vf.yim7.ru.com Open in urlscan Pro
158.220.105.195 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://vf.yim7.ru.com/
Submission: On July 09 via manual (July 9th 2024, 8:00:54 pm UTC) from US — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 8 HTTP transactions. The main IP is 158.220.105.195, located in Düsseldorf, Germany and belongs to CONTABO, DE. The main domain is vf.yim7.ru.com.
TLS certificate: Issued by R10 on July 6th 2024. Valid for: 3 months.

This is the only time vf.yim7.ru.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
5	158.220.105.195 158.220.105.195	51167 (CONTABO) (CONTABO)
1	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
1	162.19.88.68 162.19.88.68	16276 (OVH) (OVH)
1	172.67.74.152 172.67.74.152	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	4

5 158.220.105.195 (Düsseldorf, Germany)

ASN51167 (CONTABO, DE)
PTR: vmi1899681.contaboserver.net

vf.yim7.ru.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.88.68 (France)

ASN16276 (OVH, FR)
PTR: ns3221377.ip-162-19-88.eu

i.postimg.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.74.152 (United States)

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	ru.com vf.yim7.ru.com	271 KB
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2521	155 B
1	postimg.cc i.postimg.cc — Cisco Umbrella Rank: 18784	1 KB
1	msftauth.net aadcdn.msftauth.net — Cisco Umbrella Rank: 2214	1 KB
8	4

	Domain	Requested by
5	vf.yim7.ru.com	vf.yim7.ru.com
1	api.ipify.org	vf.yim7.ru.com
1	i.postimg.cc	vf.yim7.ru.com
1	aadcdn.msftauth.net	vf.yim7.ru.com
8	4

This site contains no links.

Subject Issuer	Validity	Valid
vf.yim7.ru.com R10	`2024-07-06` - `2024-10-04`	3 months	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2024-05-25` - `2025-05-25`	a year	crt.sh
postimg.cc R11	`2024-06-21` - `2024-09-19`	3 months	crt.sh
ipify.org GTS CA 1P5	`2024-05-19` - `2024-08-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://vf.yim7.ru.com/
Frame ID: B560D8995E2EFD6951D40F3EC0151402
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

access

Page Statistics

8
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

273 kB
Transfer

272 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response vf.yim7.ru.com/	646 B 888 B	166ms 14ms	Document text/html	158.220.105.195 CONTABO
General Check archive.org Show headers Download Go to Full URL https://vf.yim7.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 158.220.105.195 Düsseldorf, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi1899681.contaboserver.net Software Apache / Resource Hash `08dc74d2797c739e4b1b8a3477572d1265637448bb503a4c015aaaf9d0002b57` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 646 Content-Type text/html Date Tue, 09 Jul 2024 20:00:48 GMT Keep-Alive timeout=5, max=100 Last-Modified Tue, 09 Jul 2024 20:00:12 GMT Server Apache
GET H/1.1	200 OK	main.b700ba90.js Show response vf.yim7.ru.com/static/js/	239 KB 239 KB	15ms 14ms	Script application/javascript	158.220.105.195 CONTABO
General Check archive.org Show headers Download Go to Full URL https://vf.yim7.ru.com/static/js/main.b700ba90.js Requested by Host: vf.yim7.ru.com URL: https://vf.yim7.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 158.220.105.195 Düsseldorf, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi1899681.contaboserver.net Software Apache / Resource Hash `71e4d5411f25f4c3c9df70efc455dfa431a20a2d904ee20e35f3b9913f7c7943` Request headers Referer https://vf.yim7.ru.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 20:00:48 GMT Last-Modified Tue, 09 Jul 2024 20:00:12 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 244717
GET H/1.1	200 OK	main.ab849390.css vf.yim7.ru.com/static/css/	9 KB 10 KB	36ms 13ms	Stylesheet text/css	158.220.105.195 CONTABO
General Check archive.org Show headers Download Go to Full URL https://vf.yim7.ru.com/static/css/main.ab849390.css Requested by Host: vf.yim7.ru.com URL: https://vf.yim7.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 158.220.105.195 Düsseldorf, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi1899681.contaboserver.net Software Apache / Resource Hash `fc87e3f1930a326e499b8e09e2d49e3e9e6c1ab771cb7c083555dabf8b829c13` Request headers Referer https://vf.yim7.ru.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 20:00:48 GMT Last-Modified Tue, 09 Jul 2024 20:00:12 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 9605
GET H2	200	2_bc3d32a696895f78c19df6c717586a5d.svg aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/	2 KB 1 KB	128ms 14ms	Image image/svg+xml	2606:2800:233:1cb7:261b:1f9c:2074:3c EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg Requested by Host: vf.yim7.ru.com URL: https://vf.yim7.ru.com/static/css/main.ab849390.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ama/48D1) / Resource Hash `0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68` Request headers Referer https://vf.yim7.ru.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Tue, 09 Jul 2024 20:00:49 GMT content-encoding gzip content-md5 DhdidjYrlCeaRJJRG/y9mA== age 9300504 x-cache HIT content-length 673 x-ms-lease-status unlocked last-modified Wed, 12 Feb 2020 22:01:50 GMT server ECAcc (ama/48D1) etag 0x8D7B007297AE131 vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * x-ms-request-id b6438b4c-101e-00c6-47a4-7d246e000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H/1.1	200 OK	logo.564db913a7fa0ca42727161c6d031bef.svg vf.yim7.ru.com/static/media/	4 KB 4 KB	13ms 13ms	Image image/svg+xml	158.220.105.195 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://vf.yim7.ru.com/static/media/logo.564db913a7fa0ca42727161c6d031bef.svg Requested by Host: vf.yim7.ru.com URL: https://vf.yim7.ru.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 158.220.105.195 Düsseldorf, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi1899681.contaboserver.net Software Apache / Resource Hash `04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a` Request headers Referer https://vf.yim7.ru.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 20:00:48 GMT Last-Modified Tue, 09 Jul 2024 20:00:12 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 3651
GET H2	200	swipe.png i.postimg.cc/x1qR9tzv/	884 B 1 KB	456ms 249ms	Image image/png	162.19.88.68 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/x1qR9tzv/swipe.png Requested by Host: vf.yim7.ru.com URL: https://vf.yim7.ru.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.19.88.68 , France, ASN16276 (OVH, FR), Reverse DNS ns3221377.ip-162-19-88.eu Software nginx / Resource Hash `8dc9d7f2be71e0f35b358e763545085d4d35476570b64dd10f38e5884d5f3698` Request headers Referer https://vf.yim7.ru.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 09 Jul 2024 20:00:49 GMT last-modified Thu, 20 Jul 2023 23:45:04 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 884 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	/ Show response api.ipify.org/	22 B 155 B	173ms 106ms	XHR application/json	172.67.74.152 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: vf.yim7.ru.com URL: https://vf.yim7.ru.com/static/js/main.b700ba90.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a04ec3b2d9529b7776095594dd263610b8d78b8428075ee9b1a561a342367541` Request headers Accept application/json, text/plain, / Referer https://vf.yim7.ru.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 09 Jul 2024 20:00:49 GMT cf-cache-status DYNAMIC server cloudflare vary Origin content-type application/json access-control-allow-origin * cf-ray 8a0ae7025b413603-FRA content-length 22
GET H/1.1	200 OK	favicon.ico vf.yim7.ru.com/	17 KB 17 KB	13ms 13ms	Other image/x-icon	158.220.105.195 CONTABO
General Check archive.org Show headers Download Go to Full URL https://vf.yim7.ru.com/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 158.220.105.195 Düsseldorf, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi1899681.contaboserver.net Software Apache / Resource Hash `90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21` Request headers Referer https://vf.yim7.ru.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Tue, 09 Jul 2024 20:00:49 GMT Last-Modified Tue, 09 Jul 2024 20:00:12 GMT Server Apache Content-Type image/x-icon Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 17174

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
api.ipify.org
i.postimg.cc
vf.yim7.ru.com
158.220.105.195
162.19.88.68
172.67.74.152
2606:2800:233:1cb7:261b:1f9c:2074:3c
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
08dc74d2797c739e4b1b8a3477572d1265637448bb503a4c015aaaf9d0002b57
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
71e4d5411f25f4c3c9df70efc455dfa431a20a2d904ee20e35f3b9913f7c7943
8dc9d7f2be71e0f35b358e763545085d4d35476570b64dd10f38e5884d5f3698
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
a04ec3b2d9529b7776095594dd263610b8d78b8428075ee9b1a561a342367541
fc87e3f1930a326e499b8e09e2d49e3e9e6c1ab771cb7c083555dabf8b829c13

vf.yim7.ru.com Open in urlscan Pro 158.220.105.195 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

273 kBTransfer

272 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

vf.yim7.ru.com Open in urlscan Pro
158.220.105.195 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

273 kB
Transfer

272 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!