Domain > yhoo.com

More information on this domain is in AlienVault OTX

Files that talk to yhoo.com

MD5	A/V
3fb83eaf2a665f71ac2065f5f6956d50	[HW32.CDB.5da2] [Packed.Win32.Katusha.1!O] [Trojan.Win32.Hlux.cynagk] [Trojan.FakeAV] [Kryptik.CDQY] [Win32/Kelihos.GeEUUIB] [Backdoor.Win32.Hlux.dqkq] [Backdoor.Hlux!m6CCC6SKjdo] [Win32.Backdoor.Hlux.Lose] [Backdoor.Win32.Hlux.DUHE] [Trojan.Packed.26581] [Trojan[Backdoor]/Win32.Hlux] [Win32.Hack.Hlux.dq.(kcloud)] [Backdoor:Win32/Kelihos.F] [Trojan/Win32.Tepfer] [Heur.Trojan.Hlux] [Trojan.Crypt_s] [W32/Hlux.BWUN!tr.bdr] [Crypt_s.GNC] [Backdoor.Win32.Hlux.aDM]
0f5f90b03b49b276d148f7e6be7c30f1	[HW32.CDB.27e0] [Packed.Win32.Katusha.1!O] [Trojan.Win32.Hlux.cxxldj] [Trojan.FakeAV] [Kryptik.CCFN] [Win32/Kelihos.OWUMMQC] [Backdoor.Win32.Hlux.dqeh] [Backdoor.Hlux!9TTR+wn2IWc] [Backdoor.Win32.Hlux.DUHE] [BackDoor.Slym.12819] [Trojan[Backdoor]/Win32.Hlux] [Backdoor:Win32/Kelihos.F] [Trojan/Win32.Tepfer] [Heur.Trojan.Hlux] [Win32/Kryptik.CAXO] [Win32.Backdoor.Hlux.Hpn] [Trojan.Crypt_s] [W32/Hlux.BWUN!tr.bdr] [Crypt_s.GNC] [Backdoor.Win32.Hlux.ArxZ]
888cf6888e476ab89daef8385b7ae881	[HW32.CDB.B8e4] [Backdoor.Hlux.r3] [Trojan.Win32.Hlux.cxcinh] [Kryptik.CCFN] [Backdoor.Win32.Hlux.djfk] [Backdoor.Hlux!Jm3TflIszzA] [Mal/Kelihos-A] [TrojWare.Win32.Kryptik.BZOO] [Trojan.DownLoad3.28912] [Trojan[Backdoor]/Win32.Hlux] [Backdoor:Win32/Kelihos] [Trojan/Win32.Tepfer] [Heur.Trojan.Hlux] [Trojan.Crypt_s] [W32/Hlux.BWUN!tr.bdr] [Crypt_s.GHF] [Trojan.Win32.Kryptik.BZIX]
2748ea7375275e992ebde4575fe7c1a6	[HW32.CDB.90bf] [Backdoor.Hlux.r3] [Backdoor.Hlux!wF4QLfqeA5I] [Kryptik.CCFN] [Backdoor.Win32.Hlux.crc] [Trojan.Win32.Hlux.cwzkvh] [TrojWare.Win32.Kryptik.BZOO] [BackDoor.Slym.14056] [Heuristic.LooksLike.Win32.Suspicious.E] [Mal/Kelihos-A] [Trojan[Backdoor]/Win32.Hlux] [Backdoor:Win32/Kelihos] [Trojan/Win32.Tepfer] [Heur.Trojan.Hlux] [Trojan.Crypt_s] [W32/Hlux.BWUN!tr.bdr] [Crypt_s.GID] [Trojan.Win32.Kryptik.BZOO]
981a83b3f0d4a74b0b38becda7c8cb9c	[Artemis!981A83B3F0D4] [Trojan.Win32.Crypt.cxd] [W32/Yakes.FHJN!tr] [Win32/Cryptor]
4cca20614b980e5237e738d8f322f151	[HW32.Laneul.jcwu] [Trojan.Ransom.ED]
038a21f4f89d526f853bba2a18b81708	[Worm.Win32.Ngrbot.afvw] [Win32.HLLW.Autoruner2.1926] [TR/Crypt.Xpack.77749]

Whois

Property	Value
Email	domainadmin@yahoo-inc.com
NameServer	NS2.YAHOO.COM
Created	1997-09-30 00:00:00
Changed	2014-08-28 00:00:00
Expires	2015-09-29 00:00:00
Registrar	MARKMONITOR INC.

DNS Resolutions

Date	IP Address
2014-05-24	98.139.102.145 (ClassC)
2014-05-30	68.180.206.184 (ClassC)
2014-06-21	188.125.73.108 (ClassC)
2014-07-08	188.125.73.108 (ClassC)
2015-05-20	74.6.50.150 (ClassC)
2023-12-23	44.228.206.170 (ClassC)
2024-02-14	34.213.101.254 (ClassC)
2025-06-23	13.248.158.7 (ClassC)
2025-08-08	76.223.84.192 (ClassC)

HTTP/1.1 301 Moved PermanentlyDate: Sat, 23 Dec 2023 13:54:22 GMTConnection: keep-aliveServer: ATSCache-Control: no-storeContent-Type: text/htmlContent-Language: enX-Frame-Options: DENYX-Content-Type-

!DOCTYPE html>html langen-us>  head>    meta http-equivcontent-type contenttext/html; charsetUTF-8>    meta charsetutf-8>    title>Yahoo/title>    meta nameviewport contentwidthdevice-width,initial-scale1,minimal-ui>    meta http-equivX-UA-Compatible contentIEedge,chrome1>    style>      html {          height: 100%;      }      body {          background: #fafafc url(https://s.yimg.com/nn/img/sad-panda-201402200631.png) 50% 50%;          background-size: cover;          height: 100%;          text-align: center;          font: 300 18px helvetica neue, helvetica, verdana, tahoma, arial, sans-serif;          margin: 0;      }      table {          height: 100%;          width: 100%;          table-layout: fixed;          border-collapse: collapse;          border-spacing: 0;          border: none;      }      h1 {          font-size: 42px;          font-weight: 400;          color: #400090;      }      p {          color: #1A1A1A;      }      #message-1 {          font-weight: bold;          margin: 0;      }      #message-2 {          display: inline-block;          *display: inline;          zoom: 1;          max-width: 17em;          _width: 17em;      }      /style>      script>            /script>  /head>  body>  !-- status code : 301 -->  !-- Could not process this request -->  !-- host machine: ip-10-201-2-62.ec2.internal -->  !-- timestamp: 1703339662.285 -->  !-- url: http://yhoo.com/-->  script typetext/javascript>    function buildUrl(url, parameters){      var qs  ;      for(var key in parameters) {        var value  parameterskey;        qs.push(encodeURIComponent(key) +  + encodeURIComponent(value));      }      url  url + ? + qs.join(&);      return url;    }    function generateBRBMarkup(site) {      params.source  brb;      generateBeaconMarkup(params);      var englishHeader  Will be right back...;      var englishMessage1  Thank you for your patience.;      var englishMessage2  Our engineers are working quickly to resolve the issue.;      var defaultLogoStyle  ;      var siteDataMap  {        de

Subdomains

Date	Domain	IP
91.yhoo.com	2025-02-07	76.223.84.192
agentportal.flurry.vip.bf2.yhoo.com	2025-03-10	13.248.158.7
14.yhoo.com	2024-02-16	34.213.101.254
84.yhoo.com	2024-02-16	34.213.101.254
305.yhoo.com	2024-02-16	44.228.206.170
85.yhoo.com	2023-07-12	98.136.103.23
1988.yhoo.com	2025-04-07	76.223.84.192
98.yhoo.com	2025-02-07	13.248.158.7
shine.yhoo.com	2014-08-12	74.6.50.150
mail.yhoo.com	2014-06-21	74.6.50.150
powell.yhoo.com	2014-08-02	74.6.50.150
aol.com.yhoo.com	2024-01-12	34.213.101.254
in.yhoo.com	2014-11-02	74.6.50.150
autodiscover.yhoo.com	2024-08-19	76.223.84.192
www.yhoo.com	2014-10-16	188.125.73.108
333www.yhoo.com	2025-04-09	76.223.84.192

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

Domain > yhoo.com

Is this malicious?

Files that talk to yhoo.com

Whois

DNS Resolutions

Port 80

Subdomains