gorgeu-pick.com Open in urlscan Pro
69.49.244.110 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/3CDaUSt
Effective URL:
https://gorgeu-pick.com/tei/tre/
Submission: On November 21 via api (November 21st 2021, 4:11:31 pm UTC) from US — Scanned from DE

Summary HTTP 11 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 11 HTTP transactions. The main IP is 69.49.244.110, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is gorgeu-pick.com.
TLS certificate: Issued by R3 on November 19th 2021. Valid for: 3 months.

This is the only time gorgeu-pick.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.10 67.199.248.10	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
1 2	69.49.244.110 69.49.244.110	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
9	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
11	3

1 67.199.248.10 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.49.244.110 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 69-49-244-110.unifiedlayer.com

gorgeu-pick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1288:80:800::7001 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	yimg.com s.yimg.com	887 KB
2	gorgeu-pick.com 1 redirects gorgeu-pick.com	14 KB
1	aspnetcdn.com ajax.aspnetcdn.com	38 KB
1	bit.ly 1 redirects bit.ly	253 B
11	4

	Domain	Requested by
9	s.yimg.com	gorgeu-pick.com s.yimg.com
2	gorgeu-pick.com	1 redirects
1	ajax.aspnetcdn.com	gorgeu-pick.com
1	bit.ly	1 redirects
11	4

This site contains links to these domains. Also see Links.

Domain
www.yahoo.com
help.yahoo.com

Subject Issuer	Validity	Valid
gorgeu-pick.com R3	`2021-11-19` - `2022-02-17`	3 months	crt.sh
*.api.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-11-08` - `2021-12-29`	2 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2021-08-06` - `2022-08-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://gorgeu-pick.com/tei/tre/
Frame ID: 3B6564B5DE0D71BC6109B9C92BB19D99
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Yahoo

Page URL History Show full URLs

https://bit.ly/3CDaUSt HTTP 301
https://gorgeu-pick.com/tei/tre HTTP 301
https://gorgeu-pick.com/tei/tre/ Page URL

Page Statistics

11
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

939 kB
Transfer

1707 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.yahoo.com/

Search URL Search Domain Scan URL

URL: https://help.yahoo.com/kb/index?locale=en_US&page=product&y=PROD_ACCT
Title: Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/3CDaUSt HTTP 301
https://gorgeu-pick.com/tei/tre HTTP 301
https://gorgeu-pick.com/tei/tre/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
gorgeu-pick.com/tei/tre/
Redirect Chain

https://bit.ly/3CDaUSt
https://gorgeu-pick.com/tei/tre
https://gorgeu-pick.com/tei/tre/

13 KB
14 KB

148ms
148ms

Document
text/html

69.49.244.110
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://gorgeu-pick.com/tei/tre/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.49.244.110 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 69-49-244-110.unifiedlayer.com
Software: Apache /
Resource Hash: baad4db3b7b308cfd67407b3988496972483fd7c3fb07d30b003d15b2d2695e1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Sun, 21 Nov 2021 16:11:26 GMT
Server: Apache
Last-Modified: Tue, 09 Feb 2021 03:37:34 GMT
Accept-Ranges: bytes
Content-Length: 13584
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Date: Sun, 21 Nov 2021 16:11:26 GMT
Server: Apache
Location: https://gorgeu-pick.com/tei/tre/
Content-Length: 240
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 yahoo-main.css
s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/ 451 KB
90 KB 87ms
29ms Stylesheet
text/css 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/yahoo-main.css

Requested by

Host: gorgeu-pick.com
URL: https://gorgeu-pick.com/tei/tre/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e459da7ddb57e6cc620d9527867c860a42bbf9f2024576acf109ceb9d4a08676

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gorgeu-pick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 18 Nov 2021 19:30:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 247261
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
x-amz-request-id: PPM9VEBQYP91A3FE
x-amz-id-2: LRhMZXOmH5TUFBmuPkIc7IsC/vPW8SQ/rEW6INGiU1IbJP739hIHtCEyj2Bc5KQf54aheKgZJh8=
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 23 Jan 2021 00:22:18 GMT
server: ATS
etag: "093dc3f0557cf1b76e3f73711b6d36e6-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: text/css
x-xss-protection: 1; mode=block
cache-control: public,max-age=315360000
accept-ranges: bytes

GET
H2 200 yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
s.yimg.com/rz/p/ 1 KB
2 KB 84ms
26ms Image
image/png 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png

Requested by

Host: gorgeu-pick.com
URL: https://gorgeu-pick.com/tei/tre/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gorgeu-pick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Sun, 21 Nov 2021 12:32:03 GMT
x-content-type-options: nosniff
age: 13164
x-amz-server-side-encryption: AES256
vary: Origin
content-length: 1346
x-amz-id-2: T8By36YIn+msjHGWUI5A8sZgR/E4YM5zm3N6Luk0dAHyf9qSomGQgIz9n6CT2sxtWizUZHpKkaw=
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 30 Aug 2021 21:31:48 GMT
server: ATS
etag: "cd166981c96c6d0f4b5a7d798c25878e"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: GXB1F5DV1N99HE7Z
x-xss-protection: 1; mode=block
cache-control: public,max-age=86400
accept-ranges: bytes
content-type: image/png
expires: Tue, 31 Aug 2021 23:00:00 GMT

GET
H2 200 yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png
s.yimg.com/rz/p/ 1 KB
2 KB 83ms
26ms Image
image/png 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage_2x.png

Requested by

Host: gorgeu-pick.com
URL: https://gorgeu-pick.com/tei/tre/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gorgeu-pick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Sat, 20 Nov 2021 23:13:15 GMT
x-content-type-options: nosniff
age: 61092
x-amz-server-side-encryption: AES256
vary: Origin
content-length: 1391
x-amz-id-2: MvHw4DITElJtwy34LZHbzKxjofI7JcPFxALMhbR93k42O+LVsfR3vBUcmUmfe4K+Qd6BCLITsM4=
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 30 Aug 2021 21:31:48 GMT
server: ATS
etag: "dd31f56b9e4dff40eb87447c3dc55b84"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 33Y3HCMQGBPX8FH4
x-xss-protection: 1; mode=block
cache-control: public,max-age=86400
accept-ranges: bytes
content-type: image/png
expires: Tue, 31 Aug 2021 23:00:00 GMT

GET
H2 200 rapid-3.53.17.js Show response
s.yimg.com/wm/mbr/js/ 48 KB
17 KB 87ms
30ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wm/mbr/js/rapid-3.53.17.js

Requested by

Host: gorgeu-pick.com
URL: https://gorgeu-pick.com/tei/tre/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

35bd38d45eaf99465a72bb4e02be6c310bba85ccba2660161f410343789a9b0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gorgeu-pick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 09 Nov 2021 22:12:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1015155
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
x-amz-request-id: WWX77GCJ0B1JSRSR
x-amz-id-2: aPhfWs97WpqZhGdhhgHotLtlI7kxXQcr7HtWGVr0nj3svZK2bawGZFdbM8x0maw7K1Cc62BLlMc=
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 23 Mar 2020 16:50:56 GMT
server: ATS
etag: "a554692f884a1b33a1bdc7eebb3a7f98-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public,max-age=315360000
accept-ranges: bytes

GET
H2 200 bundle.js Show response
s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/ 162 KB
44 KB 88ms
31ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/bundle.js

Requested by

Host: gorgeu-pick.com
URL: https://gorgeu-pick.com/tei/tre/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e2845ba9c53e852e1356f922a8594bc743eeb2c81f96e7af975092f615dfb260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gorgeu-pick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 19:43:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 505667
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
x-amz-request-id: 83K81A2ANKRWR2C7
x-amz-id-2: WLY9e4b/RL3Ctwj4jdG1hmBveh0kSZbFDUJ+My1ZNux3m3iv0+4Ssp9R2YoTS+rlG70bS4ptf0c=
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 23 Jan 2021 00:22:18 GMT
server: ATS
etag: "98307ae0400c1a40e162750b282163ad-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public,max-age=315360000
accept-ranges: bytes

GET
H2 200 jquery-3.3.1.min.js Show response
ajax.aspnetcdn.com/ajax/jQuery/ 85 KB
38 KB 34ms
9ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

Requested by

Host: gorgeu-pick.com
URL: https://gorgeu-pick.com/tei/tre/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8E87) /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gorgeu-pick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Sun, 21 Nov 2021 16:11:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4892238
x-cache: HIT
content-length: 38892
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (frc/8E87)
etag: "af301a17b793d31:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 Yahoo_Sans-Regular.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ 28 KB
29 KB 67ms
25ms Font
font/woff2 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/yahoo-main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/yahoo-main.css
Origin: https://gorgeu-pick.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 18 Nov 2021 06:32:44 GMT
x-amz-meta-created-date: Tue, 03 Oct 2017 06:22:51 GMT
age: 293924
x-amz-server-side-encryption: AES256
x-amz-meta-x-ysws-mbst-vtime: 1507011771545398
strict-transport-security: max-age=15552000
x-amz-request-id: 07XCBSGDYP80CG8M
x-amz-id-2: S7IXlOcuEGILSvZAJKlHgbTvkabUVlI+QiG4LQTAc0bXLUBjspDOLNiFMNW4pjXKx/6scfRxudQ=
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Apr 2018 19:06:41 GMT
server: ATS
etag: "a99b283070afc519f4816e4300c515d2"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin
content-type: font/woff2
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000,public
content-length: 28860
x-amz-meta-x-ysws-access: public
x-amz-meta-mbst-etag: "YM:1:cb5e4811-e042-455c-b2b2-f984d5f70e0200055a9e8550b736"
x-content-type-options: nosniff
expires: Sat, 05 Sep 2026 00:00:00 GMT

GET
H2 200 hide-v0.0.1.svg
s.yimg.com/wm/mbr/images/ 860 KB
646 KB 22ms
22ms Image
image/svg+xml 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.yimg.com/wm/mbr/images/hide-v0.0.1.svg

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/yahoo-main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

119acd68e288f17e86722a67e341ec74f7f6a377ec8e15b3914245f57caf6fbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/yahoo-main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Wed, 10 Nov 2021 12:24:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 964043
x-amz-server-side-encryption: AES256
vary: Origin, Accept-Encoding
content-length: 660584
x-amz-id-2: x9Oz8JRXGxbRzlyBTh8iCMZ6sVaMHRSOnu+jmIUJr61wh4c9ysfpFUlHaQzv9Gr0/UDFJ2OSQow=
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 16 Jul 2019 23:13:44 GMT
server: ATS
etag: "6bd15a1456d985027ba5ca91528e4b1e-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
x-amz-request-id: 30P6770XQRCK1ZRX
x-xss-protection: 1; mode=block
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/svg+xml

GET
H2 200 Yahoo_Sans-Medium.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ 29 KB
29 KB 58ms
50ms Font
font/woff2 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/yahoo-main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/yahoo-main.css
Origin: https://gorgeu-pick.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Sat, 06 Nov 2021 03:16:53 GMT
x-amz-meta-created-date: Tue, 03 Oct 2017 06:22:52 GMT
age: 1342476
x-amz-server-side-encryption: AES256
x-amz-meta-x-ysws-mbst-vtime: 1507011772247755
strict-transport-security: max-age=15552000
x-amz-request-id: 28YQT8RKM41SS36P
x-amz-id-2: J4NS/ie/Q7m8llkd0YYFufstGE+KsXmI2bPgLiq2wuCTbZ1KFAzF5f/StodWHlp8GRLlFEwnu6A=
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Apr 2018 16:25:50 GMT
server: ATS
etag: "7c7c02dcee2bf1c2528db6092d4ad1fa"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin
content-type: font/woff2
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000,public
content-length: 29228
x-amz-meta-x-ysws-access: public
x-amz-meta-mbst-etag: "YM:1:1bb49599-26ac-442e-b6b8-f4e40f067ea500055a9e855b6ecb"
x-content-type-options: nosniff
expires: Sat, 05 Sep 2026 00:00:00 GMT

GET
H2 200 Yahoo_Sans-ExtraBold.woff2
s.yimg.com/cv/ae/sports/fonts/2017/ 28 KB
28 KB 55ms
55ms Font
font/woff2 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-ExtraBold.woff2

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/yahoo-main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b229d1d0e49226f929a219c007a701c2c2646ef75c215e427a28e36466ab1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://s.yimg.com/wm/mbr/5559811e4fa050d74c5c521311eebe120b64bbc4/yahoo-main.css
Origin: https://gorgeu-pick.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

ats-carp-promotion: 1
date: Sat, 16 Oct 2021 22:13:28 GMT
x-amz-meta-created-date: Tue, 03 Oct 2017 06:22:51 GMT
age: 3088681
x-amz-server-side-encryption: AES256
x-amz-meta-x-ysws-mbst-vtime: 1507011771924800
strict-transport-security: max-age=15552000
x-amz-request-id: 8HE8GP4BH0W3XFJJ
x-amz-id-2: Rb0KV+Wu65FuVkz2RMnyBV07c8w6DG0SymL4Q52YPdIfgClAglWkEY/tppLYH6wZynZpic/Ufu0=
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 19 Apr 2018 19:01:13 GMT
server: ATS
etag: "632a74de7778e84fd6e92f2f6c49f1c3"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin
content-type: font/woff2
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000,public
content-length: 28808
x-amz-meta-x-ysws-access: public
x-amz-meta-mbst-etag: "YM:1:1ccdd2c4-6102-4773-912a-83dcdcf0e3cd00055a9e85568140"
x-content-type-options: nosniff
expires: Sat, 05 Sep 2026 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Yahoo (Online)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bit.ly/	1970-01-20 03:11:03	Name: _bit Value: lalgbq-69b169d7e9c3178b94-00T

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
bit.ly
gorgeu-pick.com
s.yimg.com
152.199.19.160
2a00:1288:80:800::7001
67.199.248.10
69.49.244.110
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338
119acd68e288f17e86722a67e341ec74f7f6a377ec8e15b3914245f57caf6fbf
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
35bd38d45eaf99465a72bb4e02be6c310bba85ccba2660161f410343789a9b0e
4f47ef8ff3dad2a78360ab207cf35ff2905622511c0426109f6e225052cf5637
baad4db3b7b308cfd67407b3988496972483fd7c3fb07d30b003d15b2d2695e1
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4
e2845ba9c53e852e1356f922a8594bc743eeb2c81f96e7af975092f615dfb260
e3b229d1d0e49226f929a219c007a701c2c2646ef75c215e427a28e36466ab1b
e459da7ddb57e6cc620d9527867c860a42bbf9f2024576acf109ceb9d4a08676
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560

gorgeu-pick.com Open in urlscan Pro 69.49.244.110 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

939 kBTransfer

1707 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

1 Cookies

Indicators

gorgeu-pick.com Open in urlscan Pro
69.49.244.110 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

939 kB
Transfer

1707 kB
Size

1
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!