Report - top.dealseatzone.com/2JRNK2B/5LBNZDF/?sub1=9DkS8oCJptxJjQpziBRB7L&source_id=https://javgg.net/jav/sone-563-aaa8/&sub2=Traforama&sub3=538

Report Overview

Visited public
2025-06-20 19:40:20
Tags
Submit Tags
URL
top.dealseatzone.com/2JRNK2B/5LBNZDF/?sub1=9DkS8oCJptxJjQpziBRB7L&source_id=https://javgg.net/jav/sone-563-aaa8/&sub2=Traforama&sub3=538
Finishing URL
consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
IP / ASN
54.196.173.211
#14618 AMAZON-AES
Title
Yahoo er et varemerke fra Yahoo-familien.

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
s.yimg.com	375	1997-05-14	2012-05-20	2025-06-19	3.7 kB	476 kB	188.125.94.204
top.dealseatzone.com	unknown	2025-03-20	2025-04-25	2025-06-14	1.3 kB	26 kB	54.196.173.211
udc.yahoo.com	2454	1995-01-18	2017-01-30	2025-06-20	689 B	594 B	188.125.72.139
guce.yahoo.com	2064	1995-01-18	2018-03-16	2025-06-20	617 B	92 kB	52.51.221.171
flowtraf.com	unknown	2025-05-12	2025-05-25	2025-06-15	561 B	13 kB	3.70.16.242
csp.yahoo.com	8923	1995-01-18	2015-01-04	2025-06-20	480 B	208 B	188.125.72.139
www.yahoo.com	1299	1995-01-18	2012-05-20	2025-06-20	519 B	93 kB	188.125.94.204
segarkojiri.top	unknown	2025-04-22	2025-04-23	2025-06-20	1.1 kB	1.1 kB	94.242.236.140
fd.fabricforrel.com	unknown	2025-05-08	2025-06-02	2025-06-14	1.6 kB	15 kB	23.109.170.59
consent.yahoo.com	31016	1995-01-18	2019-02-20	2025-06-14	2.6 kB	95 kB	52.51.221.171
hansetaboret.shop	unknown	2025-05-19	2025-06-15	2025-06-15	3.7 kB	4.5 kB	172.255.99.92

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-06-20 19:39:49	medium	94.242.236.140	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-06-20 19:39:49	low	94.242.236.140	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2025-06-20 19:39:49	medium	94.242.236.140	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-06-20 19:39:49	low	94.242.236.140	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-20	medium	segarkojiri.top	Sinkholed
2025-06-20	medium	fabricforrel.com	Sinkholed
2025-06-20	medium	segarkojiri.top	Sinkholed
2025-06-20	medium	fabricforrel.com	Sinkholed
2025-06-20	medium	hansetaboret.shop	Sinkholed
2025-06-20	medium	hansetaboret.shop	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	fd.fabricforrel.com/iMMUS26lc99/GWJEl?param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS	ScriptElement	12 kB	2025-06-20	2025-06-20
Pretty URL fd.fabricforrel.com/iMMUS26lc99/GWJEl?param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS IP 23.109.170.59 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-20 19:40 Last Seen2025-06-20 19:40 Times Seen1 Hash 1425fca9df94cbd6d2d6bc285f0fe0d2 f939cb1920059a30004a073a6129cff84b1c6227 1e62471be482c18b09ced5b3b5cbf08c65cf3c085c05fc1be5df40d6d6c6b2eb Loading...

	consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810	ScriptElement	140 B	2024-03-02	2025-07-16
Pretty URL consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810 IP 52.51.221.171 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-02 20:37 Last Seen2025-07-16 07:03 Times Seen772 Hash cb35f66e60f5a88b6ad45db24cfd4a1e 0d89c03ff758fffdbd48297c905430f46e05640d 39aa0748ee518e97e5a33e72328fcf31efae53dc5eef2e84115861328634ca82 Loading...

	s.yimg.com/ss/rapid-3.53.30.js	ScriptElement	50 kB	2023-03-07	2025-07-16
Pretty URL s.yimg.com/ss/rapid-3.53.30.js IP 188.125.94.204 ASN #10310 YAHOO-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-16 07:03 Times Seen3356 Hash 665798d28ecf9be7cbc434e75267920d 55864f76f012bb11a354c6bacdcc7769a5ec6fa2 7bc917ebee12bcd521ae88840228032579459c25a3ccf8953d8a2dbe5e085be9 Loading...

	consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810	ScriptElement	700 B	2025-03-25	2025-07-16
Pretty URL consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810 IP 52.51.221.171 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-25 22:58 Last Seen2025-07-16 07:03 Times Seen659 Hash ce8910148f681d52b05edc8fc744b5d5 172f26f8900a4e3bde1252ab00d2c8826ad2996f a1e6aeac162d2dcfc603b227c9327dc0da9df968837f8b18cba20bcc11c6e543 Loading...

	s.yimg.com/oa/build/js/site-28051ae4.js	ScriptElement	96 kB	2025-03-25	2025-07-16
Pretty URL s.yimg.com/oa/build/js/site-28051ae4.js IP 188.125.94.204 ASN #10310 YAHOO-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-25 21:02 Last Seen2025-07-16 07:03 Times Seen713 Hash 32bc72a1b4b7a68aeea196f9fc302a8a 28051ae4932429f08b047a2c7633e937c608a8d7 46fc594091278ec41f55b6ba62463f5b8c745d68a82b1158ec9d9e4152226892 Loading...

HTTP Transactions (25)

URL IP Response Size

GET s.yimg.com/oa/build/images/help-circle-solid-black_f68609a66d5b78e7.svg

188.125.94.204

200 OK

2.7 kB

URL GET
s.yimg.com/oa/build/images/help-circle-solid-black_f68609a66d5b78e7.svg
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2715 bytes)
Hash
5fec39e72a4ed58c02f47c08dcf0ee9b
fb77c65f3087b8cf25cdcda7c76fb22e2d698d2d
9284f7fb38c8d02a4bd0e156987de0ececfb3b7aab4a0a004591fc784f1d01b5

HTTP Headers

GET /oa/build/images/help-circle-solid-black_f68609a66d5b78e7.svg HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.yimg.com/oa/build/css/site-ltr-fcbc12bf.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: WSPOonUa8FH5n2Lbzcx2nJaIc9cLyL02QKPz5ShrVl7wTflP4VbvQIXRTStjTfrkW2olev7Hmr8=
x-amz-request-id: 9AJ9WD0VY6CSK6PB
date: Fri, 20 Jun 2025 09:50:38 GMT
last-modified: Wed, 18 Jun 2025 14:25:18 GMT
etag: "db8ae5c3af867c288f5acd55550ff4c9"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
content-encoding: gzip
accept-ranges: bytes
content-type: image/svg+xml
content-length: 1312
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 35355
strict-transport-security: max-age=31536000
ats-carp-promotion: 1
X-Firefox-Spdy: h2

GET top.dealseatzone.com/2JRNK2B/69N9HF7/?__rpt=0&__po=2608&__ptid=f53b89c7444d49719b9a66809a6ecec9&__rpa=0&__rc=1&sub1=9DkS8oCJptxJjQpziBRB7L&sub2=Traforama&sub3=538&sub4=&sub5=&source_id=https%3A%2F%2Fjavgg.net%2Fjav%2Fsone-563-aaa8%2F&__pcd=9

54.196.173.211

302 Found

12 kB

URL User Request GET
top.dealseatzone.com/2JRNK2B/69N9HF7/?__rpt=0&__po=2608&__ptid=f53b89c7444d49719b9a66809a6ecec9&__rpa=0&__rc=1&sub1=9DkS8oCJptxJjQpziBRB7L&sub2=Traforama&sub3=538&sub4=&sub5=&source_id=https%3A%2F%2Fjavgg.net%2Fjav%2Fsone-563-aaa8%2F&__pcd=9
IP
54.196.173.211:443
ASN
#14618 AMAZON-AES

Certificate
IssuerLet's Encrypt
Subjecttop.dealseatzone.com
FingerprintF3:46:E6:3F:81:24:35:AF:90:1F:F3:71:D1:86:F1:B4:43:AD:93:A2
ValidityThu, 12 Jun 2025 05:41:36 GMT - Wed, 10 Sep 2025 05:41:35 GMT

File type

Size
12 kB (12097 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2JRNK2B/69N9HF7/?__rpt=0&__po=2608&__ptid=f53b89c7444d49719b9a66809a6ecec9&__rpa=0&__rc=1&sub1=9DkS8oCJptxJjQpziBRB7L&sub2=Traforama&sub3=538&sub4=&sub5=&source_id=https%3A%2F%2Fjavgg.net%2Fjav%2Fsone-563-aaa8%2F&__pcd=9 HTTP/1.1
Host: top.dealseatzone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
server: nginx
date: Fri, 20 Jun 2025 19:39:48 GMT
content-type: text/html; charset=utf-8
content-length: 124
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
location: https://flowtraf.com/go/13115f60-7b2c-4bcc-ad16-3af344495c8e?clickid=5b39c79aee434391a29eea56da5fea90
set-cookie: uniqueClick_69N9HF7=791e2084-b782-4f19-8a63-dbfccc6c4359:1750448388; Path=/; Expires=Sat, 21 Jun 2025 19:39:48 GMT; SameSite=None
transaction_id=5b39c79aee434391a29eea56da5fea90; Path=/; Expires=Thu, 18 Sep 2025 19:39:48 GMT; SameSite=None
vary: Origin
x-eflow-request-id: 34471a54-8050-45a2-b563-b1c3be1528ca

GET s.yimg.com/oa/build/js/site-28051ae4.js

188.125.94.204

200 OK

96 kB

URL GET
s.yimg.com/oa/build/js/site-28051ae4.js
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (497)
Size
96 kB (96511 bytes)
Hash
32bc72a1b4b7a68aeea196f9fc302a8a
28051ae4932429f08b047a2c7633e937c608a8d7
46fc594091278ec41f55b6ba62463f5b8c745d68a82b1158ec9d9e4152226892

HTTP Headers

GET /oa/build/js/site-28051ae4.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: rpZD8hSYKTLhhfLiwHx7HocZBvdZavB2r2AgDCP+ZE73BCTTFmxs3RiQJlgf0AubervEq8/HFQs=
x-amz-request-id: AG203HNGRPTMSP2X
date: Wed, 11 Jun 2025 10:22:33 GMT
last-modified: Tue, 10 Jun 2025 09:15:55 GMT
etag: "a70f3f11e7644e6bd57785220f352865"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
content-encoding: gzip
accept-ranges: bytes
content-type: application/javascript
content-length: 17843
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 811039
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

GET s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage.png

188.125.94.204

200 OK

810 B

URL GET
s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage.png
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
PNG image data, 120 x 36, 8-bit colormap, non-interlaced
Size
810 B (810 bytes)
Hash
119157c5c80d9db38f0da8098a35b53a
6c65f9bdaf6aad4fdde6c1bde1e509a6f056058b
1b119e32e848339740c549d02aa62d5fd21451d5ce468225922faae86555a68d

HTTP Headers

GET /rz/p/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: 8yGFZLuou6SM3jQGnlf8PCYe1AxZ0yapWy8wDs2iBNvu2JpkrpGVoxBPPnoBeIz8xsSMfz5XbDw=
x-amz-request-id: K8XCRR33J7NDN9T7
date: Thu, 19 Jun 2025 21:33:06 GMT
last-modified: Thu, 19 Jun 2025 21:30:22 GMT
x-amz-server-side-encryption: AES256
cache-control: public,max-age=86400
accept-ranges: bytes
content-type: image/png
content-length: 810
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
etag: "119157c5c80d9db38f0da8098a35b53a"
expires: Fri, 20 Jun 2025 23:00:00 GMT
age: 79606
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

GET s.yimg.com/oa/build/images/favicons/yahoo.png

188.125.94.204

200 OK

1.4 kB

URL GET
s.yimg.com/oa/build/images/favicons/yahoo.png
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
Size
1.4 kB (1406 bytes)
Hash
b6814ae5582d7953821acbd76e977bb4
75a33fc706c2c6ba233e76c17337e466949f403c
4a491acd00880c407a2b749619003716c87e9c25ac344e5934c13e8f9aa0e8b3

HTTP Headers

GET /oa/build/images/favicons/yahoo.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: IrU1RBse7JdFfqrHNzpJpe8Mi/Ftu2jgTuKkiRfugGBg4u0xPkbCY715r7E/hi/cs0mAO/D+UBW24Wht1jZOd9nGr6+MxJnDjzsZNnn+xyE=
x-amz-request-id: TV6143QSNDPBQ16K
date: Thu, 19 Jun 2025 19:56:33 GMT
last-modified: Wed, 18 Jun 2025 14:25:18 GMT
etag: "b6814ae5582d7953821acbd76e977bb4"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
accept-ranges: bytes
content-type: image/png
content-length: 1406
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 85400
strict-transport-security: max-age=31536000
ats-carp-promotion: 1
X-Firefox-Spdy: h2

OPTIONS segarkojiri.top/cuid/?f=https%3A%2F%2Ffd.fabricforrel.com

94.242.236.140

200 OK

0 B

URL OPTIONS
segarkojiri.top/cuid/?f=https%3A%2F%2Ffd.fabricforrel.com
IP
94.242.236.140:443
ASN
#7979 SERVERS-COM

Requested by
https://fd.fabricforrel.com/iMMUS26lc99/GWJEl?param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS
Certificate
IssuerZeroSSL
Subjectsegarkojiri.top
FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7
ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /cuid/?f=https%3A%2F%2Ffd.fabricforrel.com HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://fd.fabricforrel.com/
Origin: https://fd.fabricforrel.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jun 2025 19:39:49 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://fd.fabricforrel.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET s.yimg.com/ss/rapid-3.53.30.js

188.125.94.204

200 OK

50 kB

URL GET
s.yimg.com/ss/rapid-3.53.30.js
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
data
Size
50 kB (50266 bytes)
Hash
665798d28ecf9be7cbc434e75267920d
55864f76f012bb11a354c6bacdcc7769a5ec6fa2
7bc917ebee12bcd521ae88840228032579459c25a3ccf8953d8a2dbe5e085be9

HTTP Headers

GET /ss/rapid-3.53.30.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: 1vP2CWbK19kVeICacGpp3WtT8pvPg3If7sdg+WIdmOJLIKBslFnR+O6+VQ6NTA8zrUZX9b49qYVtf9zFSXzxbZEnMCpCE2yTKtskYdDPaMo=
x-amz-request-id: 5JFE69WTKYP882JJ
date: Wed, 18 Jun 2025 09:10:02 GMT
last-modified: Tue, 29 Jun 2021 01:45:07 GMT
etag: "665798d28ecf9be7cbc434e75267920d-df"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, immutable
x-amz-version-id: .Bcg25AHAdRCkTvv5tMdNmGVEjznZ_m3
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
content-encoding: gzip
age: 210590
content-length: 17971
strict-transport-security: max-age=31536000
ats-carp-promotion: 1
X-Firefox-Spdy: h2

GET fd.fabricforrel.com/favicon.ico

23.109.170.59

200 OK

1.4 kB

URL GET
fd.fabricforrel.com/favicon.ico
IP
23.109.170.59:443
ASN
#7979 SERVERS-COM

Requested by
https://fd.fabricforrel.com/iMMUS26lc99/GWJEl?param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS
Certificate
IssuerLet's Encrypt
Subjectfd.fabricforrel.com
FingerprintED:0E:8B:D3:C5:E2:64:1F:9A:5D:89:5D:C9:74:40:9B:4D:25:C8:CF
ValidityThu, 08 May 2025 10:01:36 GMT - Wed, 06 Aug 2025 10:01:35 GMT

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: fd.fabricforrel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fd.fabricforrel.com/iMMUS26lc99/GWJEl?param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jun 2025 19:39:49 GMT
Content-Type: application/octet-stream
Content-Length: 1406
Last-Modified: Wed, 18 Jun 2025 12:06:26 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6852abc2-57e"
Expires: Sat, 21 Jun 2025 19:39:49 GMT
Cache-Control: max-age=86400
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

POST udc.yahoo.com/v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=1197812781&yhlCT=2&yhlBTMS=1750448392012&yhlClientVer=3.53.30&yhlRnd=apDxQCzDd2U5to2D&yhlCompressed=0

188.125.72.139

204 No Content

0 B

URL POST
udc.yahoo.com/v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=1197812781&yhlCT=2&yhlBTMS=1750448392012&yhlClientVer=3.53.30&yhlRnd=apDxQCzDd2U5to2D&yhlCompressed=0
IP
188.125.72.139:443
ASN
#34010 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subjectyahoo.com
Fingerprint6C:23:14:EA:B1:DF:98:60:2A:CF:08:82:7B:57:A5:93:E6:7B:D1:5E
ValidityTue, 06 May 2025 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=1197812781&yhlCT=2&yhlBTMS=1750448392012&yhlClientVer=3.53.30&yhlRnd=apDxQCzDd2U5to2D&yhlCompressed=0 HTTP/1.1
Host: udc.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1356
Origin: https://consent.yahoo.com
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQwC_goO
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
access-control-allow-origin: https://consent.yahoo.com
vary: Origin
access-control-allow-credentials: true
cache-control: no-store, no-cache, private, max-age=0
p3p: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
pragma: no-cache
expires: -1
x-envoy-upstream-service-time: 1
date: Fri, 20 Jun 2025 19:39:51 GMT
server: ATS
age: 1
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

GET guce.yahoo.com/consent?brandType=nonEu&gcrumb=DAL-Cg4&done=https%3A%2F%2Fwww.yahoo.com%2F

52.51.221.171

302 Found

92 kB

URL User Request GET
guce.yahoo.com/consent?brandType=nonEu&gcrumb=DAL-Cg4&done=https%3A%2F%2Fwww.yahoo.com%2F
IP
52.51.221.171:443
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subjectguce.oath.com
Fingerprint91:86:B9:21:05:5A:48:89:FC:68:9F:6A:05:E4:25:F7:24:08:8D:B7
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type

Size
92 kB (92191 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /consent?brandType=nonEu&gcrumb=DAL-Cg4&done=https%3A%2F%2Fwww.yahoo.com%2F HTTP/1.1
Host: guce.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hansetaboret.shop/
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQwC_goO
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Connection: keep-alive
Server: guce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Content-Length: 0
Date: Fri, 20 Jun 2025 19:39:50 GMT

GET s.yimg.com/oa/build/css/site-ltr-fcbc12bf.css

188.125.94.204

200 OK

239 kB

URL GET
s.yimg.com/oa/build/css/site-ltr-fcbc12bf.css
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
ASCII text
Size
239 kB (238658 bytes)
Hash
05296cb1adf8cd0c27b9d7fa693f6838
fcbc12bf695cdb618625119e46a9d3abf55bc490
d92f28f16ef4904afb66cd19da7086b8014bfa504d1b876a57bdfd1ec63e1ace

HTTP Headers

GET /oa/build/css/site-ltr-fcbc12bf.css HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: 210cU0S04ghdQpu6V6Y/IQvLGVegtxFb1VYLzzYc7a9+cbtPt6lO5YraAQ0xwN/LaJQxwO33kLE=
x-amz-request-id: C5GMQS38XWEVF6VG
date: Tue, 13 May 2025 14:12:56 GMT
last-modified: Tue, 13 May 2025 14:00:35 GMT
etag: "719e9b778784d31c295ea2081c36d99a"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
content-encoding: gzip
accept-ranges: bytes
content-type: text/css
content-length: 37669
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 3302816
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

POST consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View-Js&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810

52.51.221.171

204 No Content

0 B

URL POST
consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View-Js&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
IP
52.51.221.171:443
ASN
#16509 AMAZON-02

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /beacon?tag=TCF2&step=Layer1-View-Js&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810 HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Origin: https://consent.yahoo.com
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQwC_goO
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0

HTTP/1.1 204 No Content
Server: guce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 20 Jun 2025 19:39:52 GMT

GET flowtraf.com/go/13115f60-7b2c-4bcc-ad16-3af344495c8e?clickid=5b39c79aee434391a29eea56da5fea90

3.70.16.242

302 Found

12 kB

URL User Request GET
flowtraf.com/go/13115f60-7b2c-4bcc-ad16-3af344495c8e?clickid=5b39c79aee434391a29eea56da5fea90
IP
3.70.16.242:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectflowtraf.com
FingerprintCB:9B:26:97:0F:8F:9F:8A:C9:6F:2A:26:6C:CF:EF:86:E9:8E:D0:12
ValidityMon, 12 May 2025 11:24:56 GMT - Sun, 10 Aug 2025 11:24:55 GMT

File type

Size
12 kB (12097 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go/13115f60-7b2c-4bcc-ad16-3af344495c8e?clickid=5b39c79aee434391a29eea56da5fea90 HTTP/1.1
Host: flowtraf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: openresty
date: Fri, 20 Jun 2025 19:39:49 GMT
content-type: text/html; charset=utf-8
content-length: 230
access-control-allow-origin: *
location: https://fd.fabricforrel.com/iMMUS26lc99/GWJEl?param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS
set-cookie: bemob-viewer-id=e5a19671-bab0-4575-827d-581c5f4796b8; Domain=flowtraf.com; Path=/; Expires=Sat, 20 Jun 2026 19:39:49 GMT; HttpOnly; Secure; SameSite=None
bemob-uniq-visit:13115f60-7b2c-4bcc-ad16-3af344495c8e=1; Domain=flowtraf.com; Path=/; Expires=Sat, 21 Jun 2025 19:39:49 GMT; HttpOnly; Secure; SameSite=None
bemob-rotation:13115f60-7b2c-4bcc-ad16-3af344495c8e:random:4916a1789ff5c7b3ae09ee9c1629de98=0-0-2; Domain=flowtraf.com; Path=/; Expires=Sat, 21 Jun 2025 19:39:49 GMT; HttpOnly; Secure; SameSite=None
bemob-click-id=BLxs73s213ybX9eH1QFnDS; Domain=flowtraf.com; Path=/; Expires=Sun, 20 Jul 2025 19:39:49 GMT; HttpOnly; Secure; SameSite=None
vary: Accept
x-response-time: 6.030ms
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
X-Firefox-Spdy: h2

POST segarkojiri.top/cuid/?f=https%3A%2F%2Ffd.fabricforrel.com

94.242.236.140

200 OK

32 B

URL POST
segarkojiri.top/cuid/?f=https%3A%2F%2Ffd.fabricforrel.com
IP
94.242.236.140:443
ASN
#7979 SERVERS-COM

Requested by
https://fd.fabricforrel.com/iMMUS26lc99/GWJEl?param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS
Certificate
IssuerZeroSSL
Subjectsegarkojiri.top
FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7
ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT

File type
JSON text data
Size
32 B (32 bytes)
Hash
bcdc353cb1af79fd741bdfd461f33141
2548320e04591dd48cd2898c5f27f805397dbbbe
077f676a8f234428dfd59e2370e874d55391cf7382c41fe2d10a01e87580576f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cuid/?f=https%3A%2F%2Ffd.fabricforrel.com HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fd.fabricforrel.com/
Content-Type: application/json
Content-Length: 10
Origin: https://fd.fabricforrel.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jun 2025 19:39:49 GMT
Content-Type: application/json
Content-Length: 32
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://fd.fabricforrel.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: a97fa794a0f9=67656787132456c6e28ad2; expires=Sat, 02 Nov 2052 10:24:53 GMT; domain=segarkojiri.top; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET s.yimg.com/oa/build/images/en-GB-home_f0badd867efa6720.jpeg

188.125.94.204

200 OK

79 kB

URL GET
s.yimg.com/oa/build/images/en-GB-home_f0badd867efa6720.jpeg
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1546, components 3
Size
79 kB (79439 bytes)
Hash
9c394eca0dfc6cbf2420b6c3c07d4970
378092debaa0e79af573265a7d0ce2db3ed38a3b
c2b819e2ae41bd6a05129d0b6c38941240576b2236386789ffad3656b186ef29

HTTP Headers

GET /oa/build/images/en-GB-home_f0badd867efa6720.jpeg HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.yimg.com/oa/build/css/site-ltr-fcbc12bf.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: NBJGJj0PKzxsqoq9c6oJaPPoOcN4K7OOe7AVGnPzq4RYWpzM39L1jLokZA4ZQhlbLmeiA0asAfXzGxU0gY5rmKoOa98U3vbj3OGCIgjr4po=
x-amz-request-id: 0H065EPJXHM5F091
date: Sun, 06 Apr 2025 22:44:59 GMT
last-modified: Thu, 03 Apr 2025 21:38:41 GMT
etag: "9c394eca0dfc6cbf2420b6c3c07d4970"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
accept-ranges: bytes
content-type: image/jpeg
content-length: 79439
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 6468894
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

GET fd.fabricforrel.com/iMMUS26lc99/GWJEl?param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS

23.109.170.59

200 OK

12 kB

URL User Request GET
fd.fabricforrel.com/iMMUS26lc99/GWJEl?param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS
IP
23.109.170.59:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjectfd.fabricforrel.com
FingerprintED:0E:8B:D3:C5:E2:64:1F:9A:5D:89:5D:C9:74:40:9B:4D:25:C8:CF
ValidityThu, 08 May 2025 10:01:36 GMT - Wed, 06 Aug 2025 10:01:35 GMT

File type
HTML document, ASCII text, with very long lines (11834)
Size
12 kB (12097 bytes)
Hash
312f36df2a347cd0c1c487c414b0b514
6a414e02d55593e311ba54a5b4b5da54ff8ece25
17a18cb9526caa045393fc20269cad90e9b80456c225028e0668579905a83b36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /iMMUS26lc99/GWJEl?param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS HTTP/1.1
Host: fd.fabricforrel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jun 2025 19:39:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Sat, 21-Jun-2025 19:39:49 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 21-Jun-2025 19:39:49 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage.png

188.125.94.204

200 OK

760 B

URL GET
s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage.png
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type
PNG image data, 120 x 36, 8-bit colormap, non-interlaced
Size
760 B (760 bytes)
Hash
7e72897bf7bdaecf5fec47f028de6aac
a6d4f7b2b57a751941cc56e3cffbfde4de633576
8a781f94157287ada91708b4baf12712cedf808ce49c58c194fc9873f4fa7a30

HTTP Headers

GET /rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: 0kJWty6ojVUUxuV9j9TwYXbBJDTF+FReRf7nIswoUceHpeB4xrWYCbEg3+h/hEB7kryw8mnpuZs=
x-amz-request-id: QH7N1NN8P1HDGCYC
date: Thu, 19 Jun 2025 20:14:26 GMT
last-modified: Wed, 18 Jun 2025 21:32:05 GMT
etag: "7e72897bf7bdaecf5fec47f028de6aac"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=86400
expires: Thu, 19 Jun 2025 23:00:00 GMT
accept-ranges: bytes
content-type: image/png
content-length: 760
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 84326
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

GET top.dealseatzone.com/2JRNK2B/5LBNZDF/?sub1=9DkS8oCJptxJjQpziBRB7L&source_id=https://javgg.net/jav/sone-563-aaa8/&sub2=Traforama&sub3=538

54.196.173.211

302 Found

12 kB

URL User Request GET
top.dealseatzone.com/2JRNK2B/5LBNZDF/?sub1=9DkS8oCJptxJjQpziBRB7L&source_id=https://javgg.net/jav/sone-563-aaa8/&sub2=Traforama&sub3=538
IP
54.196.173.211:443
ASN
#14618 AMAZON-AES

Certificate
IssuerLet's Encrypt
Subjecttop.dealseatzone.com
FingerprintF3:46:E6:3F:81:24:35:AF:90:1F:F3:71:D1:86:F1:B4:43:AD:93:A2
ValidityThu, 12 Jun 2025 05:41:36 GMT - Wed, 10 Sep 2025 05:41:35 GMT

File type

Size
12 kB (12097 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2JRNK2B/5LBNZDF/?sub1=9DkS8oCJptxJjQpziBRB7L&source_id=https://javgg.net/jav/sone-563-aaa8/&sub2=Traforama&sub3=538 HTTP/1.1
Host: top.dealseatzone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
server: nginx
date: Fri, 20 Jun 2025 19:39:48 GMT
content-type: text/html; charset=utf-8
content-length: 316
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
location: https://top.dealseatzone.com/2JRNK2B/69N9HF7/?__rpt=0&__po=2608&__ptid=f53b89c7444d49719b9a66809a6ecec9&__rpa=0&__rc=1&sub1=9DkS8oCJptxJjQpziBRB7L&sub2=Traforama&sub3=538&sub4=&sub5=&source_id=https%3A%2F%2Fjavgg.net%2Fjav%2Fsone-563-aaa8%2F&__pcd=9
set-cookie: uniqueClick_5LBNZDF=b091eb14-e1dc-42bd-8157-823e2ea5dc15:1750448388; Path=/; Expires=Sat, 21 Jun 2025 19:39:48 GMT; SameSite=None
vary: Origin
x-eflow-request-id: f3496962-a048-41dd-8d54-780967978aeb

GET consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810

52.51.221.171

204 No Content

0 B

URL GET
consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
IP
52.51.221.171:443
ASN
#16509 AMAZON-02

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /beacon?tag=TCF2&step=Layer1-View&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810 HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQwC_goO
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: guce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Fri, 20 Jun 2025 19:39:51 GMT

GET hansetaboret.shop/favicon.ico

172.255.99.92

200 OK

1.4 kB

URL GET
hansetaboret.shop/favicon.ico
IP
172.255.99.92:443
ASN
#7979 SERVERS-COM

Requested by
https://hansetaboret.shop/iLrnXSitjQsDXmJQFYozLb/78053/?md=eyJ0dmMiOjAsImEiOjI5NjAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2ZkLmZhYnJpY2ZvcnJlbC5jb20vaU1NVVMyNmxjOTkvR1dKRWw%2FcGFyYW1fND0zMDhfJnBhcmFtXzU9Qkx4czczczIxM3liWDllSDFRRm5EUyIsImgiOjY1NDQsImwiOiJlbi1VUyIsInQiOjAsInoiOjc1MDksImsiOjQsInUiOiI2NzY1Njc4NzEzMjQ1NmM2ZTI4YWQyIiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6InMyNDNpZWEwcXp5aGZ3ayIsIm8iOnRydWUsIm0iOjE3NTA0NDgzOTAwMjgsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMiUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhZHZlcnRpc2VyJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pdc=YNO5QlzxFR4r9eg6T_673VqTzpm9q4hVamNfX8gGX7I&param_3=dcpa_orig_122106&param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS
Certificate
IssuerLet's Encrypt
Subjecthansetaboret.shop
FingerprintA6:F1:3A:66:67:FE:9A:E2:CD:67:BD:33:70:54:25:B7:01:B2:DD:EF
ValidityMon, 19 May 2025 13:04:07 GMT - Sun, 17 Aug 2025 13:04:06 GMT

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: hansetaboret.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hansetaboret.shop/iLrnXSitjQsDXmJQFYozLb/78053/?md=eyJ0dmMiOjAsImEiOjI5NjAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2ZkLmZhYnJpY2ZvcnJlbC5jb20vaU1NVVMyNmxjOTkvR1dKRWw%2FcGFyYW1fND0zMDhfJnBhcmFtXzU9Qkx4czczczIxM3liWDllSDFRRm5EUyIsImgiOjY1NDQsImwiOiJlbi1VUyIsInQiOjAsInoiOjc1MDksImsiOjQsInUiOiI2NzY1Njc4NzEzMjQ1NmM2ZTI4YWQyIiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6InMyNDNpZWEwcXp5aGZ3ayIsIm8iOnRydWUsIm0iOjE3NTA0NDgzOTAwMjgsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMiUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhZHZlcnRpc2VyJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pdc=YNO5QlzxFR4r9eg6T_673VqTzpm9q4hVamNfX8gGX7I&param_3=dcpa_orig_122106&param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; cvn1=CwaAAAAAAhQBCgAP4Q4GAQM%3D; GL_BC=eJxjYGBgEmEU5EyKNzQwMTAzNRFh5MoI3cnGxggAK2QD%2BQ%3D%3D; GL_CA_78053=eJxjYGBgEmHkYuB9XyzCJMiYzMYoyFjClRG6kw0AKR0ELw%3D%3D; GL_OC=eJxjYGBgEmEUZM2PNzY1FWHkygjdycbGCAAc0AM7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jun 2025 19:39:50 GMT
Content-Type: application/octet-stream
Content-Length: 1406
Last-Modified: Wed, 18 Jun 2025 12:06:30 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6852abc6-57e"
Expires: Sat, 21 Jun 2025 19:39:50 GMT
Cache-Control: max-age=86400
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

GET consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810

52.51.221.171

200 OK

92 kB

URL User Request GET
consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
IP
52.51.221.171:443
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (37625)
Size
92 kB (92191 bytes)
Hash
fdbb88981678af912d1e81533a00d828
992005bb12aafb2cdf72b7139af00eeaddac663f
c1fbebf2d418266863dab1b3e038d8b05000b4b1ef28820437a9e012ba67b741

HTTP Headers

GET /v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810 HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hansetaboret.shop/
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQwC_goO
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy-Report-Only: default-src 'none'; block-all-mixed-content; connect-src 'self'; frame-ancestors 'none'; img-src 'self' https://s.yimg.com; media-src 'none'; script-src 'self' 'nonce-jIHt0yxU59yOota5VRL2MXTbJOdqSPOx' https://s.yimg.com; style-src 'self' 'nonce-jIHt0yxU59yOota5VRL2MXTbJOdqSPOx' https://s.yimg.com; font-src 'self'; object-src 'none'; frame-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=guce
Server: guce
X-XSS-Protection: 1; mode=block
Pragma: no-cache
X-Frame-Options: DENY
Referrer-Policy: strict-origin-when-cross-origin
Date: Fri, 20 Jun 2025 19:39:51 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Type: text/html;charset=UTF-8
Content-Length: 14617

POST csp.yahoo.com/beacon/csp?src=guce

188.125.72.139

204 No Content

0 B

URL POST
csp.yahoo.com/beacon/csp?src=guce
IP
188.125.72.139:443
ASN
#34010 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subjectyahoo.com
Fingerprint6C:23:14:EA:B1:DF:98:60:2A:CF:08:82:7B:57:A5:93:E6:7B:D1:5E
ValidityTue, 06 May 2025 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /beacon/csp?src=guce HTTP/1.1
Host: csp.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 992
Origin: https://consent.yahoo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Fri, 20 Jun 2025 19:39:52 GMT
strict-transport-security: max-age=31536000
server: ATS
cache-control: no-store, no-cache, private, max-age=0
expires: -1
X-Firefox-Spdy: h2

GET hansetaboret.shop/iLrnXSitjQsDXmJQFYozLb/78053/?md=eyJ0dmMiOjAsImEiOjI5NjAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2ZkLmZhYnJpY2ZvcnJlbC5jb20vaU1NVVMyNmxjOTkvR1dKRWw%2FcGFyYW1fND0zMDhfJnBhcmFtXzU9Qkx4czczczIxM3liWDllSDFRRm5EUyIsImgiOjY1NDQsImwiOiJlbi1VUyIsInQiOjAsInoiOjc1MDksImsiOjQsInUiOiI2NzY1Njc4NzEzMjQ1NmM2ZTI4YWQyIiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6InMyNDNpZWEwcXp5aGZ3ayIsIm8iOnRydWUsIm0iOjE3NTA0NDgzOTAwMjgsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMiUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhZHZlcnRpc2VyJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pdc=YNO5QlzxFR4r9eg6T_673VqTzpm9q4hVamNfX8gGX7I&param_3=dcpa_orig_122106&param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS

172.255.99.92

200 OK

1.0 kB

URL User Request GET
hansetaboret.shop/iLrnXSitjQsDXmJQFYozLb/78053/?md=eyJ0dmMiOjAsImEiOjI5NjAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2ZkLmZhYnJpY2ZvcnJlbC5jb20vaU1NVVMyNmxjOTkvR1dKRWw%2FcGFyYW1fND0zMDhfJnBhcmFtXzU9Qkx4czczczIxM3liWDllSDFRRm5EUyIsImgiOjY1NDQsImwiOiJlbi1VUyIsInQiOjAsInoiOjc1MDksImsiOjQsInUiOiI2NzY1Njc4NzEzMjQ1NmM2ZTI4YWQyIiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6InMyNDNpZWEwcXp5aGZ3ayIsIm8iOnRydWUsIm0iOjE3NTA0NDgzOTAwMjgsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMiUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhZHZlcnRpc2VyJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pdc=YNO5QlzxFR4r9eg6T_673VqTzpm9q4hVamNfX8gGX7I&param_3=dcpa_orig_122106&param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS
IP
172.255.99.92:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjecthansetaboret.shop
FingerprintA6:F1:3A:66:67:FE:9A:E2:CD:67:BD:33:70:54:25:B7:01:B2:DD:EF
ValidityMon, 19 May 2025 13:04:07 GMT - Sun, 17 Aug 2025 13:04:06 GMT

File type
HTML document, ASCII text
Size
1.0 kB (1020 bytes)
Hash
c1fcfa68c45bf1dda034fdb30b104b1f
20ae32abec8578dc9a3e45a6e9876756b813944a
29d9c8759a4e1438a623bdda4bb434fcb77818530b37e1deab79c263461540a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /iLrnXSitjQsDXmJQFYozLb/78053/?md=eyJ0dmMiOjAsImEiOjI5NjAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2ZkLmZhYnJpY2ZvcnJlbC5jb20vaU1NVVMyNmxjOTkvR1dKRWw%2FcGFyYW1fND0zMDhfJnBhcmFtXzU9Qkx4czczczIxM3liWDllSDFRRm5EUyIsImgiOjY1NDQsImwiOiJlbi1VUyIsInQiOjAsInoiOjc1MDksImsiOjQsInUiOiI2NzY1Njc4NzEzMjQ1NmM2ZTI4YWQyIiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6InMyNDNpZWEwcXp5aGZ3ayIsIm8iOnRydWUsIm0iOjE3NTA0NDgzOTAwMjgsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMiUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhZHZlcnRpc2VyJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pdc=YNO5QlzxFR4r9eg6T_673VqTzpm9q4hVamNfX8gGX7I&param_3=dcpa_orig_122106&param_4=308_&param_5=BLxs73s213ybX9eH1QFnDS HTTP/1.1
Host: hansetaboret.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fd.fabricforrel.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Jun 2025 19:39:50 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Sat, 21-Jun-2025 19:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 21-Jun-2025 19:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=None
cvn1=CwaAAAAAAhQBCgAP4Q4GAQM%3D; expires=Tue, 19-Aug-2025 19:39:50 GMT; Max-Age=5184000; path=/; secure; SameSite=None
GL_BC=eJxjYGBgEmEU5EyKNzQwMTAzNRFh5MoI3cnGxggAK2QD%2BQ%3D%3D; expires=Sat, 21-Jun-2025 19:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_CA_78053=eJxjYGBgEmHkYuB9XyzCJMiYzMYoyFjClRG6kw0AKR0ELw%3D%3D; expires=Sat, 21-Jun-2025 19:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_OC=eJxjYGBgEmEUZM2PNzY1FWHkygjdycbGCAAc0AM7; expires=Sat, 21-Jun-2025 19:39:50 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET www.yahoo.com/

188.125.94.204

307 Temporary Redirect

92 kB

URL User Request GET
www.yahoo.com/
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintFD:FE:D7:4F:F8:EB:90:1E:CB:07:88:69:62:5B:5C:83:52:B2:D0:18
ValidityWed, 04 Jun 2025 00:00:00 GMT - Wed, 23 Jul 2025 23:59:59 GMT

File type

Size
92 kB (92191 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hansetaboret.shop/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Fri, 20 Jun 2025 19:39:50 GMT
strict-transport-security: max-age=31536000
server: ATS
cache-control: no-store
content-type: text/html; charset=utf-8
content-language: en
location: https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=DAL-Cg4&done=https%3A%2F%2Fwww.yahoo.com%2F
set-cookie: GUCS=AQwC_goO; Max-Age=1800; Domain=.yahoo.com; Path=/; Secure
content-security-policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://cdn.taboola.com https://ads.taboola.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
content-length: 0
X-Firefox-Spdy: h2

GET consent.yahoo.com/static/images/close.svg

52.51.221.171

200 OK

1.4 kB

URL GET
consent.yahoo.com/static/images/close.svg
IP
52.51.221.171:443
ASN
#16509 AMAZON-02

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1402 bytes)
Hash
04fdad3c9b32cf024d3494c6e0b1f691
e7c0aabd33e695415e7a8c7afea4b94dca273f06
8f0baedf119a144b8b4fe597eb02a91fc47d89284aa6cdcc12097cb109598796

HTTP Headers

GET /static/images/close.svg HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_c2d7214d-756e-4508-9170-598148542810
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQwC_goO
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Server: guce
Accept-Ranges: bytes
Date: Fri, 20 Jun 2025 19:39:51 GMT
Connection: keep-alive
Last-Modified: Fri, 20 Jun 2025 09:19:49 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 703
Content-Type: image/svg+xml

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (25)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type