Malwarebytes Blocks Yahoo Mail Redirects to Risky Domains

Malwarebytes has begun blocking background connections from the Yahoo Mail web interface to a set of third‑party domains, including cook.howduhtable.com, after users reported frequent protection alerts while using Yahoo Mail in a browser.

When a user opens Yahoo Mail in a web browser, the page loads embedded components for navigation, features and metrics. Malwarebytes inspected those components and found they trigger calls to domains and subdomains that use encoded parameters and chained redirects. One example of an internal routing URL observed in those chains is https://gpt.mail.yahoo.net/sandbox?client=novation&version=0.1&haq=1&cache=1.

Malwarebytes described the routing as consistent with a sandboxed web component that could be used for telemetry, testing, mail features, advertising or tracking, but the company has not confirmed the exact purpose. Security tools have assigned poor reputations to the redirect domains based on several technical characteristics.

The domains exhibit frequently changing, non‑descriptive subdomains, encoded query strings that obscure final destinations, and existing detections or blocklist entries from multiple vendors. On the basis of these signals, Malwarebytes Web Protection and Browser Guard are blocking a list of related subdomains when they are invoked from the Yahoo Mail interface.

For users, the result can be repeated Web Protection or MWAC alerts that reference domain names like cook.howduhtable.com while reading or composing email. In most cases the main email content still loads, but some embedded elements, metrics or ad‑related content may fail to appear or behave differently when those third‑party calls are blocked.

Malwarebytes recommends keeping Web Protection and Browser Guard enabled and avoiding allowlisting the flagged domains. The company suggests using private or incognito browser sessions for Yahoo Mail to reduce persistent tracking data, clearing Yahoo‑related cookies and cached site data periodically, and considering ad‑reduced paid plans or reputable content‑blocking extensions to limit ad‑driven behavior in webmail.

The company said the redirect infrastructure is operated externally and may change over time. Malwarebytes is monitoring telemetry, sandbox reports and reputation feeds for the involved domains and will adjust detections if new information emerges or if Yahoo provides additional clarity.