Report - woejvhbf43859djkdf.pages.dev/

Report Overview

Visited public
2023-11-28 12:25:37
Tags
phishing suspicious
URL
woejvhbf43859djkdf.pages.dev/
Finishing URL
woejvhbf43859djkdf.pages.dev/
IP / ASN
172.66.44.211
#13335 CLOUDFLARENET
Title
Yahoo - login
Phishing - Generic phishing
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-11-28 08:04:01	455 B	31 kB	142.250.74.106
woejvhbf43859djkdf.pages.dev	unknown	2020-09-02	2023-08-26 22:35:44	2023-10-30 04:30:24	977 B	277 kB	172.66.44.211
s.yimg.com	375	1997-05-14	2012-05-21 00:45:00	2023-11-27 12:37:47	963 B	4.3 kB	188.125.94.204

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-13	medium	woejvhbf43859djkdf.pages.dev/	Yahoo! Inc
2023-11-13	medium	woejvhbf43859djkdf.pages.dev/	Yahoo! Inc

PhishTank

Scan Date	Severity	Indicator	Alert
2023-10-29	medium	woejvhbf43859djkdf.pages.dev/login_files/loga	Other
2023-10-29	medium	woejvhbf43859djkdf.pages.dev/	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-28	medium	woejvhbf43859djkdf.pages.dev	Sinkholed
2023-11-28	medium	woejvhbf43859djkdf.pages.dev	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	2.4 kB	2023-08-28	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-28 02:10 Last Seen2024-08-21 07:56 Times Seen33 Hash a75cd509cbf348083ad608170c7c486e dec3a097df0498d2e0a6bf1236c78ce7e2659a3b 49476c1a8329e8348d96f0685f9e75f9a5616c9bd92c4b5c7c4786a7803668e2 Loading...

	unknown	ScriptElement	674 B	2023-08-28	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-28 02:10 Last Seen2024-08-21 07:56 Times Seen33 Hash 33f2fac3ef990472696e174641bd353c b6a49e419ed8cf086aae14487c57563da7c7c9fa fe52ea3d1f43dd18ed6b68b42a4af96b342469f96ff8263edb4cd465298adcee Loading...

	woejvhbf43859djkdf.pages.dev/	ScriptElement	254 kB	2023-08-28	2024-08-21
Pretty URL woejvhbf43859djkdf.pages.dev/ IP 172.66.44.211 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-28 02:10 Last Seen2024-08-21 07:56 Times Seen33 Hash 068fb91dde91a9e1832ec85ec4920fa8 09209358d923cb280d4c9fdd0f9d9592a518ba95 66b54286c4ffb825df43c3fcb2c970f3755006ccadaae229cf1d81b23ab28bda Loading...

	unknown	ScriptElement	190 B	2023-08-28	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-28 02:10 Last Seen2024-08-21 07:56 Times Seen33 Hash e82736f285cb394d000829487fe1c269 2307d30f148b818cf1b3e3f065ac569afb6b9d83 d80c73d0346cf83f16f3093261adae3b4b2cf0b8a01e11ebe9b9bb27759f7d16 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 11:31 Times Seen36342 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	unknown	ScriptElement	83 B	2023-08-28	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-28 02:10 Last Seen2024-08-21 07:56 Times Seen33 Hash f2289544b1d1ac05fe39eccd3cfb4c91 18f2d90a7ff5fdd1ac8ed9d3c51ea24a463a1322 dfd94a580538b5e33d008eb094bc5103bd1559537e036a2784236bacb2c012fd Loading...

	unknown	ScriptElement	969 B	2023-08-28	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-28 02:10 Last Seen2024-08-21 07:56 Times Seen33 Hash c3856e4527bb7ee89014788d79bc6ab3 8ef78b84922baab9e1078b2067f5a458dca6d1d5 ff8457f9d8cb5f16d2b6f0ac92c711d87f48afd25fad3bd648623e8b083c43d3 Loading...

		Size	First Seen	Last Seen
	#1 Write - 733df24ed7d7e0f69a2c14de8a04fbe3	85 kB	2023-08-28 02:10	2024-08-21 07:56
Pretty Observations First Seen2023-08-28 02:10 Last Seen2024-08-21 07:56 Times Seen33 Hash 733df24ed7d7e0f69a2c14de8a04fbe3 43833b79637c837f74076446c60a6b2203f33b09 9b487945b0bbf372e2843bf4e14ab9e56c0069cc4b6799ef7cdc432eeff1f429 Loading...

HTTP Transactions (5)

URL IP Response Size

ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

142.250.74.106

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://woejvhbf43859djkdf.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (32058)
Size
30 kB (30306 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://woejvhbf43859djkdf.pages.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 27 Nov 2023 18:27:52 GMT
expires: Tue, 26 Nov 2024 18:27:52 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 64647
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

woejvhbf43859djkdf.pages.dev/login_files/loga

172.66.44.211

200 OK

21 kB

URL GET HTTP/3
woejvhbf43859djkdf.pages.dev/login_files/loga
IP
172.66.44.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://woejvhbf43859djkdf.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectwoejvhbf43859djkdf.pages.dev
Fingerprint05:87:F6:15:34:E1:EC:78:74:F5:70:D1:AC:11:03:A1:82:8D:39:AC
ValidityTue, 24 Oct 2023 19:02:37 GMT - Mon, 22 Jan 2024 19:02:36 GMT

File type
HTML document, ASCII text, with very long lines (65503), with CRLF line terminators
Size
21 kB (21185 bytes)
Hash
6a0b32e63e9c47abe05290994ece6e78
1beb96c3c9c0d8bc51fdd16dacf00d3376cdf9b0
1401f6fb58a8a225ede651a8a4d8e80ef75fb1742d047322f36d3773a98921b6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Yahoo! Inc
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login_files/loga HTTP/1.1
Host: woejvhbf43859djkdf.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://woejvhbf43859djkdf.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 28 Nov 2023 12:25:20 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"d13bf6cc991deb37224368583938513e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FXSPVt3EmFtX4pefcNeMSCRRYDcQGuqrsrfibcHfPaS%2FYhhx2Caeznhsm2f23%2BB2Twuu7B0%2BlcqItD5rD%2B%2BD3weps2I5QU5jYi%2B%2BZ1UFuMv8gwf3C3RB5YejsRFPoTwPqz5P9plgh%2BLg2dpKGecJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d297cc09e356a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

s.yimg.com/wm/mbr/images/yahoo-favicon-img-v0.0.2.ico

188.125.94.204

200 OK

1.4 kB

URL GET HTTP/2
s.yimg.com/wm/mbr/images/yahoo-favicon-img-v0.0.2.ico
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://woejvhbf43859djkdf.pages.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6
ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel\012- data
Size
1.4 kB (1406 bytes)
Hash
b6814ae5582d7953821acbd76e977bb4
75a33fc706c2c6ba233e76c17337e466949f403c
4a491acd00880c407a2b749619003716c87e9c25ac344e5934c13e8f9aa0e8b3

HTTP Headers

GET /wm/mbr/images/yahoo-favicon-img-v0.0.2.ico HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://woejvhbf43859djkdf.pages.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: dA3RKOKoDDdouqHLuhrFgD9Qm/nmwC2oaUpJD3z1sbzP/bxfQmPWv3IAaTRmMTVVw7cWx79zkVI=
x-amz-request-id: 9VD90PNTMCEEXT6X
date: Tue, 28 Nov 2023 08:00:32 GMT
last-modified: Wed, 11 Sep 2019 18:01:04 GMT
etag: "b6814ae5582d7953821acbd76e977bb4"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/vnd.microsoft.icon
server: ATS
content-length: 1406
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 15889
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png

188.125.94.204

200 OK

1.3 kB

URL GET HTTP/2
s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://woejvhbf43859djkdf.pages.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6
ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT

File type
PNG image data, 240 x 72, 8-bit colormap, non-interlaced\012- data
Size
1.3 kB (1346 bytes)
Hash
cd166981c96c6d0f4b5a7d798c25878e
09031c4013138bb8bd54ab9092ac59aa47d7c60c
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338

HTTP Headers

GET /rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://woejvhbf43859djkdf.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: KtiCzV1I0oSQcjiJreDuC2lnqeFeqQlrf4KWs8apNXGSqC7MychmuHh6DCTh7K2oqXf8druSAAM=
x-amz-request-id: TRAV1YCE42021NBX
date: Mon, 27 Nov 2023 21:05:19 GMT
last-modified: Sun, 26 Nov 2023 21:31:13 GMT
etag: "cd166981c96c6d0f4b5a7d798c25878e"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=86400
expires: Tue, 28 Nov 2023 00:00:00 GMT
accept-ranges: bytes
content-type: image/png
server: ATS
content-length: 1346
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 55202
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

woejvhbf43859djkdf.pages.dev/

172.66.44.211

200 OK

254 kB

URL User Request GET HTTP/2
woejvhbf43859djkdf.pages.dev/
IP
172.66.44.211:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectwoejvhbf43859djkdf.pages.dev
Fingerprint05:87:F6:15:34:E1:EC:78:74:F5:70:D1:AC:11:03:A1:82:8D:39:AC
ValidityTue, 24 Oct 2023 19:02:37 GMT - Mon, 22 Jan 2024 19:02:36 GMT

File type
HTML document, ASCII text, with very long lines (65503), with CRLF line terminators
Size
254 kB (253842 bytes)
Hash
6a0b32e63e9c47abe05290994ece6e78
1beb96c3c9c0d8bc51fdd16dacf00d3376cdf9b0
1401f6fb58a8a225ede651a8a4d8e80ef75fb1742d047322f36d3773a98921b6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Yahoo! Inc
PhishTank	phishing	Other
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: woejvhbf43859djkdf.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 28 Nov 2023 12:25:19 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"d13bf6cc991deb37224368583938513e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rw%2BKJ6c2MpVx9fPiyU5dgNl24gm1m3oCc7Pb%2F5MsjKAaUrWUZ%2FIcnoM9ICn5vk5ZQprg8J5%2FnIosG9E49ZtPhiyoVHiSTpNRUlRCrNN%2BhaWI0t%2B7u1PzRoFN%2F7WqklRxi3BQhuqZ6RVj%2FApLLoHt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d297c93967569d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (5)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP