Feed aggregator

Some Malwarebytes users have recently noticed frequent web protection alerts while reading email in Yahoo Mail’s web interface. These alerts are caused by background connections from the Yahoo Mail page to a set of third‑party domains that our products and other security tools currently classify as risky.

What we are seeing under the hood

When you open Yahoo Mail in a browser, the page loads various embedded components for navigation, features, and metrics. As part of this, the interface makes calls to domains such as cook.howduhtable.com and related subdomains, sometimes in the context of URLs that include /ybar/mail.yahoo.com/ and a long encoded parameter. That encoded string often resolves to a URL like:

https://gpt.mail.yahoo.net/sandbox?client=novation&version=0.1&haq=1&cache=1

This suggests the traffic is being routed through what appears to be a sandboxed web component that Yahoo can use for things like telemetry, testing infrastructure, or mail features. It may also be part of an advertising or tracking flow, but at this time we cannot say with certainty exactly what purpose Yahoo is using it for.

Regardless of intent, multiple security systems have observed these redirect domains and assigned them poor reputations. Characteristics include:

• Frequently changing, opaque subdomains that do not resemble normal consumer‑facing Yahoo addresses
• Use of encoded parameters and chained redirects that make it difficult for users, and sometimes defenders, to see the final destination at a glance
• Existing detections and blocklists from other vendors that classify the infrastructure as suspicious or potentially malicious

Because of these signals, Malwarebytes Web Protection and Browser Guard have been blocking a growing list of related subdomains to protect users, which is why some people see repeated alerts while using Yahoo Mail.

What we are not saying

It is important to be clear about what we do and do not know.

We have not established that Yahoo Mail itself is compromised or that Yahoo is deliberately distributing malware through its mail platform. What we can say is that third‑party or internal components invoked from within the Yahoo Mail web interface are making connections through domains that behave very similarly to infrastructure commonly associated with malicious or deceptive advertising and tracking.

From a security standpoint, this creates unnecessary risk. Any mechanism that injects content or runs sandboxed components via opaque redirect chains could, if misused or subverted in the future, expose users to harmful content without them ever clicking a suspicious link.

Blocking these domains is a precautionary step in line with our normal protection standards.

Why Malwarebytes blocks these redirects

Our decision to block these connections is based on a combination of technical behavior and third‑party reputation data:

• The redirects are triggered by embedded components in the Yahoo Mail interface, not by users intentionally browsing to those domains
• The infrastructure relies on frequently changing, non‑descriptive domains and subdomains, a pattern we often see in malicious or evasive advertising and tracking systems
• Multiple security vendors and automated reputation feeds already flag these domains as risky or malicious, and some have seen them associated with unwanted or harmful activity

Because of this, Malwarebytes products currently block connections to these third‑party domains when they are invoked as part of Yahoo Mail’s web experience. This does not mean that all of Yahoo Mail is considered malicious. It means we are specifically interrupting a narrow set of background calls that present elevated risk.

What this means for users

If you use Yahoo Mail in a browser with Malwarebytes enabled, you may see:

• Web protection or MWAC alerts referencing domains like cook.howduhtable.com or similar names while you are reading or composing email
• Multiple alerts in a short period, because the mail interface may retry or rotate through different subdomains or IP addresses in the same family

In most cases, your email content itself still loads, though certain embedded elements, metrics, or ad‑related content may fail to load or behave differently.

How to stay safe and reduce interruptions

You should not need to lower your protection to continue using Yahoo Mail. Here are some practical steps you can take:

• Keep Malwarebytes protection enabled
  Leaving Web Protection and Browser Guard on ensures blocks remain in place if these redirects change behavior or begin serving harmful content in the future.
• Avoid allowlisting the suspicious domains
  While it’s technically possible to add exclusions for individual domains, doing so would allow their traffic to load unfiltered in your browser. We don’t recommend this unless you fully understand and accept the risk.
• Use private/incognito windows for Yahoo Mail
  Accessing Yahoo Mail in a private/incognito session can help reduce persistence of certain tracking and advertising data because the browser discards cookies and local storage when you close the window.
• Clear cookies and site data periodically
  If you see repeated alerts, clearing Yahoo‑related cookies and cached data may reduce some of the underlying tracking behavior that triggers these redirects.
• Consider fewer‑ads options
  Yahoo offers paid plans that reduce or remove ads, and users can also use reputable content‑blocking extensions alongside Malwarebytes to cut down on ad‑driven behavior in webmail interfaces.

Our ongoing monitoring

The domains and infrastructure involved in these redirects are operated outside Malwarebytes, and their configuration or behavior may change over time. We are actively monitoring telemetry, sandbox reports, and reputation data for these domains and related infrastructure, and we will adjust our detections if new information emerges.

Our priority is to keep users safe while being transparent about why protection events occur, especially in widely used services such as webmail. If we learn more about the exact role of this component within Yahoo Mail, or if Yahoo provides additional clarity, we will update this article accordingly.

Stop threats before they can do any harm.

Malwarebytes Browser Guard blocks phishing pages and malicious sites automatically. Free, one click to install. Add it to your browser →

Article URL: https://debankd.org/

Comments URL: https://news.ycombinator.com/item?id=48133525

Points: 1

# Comments: 0

Article URL: https://nemanjatrifunovic.substack.com/p/kay-nishi-and-the-meeting-that-started

Comments URL: https://news.ycombinator.com/item?id=48133513

Points: 1

# Comments: 0

Article URL: https://openlume.com/explain/yaml

Comments URL: https://news.ycombinator.com/item?id=48133509

Points: 1

# Comments: 0

Article URL: https://github.com/nikola66/web-agent

Comments URL: https://news.ycombinator.com/item?id=48133505

Points: 1

# Comments: 0

Multi-agent orchestration & workflow engine. Declarative YAML workflows, LLM coordinator with hub-and-spoke mailboxes, race-safe delivery. One YAML file, one Go binary. Runs on any goai-supported provider.

Comments URL: https://news.ycombinator.com/item?id=48133494

Points: 1

# Comments: 0

Article URL: https://cs61.seas.harvard.edu/wiki/2017/Shell3/

Comments URL: https://news.ycombinator.com/item?id=48133493

Points: 1

# Comments: 0

The best MP3 players (aka digital audio players or DAPs) sound great and let you listen to music offline without paying for a subscription.

Article URL: https://www.youtube.com/watch?v=aooiDA-AsNo

Comments URL: https://news.ycombinator.com/item?id=48133430

Points: 2

# Comments: 0

Article URL: https://www.washingtonpost.com/world/2026/05/14/officially-marco-rubio-is-still-banned-china-so-how-is-he-beijing/

Comments URL: https://news.ycombinator.com/item?id=48133425

Points: 2

# Comments: 0

Article URL: https://thechipletter.substack.com/p/wafer-scale-trilogy-systems-part

Comments URL: https://news.ycombinator.com/item?id=48133418

Points: 1

# Comments: 0

Article URL: https://journals.sagepub.com/doi/10.1177/00302228251323299

Comments URL: https://news.ycombinator.com/item?id=48133389

Points: 1

# Comments: 0

Article URL: https://foundersarehiring.com/hiring-resources/hiring-trends-mid-2026

Comments URL: https://news.ycombinator.com/item?id=48133376

Points: 1

# Comments: 0

Article URL: https://www.tumblr.com/tracksaasly/816569321203613696/ai-font-detector-smart-ways-to-identify-fonts?source=share

Comments URL: https://news.ycombinator.com/item?id=48133374

Points: 1

# Comments: 0

Received via email:

Starting June 15, Pro plan subscribers can claim a $20 monthly credit for using the Claude Agent SDK and claude -p, including third-party tools built on the Agent SDK. As part of this change, Agent SDK and other programmatic usage will run on this credit, and will not impact your subscription limits. This includes third-party applications built on the Agent SDK. If you use your full Agent SDK credit in a given month, continued use will draw from extra usage, which can be manually enabled and disabled. Your subscription usage limits don’t change. They stay reserved for interactive usage of Claude Code, Claude Cowork, and chat. See the Help Center for more details.

Comments URL: https://news.ycombinator.com/item?id=48133373

Points: 1

# Comments: 0

Article URL: https://www.bytecode.hr/posts/why-ruby-is-the-better-language-for-llm-powered-development

Comments URL: https://news.ycombinator.com/item?id=48133360

Points: 1

# Comments: 0

Article URL: https://addons.mozilla.org/en-US/firefox/addon/geocities-time-machine/

Comments URL: https://news.ycombinator.com/item?id=48133355

Points: 2

# Comments: 1

Article URL: https://gitlab.com/gitlab-com/gl-infra/production/-/work_items/22104

Comments URL: https://news.ycombinator.com/item?id=48133344

Points: 1

# Comments: 0

Article URL: https://www.nytimes.com/2025/03/13/science/james-reason-dead.html

Comments URL: https://news.ycombinator.com/item?id=48133339

Points: 1

# Comments: 2

Article URL: https://github.com/oven-sh/bun/pull/30680

Comments URL: https://news.ycombinator.com/item?id=48133323

Points: 1

# Comments: 0