Report - mytdsnet.com/click?key=4440bb11d4a36607c22e&SUBID=951858326876991488&cost=0.008500&zoneid=8503359&os=android&device=other&browser=chrome&browser_lang={browser_lang}&connection_type={connection_type}&carrier=beeline-fr&bannerid=104624081&cohort={cohort}&geo=FR&zoneid=120417&tt=2

Report Overview

Visited public
2025-05-29 07:54:47
Tags
URL
mytdsnet.com/click?key=4440bb11d4a36607c22e&SUBID=951858326876991488&cost=0.008500&zoneid=8503359&os=android&device=other&browser=chrome&browser_lang={browser_lang}&connection_type={connection_type}&carrier=beeline-fr&bannerid=104624081&cohort={cohort}&geo=FR&zoneid=120417&tt=2
Finishing URL
consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
IP / ASN
104.21.34.63
#13335 CLOUDFLARENET
Title
Yahoo er et varemerke fra Yahoo-familien.

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mytdsnet.com	unknown	2024-10-28	2024-11-17	2025-05-24	746 B	13 kB	172.67.199.17
s.yimg.com	375	1997-05-14	2012-05-20	2025-05-29	3.7 kB	476 kB	87.248.119.252
oo.militbuckish.shop	unknown	2025-03-19	2025-05-11	2025-05-22	1.6 kB	15 kB	23.109.170.226
consent.yahoo.com	31016	1995-01-18	2019-02-20	2025-05-23	2.6 kB	95 kB	3.248.239.163
udc.yahoo.com	2454	1995-01-18	2017-01-30	2025-05-22	689 B	594 B	188.125.72.139
guce.yahoo.com	2064	1995-01-18	2018-03-16	2025-05-23	616 B	92 kB	3.248.239.163
segarkojiri.top	unknown	2025-04-22	2025-04-23	2025-05-22	1.1 kB	1.1 kB	23.109.170.10
www.yahoo.com	1299	1995-01-18	2012-05-20	2025-05-23	518 B	93 kB	87.248.119.252
lechosabode.shop	unknown	2025-05-17	2025-05-20	2025-05-27	3.7 kB	4.1 kB	188.42.247.188
csp.yahoo.com	8923	1995-01-18	2015-01-04	2025-05-23	480 B	208 B	188.125.72.139

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-05-29 07:54:25	medium	23.109.170.10	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-05-29 07:54:25	low	23.109.170.10	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2025-05-29 07:54:25	medium	23.109.170.10	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-05-29 07:54:25	low	23.109.170.10	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-29	medium	segarkojiri.top	Sinkholed
2025-05-29	medium	militbuckish.shop	Sinkholed
2025-05-29	medium	lechosabode.shop	Sinkholed
2025-05-29	medium	segarkojiri.top	Sinkholed
2025-05-29	medium	lechosabode.shop	Sinkholed
2025-05-29	medium	mytdsnet.com	Sinkholed
2025-05-29	medium	militbuckish.shop	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f	ScriptElement	140 B	2024-03-02	2025-06-07
Pretty URL consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f IP 3.248.239.163 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-02 20:37 Last Seen2025-06-07 09:35 Times Seen351 Hash cb35f66e60f5a88b6ad45db24cfd4a1e 0d89c03ff758fffdbd48297c905430f46e05640d 39aa0748ee518e97e5a33e72328fcf31efae53dc5eef2e84115861328634ca82 Loading...

	consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f	ScriptElement	700 B	2025-03-25	2025-06-07
Pretty URL consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f IP 3.248.239.163 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-25 22:58 Last Seen2025-06-07 09:35 Times Seen261 Hash ce8910148f681d52b05edc8fc744b5d5 172f26f8900a4e3bde1252ab00d2c8826ad2996f a1e6aeac162d2dcfc603b227c9327dc0da9df968837f8b18cba20bcc11c6e543 Loading...

	s.yimg.com/oa/build/js/site-28051ae4.js	ScriptElement	96 kB	2025-03-25	2025-06-07
Pretty URL s.yimg.com/oa/build/js/site-28051ae4.js IP 87.248.119.252 ASN #203220 Yahoo-UK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-25 21:02 Last Seen2025-06-07 09:35 Times Seen291 Hash 32bc72a1b4b7a68aeea196f9fc302a8a 28051ae4932429f08b047a2c7633e937c608a8d7 46fc594091278ec41f55b6ba62463f5b8c745d68a82b1158ec9d9e4152226892 Loading...

	oo.militbuckish.shop/iWIcMOn2feII/LNorA?param_5=d0s15cfv6bns73918akg&param_4=zoneid	ScriptElement	12 kB	2025-05-29	2025-05-29
Pretty URL oo.militbuckish.shop/iWIcMOn2feII/LNorA?param_5=d0s15cfv6bns73918akg&param_4=zoneid IP 23.109.170.226 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-29 07:54 Last Seen2025-05-29 07:54 Times Seen1 Hash d661f0bb0e78666e97fb4f3438e1b0ce b482c155386f06ec36994f23052b23f5632e6882 948399532073f4e70eeff3f6521e16179451461e1bcbec929f07f96716637f50 Loading...

	s.yimg.com/ss/rapid-3.53.30.js	ScriptElement	50 kB	2023-03-07	2025-06-07
Pretty URL s.yimg.com/ss/rapid-3.53.30.js IP 87.248.119.252 ASN #203220 Yahoo-UK Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-07 09:35 Times Seen2931 Hash 665798d28ecf9be7cbc434e75267920d 55864f76f012bb11a354c6bacdcc7769a5ec6fa2 7bc917ebee12bcd521ae88840228032579459c25a3ccf8953d8a2dbe5e085be9 Loading...

HTTP Transactions (23)

URL IP Response Size

s.yimg.com/oa/build/images/help-circle-solid-black_f68609a66d5b78e7.svg

87.248.119.252

200 OK

2.7 kB

URL GET
s.yimg.com/oa/build/images/help-circle-solid-black_f68609a66d5b78e7.svg
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
Fingerprint79:34:29:BB:52:D4:B5:31:EF:69:EE:69:89:CD:9D:DA:20:A0:D6:E4
ValidityMon, 12 May 2025 00:00:00 GMT - Wed, 02 Jul 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
2.7 kB (2715 bytes)
Hash
5fec39e72a4ed58c02f47c08dcf0ee9b
fb77c65f3087b8cf25cdcda7c76fb22e2d698d2d
9284f7fb38c8d02a4bd0e156987de0ececfb3b7aab4a0a004591fc784f1d01b5

HTTP Headers

GET /oa/build/images/help-circle-solid-black_f68609a66d5b78e7.svg HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.yimg.com/oa/build/css/site-ltr-fcbc12bf.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: sKap8dkndoglTpSscqmX4+lrB5cU2pNpsvke9EITQqPjr2aFjd1Is7em6p56ncrEi8Nz32G5HFN5C7+Qu/dXmt7XxZSh42mC4JLQ/HZ43XA=
x-amz-request-id: 2RF19F9YG1NRTPYZ
date: Thu, 24 Apr 2025 18:45:44 GMT
last-modified: Tue, 22 Apr 2025 16:37:40 GMT
etag: "db8ae5c3af867c288f5acd55550ff4c9"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
content-encoding: gzip
accept-ranges: bytes
content-type: image/svg+xml
content-length: 1312
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 2984925
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

s.yimg.com/oa/build/images/en-GB-home_f0badd867efa6720.jpeg

87.248.119.252

200 OK

79 kB

URL GET
s.yimg.com/oa/build/images/en-GB-home_f0badd867efa6720.jpeg
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
Fingerprint79:34:29:BB:52:D4:B5:31:EF:69:EE:69:89:CD:9D:DA:20:A0:D6:E4
ValidityMon, 12 May 2025 00:00:00 GMT - Wed, 02 Jul 2025 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1546, components 3
Size
79 kB (79439 bytes)
Hash
9c394eca0dfc6cbf2420b6c3c07d4970
378092debaa0e79af573265a7d0ce2db3ed38a3b
c2b819e2ae41bd6a05129d0b6c38941240576b2236386789ffad3656b186ef29

HTTP Headers

GET /oa/build/images/en-GB-home_f0badd867efa6720.jpeg HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.yimg.com/oa/build/css/site-ltr-fcbc12bf.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: UEoXaP7FwMmD29IGtalwivbU7+T2X7Cn8xZUFTE1qU75CX07wxJmUvwWYQoi1/zrh0f+wxNR3b4VEgVnrMVuJxoqw21aJ/PlC4XU53bJtks=
x-amz-request-id: VS6J3HZQGERYNSAA
date: Mon, 21 Apr 2025 09:44:21 GMT
last-modified: Sat, 19 Apr 2025 02:24:06 GMT
etag: "9c394eca0dfc6cbf2420b6c3c07d4970"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
accept-ranges: bytes
content-type: image/jpeg
content-length: 79439
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 3276609
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

segarkojiri.top/cuid/?f=https%3A%2F%2Foo.militbuckish.shop

23.109.170.10

200 OK

0 B

URL OPTIONS
segarkojiri.top/cuid/?f=https%3A%2F%2Foo.militbuckish.shop
IP
23.109.170.10:443
ASN
#7979 SERVERS-COM

Requested by
https://oo.militbuckish.shop/iWIcMOn2feII/LNorA?param_5=d0s15cfv6bns73918akg&param_4=zoneid
Certificate
IssuerZeroSSL
Subjectsegarkojiri.top
FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7
ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /cuid/?f=https%3A%2F%2Foo.militbuckish.shop HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oo.militbuckish.shop/
Origin: https://oo.militbuckish.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 29 May 2025 07:54:26 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://oo.militbuckish.shop
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

oo.militbuckish.shop/favicon.ico

23.109.170.226

200 OK

1.4 kB

URL GET
oo.militbuckish.shop/favicon.ico
IP
23.109.170.226:443
ASN
#7979 SERVERS-COM

Requested by
https://oo.militbuckish.shop/iWIcMOn2feII/LNorA?param_5=d0s15cfv6bns73918akg&param_4=zoneid
Certificate
IssuerLet's Encrypt
Subjectoo.militbuckish.shop
FingerprintA5:37:C4:1E:E1:BB:B1:23:7B:FE:98:05:05:6E:96:F1:74:86:81:5C
ValiditySat, 24 May 2025 11:13:38 GMT - Fri, 22 Aug 2025 11:13:37 GMT

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: oo.militbuckish.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oo.militbuckish.shop/iWIcMOn2feII/LNorA?param_5=d0s15cfv6bns73918akg&param_4=zoneid
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 29 May 2025 07:54:26 GMT
Content-Type: application/octet-stream
Content-Length: 1406
Last-Modified: Wed, 28 May 2025 11:20:34 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6836f182-57e"
Expires: Fri, 30 May 2025 07:54:26 GMT
Cache-Control: max-age=86400
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

www.yahoo.com/

87.248.119.252

307 Temporary Redirect

92 kB

URL User Request GET
www.yahoo.com/
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
Fingerprint79:34:29:BB:52:D4:B5:31:EF:69:EE:69:89:CD:9D:DA:20:A0:D6:E4
ValidityMon, 12 May 2025 00:00:00 GMT - Wed, 02 Jul 2025 23:59:59 GMT

File type

Size
92 kB (92190 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lechosabode.shop/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Thu, 29 May 2025 07:54:26 GMT
strict-transport-security: max-age=31536000
server: ATS
cache-control: no-store
content-type: text/html; charset=utf-8
content-language: en
location: https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=BO8szgA&done=https%3A%2F%2Fwww.yahoo.com%2F
set-cookie: GUCS=AQTvLM4A; Max-Age=1800; Domain=.yahoo.com; Path=/; Secure
content-security-policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://cdn.taboola.com https://ads.taboola.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
content-length: 0
X-Firefox-Spdy: h2

lechosabode.shop/favicon.ico

188.42.247.188

200 OK

1.4 kB

URL GET
lechosabode.shop/favicon.ico
IP
188.42.247.188:443
ASN
#7979 SERVERS-COM

Requested by
https://lechosabode.shop/ikoYaoIoLLurxfXLv/78053/?md=eyJ0dmMiOjAsImEiOjk3OTYsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL29vLm1pbGl0YnVja2lzaC5zaG9wL2lXSWNNT24yZmVJSS9MTm9yQT9wYXJhbV81PWQwczE1Y2Z2NmJuczczOTE4YWtnJnBhcmFtXzQ9em9uZWlkIiwiaCI6NTY4NCwibCI6ImVuLVVTIiwidCI6MCwieiI6NTM1OCwiayI6NCwidSI6IjY3MjMzYmE2ODgyNDQwMDRjZDY2ZTciLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiN2F5czZpZW81eHVkdm16IiwibyI6dHJ1ZSwibSI6MTc0ODUwNTI2NjA5NCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=HnVag3*TrfJ3Xy43kc0xyVdUCnWQW8skE9V768kBDtw&param_3=dcpa_orig_120417&param_4=zoneid&param_5=d0s15cfv6bns73918akg
Certificate
IssuerLet's Encrypt
Subjectlechosabode.shop
Fingerprint15:B3:36:EF:C6:41:28:9B:8E:21:ED:25:D9:D8:D3:27:09:D6:60:CF
ValiditySat, 17 May 2025 09:28:32 GMT - Fri, 15 Aug 2025 09:28:31 GMT

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lechosabode.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lechosabode.shop/ikoYaoIoLLurxfXLv/78053/?md=eyJ0dmMiOjAsImEiOjk3OTYsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL29vLm1pbGl0YnVja2lzaC5zaG9wL2lXSWNNT24yZmVJSS9MTm9yQT9wYXJhbV81PWQwczE1Y2Z2NmJuczczOTE4YWtnJnBhcmFtXzQ9em9uZWlkIiwiaCI6NTY4NCwibCI6ImVuLVVTIiwidCI6MCwieiI6NTM1OCwiayI6NCwidSI6IjY3MjMzYmE2ODgyNDQwMDRjZDY2ZTciLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiN2F5czZpZW81eHVkdm16IiwibyI6dHJ1ZSwibSI6MTc0ODUwNTI2NjA5NCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=HnVag3*TrfJ3Xy43kc0xyVdUCnWQW8skE9V768kBDtw&param_3=dcpa_orig_120417&param_4=zoneid&param_5=d0s15cfv6bns73918akg
Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; cvn1=CwaAAAAAAhQBCgAP4Q4GAQM%3D; GL_BC=eJxjYGBgEmEU5EyKNzQwMTAzNRFh5MqwENrExggAKjsD4Q%3D%3D; GL_CA_78053=eJxjYGBgEmHkYuB9XyzCJMiYzMYoyFjClWEhtAkAKCQEFw%3D%3D; GL_OC=eJxjYGBgEmEUZM2PNzY1FWHkyrAQ2sTGCAAbpwMj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 29 May 2025 07:54:26 GMT
Content-Type: application/octet-stream
Content-Length: 1406
Last-Modified: Wed, 28 May 2025 11:20:35 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "6836f183-57e"
Expires: Fri, 30 May 2025 07:54:26 GMT
Cache-Control: max-age=86400
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage.png

87.248.119.252

200 OK

810 B

URL GET
s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage.png
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
Fingerprint79:34:29:BB:52:D4:B5:31:EF:69:EE:69:89:CD:9D:DA:20:A0:D6:E4
ValidityMon, 12 May 2025 00:00:00 GMT - Wed, 02 Jul 2025 23:59:59 GMT

File type
PNG image data, 120 x 36, 8-bit colormap, non-interlaced
Size
810 B (810 bytes)
Hash
119157c5c80d9db38f0da8098a35b53a
6c65f9bdaf6aad4fdde6c1bde1e509a6f056058b
1b119e32e848339740c549d02aa62d5fd21451d5ce468225922faae86555a68d

HTTP Headers

GET /rz/p/yahoo_frontpage_en-US_s_f_w_bestfit_frontpage.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: HkszdLUnk8Ad/iWe4t/XG7M+bxdDk0y6CW0MrDQwE2EDQyKhi3BD2LB8MyvMXSr2Cz1iWgrjdCU=
x-amz-request-id: DYHJ69D2RBYE398B
date: Thu, 29 May 2025 06:32:34 GMT
last-modified: Wed, 28 May 2025 21:30:54 GMT
etag: "119157c5c80d9db38f0da8098a35b53a"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=86400
expires: Thu, 29 May 2025 23:00:00 GMT
accept-ranges: bytes
content-type: image/png
content-length: 810
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 4914
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

s.yimg.com/oa/build/js/site-28051ae4.js

87.248.119.252

200 OK

96 kB

URL GET
s.yimg.com/oa/build/js/site-28051ae4.js
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
Fingerprint79:34:29:BB:52:D4:B5:31:EF:69:EE:69:89:CD:9D:DA:20:A0:D6:E4
ValidityMon, 12 May 2025 00:00:00 GMT - Wed, 02 Jul 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (497)
Size
96 kB (96511 bytes)
Hash
32bc72a1b4b7a68aeea196f9fc302a8a
28051ae4932429f08b047a2c7633e937c608a8d7
46fc594091278ec41f55b6ba62463f5b8c745d68a82b1158ec9d9e4152226892

HTTP Headers

GET /oa/build/js/site-28051ae4.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: oauF7WcRWZMZApiHvTzBoMwPbgfBUIZB4lpGuhvAP0LJQcPKjQsmJ0ywTDfaDaogyR+olHzpcew=
x-amz-request-id: P6WKCQMG8W74V6JS
date: Sun, 20 Apr 2025 02:37:16 GMT
last-modified: Sat, 19 Apr 2025 02:24:06 GMT
etag: "a70f3f11e7644e6bd57785220f352865"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
content-encoding: gzip
accept-ranges: bytes
content-type: application/javascript
content-length: 17843
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 3388633
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

segarkojiri.top/cuid/?f=https%3A%2F%2Foo.militbuckish.shop

23.109.170.10

200 OK

32 B

URL POST
segarkojiri.top/cuid/?f=https%3A%2F%2Foo.militbuckish.shop
IP
23.109.170.10:443
ASN
#7979 SERVERS-COM

Requested by
https://oo.militbuckish.shop/iWIcMOn2feII/LNorA?param_5=d0s15cfv6bns73918akg&param_4=zoneid
Certificate
IssuerZeroSSL
Subjectsegarkojiri.top
FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7
ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT

File type
JSON text data
Size
32 B (32 bytes)
Hash
af0a2d223f36e0b78f40a752a3799bab
1a0767dbe2c08a37a0175a0f4845c6aa25880200
fb8e585e740e125533cb4d504a17566a83e3ccb39fce0fd93e410809f8e4b6e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cuid/?f=https%3A%2F%2Foo.militbuckish.shop HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oo.militbuckish.shop/
Content-Type: application/json
Content-Length: 10
Origin: https://oo.militbuckish.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 29 May 2025 07:54:26 GMT
Content-Type: application/json
Content-Length: 32
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://oo.militbuckish.shop
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: a97fa794a0f9=67233ba688244004cd66e7; expires=Sun, 13 Oct 2052 11:18:39 GMT; domain=segarkojiri.top; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

lechosabode.shop/ikoYaoIoLLurxfXLv/78053/?md=eyJ0dmMiOjAsImEiOjk3OTYsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL29vLm1pbGl0YnVja2lzaC5zaG9wL2lXSWNNT24yZmVJSS9MTm9yQT9wYXJhbV81PWQwczE1Y2Z2NmJuczczOTE4YWtnJnBhcmFtXzQ9em9uZWlkIiwiaCI6NTY4NCwibCI6ImVuLVVTIiwidCI6MCwieiI6NTM1OCwiayI6NCwidSI6IjY3MjMzYmE2ODgyNDQwMDRjZDY2ZTciLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiN2F5czZpZW81eHVkdm16IiwibyI6dHJ1ZSwibSI6MTc0ODUwNTI2NjA5NCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=HnVag3*TrfJ3Xy43kc0xyVdUCnWQW8skE9V768kBDtw&param_3=dcpa_orig_120417&param_4=zoneid&param_5=d0s15cfv6bns73918akg

188.42.247.188

200 OK

603 B

URL User Request GET
lechosabode.shop/ikoYaoIoLLurxfXLv/78053/?md=eyJ0dmMiOjAsImEiOjk3OTYsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL29vLm1pbGl0YnVja2lzaC5zaG9wL2lXSWNNT24yZmVJSS9MTm9yQT9wYXJhbV81PWQwczE1Y2Z2NmJuczczOTE4YWtnJnBhcmFtXzQ9em9uZWlkIiwiaCI6NTY4NCwibCI6ImVuLVVTIiwidCI6MCwieiI6NTM1OCwiayI6NCwidSI6IjY3MjMzYmE2ODgyNDQwMDRjZDY2ZTciLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiN2F5czZpZW81eHVkdm16IiwibyI6dHJ1ZSwibSI6MTc0ODUwNTI2NjA5NCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=HnVag3*TrfJ3Xy43kc0xyVdUCnWQW8skE9V768kBDtw&param_3=dcpa_orig_120417&param_4=zoneid&param_5=d0s15cfv6bns73918akg
IP
188.42.247.188:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjectlechosabode.shop
Fingerprint15:B3:36:EF:C6:41:28:9B:8E:21:ED:25:D9:D8:D3:27:09:D6:60:CF
ValiditySat, 17 May 2025 09:28:32 GMT - Fri, 15 Aug 2025 09:28:31 GMT

File type
HTML document, ASCII text
Size
603 B (603 bytes)
Hash
f43c7e6644dfe03737e58a8ca2b63a24
e87a17583bf195e03f96107b4ec886d34377488e
b501abc67455a438d1a586ac4a61bc0f709e71ece3c44864d2fdc8f5adc6f24d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ikoYaoIoLLurxfXLv/78053/?md=eyJ0dmMiOjAsImEiOjk3OTYsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL29vLm1pbGl0YnVja2lzaC5zaG9wL2lXSWNNT24yZmVJSS9MTm9yQT9wYXJhbV81PWQwczE1Y2Z2NmJuczczOTE4YWtnJnBhcmFtXzQ9em9uZWlkIiwiaCI6NTY4NCwibCI6ImVuLVVTIiwidCI6MCwieiI6NTM1OCwiayI6NCwidSI6IjY3MjMzYmE2ODgyNDQwMDRjZDY2ZTciLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoiN2F5czZpZW81eHVkdm16IiwibyI6dHJ1ZSwibSI6MTc0ODUwNTI2NjA5NCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMmFkdmVydGlzZXIlM0ExJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&pdc=HnVag3*TrfJ3Xy43kc0xyVdUCnWQW8skE9V768kBDtw&param_3=dcpa_orig_120417&param_4=zoneid&param_5=d0s15cfv6bns73918akg HTTP/1.1
Host: lechosabode.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://oo.militbuckish.shop/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 29 May 2025 07:54:26 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Fri, 30-May-2025 07:54:26 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Fri, 30-May-2025 07:54:26 GMT; Max-Age=86400; path=/; secure; SameSite=None
cvn1=CwaAAAAAAhQBCgAP4Q4GAQM%3D; expires=Mon, 28-Jul-2025 07:54:26 GMT; Max-Age=5184000; path=/; secure; SameSite=None
GL_BC=eJxjYGBgEmEU5EyKNzQwMTAzNRFh5MqwENrExggAKjsD4Q%3D%3D; expires=Fri, 30-May-2025 07:54:26 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_CA_78053=eJxjYGBgEmHkYuB9XyzCJMiYzMYoyFjClWEhtAkAKCQEFw%3D%3D; expires=Fri, 30-May-2025 07:54:26 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_OC=eJxjYGBgEmEUZM2PNzY1FWHkyrAQ2sTGCAAbpwMj; expires=Fri, 30-May-2025 07:54:26 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

s.yimg.com/oa/build/css/site-ltr-fcbc12bf.css

87.248.119.252

200 OK

239 kB

URL GET
s.yimg.com/oa/build/css/site-ltr-fcbc12bf.css
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
Fingerprint79:34:29:BB:52:D4:B5:31:EF:69:EE:69:89:CD:9D:DA:20:A0:D6:E4
ValidityMon, 12 May 2025 00:00:00 GMT - Wed, 02 Jul 2025 23:59:59 GMT

File type
ASCII text
Size
239 kB (238658 bytes)
Hash
05296cb1adf8cd0c27b9d7fa693f6838
fcbc12bf695cdb618625119e46a9d3abf55bc490
d92f28f16ef4904afb66cd19da7086b8014bfa504d1b876a57bdfd1ec63e1ace

HTTP Headers

GET /oa/build/css/site-ltr-fcbc12bf.css HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: CVxG+wjAKsutEbXCeN6MUtLIvQ2RHN1JXtCOJVoZyVWqwQiBrI216brzhV1vN9+cjQjERdfumbQcZ2ogQvgUW1KFEvYOrpmr0ctH4sP7xOQ=
x-amz-request-id: R5MV5W3PNXX59NMR
date: Tue, 13 May 2025 14:10:07 GMT
last-modified: Tue, 13 May 2025 14:00:35 GMT
etag: "719e9b778784d31c295ea2081c36d99a"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
content-encoding: gzip
accept-ranges: bytes
content-type: text/css
content-length: 37669
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 1359861
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

s.yimg.com/ss/rapid-3.53.30.js

87.248.119.252

200 OK

50 kB

URL GET
s.yimg.com/ss/rapid-3.53.30.js
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
Fingerprint79:34:29:BB:52:D4:B5:31:EF:69:EE:69:89:CD:9D:DA:20:A0:D6:E4
ValidityMon, 12 May 2025 00:00:00 GMT - Wed, 02 Jul 2025 23:59:59 GMT

File type
data
Size
50 kB (50266 bytes)
Hash
665798d28ecf9be7cbc434e75267920d
55864f76f012bb11a354c6bacdcc7769a5ec6fa2
7bc917ebee12bcd521ae88840228032579459c25a3ccf8953d8a2dbe5e085be9

HTTP Headers

GET /ss/rapid-3.53.30.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: pkkuqbD7blS87KPeDuoodiqpCEHUMu+dw40gE8PtRROiFB4/7tZ7LwqiROf/eKtKVwgLeEPbVvk=
x-amz-request-id: QCCF9AW30C5WQSR6
date: Tue, 22 Apr 2025 13:28:28 GMT
last-modified: Tue, 29 Jun 2021 01:45:07 GMT
etag: "665798d28ecf9be7cbc434e75267920d-df"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000, immutable
x-amz-version-id: .Bcg25AHAdRCkTvv5tMdNmGVEjznZ_m3
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
age: 3176760
content-encoding: gzip
content-length: 17971
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

consent.yahoo.com/static/images/close.svg

3.248.239.163

200 OK

1.4 kB

URL GET
consent.yahoo.com/static/images/close.svg
IP
3.248.239.163:443
ASN
#16509 AMAZON-02

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1402 bytes)
Hash
04fdad3c9b32cf024d3494c6e0b1f691
e7c0aabd33e695415e7a8c7afea4b94dca273f06
8f0baedf119a144b8b4fe597eb02a91fc47d89284aa6cdcc12097cb109598796

HTTP Headers

GET /static/images/close.svg HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQTvLM4A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Server: guce
Accept-Ranges: bytes
Date: Thu, 29 May 2025 07:54:28 GMT
Connection: keep-alive
Last-Modified: Fri, 23 May 2025 08:55:44 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 703
Content-Type: image/svg+xml

udc.yahoo.com/v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=1197812781&yhlCT=2&yhlBTMS=1748505268069&yhlClientVer=3.53.30&yhlRnd=dJUOPK8UPj3RhJZc&yhlCompressed=0

188.125.72.139

204 No Content

0 B

URL POST
udc.yahoo.com/v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=1197812781&yhlCT=2&yhlBTMS=1748505268069&yhlClientVer=3.53.30&yhlRnd=dJUOPK8UPj3RhJZc&yhlCompressed=0
IP
188.125.72.139:443
ASN
#34010 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subjectyahoo.com
Fingerprint6C:23:14:EA:B1:DF:98:60:2A:CF:08:82:7B:57:A5:93:E6:7B:D1:5E
ValidityTue, 06 May 2025 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /v2/public/yql?yhlVer=2&yhlClient=rapid&yhlS=1197812781&yhlCT=2&yhlBTMS=1748505268069&yhlClientVer=3.53.30&yhlRnd=dJUOPK8UPj3RhJZc&yhlCompressed=0 HTTP/1.1
Host: udc.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1355
Origin: https://consent.yahoo.com
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQTvLM4A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
access-control-allow-origin: https://consent.yahoo.com
vary: Origin
access-control-allow-credentials: true
cache-control: no-store, no-cache, private, max-age=0
p3p: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
pragma: no-cache
expires: -1
x-envoy-upstream-service-time: 1
date: Thu, 29 May 2025 07:54:28 GMT
server: ATS
age: 0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mytdsnet.com/click?key=4440bb11d4a36607c22e&SUBID=951858326876991488&cost=0.008500&zoneid=8503359&os=android&device=other&browser=chrome&browser_lang={browser_lang}&connection_type={connection_type}&carrier=beeline-fr&bannerid=104624081&cohort={cohort}&geo=FR&zoneid=120417&tt=2

172.67.199.17

307 Temporary Redirect

12 kB

URL User Request GET
mytdsnet.com/click?key=4440bb11d4a36607c22e&SUBID=951858326876991488&cost=0.008500&zoneid=8503359&os=android&device=other&browser=chrome&browser_lang={browser_lang}&connection_type={connection_type}&carrier=beeline-fr&bannerid=104624081&cohort={cohort}&geo=FR&zoneid=120417&tt=2
IP
172.67.199.17:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmytdsnet.com
FingerprintD1:8E:89:95:5D:DB:BB:9A:69:E4:F1:44:1B:AF:4C:7C:E1:9C:86:CA
ValidityWed, 07 May 2025 04:29:13 GMT - Tue, 05 Aug 2025 05:25:28 GMT

File type

Size
12 kB (12091 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /click?key=4440bb11d4a36607c22e&SUBID=951858326876991488&cost=0.008500&zoneid=8503359&os=android&device=other&browser=chrome&browser_lang={browser_lang}&connection_type={connection_type}&carrier=beeline-fr&bannerid=104624081&cohort={cohort}&geo=FR&zoneid=120417&tt=2 HTTP/1.1
Host: mytdsnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Thu, 29 May 2025 07:54:25 GMT
content-length: 0
location: https://oo.militbuckish.shop/iWIcMOn2feII/LNorA?param_5=d0s15cfv6bns73918akg&param_4=zoneid
speculation-rules: "/cdn-cgi/speculation"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 94746c735d5eb4f3-OSL
x-request-id: 04814a0b-2bcb-4cb1-aec3-baf34e79cc08
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QWl%2BmUUikLqV1GNk2McO95y7bl3gHc%2FWIVpeeX9HAMWHUlEfdmzXqs2MehONvf5xL2w1T93dJc0AzQ75EsyQ6IisiB1q55XIjzJhXtG5ZDgOeqruNPSQnVvqbAn%2FVg8%3D"}],"group":"cf-nel","max_age":604800}
set-cookie: uclick=numCkFlUatg1grbza2CYtZvb6l5T5GUcAWictaYHgcbcDnhCBTZnrKnzy3CYlhjr6zjz8TAE; SameSite=Lax; Max-Age=31536000
bcid=d0s15cfv6bns73918akg; SameSite=Lax; Max-Age=31536000
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=TCP&rtt=6666&min_rtt=595&rtt_var=12074&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3204&recv_bytes=1322&delivery_rate=5259079&cwnd=254&unsent_bytes=0&cid=40f60f36a0cb15f0&ts=198&x=0"
X-Firefox-Spdy: h2

consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f

3.248.239.163

200 OK

92 kB

URL User Request GET
consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
IP
3.248.239.163:443
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (37625)
Size
92 kB (92190 bytes)
Hash
e431024fc7afbaa8dd9f4fc3875fe014
2a6bb129b7871d6d11a22003a9affc3b6f50139b
58bb27bdb33eab1de5136bdea81aec4570b0dd76dab7a5f027e233ebc18fad66

HTTP Headers

GET /v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lechosabode.shop/
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQTvLM4A
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy-Report-Only: default-src 'none'; block-all-mixed-content; connect-src 'self'; frame-ancestors 'none'; img-src 'self' https://s.yimg.com; media-src 'none'; script-src 'self' 'nonce-EjdY9tFkji+f1kW8uf3Xr6jGUqWgi/Y8' https://s.yimg.com; style-src 'self' 'nonce-EjdY9tFkji+f1kW8uf3Xr6jGUqWgi/Y8' https://s.yimg.com; font-src 'self'; object-src 'none'; frame-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=guce
Server: guce
X-XSS-Protection: 1; mode=block
Pragma: no-cache
X-Frame-Options: DENY
Referrer-Policy: strict-origin-when-cross-origin
Date: Thu, 29 May 2025 07:54:27 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Type: text/html;charset=UTF-8
Content-Length: 14608

csp.yahoo.com/beacon/csp?src=guce

188.125.72.139

204 No Content

0 B

URL POST
csp.yahoo.com/beacon/csp?src=guce
IP
188.125.72.139:443
ASN
#34010 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subjectyahoo.com
Fingerprint6C:23:14:EA:B1:DF:98:60:2A:CF:08:82:7B:57:A5:93:E6:7B:D1:5E
ValidityTue, 06 May 2025 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /beacon/csp?src=guce HTTP/1.1
Host: csp.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 991
Origin: https://consent.yahoo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Thu, 29 May 2025 07:54:28 GMT
strict-transport-security: max-age=31536000
server: ATS
cache-control: no-store, no-cache, private, max-age=0
expires: -1
X-Firefox-Spdy: h2

s.yimg.com/oa/build/images/favicons/yahoo.png

87.248.119.252

200 OK

1.4 kB

URL GET
s.yimg.com/oa/build/images/favicons/yahoo.png
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
Fingerprint79:34:29:BB:52:D4:B5:31:EF:69:EE:69:89:CD:9D:DA:20:A0:D6:E4
ValidityMon, 12 May 2025 00:00:00 GMT - Wed, 02 Jul 2025 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
Size
1.4 kB (1406 bytes)
Hash
b6814ae5582d7953821acbd76e977bb4
75a33fc706c2c6ba233e76c17337e466949f403c
4a491acd00880c407a2b749619003716c87e9c25ac344e5934c13e8f9aa0e8b3

HTTP Headers

GET /oa/build/images/favicons/yahoo.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: TSHOo6ist4Q8nlU73Y7jQC/2uIDRN4/jVZnIUrPzNYIVMQedrjSdcgE2zJNFDQQOToaWpA2NhBUBlIrNeAiA67AlmDYdPjvFI6S3hPEwyyc=
x-amz-request-id: NQGMZJD645272C0C
date: Mon, 26 May 2025 23:55:56 GMT
last-modified: Sun, 25 May 2025 16:22:35 GMT
etag: "b6814ae5582d7953821acbd76e977bb4"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000; immutable
accept-ranges: bytes
content-type: image/png
content-length: 1406
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 201514
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

oo.militbuckish.shop/iWIcMOn2feII/LNorA?param_5=d0s15cfv6bns73918akg&param_4=zoneid

23.109.170.226

200 OK

12 kB

URL User Request GET
oo.militbuckish.shop/iWIcMOn2feII/LNorA?param_5=d0s15cfv6bns73918akg&param_4=zoneid
IP
23.109.170.226:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjectoo.militbuckish.shop
FingerprintA5:37:C4:1E:E1:BB:B1:23:7B:FE:98:05:05:6E:96:F1:74:86:81:5C
ValiditySat, 24 May 2025 11:13:38 GMT - Fri, 22 Aug 2025 11:13:37 GMT

File type
HTML document, ASCII text, with very long lines (11828)
Size
12 kB (12091 bytes)
Hash
07ab914a6ba08c78ddeae5c962049515
c9b341daee6aaa385940c3d7830602d34105597a
9a0be03955951352a53a8fb828760f68ba74efff542fa068e7291d695c379322

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /iWIcMOn2feII/LNorA?param_5=d0s15cfv6bns73918akg&param_4=zoneid HTTP/1.1
Host: oo.militbuckish.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 29 May 2025 07:54:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Fri, 30-May-2025 07:54:25 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Fri, 30-May-2025 07:54:25 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

guce.yahoo.com/consent?brandType=nonEu&gcrumb=BO8szgA&done=https%3A%2F%2Fwww.yahoo.com%2F

3.248.239.163

302 Found

92 kB

URL User Request GET
guce.yahoo.com/consent?brandType=nonEu&gcrumb=BO8szgA&done=https%3A%2F%2Fwww.yahoo.com%2F
IP
3.248.239.163:443
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subjectguce.oath.com
Fingerprint91:86:B9:21:05:5A:48:89:FC:68:9F:6A:05:E4:25:F7:24:08:8D:B7
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type

Size
92 kB (92190 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /consent?brandType=nonEu&gcrumb=BO8szgA&done=https%3A%2F%2Fwww.yahoo.com%2F HTTP/1.1
Host: guce.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lechosabode.shop/
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQTvLM4A
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Connection: keep-alive
Server: guce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Content-Length: 0
Date: Thu, 29 May 2025 07:54:27 GMT

s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage.png

87.248.119.252

200 OK

760 B

URL GET
s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage.png
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
Fingerprint79:34:29:BB:52:D4:B5:31:EF:69:EE:69:89:CD:9D:DA:20:A0:D6:E4
ValidityMon, 12 May 2025 00:00:00 GMT - Wed, 02 Jul 2025 23:59:59 GMT

File type
PNG image data, 120 x 36, 8-bit colormap, non-interlaced
Size
760 B (760 bytes)
Hash
7e72897bf7bdaecf5fec47f028de6aac
a6d4f7b2b57a751941cc56e3cffbfde4de633576
8a781f94157287ada91708b4baf12712cedf808ce49c58c194fc9873f4fa7a30

HTTP Headers

GET /rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: bFBWmLBELk4RNd+QgKWCwd+X2U32DGBsYJT/nTn/nfu7ho8i27k/J64csD+sKAx3F+hWQTlLAHg=
x-amz-request-id: X8CWHHTWFB0P971Q
date: Wed, 28 May 2025 12:36:46 GMT
last-modified: Tue, 27 May 2025 21:32:00 GMT
x-amz-server-side-encryption: AES256
cache-control: public,max-age=86400
accept-ranges: bytes
content-type: image/png
content-length: 760
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
etag: "7e72897bf7bdaecf5fec47f028de6aac"
expires: Wed, 28 May 2025 23:00:00 GMT
age: 69462
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f

3.248.239.163

204 No Content

0 B

URL GET
consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
IP
3.248.239.163:443
ASN
#16509 AMAZON-02

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /beacon?tag=TCF2&step=Layer1-View&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQTvLM4A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: guce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 29 May 2025 07:54:27 GMT

consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View-Js&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f

3.248.239.163

204 No Content

0 B

URL POST
consent.yahoo.com/beacon?tag=TCF2&step=Layer1-View-Js&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
IP
3.248.239.163:443
ASN
#16509 AMAZON-02

Requested by
https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
Fingerprint57:50:C9:8A:EB:3E:A4:9C:1E:1F:87:FA:3C:F3:45:37:D4:D6:AB:A2
ValidityTue, 04 Feb 2025 00:00:00 GMT - Wed, 30 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /beacon?tag=TCF2&step=Layer1-View-Js&brandDomain=www.yahoo.com&brandBid=&userType=nonreg&sdk=false&tos=nb-NO&country=NO&x=&sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_cf2bceb6-2f16-4616-bef9-4ed945cff31f
Origin: https://consent.yahoo.com
DNT: 1
Connection: keep-alive
Cookie: GUCS=AQTvLM4A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0

HTTP/1.1 204 No Content
Server: guce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 29 May 2025 07:54:28 GMT

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (23)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL OPTIONS

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by