Contact us
Contact us

News

About

Home Crypto News Malwarebytes Blocks Yahoo Mail Redirects to Suspicious Domains

Malwarebytes Blocks Yahoo Mail Redirects to Suspicious Domains

Author Whitewallet Research
Posted: 17 May 2026, 15:23 CET 2 min read

Malwarebytes is blocking background connections from Yahoo Mail to third-party ad and tracking domains, triggering repeated web-protection alerts in the browser interface.

Malwarebytes is blocking background connections from Yahoo Mail’s web interface to a group of third-party ad and tracking domains, including cook.howduhtable.com, and users have reported repeated Web Protection or Browser Guard alerts while using Yahoo Mail in a browser.

When a user opens Yahoo Mail in a browser, the page loads embedded components for navigation, features and metrics. Some of those components make calls to opaque, frequently changing subdomains and to URLs that include long encoded parameters and chained redirects. One example of a resolved endpoint appears as https://gpt.mail.yahoo.net/sandbox?client=novation&version=0.1&haq=1&cache=1.

Malwarebytes added the redirect domains to detections in its Web Protection and Browser Guard products after automated reputation feeds and other security tools flagged the infrastructure as suspicious. The company cited technical signals such as non‑descriptive subdomains, encoded URL parameters and redirect behavior that obscures final destinations.

The blocks interrupt a narrow set of background calls invoked from within the Yahoo Mail page. In most cases email content still loads, but some embedded elements, metrics or advertising content may fail to appear or behave differently when the domains are blocked. The mail interface can retry calls or rotate through different subdomains and IP addresses, which can generate multiple alerts in a short period.

Malwarebytes recommends keeping Web Protection and Browser Guard enabled and not allowlisting the flagged domains. The company advises using private or incognito browser windows for Yahoo Mail, clearing Yahoo-related cookies and site data if alerts recur, and using paid Yahoo plans or reputable content-blocking extensions to reduce ad-driven behavior in webmail.

Malwarebytes wrote: “We have not established that Yahoo Mail itself is compromised or that Yahoo is deliberately distributing malware through its mail platform.” Malwarebytes is monitoring telemetry, sandbox reports and reputation data and will update detections if new information or clarification from Yahoo emerges.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE