Report - blocktrish.online/click?campid=1035050&cat=Adult+General&click_id=Hj_HGBL1i4G4orx5bVqjjLiLjXC44jBQdtCqtcVLTYl8y89hiH_T-LyqbkdCHv2d13VrhAERIahE31zzHVJKvQglgAoxkAX6_nZkCVszbSQgnard-YY_gUIDRUi&cost=0.25&cr_id=5828923&format=direct&geo=DE&ip=77.22.22.20&key=ad3ed9aab3c107bc5f4f&keyword={keyword}&price_model={price_model}&referrer=https://tapepops.com/v/v9ZDpbWx8ps4Xqa/Nobody.2021.German.720p.BluRay.x264-SHOWEHD.mkv&site

Report Overview

Visited public
2025-06-15 06:24:58
Tags
URL
blocktrish.online/click?campid=1035050&cat=Adult+General&click_id=Hj_HGBL1i4G4orx5bVqjjLiLjXC44jBQdtCqtcVLTYl8y89hiH_T-LyqbkdCHv2d13VrhAERIahE31zzHVJKvQglgAoxkAX6_nZkCVszbSQgnard-YY_gUIDRUi&cost=0.25&cr_id=5828923&format=direct&geo=DE&ip=77.22.22.20&key=ad3ed9aab3c107bc5f4f&keyword={keyword}&price_model={price_model}&referrer=https://tapepops.com/v/v9ZDpbWx8ps4Xqa/Nobody.2021.German.720p.BluRay.x264-SHOWEHD.mkv&site_id=66627
Finishing URL
consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
IP / ASN
15.235.218.141
#16276 OVH SAS
Title
Yahoo er et varemerke fra Yahoo-familien.

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
segarkojiri.top	unknown	2025-04-22	2025-04-23	2025-06-13	1.1 kB	1.1 kB	188.42.247.188
guce.yahoo.com	2064	1995-01-18	2018-03-16	2025-06-13	614 B	92 kB	34.253.129.250
s.yimg.com	375	1997-05-14	2012-05-20	2025-06-12	3.7 kB	476 kB	188.125.94.206
csp.yahoo.com	8923	1995-01-18	2015-01-04	2025-06-13	480 B	208 B	188.125.72.139
blocktrish.online	unknown	2025-05-25	2025-06-05	2025-06-05	896 B	13 kB	15.235.218.141
lz.ignchinos.top	unknown	2025-05-21	2025-05-28	2025-06-07	1.6 kB	15 kB	23.109.170.226
www.yahoo.com	1299	1995-01-18	2012-05-20	2025-06-13	516 B	93 kB	188.125.94.206
aniltramps.top	unknown	2025-05-19	2025-06-06	2025-06-14	3.7 kB	4.1 kB	188.42.108.132
consent.yahoo.com	31016	1995-01-18	2019-02-20	2025-06-14	3.3 kB	95 kB	34.241.157.163
udc.yahoo.com	2454	1995-01-18	2017-01-30	2025-06-13	689 B	594 B	188.125.72.139

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-06-15 06:24:27	medium	23.109.170.226	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-06-15 06:24:27	low	23.109.170.226	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2025-06-15 06:24:27	medium	188.42.247.188	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-06-15 06:24:27	low	188.42.247.188	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2025-06-15 06:24:27	medium	188.42.247.188	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-06-15 06:24:27	low	188.42.247.188	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2025-06-15 06:24:28	medium	188.42.108.132	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-06-15 06:24:28	low	188.42.108.132	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-15	medium	ignchinos.top	Sinkholed
2025-06-14	medium	aniltramps.top	Sinkholed
2025-06-14	medium	segarkojiri.top	Sinkholed
2025-06-15	medium	ignchinos.top	Sinkholed
2025-06-14	medium	segarkojiri.top	Sinkholed
2025-06-14	medium	aniltramps.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	s.yimg.com/ss/rapid-3.53.30.js	ScriptElement	50 kB	2023-03-07	2025-06-23
Pretty URL s.yimg.com/ss/rapid-3.53.30.js IP 188.125.94.206 ASN #10310 YAHOO-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 21:02 Times Seen3059 Hash 665798d28ecf9be7cbc434e75267920d 55864f76f012bb11a354c6bacdcc7769a5ec6fa2 7bc917ebee12bcd521ae88840228032579459c25a3ccf8953d8a2dbe5e085be9 Loading...

	consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f	ScriptElement	140 B	2024-03-02	2025-06-23
Pretty URL consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f IP 34.241.157.163 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-02 20:37 Last Seen2025-06-23 21:02 Times Seen475 Hash cb35f66e60f5a88b6ad45db24cfd4a1e 0d89c03ff758fffdbd48297c905430f46e05640d 39aa0748ee518e97e5a33e72328fcf31efae53dc5eef2e84115861328634ca82 Loading...

	lz.ignchinos.top/i3iiYKp1eWXFuk1ke/VvvEk?param_4=66627&param_5=d176e6n6hrfc73eho5ng	ScriptElement	12 kB	2025-06-15	2025-06-15
Pretty URL lz.ignchinos.top/i3iiYKp1eWXFuk1ke/VvvEk?param_4=66627&param_5=d176e6n6hrfc73eho5ng IP 23.109.170.226 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-15 06:24 Last Seen2025-06-15 06:24 Times Seen1 Hash 2ac76cc3c02bd02112d812a87501db5d 2b2c0ae808db6baab4dbac283d1b444fc9f645d1 7df29fb0379fcfa1c5581b5030448041f5f1c2985ba517149903fb1019f6b211 Loading...

	consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f	ScriptElement	700 B	2025-03-25	2025-06-23
Pretty URL consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f IP 34.241.157.163 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-25 22:58 Last Seen2025-06-23 21:02 Times Seen381 Hash ce8910148f681d52b05edc8fc744b5d5 172f26f8900a4e3bde1252ab00d2c8826ad2996f a1e6aeac162d2dcfc603b227c9327dc0da9df968837f8b18cba20bcc11c6e543 Loading...

	s.yimg.com/oa/build/js/site-28051ae4.js	ScriptElement	96 kB	2025-03-25	2025-06-23
Pretty URL s.yimg.com/oa/build/js/site-28051ae4.js IP 188.125.94.206 ASN #10310 YAHOO-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-25 21:02 Last Seen2025-06-23 21:02 Times Seen415 Hash 32bc72a1b4b7a68aeea196f9fc302a8a 28051ae4932429f08b047a2c7633e937c608a8d7 46fc594091278ec41f55b6ba62463f5b8c745d68a82b1158ec9d9e4152226892 Loading...

HTTP Transactions (24)

URL IP Response Size

GET consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f

34.241.157.163

204 No Content

0 B

URL GET
consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
IP
34.241.157.163:443
ASN
#16509 AMAZON-02

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /beacon?tag=TCF2&step=Layer1-View&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQ7pIP9x
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: guce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Sun, 15 Jun 2025 06:24:29 GMT

POST udc.yahoo.com/v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=1197812781&yhlCT=2&yhlBTMS=1749968669764&yhlClientVer=3.53.30&yhlRnd=GiCXgHT7TA8cskNR&yhlCompressed=0

188.125.72.139

204 No Content

0 B

URL POST
udc.yahoo.com/v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=1197812781&yhlCT=2&yhlBTMS=1749968669764&yhlClientVer=3.53.30&yhlRnd=GiCXgHT7TA8cskNR&yhlCompressed=0
IP
188.125.72.139:443
ASN
#34010 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subjectyahoo.com
Fingerprint6C:23:14:EA:B1:DF:98:60:2A:CF:08:82:7B:57:A5:93:E6:7B:D1:5E
ValidityTue, 06 May 2025 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=1197812781&yhlCT=2&yhlBTMS=1749968669764&yhlClientVer=3.53.30&yhlRnd=GiCXgHT7TA8cskNR&yhlCompressed=0 HTTP/1.1
Host: udc.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1353
Origin: https://consent.yahoo.com
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQ7pIP9x
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
access-control-allow-origin: https://consent.yahoo.com
vary: Origin
access-control-allow-credentials: true
cache-control: no-store, no-cache, private, max-age=0
p3p: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
pragma: no-cache
expires: -1
x-envoy-upstream-service-time: 1
date: Sun, 15 Jun 2025 06:24:29 GMT
server: ATS
age: 0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

GET s.yimg.com/oa/build/images/favicons/yahoo.png

188.125.94.206

200 OK

1.4 kB

URL GET
s.yimg.com/oa/build/images/favicons/yahoo.png
IP
188.125.94.206:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
Size
1.4 kB (1406 bytes)
Hash
b6814ae5582d7953821acbd76e977bb4
75a33fc706c2c6ba233e76c17337e466949f403c
4a491acd00880c407a2b749619003716c87e9c25ac344e5934c13e8f9aa0e8b3

HTTP Headers

GET /oa/build/images/favicons/yahoo.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: SotLrKsav4j25uPB0MbITvB7FYfeUiJIfqU7By2zj0YEHncAsfLeia1xO5G3ZD6Wj2DP+454ByQ=
x-amz-request-id: V6HBKF2WSDQFT5V0
date: Fri, 13 Jun 2025 17:46:20 GMT
last-modified: Thu, 12 Jun 2025 16:09:45 GMT
etag: "b6814ae5582d7953821acbd76e977bb4"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
accept-ranges: bytes
content-type: image/png
content-length: 1406
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 131891
strict-transport-security: max-age=31536000
ats-carp-promotion: 1
X-Firefox-Spdy: h2

GET blocktrish.online/click?campid=1035050&cat=Adult+General&click_id=Hj_HGBL1i4G4orx5bVqjjLiLjXC44jBQdtCqtcVLTYl8y89hiH_T-LyqbkdCHv2d13VrhAERIahE31zzHVJKvQglgAoxkAX6_nZkCVszbSQgnard-YY_gUIDRUi&cost=0.25&cr_id=5828923&format=direct&geo=DE&ip=77.22.22.20&key=ad3ed9aab3c107bc5f4f&keyword={keyword}&price_model={price_model}&referrer=https://tapepops.com/v/v9ZDpbWx8ps4Xqa/Nobody.2021.German.720p.BluRay.x264-SHOWEHD.mkv&site_id=66627

15.235.218.141

307 Temporary Redirect

12 kB

URL User Request GET
blocktrish.online/click?campid=1035050&cat=Adult+General&click_id=Hj_HGBL1i4G4orx5bVqjjLiLjXC44jBQdtCqtcVLTYl8y89hiH_T-LyqbkdCHv2d13VrhAERIahE31zzHVJKvQglgAoxkAX6_nZkCVszbSQgnard-YY_gUIDRUi&cost=0.25&cr_id=5828923&format=direct&geo=DE&ip=77.22.22.20&key=ad3ed9aab3c107bc5f4f&keyword={keyword}&price_model={price_model}&referrer=https://tapepops.com/v/v9ZDpbWx8ps4Xqa/Nobody.2021.German.720p.BluRay.x264-SHOWEHD.mkv&site_id=66627
IP
15.235.218.141:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectblocktrish.online
Fingerprint58:D8:E1:00:0D:5D:A2:30:EB:C7:7C:39:EB:E4:8C:45:CD:DE:AE:22
ValidityMon, 26 May 2025 09:41:19 GMT - Sun, 24 Aug 2025 09:41:18 GMT

File type

Size
12 kB (12092 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?campid=1035050&cat=Adult+General&click_id=Hj_HGBL1i4G4orx5bVqjjLiLjXC44jBQdtCqtcVLTYl8y89hiH_T-LyqbkdCHv2d13VrhAERIahE31zzHVJKvQglgAoxkAX6_nZkCVszbSQgnard-YY_gUIDRUi&cost=0.25&cr_id=5828923&format=direct&geo=DE&ip=77.22.22.20&key=ad3ed9aab3c107bc5f4f&keyword={keyword}&price_model={price_model}&referrer=https://tapepops.com/v/v9ZDpbWx8ps4Xqa/Nobody.2021.German.720p.BluRay.x264-SHOWEHD.mkv&site_id=66627 HTTP/1.1
Host: blocktrish.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Sun, 15 Jun 2025 06:24:26 GMT
location: https://lz.ignchinos.top/i3iiYKp1eWXFuk1ke/VvvEk?param_4=66627&param_5=d176e6n6hrfc73eho5ng
server: Caddy
set-cookie: uclick=yrSLkg8JOtI11eHwPGCYt1sRPQY/8vuZ0TFKB5MJMGg6sMVHuJ6j14702KWglUhlmwiF7ko=; Max-Age=31536000; SameSite=Lax
bcid=d176e6n6hrfc73eho5ng; Max-Age=31536000; SameSite=Lax
x-request-id: 612a3d0c-6af6-4725-a1d3-b62e04141e88
content-length: 0
X-Firefox-Spdy: h2

GET lz.ignchinos.top/favicon.ico

23.109.170.226

200 OK

1.4 kB

URL GET
lz.ignchinos.top/favicon.ico
IP
23.109.170.226:443
ASN
#7979 SERVERS-COM

Requested by
https://lz.ignchinos.top/i3iiYKp1eWXFuk1ke/VvvEk?param_4=66627&param_5=d176e6n6hrfc73eho5ng
Certificate
IssuerZeroSSL
Subjectlz.ignchinos.top
Fingerprint88:B2:AA:D1:09:B2:6C:0E:F7:C6:5D:59:C7:AE:9A:0B:38:38:6E:09
ValidityWed, 21 May 2025 00:00:00 GMT - Tue, 19 Aug 2025 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lz.ignchinos.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lz.ignchinos.top/i3iiYKp1eWXFuk1ke/VvvEk?param_4=66627&param_5=d176e6n6hrfc73eho5ng
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jun 2025 06:24:27 GMT
Content-Type: application/octet-stream
Content-Length: 1406
Last-Modified: Wed, 11 Jun 2025 10:10:48 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "68495628-57e"
Expires: Mon, 16 Jun 2025 06:24:27 GMT
Cache-Control: max-age=86400
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

GET www.yahoo.com/

188.125.94.206

307 Temporary Redirect

92 kB

URL User Request GET
www.yahoo.com/
IP
188.125.94.206:443
ASN
#10310 YAHOO-1

Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type

Size
92 kB (92187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aniltramps.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Sun, 15 Jun 2025 06:24:28 GMT
strict-transport-security: max-age=31536000
server: ATS
cache-control: no-store
content-type: text/html; charset=utf-8
content-language: en
location: https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=Dukg_3E&done=https%3A%2F%2Fwww.yahoo.com%2F
set-cookie: GUCS=AQ7pIP9x; Max-Age=1800; Domain=.yahoo.com; Path=/; Secure
content-security-policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://cdn.taboola.com https://ads.taboola.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
content-length: 0
X-Firefox-Spdy: h2

GET aniltramps.top/favicon.ico

188.42.108.132

200 OK

1.4 kB

URL GET
aniltramps.top/favicon.ico
IP
188.42.108.132:443
ASN
#7979 SERVERS-COM

Requested by
https://aniltramps.top/irgtfIBWRAJggLTodUvXQ/78053/?md=eyJ0dmMiOjAsImEiOjc4MDksInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2x6LmlnbmNoaW5vcy50b3AvaTNpaVlLcDFlV1hGdWsxa2UvVnZ2RWs%2FcGFyYW1fND02NjYyNyZwYXJhbV81PWQxNzZlNm42aHJmYzczZWhvNW5nIiwiaCI6MTA2MSwibCI6ImVuLVVTIiwidCI6MCwieiI6MzUxNCwiayI6NCwidSI6IjY3NTRiZDNhZTUyNDUxYmVmMDAyNjEiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiZ3Y1a2Zlbmp3OGgyYTYxIiwibyI6dHJ1ZSwibSI6MTc0OTk2ODY2Nzg5NCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=ZpGgkhnXPfWaISa8N1ekBfxsgY5FaXkuv01NwoByfaE&param_3=dcpa_orig_122608&param_4=66627&param_5=d176e6n6hrfc73eho5ng
Certificate
IssuerZeroSSL
Subjectaniltramps.top
FingerprintCE:3E:9D:10:F1:30:14:05:AE:E9:D8:57:74:B2:C0:AC:70:6A:FB:65
ValidityMon, 19 May 2025 00:00:00 GMT - Sun, 17 Aug 2025 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: aniltramps.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aniltramps.top/irgtfIBWRAJggLTodUvXQ/78053/?md=eyJ0dmMiOjAsImEiOjc4MDksInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2x6LmlnbmNoaW5vcy50b3AvaTNpaVlLcDFlV1hGdWsxa2UvVnZ2RWs%2FcGFyYW1fND02NjYyNyZwYXJhbV81PWQxNzZlNm42aHJmYzczZWhvNW5nIiwiaCI6MTA2MSwibCI6ImVuLVVTIiwidCI6MCwieiI6MzUxNCwiayI6NCwidSI6IjY3NTRiZDNhZTUyNDUxYmVmMDAyNjEiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiZ3Y1a2Zlbmp3OGgyYTYxIiwibyI6dHJ1ZSwibSI6MTc0OTk2ODY2Nzg5NCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=ZpGgkhnXPfWaISa8N1ekBfxsgY5FaXkuv01NwoByfaE&param_3=dcpa_orig_122608&param_4=66627&param_5=d176e6n6hrfc73eho5ng
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; cvn1=CwaAAAAAAhQBCgAP4Q4GAQM%3D; GL_BC=eJxjYGBgEmEU5EyKNzQwMTAzNRFh5MrwS5dhYwQAKjsDtg%3D%3D; GL_CA_78053=eJxjYGBgEmHkYuB9XyzCJMiYzMYoyFjCleGXLgMAKHoD7A%3D%3D; GL_OC=eJxjYGBgEmEUZM2PNzY1FWHkyvBLl2FjBAAbpwL4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jun 2025 06:24:28 GMT
Content-Type: application/octet-stream
Content-Length: 1406
Last-Modified: Wed, 11 Jun 2025 10:10:46 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "68495626-57e"
Expires: Mon, 16 Jun 2025 06:24:28 GMT
Cache-Control: max-age=86400
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

GET s.yimg.com/oa/build/css/site-ltr-fcbc12bf.css

188.125.94.206

200 OK

239 kB

URL GET
s.yimg.com/oa/build/css/site-ltr-fcbc12bf.css
IP
188.125.94.206:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
ASCII text
Size
239 kB (238658 bytes)
Hash
05296cb1adf8cd0c27b9d7fa693f6838
fcbc12bf695cdb618625119e46a9d3abf55bc490
d92f28f16ef4904afb66cd19da7086b8014bfa504d1b876a57bdfd1ec63e1ace

HTTP Headers

GET /oa/build/css/site-ltr-fcbc12bf.css HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: 210cU0S04ghdQpu6V6Y/IQvLGVegtxFb1VYLzzYc7a9+cbtPt6lO5YraAQ0xwN/LaJQxwO33kLE=
x-amz-request-id: C5GMQS38XWEVF6VG
date: Tue, 13 May 2025 14:12:56 GMT
last-modified: Tue, 13 May 2025 14:00:35 GMT
etag: "719e9b778784d31c295ea2081c36d99a"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
content-encoding: gzip
accept-ranges: bytes
content-type: text/css
content-length: 37669
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 2823094
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

POST csp.yahoo.com/beacon/csp?src=guce

188.125.72.139

204 No Content

0 B

URL POST
csp.yahoo.com/beacon/csp?src=guce
IP
188.125.72.139:443
ASN
#34010 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subjectyahoo.com
Fingerprint6C:23:14:EA:B1:DF:98:60:2A:CF:08:82:7B:57:A5:93:E6:7B:D1:5E
ValidityTue, 06 May 2025 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /beacon/csp?src=guce HTTP/1.1
Host: csp.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 989
Origin: https://consent.yahoo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 15 Jun 2025 06:24:30 GMT
strict-transport-security: max-age=31536000
server: ATS
cache-control: no-store, no-cache, private, max-age=0
expires: -1
X-Firefox-Spdy: h2

OPTIONS segarkojiri.top/cuid/?f=https%3A%2F%2Flz.ignchinos.top

188.42.247.188

200 OK

0 B

URL OPTIONS
segarkojiri.top/cuid/?f=https%3A%2F%2Flz.ignchinos.top
IP
188.42.247.188:443
ASN
#7979 SERVERS-COM

Requested by
https://lz.ignchinos.top/i3iiYKp1eWXFuk1ke/VvvEk?param_4=66627&param_5=d176e6n6hrfc73eho5ng
Certificate
IssuerZeroSSL
Subjectsegarkojiri.top
FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7
ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /cuid/?f=https%3A%2F%2Flz.ignchinos.top HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lz.ignchinos.top/
Origin: https://lz.ignchinos.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jun 2025 06:24:27 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://lz.ignchinos.top
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET guce.yahoo.com/consent?brandType=nonEu&gcrumb=Dukg_3E&done=https%3A%2F%2Fwww.yahoo.com%2F

34.253.129.250

302 Found

92 kB

URL User Request GET
guce.yahoo.com/consent?brandType=nonEu&gcrumb=Dukg_3E&done=https%3A%2F%2Fwww.yahoo.com%2F
IP
34.253.129.250:443
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subjectguce.oath.com
Fingerprint91:86:B9:21:05:5A:48:89:FC:68:9F:6A:05:E4:25:F7:24:08:8D:B7
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type

Size
92 kB (92187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /consent?brandType=nonEu&gcrumb=Dukg_3E&done=https%3A%2F%2Fwww.yahoo.com%2F HTTP/1.1
Host: guce.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aniltramps.top/
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQ7pIP9x
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Connection: keep-alive
Server: guce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Content-Length: 0
Date: Sun, 15 Jun 2025 06:24:28 GMT

GET consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f

34.241.157.163

200 OK

92 kB

URL User Request GET
consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
IP
34.241.157.163:443
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (37625)
Size
92 kB (92187 bytes)
Hash
710b60a37ecca7dbcd51729432cef288
cd5614848389b7c55c9865213733484246f9ac67
beb79ab7bab2fabee963d27f14edc0eade395249828f682965a4ec78f1b4682a

HTTP Headers

GET /v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aniltramps.top/
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQ7pIP9x
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy-Report-Only: default-src 'none'; block-all-mixed-content; connect-src 'self'; frame-ancestors 'none'; img-src 'self' https://s.yimg.com; media-src 'none'; script-src 'self' 'nonce-Y9ht57UpeRAXiqbbKHr8kfUj840mR27Y' https://s.yimg.com; style-src 'self' 'nonce-Y9ht57UpeRAXiqbbKHr8kfUj840mR27Y' https://s.yimg.com; font-src 'self'; object-src 'none'; frame-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=guce
Server: guce
X-XSS-Protection: 1; mode=block
Pragma: no-cache
X-Frame-Options: DENY
Referrer-Policy: strict-origin-when-cross-origin
Date: Sun, 15 Jun 2025 06:24:29 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Type: text/html;charset=UTF-8
Content-Length: 14606

34.241.157.163

204 No Content

0 B

URL GET
consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
IP
34.241.157.163:443
ASN
#16509 AMAZON-02

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /beacon?tag=TCF2&step=Layer1-View&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQ7pIP9x
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: guce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Sun, 15 Jun 2025 06:24:29 GMT

GET consent.yahoo.com/static/images/close.svg

34.241.157.163

200 OK

1.4 kB

URL GET
consent.yahoo.com/static/images/close.svg
IP
34.241.157.163:443
ASN
#16509 AMAZON-02

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1402 bytes)
Hash
04fdad3c9b32cf024d3494c6e0b1f691
e7c0aabd33e695415e7a8c7afea4b94dca273f06
8f0baedf119a144b8b4fe597eb02a91fc47d89284aa6cdcc12097cb109598796

HTTP Headers

GET /static/images/close.svg HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQ7pIP9x
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Server: guce
Accept-Ranges: bytes
Date: Sun, 15 Jun 2025 06:24:29 GMT
Connection: keep-alive
Last-Modified: Thu, 12 Jun 2025 14:35:49 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 703
Content-Type: image/svg+xml

GET lz.ignchinos.top/i3iiYKp1eWXFuk1ke/VvvEk?param_4=66627&param_5=d176e6n6hrfc73eho5ng

23.109.170.226

200 OK

12 kB

URL User Request GET
lz.ignchinos.top/i3iiYKp1eWXFuk1ke/VvvEk?param_4=66627&param_5=d176e6n6hrfc73eho5ng
IP
23.109.170.226:443
ASN
#7979 SERVERS-COM

Certificate
IssuerZeroSSL
Subjectlz.ignchinos.top
Fingerprint88:B2:AA:D1:09:B2:6C:0E:F7:C6:5D:59:C7:AE:9A:0B:38:38:6E:09
ValidityWed, 21 May 2025 00:00:00 GMT - Tue, 19 Aug 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (11829)
Size
12 kB (12092 bytes)
Hash
22a76a8fe6496b9d2f48e76440525027
6660bdb565c5baa6a98615433132a95dd66058d8
92bedc40ecec17ab3d32adb3d8a45c96ef2ea80cc14349da71435ef2212062e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /i3iiYKp1eWXFuk1ke/VvvEk?param_4=66627&param_5=d176e6n6hrfc73eho5ng HTTP/1.1
Host: lz.ignchinos.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jun 2025 06:24:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Mon, 16-Jun-2025 06:24:27 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Mon, 16-Jun-2025 06:24:27 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET s.yimg.com/ss/rapid-3.53.30.js

188.125.94.206

200 OK

50 kB

URL GET
s.yimg.com/ss/rapid-3.53.30.js
IP
188.125.94.206:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
data
Size
50 kB (50266 bytes)
Hash
665798d28ecf9be7cbc434e75267920d
55864f76f012bb11a354c6bacdcc7769a5ec6fa2
7bc917ebee12bcd521ae88840228032579459c25a3ccf8953d8a2dbe5e085be9

HTTP Headers

GET /ss/rapid-3.53.30.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: uGwTUfcThuabPtq8qrgtCmGeRWm2HczIzGHkvPcJMckKX1efRjvZmr2ETAFgPbsTrMSRMCFeq9rgJ7wn7UgCLI9Q31zUknQrkWqtFbuw9N0=
x-amz-request-id: Q3BBTFH2WCGN14DF
date: Tue, 13 May 2025 12:26:32 GMT
last-modified: Tue, 29 Jun 2021 01:45:07 GMT
etag: "665798d28ecf9be7cbc434e75267920d-df"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, immutable
x-amz-version-id: .Bcg25AHAdRCkTvv5tMdNmGVEjznZ_m3
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
content-encoding: gzip
age: 2829478
content-length: 17971
strict-transport-security: max-age=31536000
ats-carp-promotion: 1
X-Firefox-Spdy: h2

GET s.yimg.com/oa/build/images/en-GB-home_f0badd867efa6720.jpeg

188.125.94.206

200 OK

79 kB

URL GET
s.yimg.com/oa/build/images/en-GB-home_f0badd867efa6720.jpeg
IP
188.125.94.206:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1546, components 3
Size
79 kB (79439 bytes)
Hash
9c394eca0dfc6cbf2420b6c3c07d4970
378092debaa0e79af573265a7d0ce2db3ed38a3b
c2b819e2ae41bd6a05129d0b6c38941240576b2236386789ffad3656b186ef29

HTTP Headers

GET /oa/build/images/en-GB-home_f0badd867efa6720.jpeg HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.yimg.com/oa/build/css/site-ltr-fcbc12bf.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: NBJGJj0PKzxsqoq9c6oJaPPoOcN4K7OOe7AVGnPzq4RYWpzM39L1jLokZA4ZQhlbLmeiA0asAfXzGxU0gY5rmKoOa98U3vbj3OGCIgjr4po=
x-amz-request-id: 0H065EPJXHM5F091
date: Sun, 06 Apr 2025 22:44:59 GMT
last-modified: Thu, 03 Apr 2025 21:38:41 GMT
etag: "9c394eca0dfc6cbf2420b6c3c07d4970"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
accept-ranges: bytes
content-type: image/jpeg
content-length: 79439
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 5989172
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

GET s.yimg.com/oa/build/images/help-circle-solid-black_f68609a66d5b78e7.svg

188.125.94.206

200 OK

2.7 kB

URL GET
s.yimg.com/oa/build/images/help-circle-solid-black_f68609a66d5b78e7.svg
IP
188.125.94.206:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2715 bytes)
Hash
5fec39e72a4ed58c02f47c08dcf0ee9b
fb77c65f3087b8cf25cdcda7c76fb22e2d698d2d
9284f7fb38c8d02a4bd0e156987de0ececfb3b7aab4a0a004591fc784f1d01b5

HTTP Headers

GET /oa/build/images/help-circle-solid-black_f68609a66d5b78e7.svg HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.yimg.com/oa/build/css/site-ltr-fcbc12bf.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: otY32d0lH3xtz7PKXafopUKEjNU76kNrNH+CKLE1EAPNFQi0+IWChomyrGrGBvhkFxJ9hWsH4rY=
x-amz-request-id: AZZ7KB1DMF2TGR53
date: Sat, 14 Jun 2025 20:55:10 GMT
last-modified: Thu, 12 Jun 2025 16:09:45 GMT
etag: "db8ae5c3af867c288f5acd55550ff4c9"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
content-encoding: gzip
accept-ranges: bytes
content-type: image/svg+xml
content-length: 1312
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 34160
strict-transport-security: max-age=31536000
ats-carp-promotion: 1
X-Firefox-Spdy: h2

POST consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View-Js&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f

34.241.157.163

204 No Content

0 B

URL POST
consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View-Js&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
IP
34.241.157.163:443
ASN
#16509 AMAZON-02

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /beacon?tag=TCF2&step=Layer1-View-Js&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Origin: https://consent.yahoo.com
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQ7pIP9x
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0

HTTP/1.1 204 No Content
Server: guce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Sun, 15 Jun 2025 06:24:29 GMT

POST segarkojiri.top/cuid/?f=https%3A%2F%2Flz.ignchinos.top

188.42.247.188

200 OK

32 B

URL POST
segarkojiri.top/cuid/?f=https%3A%2F%2Flz.ignchinos.top
IP
188.42.247.188:443
ASN
#7979 SERVERS-COM

Requested by
https://lz.ignchinos.top/i3iiYKp1eWXFuk1ke/VvvEk?param_4=66627&param_5=d176e6n6hrfc73eho5ng
Certificate
IssuerZeroSSL
Subjectsegarkojiri.top
FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7
ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT

File type
JSON text data
Size
32 B (32 bytes)
Hash
a9cab9954e120c9067e2b1961a8c64ed
87559fa919d073db8a73ce5afb283e55d9b02a87
d3ff4f453d966761f98c9e66f85f3fa1fe4b7bf0b4fe94fefd03ff84172be874

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cuid/?f=https%3A%2F%2Flz.ignchinos.top HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lz.ignchinos.top/
Content-Type: application/json
Content-Length: 10
Origin: https://lz.ignchinos.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jun 2025 06:24:27 GMT
Content-Type: application/json
Content-Length: 32
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://lz.ignchinos.top
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: a97fa794a0f9=6754bd3ae52451bef00261; expires=Sun, 27 Oct 2052 10:50:50 GMT; domain=segarkojiri.top; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET aniltramps.top/irgtfIBWRAJggLTodUvXQ/78053/?md=eyJ0dmMiOjAsImEiOjc4MDksInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2x6LmlnbmNoaW5vcy50b3AvaTNpaVlLcDFlV1hGdWsxa2UvVnZ2RWs%2FcGFyYW1fND02NjYyNyZwYXJhbV81PWQxNzZlNm42aHJmYzczZWhvNW5nIiwiaCI6MTA2MSwibCI6ImVuLVVTIiwidCI6MCwieiI6MzUxNCwiayI6NCwidSI6IjY3NTRiZDNhZTUyNDUxYmVmMDAyNjEiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiZ3Y1a2Zlbmp3OGgyYTYxIiwibyI6dHJ1ZSwibSI6MTc0OTk2ODY2Nzg5NCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=ZpGgkhnXPfWaISa8N1ekBfxsgY5FaXkuv01NwoByfaE&param_3=dcpa_orig_122608&param_4=66627&param_5=d176e6n6hrfc73eho5ng

188.42.108.132

200 OK

603 B

URL User Request GET
aniltramps.top/irgtfIBWRAJggLTodUvXQ/78053/?md=eyJ0dmMiOjAsImEiOjc4MDksInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2x6LmlnbmNoaW5vcy50b3AvaTNpaVlLcDFlV1hGdWsxa2UvVnZ2RWs%2FcGFyYW1fND02NjYyNyZwYXJhbV81PWQxNzZlNm42aHJmYzczZWhvNW5nIiwiaCI6MTA2MSwibCI6ImVuLVVTIiwidCI6MCwieiI6MzUxNCwiayI6NCwidSI6IjY3NTRiZDNhZTUyNDUxYmVmMDAyNjEiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiZ3Y1a2Zlbmp3OGgyYTYxIiwibyI6dHJ1ZSwibSI6MTc0OTk2ODY2Nzg5NCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=ZpGgkhnXPfWaISa8N1ekBfxsgY5FaXkuv01NwoByfaE&param_3=dcpa_orig_122608&param_4=66627&param_5=d176e6n6hrfc73eho5ng
IP
188.42.108.132:443
ASN
#7979 SERVERS-COM

Certificate
IssuerZeroSSL
Subjectaniltramps.top
FingerprintCE:3E:9D:10:F1:30:14:05:AE:E9:D8:57:74:B2:C0:AC:70:6A:FB:65
ValidityMon, 19 May 2025 00:00:00 GMT - Sun, 17 Aug 2025 23:59:59 GMT

File type
HTML document, ASCII text
Size
603 B (603 bytes)
Hash
5f8d14e27b9c61ea8d7a02a4a4effa7b
7460935f6c2b6185f549e439e63b13218ebbe6d2
d47d5cd69b7e472468f72f950b0b6257427bd2d5536dc25aaa951d989c6e120d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /irgtfIBWRAJggLTodUvXQ/78053/?md=eyJ0dmMiOjAsImEiOjc4MDksInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2x6LmlnbmNoaW5vcy50b3AvaTNpaVlLcDFlV1hGdWsxa2UvVnZ2RWs%2FcGFyYW1fND02NjYyNyZwYXJhbV81PWQxNzZlNm42aHJmYzczZWhvNW5nIiwiaCI6MTA2MSwibCI6ImVuLVVTIiwidCI6MCwieiI6MzUxNCwiayI6NCwidSI6IjY3NTRiZDNhZTUyNDUxYmVmMDAyNjEiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiZ3Y1a2Zlbmp3OGgyYTYxIiwibyI6dHJ1ZSwibSI6MTc0OTk2ODY2Nzg5NCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=ZpGgkhnXPfWaISa8N1ekBfxsgY5FaXkuv01NwoByfaE&param_3=dcpa_orig_122608&param_4=66627&param_5=d176e6n6hrfc73eho5ng HTTP/1.1
Host: aniltramps.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lz.ignchinos.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 15 Jun 2025 06:24:28 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Mon, 16-Jun-2025 06:24:28 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Mon, 16-Jun-2025 06:24:28 GMT; Max-Age=86400; path=/; secure; SameSite=None
cvn1=CwaAAAAAAhQBCgAP4Q4GAQM%3D; expires=Thu, 14-Aug-2025 06:24:28 GMT; Max-Age=5184000; path=/; secure; SameSite=None
GL_BC=eJxjYGBgEmEU5EyKNzQwMTAzNRFh5MrwS5dhYwQAKjsDtg%3D%3D; expires=Mon, 16-Jun-2025 06:24:28 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_CA_78053=eJxjYGBgEmHkYuB9XyzCJMiYzMYoyFjCleGXLgMAKHoD7A%3D%3D; expires=Mon, 16-Jun-2025 06:24:28 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_OC=eJxjYGBgEmEUZM2PNzY1FWHkyvBLl2FjBAAbpwL4; expires=Mon, 16-Jun-2025 06:24:28 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage.png

188.125.94.206

200 OK

810 B

URL GET
s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage.png
IP
188.125.94.206:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
PNG image data, 120 x 36, 8-bit colormap, non-interlaced
Size
810 B (810 bytes)
Hash
119157c5c80d9db38f0da8098a35b53a
6c65f9bdaf6aad4fdde6c1bde1e509a6f056058b
1b119e32e848339740c549d02aa62d5fd21451d5ce468225922faae86555a68d

HTTP Headers

GET /rz/p/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: 1XM1s8AzDl2/KRWYlPbPFn1mMiqOwKYjcOSi6plZLFBNRjEmOUJ9QlEEcja5B0Oj5vh11ferJCs=
x-amz-request-id: VJ2BHNHBQCPHQP9N
date: Sat, 14 Jun 2025 09:12:41 GMT
last-modified: Fri, 13 Jun 2025 21:31:39 GMT
etag: "119157c5c80d9db38f0da8098a35b53a"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=86400
expires: Sat, 14 Jun 2025 23:00:00 GMT
accept-ranges: bytes
content-type: image/png
content-length: 810
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 76309
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

GET s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage.png

188.125.94.206

200 OK

760 B

URL GET
s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage.png
IP
188.125.94.206:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
PNG image data, 120 x 36, 8-bit colormap, non-interlaced
Size
760 B (760 bytes)
Hash
7e72897bf7bdaecf5fec47f028de6aac
a6d4f7b2b57a751941cc56e3cffbfde4de633576
8a781f94157287ada91708b4baf12712cedf808ce49c58c194fc9873f4fa7a30

HTTP Headers

GET /rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: oDA/9X1oCIu+PYW3pQDC5IewHpESZ/Hm7hVXhxzLc2OP4gjn/3klNa9EpWSU9/8mjoBZAofzXjY=
x-amz-request-id: TNJQTK8492JEHMCJ
date: Sat, 14 Jun 2025 15:56:27 GMT
last-modified: Fri, 13 Jun 2025 21:31:39 GMT
x-amz-server-side-encryption: AES256
cache-control: public,max-age=86400
accept-ranges: bytes
content-type: image/png
content-length: 760
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
etag: "7e72897bf7bdaecf5fec47f028de6aac"
expires: Sat, 14 Jun 2025 23:00:00 GMT
age: 52083
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

GET s.yimg.com/oa/build/js/site-28051ae4.js

188.125.94.206

200 OK

96 kB

URL GET
s.yimg.com/oa/build/js/site-28051ae4.js
IP
188.125.94.206:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_02e7a175-ebc9-470e-a879-fd771f8ec93f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (497)
Size
96 kB (96511 bytes)
Hash
32bc72a1b4b7a68aeea196f9fc302a8a
28051ae4932429f08b047a2c7633e937c608a8d7
46fc594091278ec41f55b6ba62463f5b8c745d68a82b1158ec9d9e4152226892

HTTP Headers

GET /oa/build/js/site-28051ae4.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: NotjTdH9T4KAGaJ+X1JqJlV0A2Oz1ysDogjbdy+lWHoF541zyJjyeipKrMvHusjro/XGxT3LzZI=
x-amz-request-id: 8Q7PKTBAQ4FJDPK8
date: Fri, 25 Apr 2025 09:27:25 GMT
last-modified: Tue, 22 Apr 2025 16:37:40 GMT
etag: "a70f3f11e7644e6bd57785220f352865"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
content-encoding: gzip
accept-ranges: bytes
content-type: application/javascript
content-length: 17843
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 4395425
strict-transport-security: max-age=31536000
ats-carp-promotion: 1
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (24)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL POST

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type