urlscan.io logo urlscan.io
SecurityTrails logo

salaholiwing.xyz Open in urlscan Pro
2a06:98c1:3121::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://salaholiwing.xyz/?best
Effective URL: https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90...
Submission: On December 07 via automatic, source openphish — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 24 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is salaholiwing.xyz.
TLS certificate: Issued by GTS CA 1P5 on December 5th 2022. Valid for: 3 months.
This is the only time salaholiwing.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

IP Address AS Autonomous System
3 10 2a06:98c1:312... 13335 (CLOUDFLAR...)
12 2a00:1288:80:... 203220 (YAHOO-DEB)
1 2a00:1288:110... 34010 (YAHOO-IRD)
1 52.28.203.152 16509 (AMAZON-02)
1 2606:2800:233... 15133 (EDGECAST)
1 18.170.232.93 16509 (AMAZON-02)
1 88.221.169.143 16625 (AKAMAI-AS)
24 7
10    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
salaholiwing.xyz
12    2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
s.yimg.com
fc.yahoo.com
1    2a00:1288:110:c204::b000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)
3p-udc.yahoo.com
1    52.28.203.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
web-oao.ssp.yahoo.com
1    2606:2800:233:df9:e694:9b00:53f:3b95 (United States)

ASN15133 (EDGECAST, US)
aka-cdn.adtechus.com
1    18.170.232.93 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-170-232-93.eu-west-2.compute.amazonaws.com
geo.moatads.com
1    88.221.169.143 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-169-143.deploy.static.akamaitechnologies.com
apx.moatads.com
Apex Domain
Subdomains		 Transfer
11 yimg.com
s.yimg.com — Cisco Umbrella Rank: 499
275 KB
10 salaholiwing.xyz
salaholiwing.xyz
120 KB
3 yahoo.com
3p-udc.yahoo.com — Cisco Umbrella Rank: 13290
fc.yahoo.com — Cisco Umbrella Rank: 1853
web-oao.ssp.yahoo.com — Cisco Umbrella Rank: 5031
8 KB
2 moatads.com
geo.moatads.com — Cisco Umbrella Rank: 724
apx.moatads.com — Cisco Umbrella Rank: 6412
530 B
1 adtechus.com
aka-cdn.adtechus.com — Cisco Umbrella Rank: 7956
107 KB
24 5
Domain Requested by
11 s.yimg.com salaholiwing.xyz
fc.yahoo.com
s.yimg.com
10 salaholiwing.xyz 3 redirects salaholiwing.xyz
s.yimg.com
1 apx.moatads.com s.yimg.com
1 geo.moatads.com aka-cdn.adtechus.com
1 aka-cdn.adtechus.com salaholiwing.xyz
1 web-oao.ssp.yahoo.com salaholiwing.xyz
1 fc.yahoo.com s.yimg.com
1 3p-udc.yahoo.com s.yimg.com
24 8

This site contains links to these domains. Also see Links.

Domain
www.yahoo.com
help.yahoo.com
legal.yahoo.com
Subject Issuer Validity Valid
*.salaholiwing.xyz
GTS CA 1P5		 2022-12-05 -
2023-03-05		 3 months crt.sh
*.api.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-11-28 -
2023-01-18		 2 months crt.sh
yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-12-06 -
2023-05-31		 6 months crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-08-02 -
2023-01-25		 6 months crt.sh
aka-cdn.adtechus.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-27 -
2023-06-02		 a year crt.sh
*.moatads.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-13 -
2023-07-05		 a year crt.sh
moatads.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-11-16 -
2023-11-18		 a year crt.sh

This page contains 3 frames:

Primary Page: https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90088c0820
Frame ID: 17A7BB75DE787166729D8D5323BC484A
Requests: 17 HTTP requests in this frame

Frame: https://s.yimg.com/rq/darla/4-10-1/html/r-csc.html
Frame ID: F72970046A2EAD74475D499C137CB1F6
Requests: 1 HTTP requests in this frame

Frame: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
Frame ID: 54A400BD0C27F0DE3BA60B83165618CA
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Yahoo

Page URL History Show full URLs

  1. http://salaholiwing.xyz/?best HTTP 301
    https://salaholiwing.xyz/?best Page URL
  2. https://salaholiwing.xyz/login HTTP 301
    http://salaholiwing.xyz/login/ HTTP 301
    https://salaholiwing.xyz/login/ Page URL
  3. https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f363... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • moatads\.com

Page Statistics

24
Requests

100 %
HTTPS

57 %
IPv6

5
Domains

8
Subdomains

7
IPs

3
Countries

509 kB
Transfer

1502 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://salaholiwing.xyz/?best HTTP 301
    https://salaholiwing.xyz/?best Page URL
  2. https://salaholiwing.xyz/login HTTP 301
    http://salaholiwing.xyz/login/ HTTP 301
    https://salaholiwing.xyz/login/ Page URL
  3. https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90088c0820 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://salaholiwing.xyz/?best HTTP 301
  • https://salaholiwing.xyz/?best
Request Chain 1
  • https://salaholiwing.xyz/login HTTP 301
  • http://salaholiwing.xyz/login/ HTTP 301
  • https://salaholiwing.xyz/login/

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
salaholiwing.xyz/
Redirect Chain
  • http://salaholiwing.xyz/?best
  • https://salaholiwing.xyz/?best
68 B
648 B 		Document
General
Check archive.org
Download Go to
Full URL
https://salaholiwing.xyz/?best
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
77595ef50d959b82-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 07 Dec 2022 01:08:35 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OswOoSiUpsO95ih6uCsWWYWB9Vb9frSU%2B7VEEJVI3Q6evbTqi33yobHBiK0wxKYGSwpmFOqZfhuwiBMhxk0g4dOwIma4D2alpwM0he31mfLZ1M12%2BFZXBj0KU2FeSqUon3FULtP2SoSkWq9Xy8IK"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

CF-RAY
77595ef49c9a917c-FRA
Cache-Control
max-age=3600
Connection
keep-alive
Date
Wed, 07 Dec 2022 01:08:34 GMT
Expires
Wed, 07 Dec 2022 02:08:34 GMT
Location
https://salaholiwing.xyz/?best
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GDSqLchlqveYSeM4b39z8r6YeCNp7CNnLZecaDcryPOdamVDfnJEOvxrupA38Av4O2FU0eJMClLdSQRccB%2Buce%2BOcRXbcYdE4U4lgNT0zqH%2FNjkjJo1QDgl6HGrclL7zx%2FYzAE20jVTZ9Oqr2X0s"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
/
salaholiwing.xyz/login/
Redirect Chain
  • https://salaholiwing.xyz/login
  • http://salaholiwing.xyz/login/
  • https://salaholiwing.xyz/login/
186 B
697 B 		Document
General
Check archive.org
Download Go to
Full URL
https://salaholiwing.xyz/login/
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/?best
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://salaholiwing.xyz/?best
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
77595ef99e74921d-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 07 Dec 2022 01:08:35 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kc7HuRl5lhHVBCQtLPlpyoAijIgWtPDDVtwjDzhDuwPNsMgPZECFtG%2FVjI6dMZNMyJTnFp8Wc0fVRuA5ipxdif3U76PmZlX1L1h%2BCGSnSY1YmdyDxCODXpIwJemw8ZB7OrxRJpo4wnr%2BRos3cDY6"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

CF-RAY
77595ef96a97917c-FRA
Cache-Control
max-age=3600
Connection
keep-alive
Date
Wed, 07 Dec 2022 01:08:35 GMT
Expires
Wed, 07 Dec 2022 02:08:35 GMT
Location
https://salaholiwing.xyz/login/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5mrjXUJGHeIhcbcLXQafLaHI9wzwikXQgaqJrg5uvIxlFFWtBmbczwACv1umYifpn%2BsN%2F1sDJskZHyWHlrWx3lglw7uCHRHTzfZ1N3x03bROidNxRgV0qoFnatgBtpR8SgY%2B97qwZ057zb%2BdjRxY"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Primary Request auth
salaholiwing.xyz/login/ 		38 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90088c0820
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/login/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
120eec86b5bd73bb005cc824ee33c486ad56394b70c2092ac03e6e3538443479

Request headers

Referer
https://salaholiwing.xyz/login/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
77595efca8c1921d-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 07 Dec 2022 01:08:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nyj7Cld6F3Pgreq0Q9Ct7MUcgjp9mW1hNPVmtrimqIWA7s%2FT%2Fc2UXoZz3%2F9%2BF0gd6bL3msdg2IZUx%2BMimj7DVKHKIVzP3QzkKJU5Ey%2BznTqgxb9ZHn54S5WeauOw5vXa7Q4DixSTuj6tPjGucEns"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
yahoo-main.css
salaholiwing.xyz/css/ 		529 KB
104 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://salaholiwing.xyz/css/yahoo-main.css
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90088c0820
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43ead160ed4650746e593fbb134c7af00ba02679d7b23808196f9f3bd65deef1

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90088c0820
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Wed, 07 Dec 2022 01:08:36 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 14 Nov 2022 01:52:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1456
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2Bq%2FO2ZDYVqGzhV966TRnGYu5C%2BOW%2BE1s1fGgLA5xlLDKJTAwcWWgz8dy5pn1Yky1CEqnOU5XrRpJqcgRgX6rUGN16QSE01k6W%2FdfjJhgze0FKGZjcnENgRpVFS5YJI9Ht6LJtL9PnGvx8ZOYb1D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
77595efdd9b3921d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
salaholiwing.xyz/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://salaholiwing.xyz/img/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90088c0820
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90088c0820
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Wed, 07 Dec 2022 01:08:36 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Nov 2022 01:54:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1456
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SgLUbQ2BOaFlcriXL6QylPBCkrGFGP9UOdJGIwnb%2F%2FNoHLxwHbm86LyS0NFI%2FwqYMd4wxeT78lkCcnROK6WwUbRVjvH0vF4k9ujGui1BZhdZN8%2BcMnQRfCxD0IGK5tc5%2FRY0TvCtXKrLo%2FJTVm6U"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
77595efdd9b5921d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1346
yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png
salaholiwing.xyz/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://salaholiwing.xyz/img/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90088c0820
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90088c0820
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Wed, 07 Dec 2022 01:08:36 GMT
cf-cache-status
HIT
last-modified
Mon, 14 Nov 2022 01:54:11 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
3458
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4xw3qrkhnTN6eSMPmJxgmr3bEM4kn%2FRW4uSe88EeCSdl3wavveAfGyLJ5nm9rj3GCPbHRE6R8x7XdrM0xFCUdN67h7BrJGpKdW%2B0ZUHcP1kYaipKP%2FkdzuNk%2BiB8D90MWdHisHnytXa0SOZfui%2B6"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
77595efe8a3c921d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1391
rapid-3.53.30.js
s.yimg.com/ss/ 		49 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/ss/rapid-3.53.30.js
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90088c0820
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
7bc917ebee12bcd521ae88840228032579459c25a3ccf8953d8a2dbe5e085be9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://salaholiwing.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Tue, 06 Dec 2022 21:49:26 GMT
x-amz-version-id
.Bcg25AHAdRCkTvv5tMdNmGVEjznZ_m3
content-encoding
gzip
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
x-amz-request-id
PQ9PK1VK3D8RM0TH
age
11952
x-amz-server-side-encryption
AES256
x-amz-id-2
jILStAUPgKRPG4/BMSFloY4eXXyqLPrOgk2buiiCQaCV6oNFMrwBKoThCBlSrSREpKA6pFRjR6Y7lFH93ou/7Q==
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 29 Jun 2021 01:45:07 GMT
server
ATS
etag
"665798d28ecf9be7cbc434e75267920d-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, immutable
accept-ranges
bytes
bundle.js
s.yimg.com/wm/mbr/fe8264f3a0c47d3b35f5bd152c3c7a03e6eb7011/ 		183 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wm/mbr/fe8264f3a0c47d3b35f5bd152c3c7a03e6eb7011/bundle.js
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90088c0820
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
4c0904e404e2121c8d030f02f69544d46d0133fe630b7a2426825515d1a9d9ce
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://salaholiwing.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Thu, 10 Nov 2022 19:06:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15552000
x-amz-request-id
72X8B20NM63ANDF4
age
2268146
x-amz-server-side-encryption
AES256
x-amz-id-2
DmBdb/inzmK8Gs1BemKB9qkSa3HTlLV5i4+5brwZkxQDyse2nueLYSxnERU9TcNzHT11LvDcPlg=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 04 Nov 2022 18:05:40 GMT
server
ATS
etag
"8300c4757ae93053ae726ccbe58baec4-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=31536000
accept-ranges
bytes
Yahoo_Sans-Regular.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ 		28 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/css/yahoo-main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://salaholiwing.xyz/
Origin
https://salaholiwing.xyz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Tue, 06 Dec 2022 09:54:00 GMT
strict-transport-security
max-age=15552000
x-amz-meta-created-date
Tue, 03 Oct 2017 06:22:51 GMT
x-content-type-options
nosniff
x-amz-request-id
SA8ZMTFZGKXEQRC8
age
54877
x-amz-server-side-encryption
AES256
x-amz-meta-x-ysws-mbst-vtime
1507011771545398
content-length
28860
x-amz-id-2
a1DUI6xyZLmxFp+eGSLKWKjgEA8fs5P5cFRG2krrbBhPFHaDok3D+fW52CSlIh0w13ex/175/js=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 19 Apr 2018 19:06:41 GMT
server
ATS
etag
"a99b283070afc519f4816e4300c515d2"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000,public
accept-ranges
bytes
x-amz-meta-mbst-etag
"YM:1:cb5e4811-e042-455c-b2b2-f984d5f70e0200055a9e8550b736"
x-amz-meta-x-ysws-access
public
expires
Sat, 05 Sep 2026 00:00:00 GMT
Yahoo_Sans-Semibold.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ 		28 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Semibold.woff2
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/css/yahoo-main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://salaholiwing.xyz/
Origin
https://salaholiwing.xyz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 12:45:34 GMT
strict-transport-security
max-age=15552000
x-amz-meta-created-date
Tue, 03 Oct 2017 06:22:51 GMT
x-content-type-options
nosniff
x-amz-request-id
0FJ9F0CPHGMQEK3Z
age
130983
x-amz-server-side-encryption
AES256
x-amz-meta-x-ysws-mbst-vtime
1507011771480561
content-length
29040
x-amz-id-2
4LcJX6YCaxVo5Suf7Oy/Ddi+FpLN1biPiogMTTgyRRlxxSdIbHwi+QIvKczLk3QjP1u08D32aqM=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 19 Apr 2018 17:33:29 GMT
server
ATS
etag
"af9fdad7698452697b016850fff96423"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000,public
accept-ranges
bytes
x-amz-meta-mbst-etag
"YM:1:95620d49-21c2-4044-b803-58b70c8e419700055a9e854fb9f1"
x-amz-meta-x-ysws-access
public
expires
Sat, 05 Sep 2026 00:00:00 GMT
checkbox-checked.svg
s.yimg.com/wm/mbr/images/ 		1 KB
910 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.yimg.com/wm/mbr/images/checkbox-checked.svg
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/css/yahoo-main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://salaholiwing.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 22:02:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15552000
x-amz-request-id
SJ25DDK188069M85
age
97568
x-amz-server-side-encryption
AES256
content-length
659
x-amz-id-2
2xX5yPY2B71+8Zz3JYYbsezfjtaD3lUMjYLwEG7aLmfcA73kI6Cm5K7sQhdyNOkpM5koLtN3eHw=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 24 Apr 2020 17:13:52 GMT
server
ATS
etag
"ac8c4fbeda6efad9549cb41b992a8b3a-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
cache-control
public,max-age=315360000
accept-ranges
bytes
Yahoo_Sans-Medium.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/css/yahoo-main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://salaholiwing.xyz/
Origin
https://salaholiwing.xyz
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 12:45:34 GMT
strict-transport-security
max-age=15552000
x-amz-meta-created-date
Tue, 03 Oct 2017 06:22:52 GMT
x-content-type-options
nosniff
x-amz-request-id
0FJD5Y7B08JZGKNK
age
130984
x-amz-server-side-encryption
AES256
x-amz-meta-x-ysws-mbst-vtime
1507011772247755
content-length
29228
x-amz-id-2
xN8rzYuMaS58qP4cinIVEYgOEtwT5yZcyxnUNMh69SL9p3Pc5BGyiWn2UtPBOlphfleD13943zg=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 19 Apr 2018 16:25:50 GMT
server
ATS
etag
"7c7c02dcee2bf1c2528db6092d4ad1fa"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000,public
accept-ranges
bytes
x-amz-meta-mbst-etag
"YM:1:1bb49599-26ac-442e-b6b8-f4e40f067ea500055a9e855b6ecb"
x-amz-meta-x-ysws-access
public
expires
Sat, 05 Sep 2026 00:00:00 GMT
yql
3p-udc.yahoo.com/v2/public/ 		0
613 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://3p-udc.yahoo.com/v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=794200018&yhlCT=2&yhlBTMS=1670375316264&yhlClientVer=3.53.30&yhlRnd=SFAaSTHWD1vLS07s&yhlCompressed=0
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/ss/rapid-3.53.30.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://salaholiwing.xyz/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 07 Dec 2022 01:08:36 GMT
strict-transport-security
max-age=31536000
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin
p3p
policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
access-control-allow-origin
https://salaholiwing.xyz
cache-control
no-store, no-cache, private, max-age=0
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
expires
-1
client.php
fc.yahoo.com/sdarla/php/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794200018&ref=https%3A%2F%2Flogin.yahoo.com%2F&sa=geminifed%253D1%2520y-bucket%253Dmbr-ar-do-ctrl%252Cmbr-limit-cc%252Cmbr-app-password-classifier%252C
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wm/mbr/fe8264f3a0c47d3b35f5bd152c3c7a03e6eb7011/bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
92b4b711fcd756e9f1535ae2ddeb71de73c38669bc4b4f6c5dd2c7901fe4c1d2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://salaholiwing.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Wed, 07 Dec 2022 01:08:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15552000
age
0
x-dns-prefetch-control
off
p3p
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
content-length
6297
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
ATS
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
private,no-cache,no-store
x-robots-tag
noindex, noarchive, nosnippet, nofollow
boot.js
s.yimg.com/rq/darla/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/rq/darla/boot.js
Requested by
Host: fc.yahoo.com
URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794200018&ref=https%3A%2F%2Flogin.yahoo.com%2F&sa=geminifed%253D1%2520y-bucket%253Dmbr-ar-do-ctrl%252Cmbr-limit-cc%252Cmbr-app-password-classifier%252C
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
4530d183f6b42ae95bc7b2dafab9f38d1901b5c0e7f58253e35ec8e4215bacea
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://salaholiwing.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Tue, 06 Dec 2022 13:40:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15552000
x-amz-request-id
RRT9B5M2J9QG5TGS
age
41261
x-amz-server-side-encryption
AES256
content-length
3608
x-amz-id-2
HrcBskYIP5DOHIcBlNw04dV2aU+0Rdb1FMVwoLPoWBbYB1+Rqjf7b8PZ515UbXuxD0HT6GW8gqc=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 10 Aug 2022 00:26:45 GMT
server
ATS
etag
"93d8df54e24138f615918242db0c49a3-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public,max-age=86400
accept-ranges
bytes
g-r-min.js
s.yimg.com/rq/darla/4-10-1/js/ 		204 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/rq/darla/4-10-1/js/g-r-min.js
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/boot.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
8c6a14a96e308f070f495f999af4e39027527d649157fe1a3ffc116870e14697
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://salaholiwing.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Wed, 07 Dec 2022 00:42:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15552000
x-amz-request-id
MPST0DWH1C2VK24V
age
1582
x-amz-server-side-encryption
AES256
x-amz-id-2
jICiQZbPWZa0S7p2YK7fb1PrYuPUEtXCw62oQraJnBMmzqpme5ANl6AAI6nSOENEIW5GRpTuLG4=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 10 Aug 2022 00:26:48 GMT
server
ATS
etag
"f6757e8569fef5f162212b684d6483ea-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public,max-age=31536000
accept-ranges
bytes
r-csc.html
s.yimg.com/rq/darla/4-10-1/html/ Frame F729 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/rq/darla/4-10-1/html/r-csc.html
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/js/g-r-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
3f1fdef4f502d2db072df997a1b83e977c3e257521551a9e4de98b1c28fa8a39
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://salaholiwing.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
age
1581
cache-control
public,max-age=31536000
content-encoding
gzip
content-length
1160
content-type
text/html; charset=utf-8
date
Wed, 07 Dec 2022 00:42:16 GMT
etag
"1ff9b6e511ccd76562520a75bae161d2-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
last-modified
Wed, 10 Aug 2022 00:26:46 GMT
referrer-policy
no-referrer-when-downgrade
server
ATS
strict-transport-security
max-age=15552000
vary
Origin, Accept-Encoding
x-amz-id-2
2OotaBqMrV+EkFC3E0Lq6jrG3JSzI5H/9H8ueSgGbqGcri8fMchrvV/KIVh40a4rDquhYLyHCD8=
x-amz-request-id
QH7C6EDS7PCH6PRC
x-amz-server-side-encryption
AES256
x-content-type-options
nosniff
x-xss-protection
1; mode=block
r-sf.html
s.yimg.com/rq/darla/4-10-1/html/ Frame 54A4 		2 KB
953 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/js/g-r-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
856189d481ed2d854451c028fac29309629eed3301211fe4fe582058f13a3f92
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://salaholiwing.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
age
2882
cache-control
public,max-age=31536000
content-encoding
gzip
content-length
753
content-type
text/html; charset=utf-8
date
Wed, 07 Dec 2022 00:20:36 GMT
etag
"630dfb686b2205755bab511d73ed42dd-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
last-modified
Wed, 10 Aug 2022 00:26:46 GMT
referrer-policy
no-referrer-when-downgrade
server
ATS
strict-transport-security
max-age=15552000
vary
Origin, Accept-Encoding
x-amz-id-2
fiySUIODxwFl+DP4Y1wJgFNwsfQlIOk5zVAUlxIf5E+fmsLYKBjYGqjxj7TTaBAEt96wOa9hvvw=
x-amz-request-id
J086V2DGP4PT6AH2
x-amz-server-side-encryption
AES256
x-content-type-options
nosniff
x-xss-protection
1; mode=block
sfext-min.js
s.yimg.com/rq/darla/4-10-1/js/ Frame 54A4 		63 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/rq/darla/4-10-1/js/sfext-min.js
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
eb2783e0f4ae428363f7e36fc4ecb4057dbae329d858efee6775ba60f254a81d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Wed, 30 Nov 2022 07:03:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15552000
x-amz-request-id
PQ5ZCPAPQZ44QBCK
age
583514
x-amz-server-side-encryption
AES256
content-length
27596
x-amz-id-2
HVk1lXwe4xSdx6hWYBsfCBgcOcTx4UWYbfBgU12sNht58PxPU+CLMmm3kC/yinz/Wg5EeS1TbhM=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 10 Aug 2022 00:26:49 GMT
server
ATS
etag
"a84b48cbebd5379f03b1e428526ec262-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public,max-age=31536000
accept-ranges
bytes
adServe.do
web-oao.ssp.yahoo.com/admax/ Frame 54A4 		171 B
541 B 		Script
General
Check archive.org
Download Go to
Full URL
https://web-oao.ssp.yahoo.com/admax/adServe.do?brxdSectionId=&brxdPublisherId=20459933223&ypubblob=|HnsYGzEwLjLnKChNmZq.ZAC5MjAwMQAAAACPXu2M|794200018|RICH|375316436&req(url)=https://login.yahoo.com/&secure=1&brxdSiteId=4465551&yadpos=RICH&pos=y963896142&bcrid=_BCRID_&csrtype=5&ybkt=_BUCKETID_&us_privacy=&gdpr=0&euconsent=&wd=1440&ht=1024&of=js
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/?best
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
27f270ed1a3f7f34415b6c953963da88dc1416e4be61c0609a45e1023d5e4cd4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Dec 2022 01:08:36 GMT
server
ATS/9.1.10.25
age
0
content-type
application/x-javascript;charset=utf-8
cache-control
no-store, no-cache, must-revalidate, max-age=0, no-transform, post-check=0, pre-check=0
content-length
171
expires
Thu, 01 Jan 1970 00:00:00 GMT
moatad.js
aka-cdn.adtechus.com/media/moat/adtechbrands092348fjlsmdhlwsl239fh3df/ Frame 54A4 		318 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aka-cdn.adtechus.com/media/moat/adtechbrands092348fjlsmdhlwsl239fh3df/moatad.js
Requested by
Host: salaholiwing.xyz
URL: https://salaholiwing.xyz/?best
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:df9:e694:9b00:53f:3b95 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (amc/BC30) /
Resource Hash
8ab6940b0f8ee45f1d0da07edac2e0c104e008676bbdb3443d78ad4c74d75749

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Wed, 07 Dec 2022 01:08:36 GMT
content-encoding
gzip
nel
{"report_to": "default", "max_age": 86400, "include_subdomains": true, "failure_fraction": 1.0, "success_fraction": 0.001}
age
1474
x-amz-request-id
DF5QSYHPERTH1A13
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
108947
x-amz-id-2
nShZHbnvKx7+k20CJoqX06PwvOQvfhe4OmvCojoF8BoibmtCLrxBYd+PoqOmkXebHWN81fmouH8=
x-amzn-internal-status
304
last-modified
Wed, 15 Jul 2020 12:58:13 GMT
server
ECAcc (amc/BC30)
etag
"aa62c7ba3a7a6ecebca3f300865bf8d6+gzip"
vary
Accept-Encoding
report-to
{"group": "default", "max_age":86400, "endpoints":[{"url":"https://report.edgecast.com/","priority":1 }, {"url":"https://nelcollector.sre.ecsvc.net/report","priority":2 }]}
content-type
application/javascript
n.js
geo.moatads.com/ Frame 54A4 		97 B
270 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2Ca%24%3D!!ttEKmKjGfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7B%2CNr1U*%26ujMUU9%3C%24kBjqI&th=1219999633&tf=nMzjG---CSa7H-fUfHv-j7VIQD-xFQTS-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2CChrome%20PDF%20Plugin*Chrome%20PDF%20Viewer*Native%20Client%2C1%2C4%2C0%2Cprobably%2Cprobably&os=&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1440&qe=1024&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&i=ADTECHBRANDS1&hp=1&vb=-1&cm=1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fsalaholiwing.xyz&lp=https%3A%2F%2Fsalaholiwing.xyz&t=1670375316779&de=281994538665&m=0&ar=da8ed23e15-clean&iw=7e8212f&q=2&cb=0&ym=0&cu=1670375316779&ll=2&lm=1&ln=1&r=0&em=0&en=0&d=11115292%3A11118502%3A26805058%3A-&zMoatBannerInfo=495532170&zGSRC=1&gu=https%3A%2F%2Fsalaholiwing.xyz%2F&id=0&ii=3&zMoatS1=5113&zMoatS2=374058&zMoatS3=0&zMoatS4=5043043&zMoatAlias=y963896142&zMoatMagicNum=undefined&gw=adtechbrands092348fjlsmdhlwsl239fh3df&fd=1&ac=1&it=500&ti=0&ih=1&pe=0%3A-%3A-%3A0%3A0&fs=182630&na=1885331344&cs=0&callback=DOMlessLLDcallback_11763990
Requested by
Host: aka-cdn.adtechus.com
URL: https://aka-cdn.adtechus.com/media/moat/adtechbrands092348fjlsmdhlwsl239fh3df/moatad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.170.232.93 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-170-232-93.eu-west-2.compute.amazonaws.com
Software
Microsoft-IIS/6.0 /
Resource Hash
b4cd07bc7a37970a241f35a5359791206c3b68e363250309808dc85572945965

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Wed, 07 Dec 2022 01:08:36 GMT
cache-control
max-age=900
server
Microsoft-IIS/6.0
timing-allow-origin
*
etag
"7e31fe63421aa9df265201cb35f8e911d684e53d"
content-length
97
content-type
text/html; charset=UTF-8
pixel.gif
apx.moatads.com/ Frame 54A4 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apx.moatads.com/pixel.gif?e=17&i=ADTECHBRANDS1&hp=1&vb=-1&cm=1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fsalaholiwing.xyz&lp=https%3A%2F%2Fsalaholiwing.xyz&t=1670375316779&de=281994538665&m=0&ar=da8ed23e15-clean&iw=7e8212f&q=3&cb=0&ym=0&cu=1670375316779&ll=2&lm=1&ln=1&r=0&em=0&en=0&d=11115292%3A11118502%3A26805058%3A-&zMoatBannerInfo=495532170&zGSRC=1&gu=https%3A%2F%2Fsalaholiwing.xyz%2F&id=0&ii=3&zMoatS1=5113&zMoatS2=374058&zMoatS3=0&zMoatS4=5043043&zMoatAlias=y963896142&zMoatMagicNum=undefined&gw=adtechbrands092348fjlsmdhlwsl239fh3df&fd=1&ac=1&it=500&ti=0&ih=1&pe=0%3A-%3A-%3A0%3A0&fs=182630&na=79973588&cs=0
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.221.169.143 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-169-143.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://s.yimg.com/rq/darla/4-10-1/html/r-sf.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Dec 2022 01:08:36 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 07 Dec 2022 01:08:36 GMT
logads
salaholiwing.xyz/ 		315 B
658 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://salaholiwing.xyz/logads?delay=625&spid=794200018
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wm/mbr/fe8264f3a0c47d3b35f5bd152c3c7a03e6eb7011/bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer
https://salaholiwing.xyz/login/auth?sessions=1d4294dc58d025a6d7f5aea7a959cf17&id_session=43143a77f3631668b33f3f63a03edf90088c0820
X-Requested-With
XMLHttpRequest
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Wed, 07 Dec 2022 01:08:37 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y4RMvXbJd12Vmz9HMvwaXBq7AzUTJnZS%2F5zan0eDlQe%2Bb%2BkyrZVAmPMjVD8YliBOyR5EID4dcXkVzk0m6Np%2FCrRNuc%2F8p4DoQNtoaFEDBAm3wx8cb1JLzy3JhRprbTeXGGK4CAmVzzZNgNbk%2Fs2q"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cf-ray
77595f02cda6921d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| oncontentvisibilityautostatechange number| pageStartTime object| oldError boolean| isGoodJS object| YUI_config string| COMET_URL object| I13N_config object| darlaConfig object| challenge string| currentURL object| COUNTRY_CODES_MAP boolean| enforceCountryCodeDropDown boolean| isIOSDevice function| mbrSendError object| YAHOO object| rapidInstance object| jsModules boolean| mbrJSLoaded function| checkAssets number| lastApvTime object| DARLA_CONFIG object| DARLA object| $sf undefined| $yac boolean| sf_auto_3-7-11-2022 object| _Y

3 Cookies

Domain/Path Name / Value
salaholiwing.xyz/ Name: PHPSESSID
Value: 3ffe0834cebe18a6d509b752303e6dad
.salaholiwing.xyz/ Name: rxx
Value: 7j6pdso1b9.2yknqg4g&v=1
.yahoo.com/ Name: A3
Value: d=AQABBJTnj2MCEEF3jcL2mIynlxbJJfpXduYFEgEBAQE5kWOZYwAAAAAA_eMAAA&S=AQAAAsNupysz8KzFv59ofc_A9Uw

2 Console Messages

Source Level URL
Text
other warning URL: https://s.yimg.com/rq/darla/4-10-1/js/g-r-min.js
Message:
Unrecognized feature: 'vr'.
network error URL: https://salaholiwing.xyz/logads?delay=625&spid=794200018
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3p-udc.yahoo.com
aka-cdn.adtechus.com
apx.moatads.com
fc.yahoo.com
geo.moatads.com
s.yimg.com
salaholiwing.xyz
web-oao.ssp.yahoo.com
18.170.232.93
2606:2800:233:df9:e694:9b00:53f:3b95
2a00:1288:110:c204::b000
2a00:1288:80:807::1
2a06:98c1:3121::3
52.28.203.152
88.221.169.143
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338
11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59
120eec86b5bd73bb005cc824ee33c486ad56394b70c2092ac03e6e3538443479
27f270ed1a3f7f34415b6c953963da88dc1416e4be61c0609a45e1023d5e4cd4
3f1fdef4f502d2db072df997a1b83e977c3e257521551a9e4de98b1c28fa8a39
43ead160ed4650746e593fbb134c7af00ba02679d7b23808196f9f3bd65deef1
4530d183f6b42ae95bc7b2dafab9f38d1901b5c0e7f58253e35ec8e4215bacea
4c0904e404e2121c8d030f02f69544d46d0133fe630b7a2426825515d1a9d9ce
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637
7bc917ebee12bcd521ae88840228032579459c25a3ccf8953d8a2dbe5e085be9
856189d481ed2d854451c028fac29309629eed3301211fe4fe582058f13a3f92
8ab6940b0f8ee45f1d0da07edac2e0c104e008676bbdb3443d78ad4c74d75749
8c6a14a96e308f070f495f999af4e39027527d649157fe1a3ffc116870e14697
92b4b711fcd756e9f1535ae2ddeb71de73c38669bc4b4f6c5dd2c7901fe4c1d2
b4cd07bc7a37970a241f35a5359791206c3b68e363250309808dc85572945965
b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb2783e0f4ae428363f7e36fc4ecb4057dbae329d858efee6775ba60f254a81d
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560