Report - josephcolarusso.yahool0gin.workers.dev/

Report Overview

Visited public
2023-12-04 13:51:06
Tags
suspicious
URL
josephcolarusso.yahool0gin.workers.dev/
Finishing URL
josephcolarusso.yahool0gin.workers.dev/
IP / ASN
104.21.70.141
#13335 CLOUDFLARENET
Title
Yahoo
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
api.ipify.org	3267	2014-01-05	2014-10-06 14:38:43	2023-12-04 05:19:41	451 B	201 B	104.237.62.212
s.yimg.com	375	1997-05-14	2012-05-21 00:45:00	2023-12-03 18:22:24	3.7 kB	109 kB	87.248.119.251
dl.dropboxusercontent.com	12831	2012-01-13	2019-02-11 02:24:40	2019-03-28 09:18:21	481 B	182 kB	162.125.71.15
josephcolarusso.yahool0gin.workers.dev	unknown	unknown	No data	No data	505 B	5.4 kB	104.21.70.141

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-04 13:50:55	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-12-04 13:50:55	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-12-04 13:50:55	low	Client IP	162.125.71.15	ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
2023-12-04 13:50:55	low	162.125.71.15	Client IP	ET INFO DropBox User Content Download Access over SSL M2
2023-12-04 13:50:55	low	Client IP	104.237.62.212	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	josephcolarusso.yahool0gin.workers.dev/	Yahoo! Inc

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	829 B	2023-12-04	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 14:51 Last Seen2024-08-20 16:49 Times Seen2 Hash f965049d357465a30617757093e9f028 b1357f927d98e80ae1f81a4077577337b859e312 a299b859028d8d1bf756c26ab7885c61e4087fa5ddeb1b44e520642b73540828 Loading...

	josephcolarusso.yahool0gin.workers.dev/	ScriptElement	36 kB	2023-12-04	2024-08-20
Pretty URL josephcolarusso.yahool0gin.workers.dev/ IP 104.21.70.141 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-04 14:51 Last Seen2024-08-20 16:49 Times Seen2 Hash b1249c3f1fb4ae6a62dc53e53d203b4f 3c7a229fa3aadbff2b8cc8fef07527dc9ab9e096 aeb2fbd9b39b1d3db6287a187250a0fda527fe508d8f3539365ef1784f1de424 Loading...

	unknown	ScriptElement	24 kB	2023-12-04	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 14:51 Last Seen2024-08-20 16:49 Times Seen2 Hash 444414746e059665a40e11ff2687677a 26782785edad242a9b1495f673e845977d5e543a 1491cc97233f1814b97fb48b44356d2be54ea3caec225755beeb0ed7fe1c2161 Loading...

	unknown	ScriptElement	700 B	2023-05-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-20 13:28 Last Seen2024-08-20 16:49 Times Seen6 Hash f3bcc5c18e9ac2437510405facf1cf19 a3fa3acfd2626d166b7699171327233691a53ca1 0383451785346634f07c4dbf4d035baea998a768b7362203175c9445049a02a2 Loading...

	unknown	ScriptElement	246 B	2023-05-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-20 13:28 Last Seen2024-08-20 16:49 Times Seen6 Hash 0333fa4c3a6c08a1e9c179fc42c6b126 89e59ac5ec1e8d4b35deb038cfb35c6a9fde9806 e639a867846c06cfa5ef1150ee81feeda86ad1de03e3df6f7f01175822802325 Loading...

	api.ipify.org/?format=jsonp&callback=getIP	ScriptElement	29 B	2023-03-07	2025-05-09
Pretty URL api.ipify.org/?format=jsonp&callback=getIP IP 104.237.62.212 ASN #18450 WEBNX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16 Last Seen2025-05-09 08:14 Times Seen14371 Hash 90a39389063c7c5716745c3b3bb4fba1 a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69 Loading...

		Size	First Seen	Last Seen
	#1 Write - 6afea993f1a8a7ac49e54e5e5a6782c9	24 kB	2023-12-04 14:51	2024-08-20 16:49
Pretty Observations First Seen2023-12-04 14:51 Last Seen2024-08-20 16:49 Times Seen2 Hash 6afea993f1a8a7ac49e54e5e5a6782c9 4b97378a387da4d184cea35952c0c7060361e0da fc79071a88d132e8239f5ea36e8aa98ad81850776023bc369e67b4d544a99e9a Loading...

	#2 Write - c8185176edf337bc3bb392f0f4d5a304	12 kB	2023-12-04 14:51	2024-08-20 16:49
Pretty Observations First Seen2023-12-04 14:51 Last Seen2024-08-20 16:49 Times Seen2 Hash c8185176edf337bc3bb392f0f4d5a304 e484aead2c29eaf16da2127e4081ecd03692664d 1136beb1ae7bcc9593b6ca3aef2d0770f13c6ca3bb8f4124949646f5950e2688 Loading...

HTTP Transactions (10)

URL IP Response Size

josephcolarusso.yahool0gin.workers.dev/

104.21.70.141

200 OK

4.8 kB

URL User Request GET HTTP/2
josephcolarusso.yahool0gin.workers.dev/
IP
104.21.70.141:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectyahool0gin.workers.dev
Fingerprint66:43:2B:FB:32:AC:AD:01:E9:EB:33:1C:29:00:6F:9E:AD:27:2F:9F
ValidityMon, 04 Dec 2023 02:35:23 GMT - Sun, 03 Mar 2024 02:35:22 GMT

File type
HTML document, ASCII text, with very long lines (35667)
Size
4.8 kB (4753 bytes)
Hash
ca65effefbbe902476416c53f7ebabcf
585e766f4db9f60e06d9b307c569501fd087177d
280c702a7aa020edf13c8022ef3a66ff33947e001f327d1b2b490255a35a8a7e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Yahoo! Inc

HTTP Headers

GET / HTTP/1.1
Host: josephcolarusso.yahool0gin.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 13:50:49 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U6KaYtWfnyd2Vxq7c9KHV3sPkRDjIHMJ%2BAsOPRkfeGSwHg8pX4Y5%2F4DPI05%2B%2Fxt6okBTg%2Ff7yZIs31072Wc7LIuDKZZmrTELAMTzTV9K7sWRzA9%2FribC3gjbjKCUzsp11PdL1mKAOyQujtjCPomsaMNdyqg7LcXY6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8304854789df0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

api.ipify.org/?format=jsonp&callback=getIP

104.237.62.212

200 OK

29 B

URL GET HTTP/1.1
api.ipify.org/?format=jsonp&callback=getIP
IP
104.237.62.212:443
ASN
#18450 WEBNX

Requested by
https://josephcolarusso.yahool0gin.workers.dev/
Certificate
IssuerSectigo Limited
Subject*.ipify.org
FingerprintF4:76:2D:2C:65:D1:15:BE:19:A4:C5:E0:8D:EB:89:1A:B6:75:4A:54
ValidityTue, 07 Feb 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
90a39389063c7c5716745c3b3bb4fba1
a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f
eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69

HTTP Headers

GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://josephcolarusso.yahool0gin.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.2
Date: Mon, 04 Dec 2023 13:50:50 GMT
Content-Type: application/javascript
Content-Length: 29
Connection: keep-alive
Vary: Origin

s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2

87.248.119.251

200 OK

29 kB

URL GET HTTP/2
s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2
IP
87.248.119.251:443
ASN
#203220 Yahoo! UK Services Limited

Requested by
https://josephcolarusso.yahool0gin.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6
ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28860, version 1.0\012- data
Size
29 kB (28860 bytes)
Hash
a99b283070afc519f4816e4300c515d2
65b78d03d56de125060e61069debfc47e38fb3df
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560

HTTP Headers

GET /cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2 HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://josephcolarusso.yahool0gin.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: sv8BHiV4PQppZ9+uq77LPs1tyTrBBQW/4oeU0+vrQRdvchTHtLGpr8H1/235YL4MPGH9D+IM97A=
x-amz-request-id: 9YWBCZ2WSHXA736A
date: Mon, 23 Oct 2023 11:54:15 GMT
last-modified: Thu, 19 Apr 2018 19:06:41 GMT
etag: "a99b283070afc519f4816e4300c515d2"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000,public
x-amz-meta-created-date: Tue, 03 Oct 2017 06:22:51 GMT
x-amz-meta-mbst-etag: "YM:1:cb5e4811-e042-455c-b2b2-f984d5f70e0200055a9e8550b736"
x-amz-meta-x-ysws-mbst-vtime: 1507011771545398
expires: Sat, 05 Sep 2026 00:00:00 GMT
x-amz-meta-x-ysws-access: public
accept-ranges: bytes
content-type: font/woff2
server: ATS
content-length: 28860
referrer-policy: no-referrer-when-downgrade
age: 3635796
access-control-allow-origin: *
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: Origin
X-Firefox-Spdy: h2

s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2

87.248.119.251

200 OK

29 kB

URL GET HTTP/2
s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2
IP
87.248.119.251:443
ASN
#203220 Yahoo! UK Services Limited

Requested by
https://josephcolarusso.yahool0gin.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6
ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29228, version 1.0\012- data
Size
29 kB (29228 bytes)
Hash
7c7c02dcee2bf1c2528db6092d4ad1fa
988a01f705c074261490625c70f94b2642413693
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4

HTTP Headers

GET /cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2 HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://josephcolarusso.yahool0gin.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: gXl9JWtOtLviXUM+8qTK9fNIqBmB4TLt5UeUJAqBi91QpkcnyIK5ZJcTl8IeRuw78TuetHCdukw=
x-amz-request-id: 7CXM16ZVECVYKZ9A
date: Sun, 15 Oct 2023 10:15:42 GMT
last-modified: Thu, 19 Apr 2018 16:25:50 GMT
etag: "7c7c02dcee2bf1c2528db6092d4ad1fa"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000,public
x-amz-meta-created-date: Tue, 03 Oct 2017 06:22:52 GMT
x-amz-meta-mbst-etag: "YM:1:1bb49599-26ac-442e-b6b8-f4e40f067ea500055a9e855b6ecb"
x-amz-meta-x-ysws-mbst-vtime: 1507011772247755
expires: Sat, 05 Sep 2026 00:00:00 GMT
x-amz-meta-x-ysws-access: public
accept-ranges: bytes
content-type: font/woff2
server: ATS
content-length: 29228
referrer-policy: no-referrer-when-downgrade
age: 4332909
access-control-allow-origin: *
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: Origin
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/yntjno1t8hokj3k/yahoo-main.css

162.125.71.15

200 OK

180 kB

URL GET HTTP/2
dl.dropboxusercontent.com/s/yntjno1t8hokj3k/yahoo-main.css
IP
162.125.71.15:443
ASN
#19679 DROPBOX

Requested by
https://josephcolarusso.yahool0gin.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectdl.dropbox.com
FingerprintF7:BA:5F:D1:73:A5:04:E6:AC:52:C4:92:6F:20:23:8D:FD:B3:3F:D0
ValidityTue, 14 Feb 2023 00:00:00 GMT - Sat, 16 Mar 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
180 kB (180446 bytes)
Hash
aa8ab30ae794fab1db3627d2ae78789e
5c0d1b7b367beeb2edcc3bfb0e069220cddb785e
ba4f4914436e6ba4267f774d6197cf6091a792dab2e416f069e68258037c1955

HTTP Headers

GET /s/yntjno1t8hokj3k/yahoo-main.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://josephcolarusso.yahool0gin.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="yahoo-main.css"; filename*=UTF-8''yahoo-main.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=Y4ac2M5tTofSyElBKMMK8yZEKHKYCxjBFKvYdVltVz8JckjaoMPfBaX8VWqyM0sc; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 368
content-type: text/css; charset=utf-8
date: Mon, 04 Dec 2023 13:50:50 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: ce9a0871a622462eaf787bee1be4cac6
X-Firefox-Spdy: h2

s.yimg.com/wm/mbr/images/checkbox-checked.svg

87.248.119.251

200 OK

659 B

URL GET HTTP/2
s.yimg.com/wm/mbr/images/checkbox-checked.svg
IP
87.248.119.251:443
ASN
#203220 Yahoo! UK Services Limited

Requested by
https://josephcolarusso.yahool0gin.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6
ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (503)
Size
659 B (659 bytes)
Hash
ac8c4fbeda6efad9549cb41b992a8b3a
46f532f081af894297bce53a7d212e2d253a60bf
11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59

HTTP Headers

GET /wm/mbr/images/checkbox-checked.svg HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: OZjHX1bhMkSLSzmx1IrPsmv66Iw/jAlAq7+tq8E4D+WEcbkVjiyxbTJNFZ0U4um8Lep7K9BJ6Sw=
x-amz-request-id: ZM8VMXT2RVVN2MR2
date: Fri, 20 Oct 2023 17:05:46 GMT
last-modified: Fri, 24 Apr 2020 17:13:52 GMT
etag: "ac8c4fbeda6efad9549cb41b992a8b3a-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/svg+xml
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
content-encoding: gzip
content-length: 659
age: 3876307
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png

87.248.119.251

200 OK

1.3 kB

URL GET HTTP/2
s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
IP
87.248.119.251:443
ASN
#203220 Yahoo! UK Services Limited

Requested by
https://josephcolarusso.yahool0gin.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6
ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT

File type
PNG image data, 240 x 72, 8-bit colormap, non-interlaced\012- data
Size
1.3 kB (1346 bytes)
Hash
cd166981c96c6d0f4b5a7d798c25878e
09031c4013138bb8bd54ab9092ac59aa47d7c60c
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338

HTTP Headers

GET /rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://josephcolarusso.yahool0gin.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: n7SxtKRe8iNXoLI2XVC7DIvM4uTbqiyXWJYCt/0aaFZVFRbeAWVTvH7MYPZGkyJzLgJ6G6gND3E=
x-amz-request-id: 1Z4V8WCWRSPSZVCH
date: Mon, 04 Dec 2023 13:50:48 GMT
last-modified: Sun, 03 Dec 2023 21:31:09 GMT
etag: "cd166981c96c6d0f4b5a7d798c25878e"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=86400
expires: Tue, 05 Dec 2023 00:00:00 GMT
accept-ranges: bytes
content-type: image/png
server: ATS
content-length: 1346
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 4
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

s.yimg.com/wm/mbr/images/yahoo-apple-touch-v0.0.2.png

87.248.119.251

200 OK

13 kB

URL GET HTTP/2
s.yimg.com/wm/mbr/images/yahoo-apple-touch-v0.0.2.png
IP
87.248.119.251:443
ASN
#203220 Yahoo! UK Services Limited

Requested by
https://josephcolarusso.yahool0gin.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6
ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGB, interlaced\012- data
Size
13 kB (12635 bytes)
Hash
a9d2dde886cd61f73365a84878c78475
6f1f1f7414116c4b01f04ee0a07b41202c2da539
b168c836ccef9cf1cbf7b2440bc11d26667c4ae19613f1e7cf5e6cdc303c7de4

HTTP Headers

GET /wm/mbr/images/yahoo-apple-touch-v0.0.2.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://josephcolarusso.yahool0gin.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: uKKomteGf9XP3cfbXpjJgMrll7IgoxrM3D8yqq8YKm75zvVMA95ofplpOhb0F1AxH5fD1IUeSwCwyu5E800tjQ==
x-amz-request-id: XSMCZ2A4FJGBNDC3
date: Mon, 04 Dec 2023 10:41:37 GMT
last-modified: Thu, 12 Sep 2019 21:58:38 GMT
etag: "a9d2dde886cd61f73365a84878c78475"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/png
server: ATS
content-length: 12635
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 11355
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

s.yimg.com/wm/mbr/images/yahoo-favicon-img-v0.0.2.ico

87.248.119.251

200 OK

1.4 kB

URL GET HTTP/2
s.yimg.com/wm/mbr/images/yahoo-favicon-img-v0.0.2.ico
IP
87.248.119.251:443
ASN
#203220 Yahoo! UK Services Limited

Requested by
https://josephcolarusso.yahool0gin.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6
ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel\012- data
Size
1.4 kB (1406 bytes)
Hash
b6814ae5582d7953821acbd76e977bb4
75a33fc706c2c6ba233e76c17337e466949f403c
4a491acd00880c407a2b749619003716c87e9c25ac344e5934c13e8f9aa0e8b3

HTTP Headers

GET /wm/mbr/images/yahoo-favicon-img-v0.0.2.ico HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://josephcolarusso.yahool0gin.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: 04CrZklwf7vPtl1+n+DW0qxznF46gPEFA5ktT7AK4qeEyKxkzVdMctnfCxzH9A6YQlrbpkb8cqI=
x-amz-request-id: RN32FXSHZRSYT3NC
date: Wed, 18 Oct 2023 03:47:55 GMT
last-modified: Wed, 11 Sep 2019 18:01:04 GMT
etag: "b6814ae5582d7953821acbd76e977bb4"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/vnd.microsoft.icon
server: ATS
content-length: 1406
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 4096977
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Semibold.woff2

87.248.119.251

200 OK

29 kB

URL GET HTTP/2
s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Semibold.woff2
IP
87.248.119.251:443
ASN
#203220 Yahoo! UK Services Limited

Requested by
https://josephcolarusso.yahool0gin.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6
ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29040, version 1.0\012- data
Size
29 kB (29040 bytes)
Hash
af9fdad7698452697b016850fff96423
710130c79bf56297f8abcc6d6c575172590133b0
b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa

HTTP Headers

GET /cv/ae/sports/fonts/2017/Yahoo_Sans-Semibold.woff2 HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://josephcolarusso.yahool0gin.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: DEB6lglia1Fh+zgRNsoalYn9ulwhYRF3w+Vvlm3B6NMWM8wLPNZtOeyiCpOQuJHV+F2vYLwQPZk=
x-amz-request-id: W1N59ZGRS5CCYQZK
date: Sun, 03 Dec 2023 21:14:57 GMT
last-modified: Thu, 19 Apr 2018 17:33:29 GMT
etag: "af9fdad7698452697b016850fff96423"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000,public
x-amz-meta-created-date: Tue, 03 Oct 2017 06:22:51 GMT
x-amz-meta-mbst-etag: "YM:1:95620d49-21c2-4044-b803-58b70c8e419700055a9e854fb9f1"
x-amz-meta-x-ysws-mbst-vtime: 1507011771480561
expires: Sat, 05 Sep 2026 00:00:00 GMT
x-amz-meta-x-ysws-access: public
accept-ranges: bytes
content-type: font/woff2
server: ATS
content-length: 29040
referrer-policy: no-referrer-when-downgrade
age: 59754
access-control-allow-origin: *
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: Origin
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (10)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate