yahoo-jp.vipjl.cn Open in urlscan Pro
88.218.193.18 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://yahoo-jp.vipjl.cn/
Submission Tags: phishing
Submission: On November 28 via api (November 28th 2022, 4:16:14 pm UTC) from US — Scanned from JP

Summary HTTP 24 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 24 HTTP transactions. The main IP is 88.218.193.18, located in Germany and belongs to XNNET, US. The main domain is yahoo-jp.vipjl.cn.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on November 27th 2022. Valid for: 3 months.

This is the only time yahoo-jp.vipjl.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Yahoo Japan (Online)

Domain & IP information

	IP Address	AS Autonomous System
18	88.218.193.18 88.218.193.18	6134 (XNNET) (XNNET)
4	182.22.16.123 182.22.16.123	23816 (YAHOO Yah...) (YAHOO Yahoo Japan Corporation)
1	182.22.24.252 182.22.24.252	23816 (YAHOO Yah...) (YAHOO Yahoo Japan Corporation)
1	182.22.16.251 182.22.16.251	23816 (YAHOO Yah...) (YAHOO Yahoo Japan Corporation)
24	4

18 88.218.193.18 (Germany)

ASN6134 (XNNET, US)
PTR: 88.218.193.18.static.xtom.com

yahoo-jp.vipjl.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 182.22.16.123 (Japan)

ASN23816 (YAHOO Yahoo Japan Corporation, JP)
PTR: edge1700.img.vip.otm.yimg.jp

s.yimg.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pvtag.yahoo.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.22.24.252 (Japan)

ASN23816 (YAHOO Yahoo Japan Corporation, JP)

logql.yahoo.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.22.16.251 (Japan)

ASN23816 (YAHOO Yahoo Japan Corporation, JP)
PTR: edge1800.img.vip.otm.yimg.jp

mempf.yahoo.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	vipjl.cn yahoo-jp.vipjl.cn	569 KB
3	yahoo.co.jp logql.yahoo.co.jp — Cisco Umbrella Rank: 103057 mempf.yahoo.co.jp — Cisco Umbrella Rank: 81687 pvtag.yahoo.co.jp — Cisco Umbrella Rank: 382466	957 B
3	yimg.jp s.yimg.jp — Cisco Umbrella Rank: 8701	5 KB
24	3

	Domain	Requested by
18	yahoo-jp.vipjl.cn	yahoo-jp.vipjl.cn
3	s.yimg.jp	yahoo-jp.vipjl.cn
1	pvtag.yahoo.co.jp	yahoo-jp.vipjl.cn
1	mempf.yahoo.co.jp	yahoo-jp.vipjl.cn
1	logql.yahoo.co.jp	yahoo-jp.vipjl.cn
24	5

This site contains links to these domains. Also see Links.

Domain
www.yahoo.co.jp
login.yahoo.co.jp
account.edit.yahoo.co.jp
id.yahoo.co.jp

Subject Issuer	Validity	Valid
yahoo-jp.vipjl.cn ZeroSSL RSA Domain Secure Site CA	`2022-11-27` - `2023-02-25`	3 months	crt.sh
edge01.yahoo.co.jp Cybertrust Japan SureServer CA G4	`2022-11-04` - `2023-12-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://yahoo-jp.vipjl.cn/
Frame ID: 6C6B292B381D54FD01D5D2F299B579D6
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ログイン - Yahoo! JAPAN

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

4
IPs

2
Countries

575 kB
Transfer

572 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.yahoo.co.jp/
Title: Yahoo! JAPAN

Search URL Search Domain Scan URL

URL: https://login.yahoo.co.jp/config/login?.src=www&.done=https%3A%2F%2Faccounts.yahoo.co.jp%2Fprofile%3F.done%3Dhttps%253A%252F%252Fwww.yahoo.co.jp%252F%253F.src%253Dwww%2526t_cushion%253D1
Title: 戻る

Search URL Search Domain Scan URL

URL: https://login.yahoo.co.jp/config/login?.keep=1&.reg=https%3A%2F%2Faccount.edit.yahoo.co.jp%2Fregistration%3Fsrc%3Dwww%26done%3Dhttps%253A%252F%252Faccounts.yahoo.co.jp%252Fprofile%253F.done%253Dhttps%25253A%25252F%25252Fwww.yahoo.co.jp%25252F%25253F.src%25253Dwww%252526t_cushion%25253D1&referrer=change_id&.src=www&.done=https%3A%2F%2Faccounts.yahoo.co.jp%2Fprofile%3F.done%3Dhttps%253A%252F%252Fwww.yahoo.co.jp%252F%253F.src%253Dwww%2526t_cushion%253D1
Title: 別のYahoo! JAPAN IDでログイン

Search URL Search Domain Scan URL

URL: https://account.edit.yahoo.co.jp/forgot_acct?src=www&done=https%3A%2F%2Faccounts.yahoo.co.jp%2Fprofile%3F.done%3Dhttps%253A%252F%252Fwww.yahoo.co.jp%252F%253F.src%253Dwww%2526t_cushion%253D1
Title: ログインできない場合

Search URL Search Domain Scan URL

URL: https://account.edit.yahoo.co.jp/registration?src=www&done=https%3A%2F%2Faccounts.yahoo.co.jp%2Fprofile%3F.done%3Dhttps%253A%252F%252Fwww.yahoo.co.jp%252F%253F.src%253Dwww%2526t_cushion%253D1&fl=200
Title: IDを新しく取得する

Search URL Search Domain Scan URL

URL: https://id.yahoo.co.jp/security/login_theme.html?.done=https://accounts.yahoo.co.jp/profile?.done=https%3A%2F%2Fwww.yahoo.co.jp%2F%3F.src%3Dwww%26t_cushion%3D1
Title: テーマとは

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
yahoo-jp.vipjl.cn/ 40 KB
40 KB 806ms
59ms Document
text/html 88.218.193.18
XNNET

General

Source	Level	URL Text
network	error	URL: https://yahoo-jp.vipjl.cn/static/file_sp/offer Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://yahoo-jp.vipjl.cn/static/file_sp/t Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://yahoo-jp.vipjl.cn/static/file_sp/b Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: https://yahoo-jp.vipjl.cn/(Line 382) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://pvtag.yahoo.co.jp/t?f=2079370884&p=jp&domain=login.yahoo.co.jp&js=1&rnd=1669652170536, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://yahoo-jp.vipjl.cn/(Line 382) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://pvtag.yahoo.co.jp/t?f=2079370884&p=jp&domain=login.yahoo.co.jp&js=1&rnd=1669652170536, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://yahoo-jp.vipjl.cn/login/js_err?err=TypeError___Cannot_read_properties_of_undefined_(reading_%27value%27)&stack=TypeError:_Cannot_read_properties_of_undefined_(reading_%27value%27)_____at_https://yahoo-jp.vipjl.cn/static/file_sp/login-min.js:29:25919_____at_Object.%3Canonymous%3E_(https://yahoo-jp.vipjl.cn/static/file_sp/login-min.js:29:28154)_____at_n_(https://yahoo-jp.vipjl.cn/static/file_sp/login-min.js:1:116)_____at_https://yahoo-jp.vipjl.cn/static/file_sp/login-min.js:1:386_____at_Object.%3Canonymous%3E_(https://yahoo-jp.vipjl.cn/static/file_sp/login-min.js:1:756)_____at_n_(https://yahoo-jp.vipjl.cn/static/file_sp/login-min.js:1:116)_____at_https://yahoo-jp.vipjl.cn/static/file_sp/login-min.js:1:187_____at_https://yahoo-jp.vipjl.cn/static/file_sp/login-min.js:1:192&v=3.5.29&t=1669652170533 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://yahoo-jp.vipjl.cn/login/js_err?err=TypeError___Cannot_read_properties_of_undefined_(reading_%27init%27)&stack=TypeError:_Cannot_read_properties_of_undefined_(reading_%27init%27)_____at_https://yahoo-jp.vipjl.cn/:280:21&v=3.5.29&t=1669652170535 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

yahoo-jp.vipjl.cn Open in urlscan Pro 88.218.193.18 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

24 Requests

100 %HTTPS

0 %IPv6

3 Domains

5 Subdomains

4 IPs

2 Countries

575 kBTransfer

572 kBSize

1 Cookies

6 Outgoing links

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

44 JavaScript Global Variables

1 Cookies

7 Console Messages

Indicators

yahoo-jp.vipjl.cn Open in urlscan Pro
88.218.193.18 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

4
IPs

2
Countries

575 kB
Transfer

572 kB
Size

1
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!