www.yahoo.connection-account.tk Open in urlscan Pro
2a00:b6e0:1:20:9::1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.yahoo.connection-account.tk/
Effective URL:
https://www.yahoo.connection-account.tk/login.html
Submission: On February 09 via automatic, source certstream-suspicious (February 9th 2022, 4:51:42 pm UTC) — Scanned from FR

Summary HTTP 9 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 9 HTTP transactions. The main IP is 2a00:b6e0:1:20:9::1, located in France and belongs to ALWAYSDATA, FR. The main domain is www.yahoo.connection-account.tk.
TLS certificate: Issued by R3 on February 9th 2022. Valid for: 3 months.

This is the only time www.yahoo.connection-account.tk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 3	2a00:b6e0:1:2... 2a00:b6e0:1:20:9::1	60362 (ALWAYSDATA) (ALWAYSDATA)
6	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
1 2	108.157.4.121 108.157.4.121	16509 (AMAZON-02) (AMAZON-02)
9	4

3 2a00:b6e0:1:20:9::1 (France) 1 redirects

ASN60362 (ALWAYSDATA, FR)

www.yahoo.connection-account.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

fc.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.157.4.121 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-121.dus51.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	yahoo.com fc.yahoo.com — Cisco Umbrella Rank: 1441	19 KB
3	connection-account.tk 1 redirects www.yahoo.connection-account.tk	36 KB
2	yimg.com s.yimg.com — Cisco Umbrella Rank: 372	90 KB
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 129	771 B
9	4

	Domain	Requested by
4	fc.yahoo.com	www.yahoo.connection-account.tk
3	www.yahoo.connection-account.tk	1 redirects www.yahoo.connection-account.tk
2	s.yimg.com	fc.yahoo.com s.yimg.com
2	sb.scorecardresearch.com	1 redirects www.yahoo.connection-account.tk
9	4

This site contains links to these domains. Also see Links.

Domain
www.yahoo.com
help.yahoo.com
login.yahoo.com
info.yahoo.com

Subject Issuer	Validity	Valid
www.yahoo.connection-account.tk R3	`2022-02-09` - `2022-05-10`	3 months	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-02-07` - `2022-03-30`	2 months	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-31` - `2022-03-23`	2 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.yahoo.connection-account.tk/login.html
Frame ID: F8828AD3ED6ABF21C401B4FB429A47C0
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Yahoo - login

Page URL History Show full URLs

https://www.yahoo.connection-account.tk/ HTTP 302
https://www.yahoo.connection-account.tk/login.html Page URL

Page Statistics

9
Requests

89 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

146 kB
Transfer

383 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.yahoo.com/

Search URL Search Domain Scan URL

URL: https://help.yahoo.com/kb/index?locale=en_US&page=product&y=PROD_ACCT
Title: Help

Search URL Search Domain Scan URL

URL: https://login.yahoo.com/forgot?done=https%3A%2F%2Fmail.yahoo.com%2F%3Fguccounter%3D1
Title: Trouble signing in?

Search URL Search Domain Scan URL

URL: https://login.yahoo.com/account/create?done=https%3A%2F%2Fmail.yahoo.com%2F%3Fguccounter%3D1&specId=yidReg
Title: Sign up

Search URL Search Domain Scan URL

URL: https://info.yahoo.com/legal/us/yahoo/terms/en-us
Title: Terms

Search URL Search Domain Scan URL

URL: https://info.yahoo.com/privacy/us/yahoo
Title: Privacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.yahoo.connection-account.tk/ HTTP 302
https://www.yahoo.connection-account.tk/login.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=150002529&ns_c=UTF-8&ns__t=1524568238416&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1 HTTP 302
https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=150002529&ns_c=UTF-8&ns__t=1524568238416&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1

9 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.html Show response
www.yahoo.connection-account.tk/
Redirect Chain

https://www.yahoo.connection-account.tk/
https://www.yahoo.connection-account.tk/login.html

130 KB
33 KB

22ms
22ms

Document
text/html

2a00:b6e0:1:20:9::1
ALWAYSDATA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yahoo.connection-account.tk/login.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:b6e0:1:20:9::1 , France, ASN60362 (ALWAYSDATA, FR),
Reverse DNS
Software: Apache /
Resource Hash: 80f36fa0ff351044c2c4e8d0e107d198295960d4da06ee89092c0c1758a5decf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: fr-FR,fr;q=0.9

Response headers

date: Wed, 09 Feb 2022 16:51:37 GMT
server: Apache
last-modified: Wed, 09 Feb 2022 16:37:23 GMT
etag: "207a6-5d79872c23c67-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-type: text/html
via: 2.0 alproxy
content-length: 33446

Redirect headers

date: Wed, 09 Feb 2022 16:51:37 GMT
server: Apache
location: login.html
content-type: text/html; charset=UTF-8
via: 2.0 alproxy
content-length: 0

GET
H2 200 yahoo_en-US_f_p_bestfit_2x.png
www.yahoo.connection-account.tk/ 3 KB
3 KB 105ms
105ms Image
image/png 2a00:b6e0:1:20:9::1
ALWAYSDATA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yahoo.connection-account.tk/yahoo_en-US_f_p_bestfit_2x.png
Requested by: Host: www.yahoo.connection-account.tk
URL: https://www.yahoo.connection-account.tk/login.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a00:b6e0:1:20:9::1 , France, ASN60362 (ALWAYSDATA, FR),
Reverse DNS
Software: Apache /
Resource Hash: 19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://www.yahoo.connection-account.tk/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:51:37 GMT
via: 2.0 alproxy
last-modified: Wed, 09 Feb 2022 16:37:24 GMT
server: Apache
etag: "bfa-5d79872cceab0"
content-type: image/png
accept-ranges: bytes
content-length: 3066

GET
DATA 200
OK truncated
/ 650 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a540d6790659adf104de6f73b3be7526e1729da358976fa63f366e2ca01c58d

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 client.php Show response
fc.yahoo.com/sdarla/php/ 9 KB
5 KB 248ms
174ms Script
text/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150002529&ref=https%3A%2F%2Flogin.yahoo.com%2F

Requested by

Host: www.yahoo.connection-account.tk
URL: https://www.yahoo.connection-account.tk/login.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

7f8f52699dc4388768b70ba861adb7762061b582e5478c897bc4b6d88311e720

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://www.yahoo.connection-account.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:51:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3
x-dns-prefetch-control: off
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
vary: Accept-Encoding
content-length: 4651
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript;charset=UTF-8
cache-control: private,no-cache,no-store
x-robots-tag: noindex, noarchive, nosnippet, nofollow

GET
H2

200

p2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=150002529&ns_c=UTF-8&ns__t=1524568238416&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1
https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=150002529&ns_c=UTF-8&ns__t=1524568238416&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1

64 B
329 B

33ms
33ms

Image
image/gif

108.157.4.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=150002529&ns_c=UTF-8&ns__t=1524568238416&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1
Requested by: Host: www.yahoo.connection-account.tk
URL: https://www.yahoo.connection-account.tk/login.html
Protocol: H2
Server: 108.157.4.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-121.dus51.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://www.yahoo.connection-account.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:51:37 GMT
via: 1.1 268679e7d17267a1a7a03722822fb800.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: t8TPlVKMK4VtGTYZlkDiC0waFTQRWh8js3teiRQb_eNmcmnWrCCCmw==

Redirect headers

date: Wed, 09 Feb 2022 16:51:37 GMT
via: 1.1 268679e7d17267a1a7a03722822fb800.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/p2?c1=2&c2=7241469&c5=150002529&ns_c=UTF-8&ns__t=1524568238416&c7=https%3A%2F%2Flogin.yahoo.com%2F&c14=-1
content-length: 160
x-amz-cf-id: Uwzmls1CaLuYnBObtyyWDBcBDQBkqjDKeFVBzsBTe03WuUdvd0zmdg==

GET
H2 200 boot.js Show response
s.yimg.com/rq/darla/ 7 KB
4 KB 76ms
26ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/darla/boot.js

Requested by

Host: fc.yahoo.com
URL: https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150002529&ref=https%3A%2F%2Flogin.yahoo.com%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

4530d183f6b42ae95bc7b2dafab9f38d1901b5c0e7f58253e35ec8e4215bacea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://www.yahoo.connection-account.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Wed, 09 Feb 2022 02:06:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53083
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 3608
x-amz-id-2: IXOassOxTmAXiifYRWQ/uJz4rRZ29f3/OVlwH065RJmzblgfiV/W312vNRDM24CbVn5uym+H7Lc=
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 05 Jan 2022 19:48:53 GMT
server: ATS
etag: "93d8df54e24138f615918242db0c49a3-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: CMYY0DYVM2NGC64H
x-xss-protection: 1; mode=block
cache-control: public,max-age=86400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H2 200 client.php Show response
fc.yahoo.com/sdarla/php/ 8 KB
4 KB 176ms
176ms Script
text/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150002529&ref=https%3A%2F%2Flogin.yahoo.com%2F

Requested by

Host: www.yahoo.connection-account.tk
URL: https://www.yahoo.connection-account.tk/login.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

2d28367bbd30f0ca96640bc813fefd6ea214977eee421dce162e8f4b465abeae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://www.yahoo.connection-account.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:51:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-dns-prefetch-control: off
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
vary: Accept-Encoding
content-length: 4340
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript;charset=UTF-8
cache-control: private,no-cache,no-store
x-robots-tag: noindex, noarchive, nosnippet, nofollow

GET
H2 200 g-r-min.js Show response
s.yimg.com/rq/darla/4-10-1/js/ 204 KB
86 KB 25ms
25ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/rq/darla/4-10-1/js/g-r-min.js

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/rq/darla/boot.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

8c6a14a96e308f070f495f999af4e39027527d649157fe1a3ffc116870e14697

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://www.yahoo.connection-account.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 10:52:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21535
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 88197
x-amz-id-2: NGb0ow8CpDZvRHhsQGGiT53UF8XxKzXpQYwXN2KsvRIQhZETk1fP8lSz/zQ/PozrNGJdDdqwMoQ=
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 05 Jan 2022 19:48:56 GMT
server: ATS
etag: "f6757e8569fef5f162212b684d6483ea-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: KKHS2VKKR92MX3B7
x-xss-protection: 1; mode=block
cache-control: public,max-age=31536000
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H2 200 client.php Show response
fc.yahoo.com/sdarla/php/ 10 KB
5 KB 172ms
172ms Script
text/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150002529&ref=https%3A%2F%2Flogin.yahoo.com%2F

Requested by

Host: www.yahoo.connection-account.tk
URL: https://www.yahoo.connection-account.tk/login.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

689ed72ecada9de303d108ce842302d91edee1ae172057231565216cc0154298

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://www.yahoo.connection-account.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:51:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-dns-prefetch-control: off
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
vary: Accept-Encoding
content-length: 4798
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript;charset=UTF-8
cache-control: private,no-cache,no-store
x-robots-tag: noindex, noarchive, nosnippet, nofollow

GET
H2 200 client.php Show response
fc.yahoo.com/sdarla/php/ 10 KB
5 KB 181ms
181ms Script
text/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://fc.yahoo.com/sdarla/php/client.php?l=RICH{dest:tgtRICH;asz:flex}&f=150002529&ref=https%3A%2F%2Flogin.yahoo.com%2F

Requested by

Host: www.yahoo.connection-account.tk
URL: https://www.yahoo.connection-account.tk/login.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

82dd3fba915604336f84aa9caddb069e1a9e56721e960dcf4ae0cceda7153ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://www.yahoo.connection-account.tk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 16:51:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-dns-prefetch-control: off
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
vary: Accept-Encoding
content-length: 4993
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/javascript;charset=UTF-8
cache-control: private,no-cache,no-store
x-robots-tag: noindex, noarchive, nosnippet, nofollow

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.scorecardresearch.com/	1970-01-20 10:08:41	Name: UID Value: 1182cf1db7fdc05d089476e1644425497

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fc.yahoo.com
s.yimg.com
sb.scorecardresearch.com
www.yahoo.connection-account.tk
108.157.4.121
2a00:1288:80:800::7001
2a00:b6e0:1:20:9::1
19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208
1a540d6790659adf104de6f73b3be7526e1729da358976fa63f366e2ca01c58d
2d28367bbd30f0ca96640bc813fefd6ea214977eee421dce162e8f4b465abeae
4530d183f6b42ae95bc7b2dafab9f38d1901b5c0e7f58253e35ec8e4215bacea
689ed72ecada9de303d108ce842302d91edee1ae172057231565216cc0154298
7f8f52699dc4388768b70ba861adb7762061b582e5478c897bc4b6d88311e720
80f36fa0ff351044c2c4e8d0e107d198295960d4da06ee89092c0c1758a5decf
82dd3fba915604336f84aa9caddb069e1a9e56721e960dcf4ae0cceda7153ddc
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8c6a14a96e308f070f495f999af4e39027527d649157fe1a3ffc116870e14697

www.yahoo.connection-account.tk Open in urlscan Pro 2a00:b6e0:1:20:9::1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

89 %HTTPS

67 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

146 kBTransfer

383 kBSize

1 Cookies

6 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

1 Cookies

Indicators

www.yahoo.connection-account.tk Open in urlscan Pro
2a00:b6e0:1:20:9::1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

146 kB
Transfer

383 kB
Size

1
Cookies

9 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!