URL: http://87.248.118.23/
Submission: On September 23 via manual from US

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 5 HTTP transactions.
The main IP is 87.248.118.23, located in United Kingdom and belongs to YAHOO-DEB, DE. The main domain is 87.248.118.23.
This is the first time this domain was scanned on urlscan.io!

Verdict: Malicious (Score: 100/100) Show Details

  • urlscan - Score: 0
  • googlesafebrowsing - Score: 100 (1 resources matched) -
    social_engineering

Domain & IP information

IP Address AS Autonomous System
1 87.248.118.23 203220 (YAHOO-DEB)
1 2a00:1288:110... 34010 (YAHOO-IRD)
2 2a00:1288:f03... 10310 (YAHOO-1)
5 4
Domain
Subdomains
Transfer
2 yimg.com
60 KB
1 yahoo.com
bcn.fp.yahoo.com Failed
715 B
1 118.23
6 KB
5 3
Domain Requested by
2 s.yimg.com 87.248.118.23
1 geo.yahoo.com 87.248.118.23
1 87.248.118.23
0 bcn.fp.yahoo.com Failed 87.248.118.23
5 4

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
*.yahoo.com
DigiCert SHA2 High Assurance Server CA
2019-09-17 -
2019-11-01
a month

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /ATS\/?([\d.]+)?/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
6 KB
6 KB
Document
General
Full URL
http://87.248.118.23/
Protocol
HTTP/1.1
Server
87.248.118.23 , United Kingdom, ASN203220 (YAHOO-DEB, DE),
Reverse DNS
e2.ycpi.vip.deb.yahoo.com
Software
ATS /
Resource Hash
cd64bcff63ea7b5f8047b57dc8a11ac03d8814f8a8c87e3e8cc19cb5dd7d00af

Request headers

Host
87.248.118.23
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 23 Sep 2019 23:01:17 GMT
Connection
keep-alive
Server
ATS
Cache-Control
no-store
Content-Type
text/html
Content-Language
en
Content-Length
5974
Verified Adblocked b?s=1197757129&t=1569279677698&err_url=http%3A%2F%2F87.248.118.23%2F&err=404&test=-&ats_host=e6.ycpi.deb.yahoo.com&rid=-&message=Not%20Found%20on%20Accelerator&source=brb
geo.yahoo.com
43 B
715 B
Image
General
Full URL
http://geo.yahoo.com/b?s=1197757129&t=1569279677698&err_url=http%3A%2F%2F87.248.118.23%2F&err=404&test=-&ats_host=e6.ycpi.deb.yahoo.com&rid=-&message=Not%20Found%20on%20Accelerator&source=brb
Requested by
Host: 87.248.118.23
URL: http://87.248.118.23/
Protocol
HTTP/1.1
Server
2a00:1288:110:c204::b000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Verified resource
fancybox/2.1.5/blank.gif at cdnjs.com, project fancybox
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
http://87.248.118.23/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 23 Sep 2019 23:01:17 GMT
X-Content-Type-Options
nosniff
Server
ATS
Age
0
X-Frame-Options
DENY
P3P
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control
no-cache, no-store, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
p?s=1197757129&t=1569279677698&err_url=http%3A%2F%2F87.248.118.23%2F&err=404&test=-&ats_host=e6.ycpi.deb.yahoo.com&rid=-&message=Not%20Found%20on%20Accelerator&source=brb
bcn.fp.yahoo.com
0
0

yahoo_frontpage_en-US_s_f_p_205x58_frontpage.png
s.yimg.com/rz/p
1 KB
1 KB
Image
General
Full URL
https://s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_205x58_frontpage.png
Requested by
Host: 87.248.118.23
URL: http://87.248.118.23/
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),
Reverse DNS
Software
ATS /
Resource Hash
8de1aec4728fb9e7dc92eba19506b89bde081f5555a8e3a963354a8f9c4afe2d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://87.248.118.23/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 23 Sep 2019 23:01:18 GMT
x-content-type-options
nosniff
age
0
x-amz-server-side-encryption
AES256
status
200
vary
Origin
content-length
1154
x-amz-id-2
8/mDefY+w4gDdD3NtkOvXSbuNAeJ3wzTN0hxefUwQSuhe7YNBvNKjlDHW0PZYqri9ADTpKoXtvQ=
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 23 Sep 2019 22:19:21 GMT
server
ATS
etag
"73bbf8bd47227f183455c2d4b5e3a8a8"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
01D36592CFEDECE3
x-xss-protection
1; mode=block
cache-control
public
accept-ranges
bytes
content-type
image/png
expires
Tue, 24 Sep 2019 23:00:00 GMT
sad-panda-201402200631.png
s.yimg.com/nn/img
58 KB
59 KB
Image
General
Full URL
https://s.yimg.com/nn/img/sad-panda-201402200631.png
Requested by
Host: 87.248.118.23
URL: http://87.248.118.23/
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1 - Oath Holdings Inc., US),
Reverse DNS
Software
ATS /
Resource Hash
20a453c98a759aa542ba2a07e1dcf31c82d545ef29377b3bcaad379ebbad66ac
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://87.248.118.23/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

ats-carp-promotion
1
date
Sat, 10 Aug 2019 07:45:20 GMT
x-amz-meta-created-date
Thu, 20 Feb 2014 06:31:45 GMT
age
0
x-amz-server-side-encryption
AES256
status
200
vary
Origin
x-amz-request-id
D5ACF6D422D609C2
x-amz-id-2
/DRQGYLw2gbjtTwoHNGgA60MKDUt3tMbm+vaGDk+wvH4OrImbEcNdoam70FFZahirs099kFW4CA=
x-amz-meta-x-ysws-mbst-vtime
1392877905940185
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 06 Jul 2018 03:00:46 GMT
server
ATS
etag
"2751275289ee8a74f64e6bfec626034d"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
content-type
image/png
x-xss-protection
1; mode=block
cache-control
max-age=31536000,public
accept-ranges
bytes
content-length
59856
x-amz-meta-x-ysws-access
public
x-amz-meta-mbst-etag
"YM:1:21e2bf66-5b4e-48cf-b226-54be0c87b2230004f2d0a8cc8ed9"
x-content-type-options
nosniff

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bcn.fp.yahoo.com
URL
http://bcn.fp.yahoo.com/p?s=1197757129&t=1569279677698&err_url=http%3A%2F%2F87.248.118.23%2F&err=404&test=-&ats_host=e6.ycpi.deb.yahoo.com&rid=-&message=Not%20Found%20on%20Accelerator&source=brb

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| buildUrl function| addEvent function| generateBRBMarkup function| generateIframeMarkup function| generateBeaconMarkup string| hostname string| device boolean| ynet string| brbHost string| brbProto string| brbIframePath object| brbParams string| iframeUrl boolean| iframeDisabled number| time object| params

0 Cookies