vkcomi.comuv.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 145.14.145.31, located in Netherlands and belongs to AWEX, US. The main domain is vkcomi.comuv.com.

This is the only time vkcomi.comuv.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Vkontakte (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
6	145.14.145.31 145.14.145.31	204915 (AWEX) (AWEX)
1 1	151.139.237.11 151.139.237.11	54104 (AS-STACKPATH) (AS-STACKPATH - netDNA)
1	151.101.12.133 151.101.12.133	54113 (FASTLY) (FASTLY - Fastly)
7	2

6 145.14.145.31 (Netherlands)

ASN204915 (AWEX, US)

vkcomi.comuv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.237.11 (Dallas, United States) 1 redirects

ASN54104 (AS-STACKPATH - netDNA, US)

cdn.rawgit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.133 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

raw.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	comuv.com vkcomi.comuv.com	257 KB
1	githubusercontent.com raw.githubusercontent.com	3 KB
1	rawgit.com 1 redirects cdn.rawgit.com	321 B
7	3

	Domain	Requested by
6	vkcomi.comuv.com	vkcomi.comuv.com
1	raw.githubusercontent.com	vkcomi.comuv.com
1	cdn.rawgit.com	1 redirects
7	3

This site contains links to these domains. Also see Links.

Domain
www.000webhost.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://vkcomi.comuv.com/
Frame ID: F6EF275B471C4A8C1D42D4FE521C4269
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

7
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

259 kB
Transfer

262 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.000webhost.com/?utm_source=000webhostapp&utm_campaign=000_logo&utm_campaign=ss-footer_logo&utm_medium=000_logo&utm_content=website

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://cdn.rawgit.com/000webhost/logo/e9bd13f7/footer-powered-by-000webhost-white2.png HTTP 301
https://raw.githubusercontent.com/000webhost/logo/e9bd13f7/footer-powered-by-000webhost-white2.png

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
vkcomi.comuv.com/ 2 KB
1 KB 210ms
106ms Document
text/html 145.14.145.31
AWEX

General

Check archive.org

Show headers Download Go to

Full URL

http://vkcomi.comuv.com/

Protocol

HTTP/1.1

Server

145.14.145.31 , Netherlands, ASN204915 (AWEX, US),

Reverse DNS

Software

awex /

Resource Hash

5728a42329f3d502a3ae834b6114722a50592a7e8d8ee58a1fd15ba690ef7f8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: vkcomi.comuv.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: F6EF275B471C4A8C1D42D4FE521C4269

Response headers

Date: Mon, 11 Jun 2018 09:22:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: awex
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Request-ID: 134eee346e044e7839884d62d968b332
Content-Encoding: gzip

GET
H/1.1 200
OK vkfake.css
vkcomi.comuv.com/ 2 KB
687 B 106ms
106ms Stylesheet
text/css 145.14.145.31
AWEX

General

Check archive.org

Show headers Download Go to

Full URL

http://vkcomi.comuv.com/vkfake.css

Requested by

Host: vkcomi.comuv.com
URL: http://vkcomi.comuv.com/

Protocol

HTTP/1.1

Server

145.14.145.31 , Netherlands, ASN204915 (AWEX, US),

Reverse DNS

Software

awex /

Resource Hash

4dbf2e4f3fa2fd8ac6e90c25c45cd0140f4909a3949311de51cdbebea4e98ef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: vkcomi.comuv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://vkcomi.comuv.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://vkcomi.comuv.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 09:22:15 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 08 Jun 2017 18:32:26 GMT
Server: awex
Transfer-Encoding: chunked
Content-Type: text/css
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-ID: dfa97eaaf133b5d463c3eacdc00c5112

GET
H/1.1 200
OK index.css
vkcomi.comuv.com/ 3 KB
1 KB 210ms
103ms Stylesheet
text/css 145.14.145.31
AWEX

General

Check archive.org

Show headers Download Go to

Full URL

http://vkcomi.comuv.com/index.css

Requested by

Host: vkcomi.comuv.com
URL: http://vkcomi.comuv.com/

Protocol

HTTP/1.1

Server

145.14.145.31 , Netherlands, ASN204915 (AWEX, US),

Reverse DNS

Software

awex /

Resource Hash

cafb6029d2493abf19819d692b1d94a4375717681f604aba22ed9491b3b93ad9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: vkcomi.comuv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://vkcomi.comuv.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://vkcomi.comuv.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 09:22:15 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 08 Jun 2017 18:32:26 GMT
Server: awex
Transfer-Encoding: chunked
Content-Type: text/css
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Request-ID: e2b5f683ccd6bf2624419f3b100f2671

GET
H/1.1

200
OK

footer-powered-by-000webhost-white2.png
raw.githubusercontent.com/000webhost/logo/e9bd13f7/
Redirect Chain

https://cdn.rawgit.com/000webhost/logo/e9bd13f7/footer-powered-by-000webhost-white2.png
https://raw.githubusercontent.com/000webhost/logo/e9bd13f7/footer-powered-by-000webhost-white2.png

2 KB
3 KB

28ms
7ms

Image
image/png

151.101.12.133
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://raw.githubusercontent.com/000webhost/logo/e9bd13f7/footer-powered-by-000webhost-white2.png

Requested by

Host: vkcomi.comuv.com
URL: http://vkcomi.comuv.com/

Protocol

HTTP/1.1

Server

151.101.12.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

/

Resource Hash

736480857134b27d22d1999eeb1cdd4eb9ace8d0e2c2d739d26e27627fe2f9b1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: http://vkcomi.comuv.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

X-Fastly-Request-ID: 470784126921e30c69154a68f8ce7fa0fd10b927
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Via: 1.1 varnish
X-Content-Type-Options: nosniff
X-Geo-Block-List
X-Cache: HIT
X-Cache-Hits: 9
Connection: keep-alive
Content-Length: 2046
ETag: "0f5fd2ab2ec3d340d0a8e148adae48104735921b"
X-Served-By: cache-fra19148-FRA
X-GitHub-Request-Id: 3EFC:7A38:6E7D6F:7919E6:5B1E3E30
X-Timer: S1528708935.372442,VS0,VE0
X-Frame-Options: deny
Date: Mon, 11 Jun 2018 09:22:15 GMT
Source-Age: 278
Vary: Authorization,Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: *
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=300
Accept-Ranges: bytes
Expires: Mon, 11 Jun 2018 09:27:15 GMT

Redirect headers

date: Mon, 11 Jun 2018 09:22:15 GMT
x-content-type-options: nosniff
server: NetDNA-cache/2.2
status: 301
location: https://raw.githubusercontent.com/000webhost/logo/e9bd13f7/footer-powered-by-000webhost-white2.png
x-cache: HIT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
strict-transport-security: max-age=31536000; preload
x-robots-tag: none
vary: Accept
content-length: 132
rawgit-cache-status: BYPASS

GET
H/1.1 200
OK vkcomfon.png
vkcomi.comuv.com/images/ 247 KB
248 KB 108ms
108ms Image
image/png 145.14.145.31
AWEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://vkcomi.comuv.com/images/vkcomfon.png

Protocol

HTTP/1.1

Server

145.14.145.31 , Netherlands, ASN204915 (AWEX, US),

Reverse DNS

Software

awex /

Resource Hash

ca6a5d68f7922b7104690281924dcde726f23c6b66d6a239c964cecf7de970c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: vkcomi.comuv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://vkcomi.comuv.com/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://vkcomi.comuv.com/index.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 09:22:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 08 Jun 2017 18:33:24 GMT
Server: awex
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 253121
X-Xss-Protection: 1; mode=block
X-Request-ID: 37f723047d2e81f9b7b05ba94d40e5fa

GET
H/1.1 200
OK elementinshapka.png
vkcomi.comuv.com/images/ 4 KB
5 KB 119ms
119ms Image
image/png 145.14.145.31
AWEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://vkcomi.comuv.com/images/elementinshapka.png

Protocol

HTTP/1.1

Server

145.14.145.31 , Netherlands, ASN204915 (AWEX, US),

Reverse DNS

Software

awex /

Resource Hash

44972ef4c29cc02e5bc5b8e1ad106aaab40808ccb21a69174cc00b7b355d037d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: vkcomi.comuv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://vkcomi.comuv.com/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://vkcomi.comuv.com/index.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 09:22:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 08 Jun 2017 18:33:24 GMT
Server: awex
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4554
X-Xss-Protection: 1; mode=block
X-Request-ID: ed35d18b930fc089d92290e734c0062a

GET
H/1.1 200
OK button.png
vkcomi.comuv.com/images/ 1004 B
1 KB 223ms
113ms Image
image/png 145.14.145.31
AWEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://vkcomi.comuv.com/images/button.png

Protocol

HTTP/1.1

Server

145.14.145.31 , Netherlands, ASN204915 (AWEX, US),

Reverse DNS

Software

awex /

Resource Hash

b2d706e5a304d5e35e138b48fbb31ca4430dad7016038a0addbdc5f9bee2c589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: vkcomi.comuv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://vkcomi.comuv.com/index.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://vkcomi.comuv.com/index.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 09:22:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 08 Jun 2017 18:33:24 GMT
Server: awex
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1004
X-Xss-Protection: 1; mode=block
X-Request-ID: 12cf82765d53bc033ee76cd9365157b0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Vkontakte (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.rawgit.com
raw.githubusercontent.com
vkcomi.comuv.com
145.14.145.31
151.101.12.133
151.139.237.11
44972ef4c29cc02e5bc5b8e1ad106aaab40808ccb21a69174cc00b7b355d037d
4dbf2e4f3fa2fd8ac6e90c25c45cd0140f4909a3949311de51cdbebea4e98ef2
5728a42329f3d502a3ae834b6114722a50592a7e8d8ee58a1fd15ba690ef7f8a
736480857134b27d22d1999eeb1cdd4eb9ace8d0e2c2d739d26e27627fe2f9b1
b2d706e5a304d5e35e138b48fbb31ca4430dad7016038a0addbdc5f9bee2c589
ca6a5d68f7922b7104690281924dcde726f23c6b66d6a239c964cecf7de970c8
cafb6029d2493abf19819d692b1d94a4375717681f604aba22ed9491b3b93ad9

vkcomi.comuv.com Open in urlscan Pro 145.14.145.31 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

7 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

259 kBTransfer

262 kBSize

0 Cookies

1 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

vkcomi.comuv.com Open in urlscan Pro
145.14.145.31 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

259 kB
Transfer

262 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!