onyc.ga Open in urlscan Pro
2606:4700:3031::681c:1633  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request Aol2.php Show response onyc.ga/AOL/aol/	27 KB 8 KB	1068ms 1009ms	Document text/html	2606:4700:3031::681c:1633 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::681c:1633 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9112aa453da54732d6fc98529d0eb7f9190e2d6bfd58f0ea91a28a42d52ec008 Request headers :method GET :authority onyc.ga :scheme https :path /AOL/aol/Aol2.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-dest document accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers status 200 date Thu, 20 Feb 2020 00:11:39 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=d7f7aff525323a359f54857285baf45cf1582157498; expires=Sat, 21-Mar-20 00:11:38 GMT; path=/; domain=.onyc.ga; HttpOnly; SameSite=Lax cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 567c43ad5c6dd6d9-FRA content-encoding br
GET H2	200	aol-main.css s.yimg.com/wm/mbr/c218993b09c374ea80aefadf3ca80ce7040d4e7f/	309 KB 57 KB	141ms 20ms	Stylesheet text/css	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/wm/mbr/c218993b09c374ea80aefadf3ca80ce7040d4e7f/aol-main.css Requested by Host: onyc.ga URL: https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash 63aa5c7be4256ebbc23cbc927e91cb71cb6baeb0ab2f5ceb610c1a734c3b9bf8 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://onyc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers date Thu, 06 Feb 2020 17:37:14 GMT content-encoding gzip x-content-type-options nosniff age 1146867 x-amz-server-side-encryption AES256 status 200 strict-transport-security max-age=15552000 x-amz-request-id 1434EF3C465F1ACA x-amz-id-2 d1h2g90bmzXQlUgJvIc7lLiOHkpe9VOiXA/yXUBx8ZGeuI01Tg49pukYNud4WrBRlCVECYjBKdw= referrer-policy no-referrer-when-downgrade last-modified Wed, 05 Feb 2020 21:33:00 GMT server ATS etag "ae6130be3b20bb4a59657771932a2715-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding content-type text/css x-xss-protection 1; mode=block cache-control public,max-age=315360000 accept-ranges bytes
GET H2	200	boot.js Show response s.yimg.com/rq/darla/	7 KB 4 KB	20ms 20ms	Script application/javascript	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/rq/darla/boot.js Requested by Host: onyc.ga URL: https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash beda8529987050b39a783175fffb8a7e7aea1049f14487da7eb388c2ddb2183e Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://onyc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers ats-carp-promotion 1 date Wed, 19 Feb 2020 02:00:07 GMT content-encoding gzip x-content-type-options nosniff age 79893 x-amz-server-side-encryption AES256 status 200 strict-transport-security max-age=15552000 content-length 3607 x-amz-id-2 LFFCmTLHr4yf1yJZ/DLn3HPZTNPwTYtG5h1OVoNscKA3dggxSztximeaJt4eDmQnBwosjHDwl3A= referrer-policy no-referrer-when-downgrade last-modified Mon, 10 Feb 2020 19:43:58 GMT server ATS etag "1513b5e9f161dff9f13681a03d20e481-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding x-amz-request-id 21CAA472E79CEFB4 x-xss-protection 1; mode=block cache-control public,max-age=86400 accept-ranges bytes content-type application/javascript; charset=utf-8
GET H2	200	g-r-min.js Show response s.yimg.com/rq/darla/3-23-1/js/	205 KB 87 KB	24ms 24ms	Script application/javascript	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/rq/darla/3-23-1/js/g-r-min.js Requested by Host: onyc.ga URL: https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash ef11018fe5dfd76d08ed24df491abf9165272c10713566df95485236d60daff6 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://onyc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers ats-carp-promotion 1 date Wed, 22 Jan 2020 12:00:02 GMT content-encoding gzip x-content-type-options nosniff age 2463098 x-amz-server-side-encryption AES256 status 200 strict-transport-security max-age=15552000 content-length 88691 x-amz-id-2 hUL7b6gOhgUq7DvF9V2TU2FUFpqli7+GhC83ykzqb/UAQri3MyDhOUy/3WzJ4exUcVdd2HpYz/8= referrer-policy no-referrer-when-downgrade last-modified Tue, 21 Jan 2020 19:44:45 GMT server ATS etag "6fd0e23f0e202218983dcb8fa142786f-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding x-amz-request-id ACC6489392A12352 x-xss-protection 1; mode=block cache-control public,max-age=31536000 accept-ranges bytes content-type application/javascript; charset=utf-8
GET H2	200	aol-logo-black-v.0.0.2.png s.yimg.com/wm/assets/images/ns/	16 KB 16 KB	56ms 55ms	Image image/png	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Show image Full URL https://s.yimg.com/wm/assets/images/ns/aol-logo-black-v.0.0.2.png Requested by Host: onyc.ga URL: https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://onyc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers ats-carp-promotion 1 date Mon, 30 Dec 2019 18:17:23 GMT x-amz-meta-created-date Thu, 16 Nov 2017 19:59:27 GMT age 4427657 x-amz-server-side-encryption AES256 status 200 content-length 16340 strict-transport-security max-age=15552000 x-amz-request-id 50357025A6E8CF8F x-amz-id-2 SVJf+RZGkR4MqZmRn8C28lPPumOqZ1e+utkXXy6WykQWQn6U0jJFhrwX4tGL5CuKibreht8USXY= accept-ranges bytes referrer-policy no-referrer-when-downgrade last-modified Fri, 04 May 2018 01:23:57 GMT server ATS etag "f9e0f24b60732cd95150a37fb003b871" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin content-type image/png x-xss-protection 1; mode=block cache-control max-age=31536000; public x-amz-meta-x-ysws-mbst-vtime 1510862367682930 x-amz-meta-x-ysws-access public x-amz-meta-mbst-etag "YM:1:3570f846-88d6-4c90-bd91-179d937c363c00055e1f0ebaf172" x-content-type-options nosniff expires Sat, 04 May 2019 01:23:56 GMT
GET H2	200	aol-logo-white-v0.0.4.png s.yimg.com/wm/assets/images/ybar/	4 KB 5 KB	61ms 61ms	Image image/png	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Show image Full URL https://s.yimg.com/wm/assets/images/ybar/aol-logo-white-v0.0.4.png Requested by Host: onyc.ga URL: https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash d0ecaea4f4b91a678f16b572dbe3c9dc7212d1437a97a31f84ae74c167d5a4db Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://onyc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers ats-carp-promotion 1 date Mon, 12 Aug 2019 18:22:32 GMT x-amz-meta-created-date Wed, 18 Apr 2018 19:01:42 GMT age 16523348 x-amz-server-side-encryption AES256 status 200 content-length 4314 strict-transport-security max-age=15552000 x-amz-request-id C79A2AAAF45E9EB3 x-amz-id-2 4/1hN93wvIzac1mdKLcvW3rFLf6diQ3Yeis/XeY31ieXDOJjQHB156rMgNAvgpAyIDDGLYD8ho8= accept-ranges bytes referrer-policy no-referrer-when-downgrade last-modified Thu, 03 May 2018 20:51:15 GMT server ATS etag "f0d2ba5c63ab03f3b53158f293f651c7" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin content-type image/png x-xss-protection 1; mode=block cache-control public,max-age=31536000 x-amz-meta-x-ysws-mbst-vtime 1524078102670246 x-amz-meta-x-ysws-access public x-amz-meta-mbst-etag "YM:1:d32351c9-ea78-46c0-b7a5-1066118ae37d00056a2415eb6ba6" x-content-type-options nosniff expires Fri, 03 May 2019 20:51:13 GMT
GET H2	200	rapid-3.53.3.js Show response s.yimg.com/wm/mbr/js/	46 KB 17 KB	17ms 17ms	Script application/javascript	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/wm/mbr/js/rapid-3.53.3.js Requested by Host: onyc.ga URL: https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash a8ce16e3e81873ddcc952b5029fdb0d75bd8e7e18df5a8ec098bfb96a9ac9d26 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://onyc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers date Sun, 09 Feb 2020 18:59:33 GMT content-encoding gzip x-content-type-options nosniff age 882727 x-amz-server-side-encryption AES256 status 200 strict-transport-security max-age=15552000 content-length 17047 x-amz-id-2 mBJA+U/Ao6sETl78T9Fy8JA2PrNRzG9C15eDN8Qnhzsp3Qh9n2vzjX52/Vi5ZwCnMjuihvgIkh4= referrer-policy no-referrer-when-downgrade last-modified Thu, 28 Mar 2019 21:32:12 GMT server ATS etag "4bda224130c3ac287f18c9b0d9062205-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding x-amz-request-id 541C725724C2BBEE x-xss-protection 1; mode=block cache-control public,max-age=315360000 accept-ranges bytes content-type application/javascript
GET H2	200	bundle.js Show response s.yimg.com/wm/mbr/c218993b09c374ea80aefadf3ca80ce7040d4e7f/	138 KB 39 KB	18ms 18ms	Script application/javascript	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/wm/mbr/c218993b09c374ea80aefadf3ca80ce7040d4e7f/bundle.js Requested by Host: onyc.ga URL: https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash d4f9b29df0ca478117964ba5b40b144cf5355dcb032de7086c9167939cdf1893 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://onyc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers ats-carp-promotion 1 date Thu, 06 Feb 2020 17:36:51 GMT content-encoding gzip x-content-type-options nosniff age 1146889 x-amz-server-side-encryption AES256 status 200 strict-transport-security max-age=15552000 content-length 39330 x-amz-id-2 W1zJBrh6baxEbryH/WbKgR1yqcsENqG90zosrXLAr+Ph1jrbMjJEc34mXnVjS9YLxnQ31yFSnNQ= referrer-policy no-referrer-when-downgrade last-modified Wed, 05 Feb 2020 21:33:00 GMT server ATS etag "c1b70d34518897795cd151203416dbf8-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding x-amz-request-id 2806A26685CCAF87 x-xss-protection 1; mode=block cache-control public,max-age=315360000 accept-ranges bytes content-type application/javascript
GET H2	200	client.php Show response fc.yahoo.com/sdarla/php/	20 KB 9 KB	290ms 289ms	Script text/javascript	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794200033&ref=https%3A%2F%2Flogin.aol.com%2Faccount%2Fchallenge%2Fpassword Requested by Host: onyc.ga URL: https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash fdd3ae4c011f53dde6d5675dc955530c814f2b8c20e099df1dce51622714cb16 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://onyc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers date Thu, 20 Feb 2020 00:11:39 GMT content-encoding gzip x-content-type-options nosniff age 0 x-dns-prefetch-control off p3p policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" status 200 strict-transport-security max-age=15552000 content-length 8426 x-xss-protection 1; mode=block referrer-policy no-referrer-when-downgrade server ATS expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Accept-Encoding content-type text/javascript;charset=UTF-8 cache-control private,no-cache,no-store x-robots-tag noindex, noarchive, nosnippet, nofollow
GET		g-r-min.js l.yimg.com/rq/darla/3-23-2/js/	0 0
GET H2	200	capslock-v0.0.2.svg s.yimg.com/wm/mbr/images/	971 B 780 B	19ms 19ms	Image image/svg+xml	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Show image Full URL https://s.yimg.com/wm/mbr/images/capslock-v0.0.2.svg Requested by Host: onyc.ga URL: https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash ec1322f4e6e2509a4448b85a1b820d38b5dd43e0be49c999477d2c0e859993db Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://s.yimg.com/wm/mbr/c218993b09c374ea80aefadf3ca80ce7040d4e7f/aol-main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers ats-carp-promotion 1 date Thu, 21 Nov 2019 21:48:13 GMT content-encoding gzip x-content-type-options nosniff age 7784607 x-amz-server-side-encryption AES256 status 200 strict-transport-security max-age=15552000 content-length 545 x-amz-id-2 0o6u4s7q1++bqxNco3z27dn3kyO884kCaPEjF9zH2C7cWnqlc9zuCSj/EwH21/6EKcHOfBVmsF0= referrer-policy no-referrer-when-downgrade last-modified Thu, 14 Nov 2019 20:33:02 GMT server ATS etag "ab452af7ea91b4389f87c0e068436b75-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding x-amz-request-id AB49D6FE5903D41E x-xss-protection 1; mode=block cache-control public,max-age=315360000 accept-ranges bytes content-type image/svg+xml
GET H2	200	hide-v0.0.1.svg s.yimg.com/wm/mbr/images/	860 KB 646 KB	19ms 19ms	Image image/svg+xml	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Show image Full URL https://s.yimg.com/wm/mbr/images/hide-v0.0.1.svg Requested by Host: onyc.ga URL: https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash 119acd68e288f17e86722a67e341ec74f7f6a377ec8e15b3914245f57caf6fbf Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://s.yimg.com/wm/mbr/c218993b09c374ea80aefadf3ca80ce7040d4e7f/aol-main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers ats-carp-promotion 1 date Mon, 11 Nov 2019 18:20:13 GMT content-encoding gzip x-content-type-options nosniff age 8661088 x-amz-server-side-encryption AES256 status 200 strict-transport-security max-age=15552000 content-length 660584 x-amz-id-2 /2Z39PMIevmFZYdr2Ntj8Kba762wrNeMKWiiW60isY796rhsDg3iR2j+oGP7m50OfHA9OI/wtVM= referrer-policy no-referrer-when-downgrade last-modified Tue, 16 Jul 2019 23:13:44 GMT server ATS etag "6bd15a1456d985027ba5ca91528e4b1e-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding x-amz-request-id 9D8315CFA80E0CA5 x-xss-protection 1; mode=block cache-control public,max-age=315360000 accept-ranges bytes content-type image/svg+xml
GET H2	200	fuji-spinner-1.0.1.svg s.yimg.com/wm/modern/images/	5 KB 948 B	50ms 50ms	Image image/svg+xml	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Show image Full URL https://s.yimg.com/wm/modern/images/fuji-spinner-1.0.1.svg Requested by Host: onyc.ga URL: https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash 186034da48941b64b5f6b4d8a0176fb86e2ad6adda436b8eeef521b0166d06c5 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://s.yimg.com/wm/mbr/c218993b09c374ea80aefadf3ca80ce7040d4e7f/aol-main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers ats-carp-promotion 1 date Fri, 24 Jan 2020 11:25:06 GMT content-encoding gzip x-amz-meta-created-date Sat, 18 Mar 2017 00:20:34 GMT age 2292394 x-amz-server-side-encryption AES256 status 200 content-length 614 strict-transport-security max-age=15552000 x-amz-request-id B424BF5377285D23 x-amz-id-2 BLYSuH1i+ca8gi/dcoUcI9eC53jpuf6niBbpeow3hvxYQ1oV92yW0oB5+8jZfXSBPo85QQ5PHjE= accept-ranges bytes referrer-policy no-referrer-when-downgrade last-modified Fri, 04 May 2018 05:02:09 GMT server ATS etag "1371fb7ea1d9f283b0964f6d9fedf183-df" expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Origin, Accept-Encoding content-type image/svg+xml x-xss-protection 1; mode=block cache-control max-age=31536000; public x-amz-meta-x-ysws-mbst-vtime 1489796434429139 x-amz-meta-x-ysws-access public x-amz-meta-mbst-etag "YM:1:9245687e-14b4-4f74-a865-1fdb03b2bc6000054af6434304d3" x-content-type-options nosniff expires Sat, 04 May 2019 05:02:08 GMT
POST H2	204	yql Show response udc.yahoo.com/v2/public/	0 618 B	134ms 46ms	XHR text/plain	2a00:1288:110:c304::1000 YAHOO-IRD
General Check archive.org Show headers Download Go to Full URL https://udc.yahoo.com/v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=794200033&yhlCT=2&yhlBTMS=1582157499706&yhlClientVer=3.53.3&yhlRnd=VMH4Q51rv8uoEBIF&yhlCompressed=0 Requested by Host: s.yimg.com URL: https://s.yimg.com/wm/mbr/js/rapid-3.53.3.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:110:c304::1000 , United Kingdom, ASN34010 (YAHOO-IRD, GB), Reverse DNS Software ATS / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://onyc.ga/ Origin https://onyc.ga Sec-Fetch-Dest empty User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Thu, 20 Feb 2020 00:11:39 GMT x-content-type-options nosniff age 0 p3p policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" status 204 x-xss-protection 1; mode=block pragma no-cache referrer-policy strict-origin-when-cross-origin server ATS x-frame-options DENY expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" strict-transport-security max-age=15552000 access-control-allow-origin https://onyc.ga cache-control private, no-cache, no-store, must-revalidate, max-age=0 access-control-allow-credentials true expires Wed, 01 Mar 1995 00:00:00 GMT
POST H2	200	c geo.yahoo.com/	43 B 602 B	157ms 47ms	Other image/gif	2a00:1288:110:c204::b000 YAHOO-IRD
General Check archive.org Show headers Download Go to Full URL https://geo.yahoo.com/c?s=794200033&t=feRnjQecRqI6pcL2,0.20645098632116898&_I=&_AO=0&_NOL=0&_R=https%3A%2F%2Flogin.aol.com%2F%3Fsrc%3Dmail%26lang%3Den-US%26language%3Den-US&_K=3.53.3%05_pl%031%04A_v%033.53.3%04A_cn%03VERSIONED-PROD%04_bt%03rapid%04A_pr%03https%04A_tzoff%031%04A_sid%03fuu8Z0JVVu1NNd17%04_w%03login.aol.com%2Faccount%2Fchallenge%2Fpassword%3Fsrc%3Dmail%26lang%3Den-US%26language%3Den-US%26display%3Dlogin%04pt%03utility%04ver%03nodejs%04pct%03sign-in%04pg_name%03aol%20Login%20-%20Password%20Challenge%04pstcat%03username-verify%04gm_np%03aol%04p_sec%03login%04p_subsec%03account-challenge-password%04src%03mail%04context%03primary%04_rx%031cduvi4qhoa.1u1p4h87%26v%3D1%04_ts%031582157499%04_ms%03708%04A_sr%031600x1200%04A_vr%031600x1200%04A_do%031%04A_ib%031600x1200%04A_ob%031600x1200%04A_srr%031&_C=mKey%03primary_login_account-challenge-password_launch%04intrctn%03click%04corActn%03click%04sec%03primary_login_account-challenge-password_launch%04_p%030 Requested by Host: s.yimg.com URL: https://s.yimg.com/wm/mbr/js/rapid-3.53.3.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB), Reverse DNS Software ATS / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://onyc.ga/ Origin https://onyc.ga Sec-Fetch-Dest empty User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Thu, 20 Feb 2020 00:11:39 GMT x-content-type-options nosniff server ATS age 0 expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" x-frame-options DENY p3p policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" status 200 cache-control no-cache, no-store, private strict-transport-security max-age=31536000 content-type image/gif content-length 43 x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin
GET H2	200	r-csc.html s.yimg.com/rq/darla/3-23-1/html/ Frame B112	0 0	18ms 17ms	Document text/html	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/rq/darla/3-23-1/html/r-csc.html Requested by Host: onyc.ga URL: https://onyc.ga/AOL/aol/Aol2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority s.yimg.com :scheme https :path /rq/darla/3-23-1/html/r-csc.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-dest iframe accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate referer https://onyc.ga/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest iframe Referer https://onyc.ga/ Response headers status 200 x-amz-id-2 8iguUV6WZAZIM5HUWle34uJrgrhZc/SgAOYXzSNjbwx7yq+QHJdiD4s2iGQv5fFzF/mnGgB/ydQ= x-amz-request-id 838400E52CFD280B date Sun, 16 Feb 2020 15:51:29 GMT last-modified Thu, 06 Feb 2020 18:57:51 GMT etag "1ff9b6e511ccd76562520a75bae161d2-df" x-amz-server-side-encryption AES256 cache-control public,max-age=31536000 accept-ranges bytes content-type text/html; charset=utf-8 server ATS referrer-policy no-referrer-when-downgrade vary Origin, Accept-Encoding age 289211 ats-carp-promotion 1 content-encoding gzip content-length 1160 strict-transport-security max-age=15552000 expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" x-xss-protection 1; mode=block x-content-type-options nosniff
GET H2	200	client.php Show response fc.yahoo.com/sdarla/php/	20 KB 8 KB	212ms 212ms	Script text/javascript	2a00:1288:f03d:1fa::2000 YAHOO-1
General Check archive.org Show headers Download Go to Full URL https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=794200033&ref=https%3A%2F%2Flogin.aol.com%2Faccount%2Fchallenge%2Fpassword Requested by Host: s.yimg.com URL: https://s.yimg.com/wm/mbr/c218993b09c374ea80aefadf3ca80ce7040d4e7f/bundle.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US), Reverse DNS Software ATS / Resource Hash 74d25c9e20115e5ef0700113403a1491c5422c2f9ecaad861868003ec7fe09ed Security Headers Name Value Strict-Transport-Security max-age=15552000 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://onyc.ga/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers date Thu, 20 Feb 2020 00:11:40 GMT content-encoding gzip x-content-type-options nosniff age 1 x-dns-prefetch-control off p3p policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" status 200 strict-transport-security max-age=15552000 content-length 8138 x-xss-protection 1; mode=block referrer-policy no-referrer-when-downgrade server ATS expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" vary Accept-Encoding content-type text/javascript;charset=UTF-8 cache-control private,no-cache,no-store x-robots-tag noindex, noarchive, nosnippet, nofollow

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

l.yimg.com

URL

http://l.yimg.com/rq/darla/3-23-2/js/g-r-min.js

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AOL (Online) Yahoo (Online)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| oldError boolean| isGoodJS object| YUI_config string| COMET_URL object| I13N_config object| darlaConfig object| challenge string| mKeyPrefix object| pwchallenge boolean| isIOSDevice function| mbrSendError object| DARLA object| $sf undefined| $yac boolean| sf_auto_4-20-1-2020 undefined| Y object| _Y object| YAHOO object| rapidInstance object| jsModules boolean| mbrJSLoaded function| checkAssets number| lastApvTime object| DARLA_CONFIG

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.onyc.ga/	1970-01-19 16:14:53	Name: rxx Value: 1cduvi4qhoa.1u1p4h87&v=1
			.onyc.ga/	1970-01-19 08:12:29	Name: __cfduid Value: d7f7aff525323a359f54857285baf45cf1582157498

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fc.yahoo.com
geo.yahoo.com
l.yimg.com
onyc.ga
s.yimg.com
udc.yahoo.com
l.yimg.com
2606:4700:3031::681c:1633
2a00:1288:110:c204::b000
2a00:1288:110:c304::1000
2a00:1288:f03d:1fa::2000
119acd68e288f17e86722a67e341ec74f7f6a377ec8e15b3914245f57caf6fbf
186034da48941b64b5f6b4d8a0176fb86e2ad6adda436b8eeef521b0166d06c5
63aa5c7be4256ebbc23cbc927e91cb71cb6baeb0ab2f5ceb610c1a734c3b9bf8
74d25c9e20115e5ef0700113403a1491c5422c2f9ecaad861868003ec7fe09ed
9112aa453da54732d6fc98529d0eb7f9190e2d6bfd58f0ea91a28a42d52ec008
a8ce16e3e81873ddcc952b5029fdb0d75bd8e7e18df5a8ec098bfb96a9ac9d26
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
beda8529987050b39a783175fffb8a7e7aea1049f14487da7eb388c2ddb2183e
d0ecaea4f4b91a678f16b572dbe3c9dc7212d1437a97a31f84ae74c167d5a4db
d4f9b29df0ca478117964ba5b40b144cf5355dcb032de7086c9167939cdf1893
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec1322f4e6e2509a4448b85a1b820d38b5dd43e0be49c999477d2c0e859993db
ef11018fe5dfd76d08ed24df491abf9165272c10713566df95485236d60daff6
f3e22262b472ee52e51e9f053856daf9a3f7ce59dd66d51f201f1ee7faaf5690
fdd3ae4c011f53dde6d5675dc955530c814f2b8c20e099df1dce51622714cb16