CC%2CL%2CF%2CN%2Cq%2CI%2CM%2CO%2CE%2Ck%2CB%2CS%2CY%2CG%2CH%2CJ%2CU%3D!1%2CX%3D!0%2Cz%3Dnull%2CK%3D%22text%2Fx-safeframe%22%2CQ%3D%22onreadystatechange%22%2CV%3D%22object%22%2CW%3D%22conf%22%2CZ%3D%22render%22%2Ctt%3D%22indexOf%22%2Cet%3D%22position%22%2Crt%3D%22replace%22%2Cnt%3D%22search%22%2Cot%3D%22auto%22%2Cit%3Dot%2B%22_lib%22%2Cat%3Dot%2B%22_%22%2BZ%2Cct%3Det%2B%22s%22%2Cst%3D%22html%22%2Cft%3D%22hostFile%22%2Cht%3DZ%2B%22File%22%2Cut%3D%22msgFile%22%2Cdt%3D%22message%22%2Clt%3D%22servicePath%22%2Cyt%3D%22postMessage%22%2Cmt%3D%22x%22%2Blt%2Cpt%3D3e4%2Cgt%3D%22http%3A%2F%2Fl.yimg.com%2Frq%2Fdarla%22%2Cvt%3D%22https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%22%2Cbt%3D%223-23-1%22%2Cwt%3D%22http%3A%2F%2Fl.yimg.com%2Frq%2Fdarla%2F3-23-1%2Fjs%2Fg-r-min.js%22%2CAt%3D%22http%3A%2F%2Ffc.yahoo.com%2Fsdarla%2Fphp%2Ffc.php%22%2C%24t%3D%22script%22%2C_t%3D%22sf_auto_%22%2Bfunction()%7Bvar%20t%3Dnew%20Date%3Breturn%5Bt.getDay()%2C%22-%22%2Ct.getDate()%2C%22-%22%2Ct.getMonth()%2C%22-%22%2Ct.getFullYear()%5D.join(%22%22)%7D()%2Cjt%3D%22sf_host_lib_%22%2B_t%2CDt%3D%2F%5E%5Cs%5Cs%2F%2CTt%3D%2F%5Cs%5Cs%24%2F%2Cxt%3D%2F(%5Cd%2B%5C-%5Cd%2B%5C-%5Cd%2B)%7C(9999)%2F%2CPt%3Dwindow%2CRt%3DPt%26%26Pt.document%2CCt%3DFunction%2CLt%3DObject%2CFt%3D%7B%7D%2CNt%3D%7B%7D%2Cqt%3D%7B%7D%2CIt%3DU%2CMt%3DU%2COt%3DU%2CEt%3DU%2Ckt%3Dz%2CBt%3DU%2CSt%3DU%2CYt%3Dz%2CGt%3D%7B%7D%3Btry%7Bif(M%3DPt.%24sf%26%26%24sf.host%26%26%24sf.host.boot%7C%7Cz%2CM%26%26%22function%22%3D%3Dtypeof%20M%26%26M!%3D_)return%20void(Pt%5B_t%5D%3DX)%3Bif(_t%20in%20Pt)return%3BPt%5B_t%5D%3DX%7Dcatch(Ht)%7Breturn%20void%20s(541)%7DO%3Dgt%2CE%3Dvt%2CS%3Dbt%2CY%3Dwt%2CJ%3DAt%2CO%26%260%3D%3DO%5Btt%5D(%22http%3A%22)%7C%7C(O%3D%22http%3A%2F%2Fl.yimg.com%2Frq%2Fdarla%2F%22)%2CE%26%260%3D%3DE%5Btt%5D(%22https%3A%22)%7C%7C(E%3D%22https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F%22)%2CS%26%26-1!%3DS%5Bnt%5D(xt)%7C%7C(S%3D%222-8-4%22)%2CJ%26%26-1!%3DJ%5Btt%5D(%22http%22)%7C%7C(J%3D%22http%3A%2F%2Ffc.yahoo.com%2Fsdarla%2Fphp%2Ffc.php%22)%3Btry%7BL%3DRt.URL%7C%7Clocation.href%7Dcatch(Ht)%7BL%3D%22%22%7D0%3D%3DL%5Btt%5D(%22https%3A%22)%26%26(O%3DE%2CJ%3DJ%5Brt%5D(%2F%5Ehttp%5C%3A%2Fi%2C%22https%3A%22))%2Ck%3DO%2B%22%2F%22%2BS%2CB%3Dk%2B%22%2F%22%2Bst%2CY%26%26-1!%3DY%5Btt%5D(%22.js%22)%7C%7C(Y%3Dk%2B%22%2Fjs%2Fg-r-min.js%22)%3Btry%7BMt%3D!(Pt!%3Dtop)%7Dcatch(Ht)%7BMt%3DU%7Dif(G%3DB%2B%22%2Fr-sf.%22%2Bst%2CH%3DB%2B%22%2Fmsg.%22%2Bst%2CMt%3D%3D%3DU)try%7BOt%3D!(Pt.parent!%3Dtop)%7Dcatch(Ht)%7BOt%3DU%7Dn()%2CMt%3F(c()%2Cw())%3AOt%3F(c()%2C_())%3As(541)%7D()%3B Message*: Mixed Content: The page at 'https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zmwjle&vbjkwquxk=siwtouigicbltxho&thwv=qtsv12lkvwbthhn2c19b2mbaz5qj&otzdxwzver=ym3gmegknusba5b67hcqvxozmf&pbnaobcqx=6whydrkoxtpcu9twtjvafvtj2&eegvsqbsu=m4jf81fy9ndyvgl7gzcuxt' was loaded over HTTPS, but requested an insecure script 'http://l.yimg.com/rq/darla/3-23-1/js/g-r-min.js'. This request has been blocked; the content must be served over HTTPS.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://l.yimg.com/rq/darla/3-23-1/js/g-r-min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	error	Message: Mixed Content: The page at 'https://r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app/login.html?bdjtxjqtk=5a99qxvdptpp3pxhwrvszu&ltyigcfsns=cinfpxkoffolprxljhqwb7bt19kh&gnxtwhq=bqvfxhpskrao8yvfmqtqhm9cpgww&lhklws=ssojdpilekao3ts4hc24zmwjle&vbjkwquxk=siwtouigicbltxho&thwv=qtsv12lkvwbthhn2c19b2mbaz5qj&otzdxwzver=ym3gmegknusba5b67hcqvxozmf&pbnaobcqx=6whydrkoxtpcu9twtjvafvtj2&eegvsqbsu=m4jf81fy9ndyvgl7gzcuxt' was loaded over HTTPS, but requested an insecure script 'http://l.yimg.com/rq/darla/3-23-1/js/g-r-min.js'. This request has been blocked; the content must be served over HTTPS.
other	warning	Message: Unrecognized feature: 'vr'.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794224018&ref=https%3A%2F%2Flogin.yahoo.com%2F, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794224018&ref=https%3A%2F%2Flogin.yahoo.com%2F, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, http://l.yimg.com/rq/darla/3-23-1/js/g-r-min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794224018&ref=https%3A%2F%2Flogin.yahoo.com%2F, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794224018&ref=https%3A%2F%2Flogin.yahoo.com%2F, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794224018&ref=https%3A%2F%2Flogin.yahoo.com%2F Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794224018&ref=https%3A%2F%2Flogin.yahoo.com%2F Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794224018&ref=https%3A%2F%2Flogin.yahoo.com%2F Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fc.yahoo.com
geo.yahoo.com
l.yimg.com
r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app
sb.scorecardresearch.com
udc.yahoo.com
l.yimg.com
13.32.121.21
145.40.68.46
2a00:1288:110:c204::b000
2a00:1288:f03d:1fa::4000
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338
10b59e4a2b98df779964e859a6edaec936aadabae97f753c747fcbed7769efcf
11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59
4daf5a5ec393bf23d0d32fa4b01c58318cd56dc97c12d5cf4c6afb1efa682046
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637
84e4ea328500595da6141364964bb4d7a83023f2cd7072aadda7a47d2cc629f4
a8ce16e3e81873ddcc952b5029fdb0d75bd8e7e18df5a8ec098bfb96a9ac9d26
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c9ae70ecf66dc825ef19017652b75ac20c3324dae6bfb3cf08fe2666db1304b9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app Open in urlscan Pro 145.40.68.46 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

78 %HTTPS

50 %IPv6

4 Domains

6 Subdomains

5 IPs

3 Countries

316 kBTransfer

776 kBSize

1 Cookies

3 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

34 JavaScript Global Variables

1 Cookies

12 Console Messages

Indicators

r4jwn-5yaaa-aaaad-qdbjq-cai.raw.ic0.app Open in urlscan Pro
145.40.68.46 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

78 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

5
IPs

3
Countries

316 kB
Transfer

776 kB
Size

1
Cookies

9 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!