Report - s.yimg.com

Report Overview

Visited public
2025-03-21 21:40:48
Tags
yahoo phishing
URL
s.yimg.com
Finishing URL
s.yimg.com/
IP / ASN
188.125.94.206
#10310 YAHOO-1
Title
Yahoo
Phishing - Yahoo

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
s.yimg.com	375	1997-05-14	2012-05-20	2025-03-19	2.2 kB	91 kB	87.248.119.252
geo.yahoo.com	1289	1995-01-18	2012-05-25	2025-03-17	504 B	618 B	188.125.72.139
bcn.fp.yahoo.com	177512	1995-01-18	2017-02-01	2025-03-18	507 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	From	Size	First Seen	Last Seen
	s.yimg.com/	ScriptElement	392 B	2025-03-02	2025-06-14
Pretty URL s.yimg.com/ IP 87.248.119.252 ASN #203220 Yahoo-UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-02 12:38 Last Seen2025-06-14 10:26 Times Seen21 Hash 1dc78f4fa4516439734b17dc18c6cfff 0f390444bb01f752edabde17abb77170ee2cd025 f159d108e00e466c60cf5a827f9592a7a7963aa40a4c3016dbac86a800fb846b Loading...

	s.yimg.com/	ScriptElement	2.4 kB	2025-03-21	2025-03-21
Pretty URL s.yimg.com/ IP 87.248.119.252 ASN #203220 Yahoo-UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-21 21:40 Last Seen2025-03-21 21:40 Times Seen1 Hash c62637bca11d1bc7e74665117bd9e4c1 6fcdac68069518a1cb85d0fb5ed146fcbb53efcb 7142058caf8a8538656151de7c1913290de16520d513299e43f3f19ef329e5f8 Loading...

		Size	First Seen	Last Seen
	#1 Write - 40db0dea1aa812c462ea2823161f1e26	18 B	2023-03-08 03:31	2025-06-14 10:26
Pretty Observations First Seen2023-03-08 03:31 Last Seen2025-06-14 10:26 Times Seen221 Hash 40db0dea1aa812c462ea2823161f1e26 16005dde25ddda99832ff394cf0f0ea3be65d0c5 fb4a09993ba875fb4dd2d48a2eb1fb954cc463776b8bbacdc52ceccaa2817687 Loading...

	#2 Write - dde4e11fec7a782492e2fefaee565c5b	50 B	2023-03-08 03:31	2025-06-14 10:26
Pretty Observations First Seen2023-03-08 03:31 Last Seen2025-06-14 10:26 Times Seen221 Hash dde4e11fec7a782492e2fefaee565c5b 83093d7f20702843dc1015dccedd7bf08a54011d 66ab8316d9c9589b7eaf7a0087d00c21e3d55cfe160d1990abe2dc5f9591226c Loading...

	#3 Write - 1ab3d08a8e5a2117f942868ed0ae5ed6	77 B	2023-03-08 03:31	2025-06-14 10:26
Pretty Observations First Seen2023-03-08 03:31 Last Seen2025-06-14 10:26 Times Seen221 Hash 1ab3d08a8e5a2117f942868ed0ae5ed6 2ce97c95e65bfb8eb5c99654b6c3075fcf32aeae 0ba4af9c57cad2c9c8d0ba8dba8918e386c8d88dae8e2cbd0d531fd362dba774 Loading...

	#4 Write - 29b3706242550db4c97aae97b5c37240	26 B	2023-03-08 03:31	2025-06-21 21:27
Pretty Observations First Seen2023-03-08 03:31 Last Seen2025-06-21 21:27 Times Seen227 Hash 29b3706242550db4c97aae97b5c37240 cd39816c14c3f2736252657a26834e4bfbcb88e2 f3dd71a7814b1628a459f8c8a8f281f3332caa3066e6dce84a5a4901676beae9 Loading...

	#5 Write - 6bd808616a9d16b0cae84e2e9b4f8c0b	22 B	2023-03-08 03:31	2025-06-14 10:26
Pretty Observations First Seen2023-03-08 03:31 Last Seen2025-06-14 10:26 Times Seen221 Hash 6bd808616a9d16b0cae84e2e9b4f8c0b 0ef443da8f4c00e9429ab76675c553e0cdc0ec85 acdc36b27fa0a237b1272dd892fdb7b35e3ad48535a1035ba9cd275c54eab79a Loading...

	#6 Write - b89d8c786aa41d64172d9595e2e39520	110 B	2023-03-08 03:31	2025-06-14 10:26
Pretty Observations First Seen2023-03-08 03:31 Last Seen2025-06-14 10:26 Times Seen221 Hash b89d8c786aa41d64172d9595e2e39520 c93bde15b38d21057c89420e7269e0c6209530f4 a486570a17cea8a63a78106d9f1dda5675dc9cf74e43c4b70ee88a7b200eb722 Loading...

	#7 Write - 695124b822cf4d3758c98451c53b4de6	55 B	2023-03-08 03:31	2025-06-14 10:26
Pretty Observations First Seen2023-03-08 03:31 Last Seen2025-06-14 10:26 Times Seen221 Hash 695124b822cf4d3758c98451c53b4de6 fe3084706cac3f40194709191450889db8124b2d e3a09a936e20ac4b33b6dd6b39298fb2ed94ef94a0e488ae067f2e1f8bc42484 Loading...

	#8 Write - 0a3a0b592b9c285e050805307cee87c2	6 B	2023-03-07 01:02	2025-06-22 05:24
Pretty Observations First Seen2023-03-07 01:02 Last Seen2025-06-22 05:24 Times Seen82808 Hash 0a3a0b592b9c285e050805307cee87c2 125a168e24b2bd38aadb84cbb5f87f316b073c41 aac32651b10f567c461b9b4f255d6fb1fa6859b5368d8bd9a51af920ab21cf23 Loading...

	#9 Write - 0e2cc440dab5c89af2b018bc5b9760a0	243 B	2025-03-21 21:40	2025-03-21 21:40
Pretty Observations First Seen2025-03-21 21:40 Last Seen2025-03-21 21:40 Times Seen1 Hash 0e2cc440dab5c89af2b018bc5b9760a0 92c3f0201207ba002419c15066808d9f57f53ea5 f4cb3fc0f687c5f700eb42edec4e2a2c81b5f0603fb9f42c886e4f6db13270e1 Loading...

HTTP Transactions (7)

URL IP Response Size

GET s.yimg.com/

87.248.119.252

404 Not Found

4.7 kB

URL User Request GET
s.yimg.com/
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintEC:A5:02:FD:50:D2:4F:E1:70:DF:7C:6D:F7:BC:F4:A2:04:96:2B:DC
ValidityWed, 19 Mar 2025 00:00:00 GMT - Wed, 07 May 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (4955), with no line terminators
Size
4.7 kB (4740 bytes)
Hash
057868322613230b7a58b84c856eee49
5c8664230b1dd829013dd14a79936ac363ddb33d
00a98486c9e792c0e9020d2768111d43890c2e68ca200f00d9588d03210a4c83

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Yahoo

HTTP Headers

GET / HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Fri, 21 Mar 2025 21:40:25 GMT
server: ATS
cache-control: no-store
content-type: text/html
content-language: en
content-length: 4740
X-Firefox-Spdy: h2

GET s.yimg.com/

87.248.119.252

404 Not Found on Accelerator

4.7 kB

URL User Request GET
s.yimg.com/
IP
87.248.119.252:80
ASN
#203220 Yahoo-UK Limited

File type
HTML document, ASCII text, with very long lines (4954), with no line terminators
Size
4.7 kB (4739 bytes)
Hash
3486c9457b228d0d59456f614477e14f
ddc47f5c4de1ff2ce180c35885f799fff51de7a2
860ba983417f25d88fa09cf219ec27bb839fc9cd4f75ec175b363cb4142658fb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Yahoo

HTTP Headers

GET / HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found on Accelerator
Date: Fri, 21 Mar 2025 21:40:26 GMT
Connection: keep-alive
Server: ATS
Cache-Control: no-store
Content-Type: text/html
Content-Language: en
Content-Length: 4739

GET s.yimg.com/nn/img/sad-panda-201402200631.png

87.248.119.252

200 OK

60 kB

URL GET
s.yimg.com/nn/img/sad-panda-201402200631.png
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Requested by
http://s.yimg.com/
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintEC:A5:02:FD:50:D2:4F:E1:70:DF:7C:6D:F7:BC:F4:A2:04:96:2B:DC
ValidityWed, 19 Mar 2025 00:00:00 GMT - Wed, 07 May 2025 23:59:59 GMT

File type
PNG image data, 2673 x 1311, 8-bit/color RGB, non-interlaced
Size
60 kB (59856 bytes)
Hash
2751275289ee8a74f64e6bfec626034d
be17d650aad1654f88ce397a454e05ba281eb6c3
20a453c98a759aa542ba2a07e1dcf31c82d545ef29377b3bcaad379ebbad66ac

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Yahoo

HTTP Headers

GET /nn/img/sad-panda-201402200631.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://s.yimg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: szz4A2mT0UKYbBqPQZ67uPM8Qxc9uRouCS3W74OsK0XEJLPQUoulbmR3zpgIcevt9+o1ncoptHA=
x-amz-request-id: 2X094DM80W8P0JZW
date: Sun, 02 Mar 2025 22:39:34 GMT
last-modified: Fri, 06 Jul 2018 03:00:46 GMT
etag: "2751275289ee8a74f64e6bfec626034d"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000,public
x-amz-meta-created-date: Thu, 20 Feb 2014 06:31:45 GMT
x-amz-meta-mbst-etag: "YM:1:21e2bf66-5b4e-48cf-b226-54be0c87b2230004f2d0a8cc8ed9"
x-amz-meta-x-ysws-mbst-vtime: 1392877905940185
x-amz-meta-x-ysws-access: public
accept-ranges: bytes
content-type: image/png
content-length: 59856
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 0
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

GET s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_205x58_frontpage.png

87.248.119.252

200 OK

1.2 kB

URL GET
s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_205x58_frontpage.png
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Requested by
http://s.yimg.com/
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintEC:A5:02:FD:50:D2:4F:E1:70:DF:7C:6D:F7:BC:F4:A2:04:96:2B:DC
ValidityWed, 19 Mar 2025 00:00:00 GMT - Wed, 07 May 2025 23:59:59 GMT

File type
PNG image data, 205 x 58, 8-bit colormap, non-interlaced
Size
1.2 kB (1154 bytes)
Hash
73bbf8bd47227f183455c2d4b5e3a8a8
17152df9ebfce3b03dfab35950a30209c3eb1e2e
8de1aec4728fb9e7dc92eba19506b89bde081f5555a8e3a963354a8f9c4afe2d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Yahoo

HTTP Headers

GET /rz/p/yahoo_frontpage_en-US_s_f_p_205x58_frontpage.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://s.yimg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: 2bzwOam4wD7I7sM4yj65Mw6yiCgnS0jhf3NB2FxGkgTt1gw0jcdTBZ/gu6arOEYnqTkfuhUzdYc=
x-amz-request-id: 515Z1B3ZV85HZTNC
date: Fri, 21 Mar 2025 17:44:31 GMT
last-modified: Thu, 20 Mar 2025 21:33:54 GMT
x-amz-server-side-encryption: AES256
cache-control: public,max-age=86400
accept-ranges: bytes
content-type: image/png
content-length: 1154
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
etag: "73bbf8bd47227f183455c2d4b5e3a8a8"
expires: Fri, 21 Mar 2025 23:00:00 GMT
age: 14157
ats-carp-promotion: 1, 1, 1
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

GET geo.yahoo.com/b?s=1197757129&t=1742593226154&err_url=http%3A%2F%2Fs.yimg.com%2F&err=404&test=-&ats_host=e7.ycpi.deb.yahoo.com&rid=-&message=Not%20Found%20on%20Accelerator&source=brb

188.125.72.139

200 OK

43 B

URL GET
geo.yahoo.com/b?s=1197757129&t=1742593226154&err_url=http%3A%2F%2Fs.yimg.com%2F&err=404&test=-&ats_host=e7.ycpi.deb.yahoo.com&rid=-&message=Not%20Found%20on%20Accelerator&source=brb
IP
188.125.72.139:80
ASN
#34010 Yahoo-UK Limited

Requested by
http://s.yimg.com/

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /b?s=1197757129&t=1742593226154&err_url=http%3A%2F%2Fs.yimg.com%2F&err=404&test=-&ats_host=e7.ycpi.deb.yahoo.com&rid=-&message=Not%20Found%20on%20Accelerator&source=brb HTTP/1.1
Host: geo.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.yimg.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 21 Mar 2025 21:40:26 GMT
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
set-cookie: B=7rn4g05jtrn6a&b=3&s=0n; expires=Sat, 21-Mar-2026 21:40:26 GMT; path=/; domain=.yahoo.com; secure
cache-control: no-cache, no-store, private
pragma: no-cache
content-length: 43
content-type: image/gif
x-envoy-upstream-service-time: 0
server: ATS
Age: 0
Connection: keep-alive

GET bcn.fp.yahoo.com/p?s=1197757129&t=1742593226154&err_url=http%3A%2F%2Fs.yimg.com%2F&err=404&test=-&ats_host=e7.ycpi.deb.yahoo.com&rid=-&message=Not%20Found%20on%20Accelerator&source=brb

0.0.0.0

0 B

URL GET
bcn.fp.yahoo.com/p?s=1197757129&t=1742593226154&err_url=http%3A%2F%2Fs.yimg.com%2F&err=404&test=-&ats_host=e7.ycpi.deb.yahoo.com&rid=-&message=Not%20Found%20on%20Accelerator&source=brb
IP
0.0.0.0:0
ASN
#0

Requested by
http://s.yimg.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p?s=1197757129&t=1742593226154&err_url=http%3A%2F%2Fs.yimg.com%2F&err=404&test=-&ats_host=e7.ycpi.deb.yahoo.com&rid=-&message=Not%20Found%20on%20Accelerator&source=brb HTTP/1.1
Host: bcn.fp.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.yimg.com/
Pragma: no-cache
Cache-Control: no-cache

GET s.yimg.com/favicon.ico

87.248.119.252

200 OK

18 kB

URL GET
s.yimg.com/favicon.ico
IP
87.248.119.252:443
ASN
#203220 Yahoo-UK Limited

Requested by
http://s.yimg.com/
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintEC:A5:02:FD:50:D2:4F:E1:70:DF:7C:6D:F7:BC:F4:A2:04:96:2B:DC
ValidityWed, 19 Mar 2025 00:00:00 GMT - Wed, 07 May 2025 23:59:59 GMT

File type
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
Size
18 kB (17726 bytes)
Hash
6008300f4768d059695cc87af91962a1
0aa573e7c0af51aaa1a71718381038e025c85ca0
febdbdddb3b0d366e29db0fa558b62161cb92a9f26bc99a5f2a1a5794f89d008

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Yahoo

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Referer: http://s.yimg.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: aj3r3owonhTL5jiXQczZxzL89B70EcEc/Rb0gKjys/BCSnHL/yA6811mdt6pdgMT2a+fsjisZI0=
x-amz-request-id: S132BNJPWR3ZWA0K
date: Tue, 18 Mar 2025 18:37:32 GMT
last-modified: Wed, 09 Oct 2019 00:27:50 GMT
etag: "6008300f4768d059695cc87af91962a1"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=315360000
expires: Wed, 17 May 2028 00:23:07 GMT
x-amz-meta-x-ysws-access: public
accept-ranges: bytes
content-type: image/x-icon
content-length: 17726
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 270175
strict-transport-security: max-age=31536000
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (7)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash