hvcep.ybsfdownsee.info Open in urlscan Pro
185.244.217.73 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://hvcep.ybsfdownsee.info/blog/arvest-data-leak.aspx
Submission: On November 12 via manual (November 12th 2019, 4:01:42 pm UTC) from US

Summary HTTP 71 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 8 IPs in 5 countries across 8 domains to perform 71 HTTP transactions. The main IP is 185.244.217.73, located in Dronten, Netherlands and belongs to ON-LINE-DATA Server location - Netherlands, Dronten, UA. The main domain is hvcep.ybsfdownsee.info.

This is the only time hvcep.ybsfdownsee.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
46	185.244.217.73 185.244.217.73	204601 (ON-LINE-D...) (ON-LINE-DATA Server location - Netherlands)
1	104.155.200.82 104.155.200.82	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700:30:... 2606:4700:30::6812:3b29	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
14	217.182.203.50 217.182.203.50	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
3	217.69.133.145 217.69.133.145	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
1 4	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
1 2	88.212.201.204 88.212.201.204	39134 (UNITEDNET) (UNITEDNET)
71	8

46 185.244.217.73 (Dronten, Netherlands)

ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, UA)
PTR: ds353863.had.su

hvcep.ybsfdownsee.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.155.200.82 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 82.200.155.104.bc.googleusercontent.com

www.gogofinder.com.tw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::6812:3b29 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

webgringo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 217.182.203.50 (Poland)

ASN16276 (OVH, FR)
PTR: ns3080373.ip-217-182-203.eu

pokemongo-go.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 217.69.133.145 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: top-fwz1.mail.ru

top-fwz1.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:6b8::1:119 (Moscow, Russian Federation) 1 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.204 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host204.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	ybsfdownsee.info hvcep.ybsfdownsee.info	326 KB
14	pokemongo-go.ru pokemongo-go.ru	419 KB
4	yandex.ru 1 redirects mc.yandex.ru	94 KB
3	mail.ru top-fwz1.mail.ru	9 KB
2	yadro.ru 1 redirects counter.yadro.ru	1011 B
2	gstatic.com fonts.gstatic.com	28 KB
1	webgringo.ru webgringo.ru	14 KB
1	gogofinder.com.tw www.gogofinder.com.tw	182 KB
71	8

	Domain	Requested by
46	hvcep.ybsfdownsee.info	hvcep.ybsfdownsee.info
14	pokemongo-go.ru	hvcep.ybsfdownsee.info
4	mc.yandex.ru	1 redirects hvcep.ybsfdownsee.info
3	top-fwz1.mail.ru	hvcep.ybsfdownsee.info top-fwz1.mail.ru
2	counter.yadro.ru	1 redirects hvcep.ybsfdownsee.info
2	fonts.gstatic.com	hvcep.ybsfdownsee.info
1	webgringo.ru	hvcep.ybsfdownsee.info
1	www.gogofinder.com.tw	hvcep.ybsfdownsee.info
71	8

This site contains links to these domains. Also see Links.

Domain
www.liveinternet.ru

Subject Issuer	Validity	Valid
mc.yandex.ru Yandex CA	`2019-09-23` - `2020-09-22`	a year	crt.sh
*.mail.ru GlobalSign Organization Validation CA - SHA256 - G2	`2019-01-18` - `2021-01-18`	2 years	crt.sh

This page contains 2 frames:

Primary Page: http://hvcep.ybsfdownsee.info/blog/arvest-data-leak.aspx
Frame ID: F9FCCF952FEC9C53E14A402203FB0CAA
Requests: 51 HTTP requests in this frame

Frame: http://hvcep.ybsfdownsee.info/enframes.php?key=arvest+data+leak
Frame ID: 7D53AFB421FEA4637995A27BC684C037
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 50%
Detected patterns

url /\.aspx?(?:$|\?)/i

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

url /\.aspx?(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 50%
Detected patterns

url /\.aspx?(?:$|\?)/i

Page Statistics

71
Requests

7 %
HTTPS

38 %
IPv6

8
Domains

8
Subdomains

8
IPs

5
Countries

1070 kB
Transfer

1395 kB
Size

4
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.liveinternet.ru/click;drs2019f

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

http://counter.yadro.ru/hit;drs2019f?t45.6;r;s1600*1200*24;uhttp%3A//hvcep.ybsfdownsee.info/blog/arvest-data-leak.aspx;hArvest%20data%20leak;0.6866684069896647 HTTP 302
http://counter.yadro.ru/hit;drs2019f?q;t45.6;r;s1600*1200*24;uhttp%3A//hvcep.ybsfdownsee.info/blog/arvest-data-leak.aspx;hArvest%20data%20leak;0.6866684069896647

Request Chain 67

https://mc.yandex.ru/watch/49643227?wmode=7&page-url=http%3A%2F%2Fhvcep.ybsfdownsee.info%2Fblog%2Farvest-data-leak.aspx&charset=utf-8&browser-info=ti%3A10%3Ans%3A1573574484211%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20191112170125%3Aet%3A1573574485%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A38105012%3Ahid%3A221324010%3Ads%3A1%2C13%2C391%2C72%2C0%2C0%2C0%2C294%2C0%2C%2C%2C%2C704%3Afp%3A722%3Awn%3A7403%3Ahl%3A2%3Agdpr%3A14%3Av%3A1739%3Awv%3A2%3Ast%3A1573574485%3Au%3A1573574485710862199%3At%3AArvest%20data%20leak HTTP 302
https://mc.yandex.ru/watch/49643227/1?wmode=7&page-url=http%3A%2F%2Fhvcep.ybsfdownsee.info%2Fblog%2Farvest-data-leak.aspx&charset=utf-8&browser-info=ti%3A10%3Ans%3A1573574484211%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20191112170125%3Aet%3A1573574485%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A38105012%3Ahid%3A221324010%3Ads%3A1%2C13%2C391%2C72%2C0%2C0%2C0%2C294%2C0%2C%2C%2C%2C704%3Afp%3A722%3Awn%3A7403%3Ahl%3A2%3Agdpr%3A14%3Av%3A1739%3Awv%3A2%3Ast%3A1573574485%3Au%3A1573574485710862199%3At%3AArvest%20data%20leak

71 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set arvest-data-leak.aspx Show response
hvcep.ybsfdownsee.info/blog/ 37 KB
38 KB 408ms
392ms Document
text/html 185.244.217.73
Netherlands

General

Domain/Path	Expires	Name / Value
.ybsfdownsee.info/	1970-01-19 05:06:16	Name: _ym_visorc_49643227 Value: w
.ybsfdownsee.info/	1970-01-19 05:07:26	Name: _ym_isad Value: 2
.ybsfdownsee.info/	1970-01-19 13:51:50	Name: _ym_d Value: 1573574485
.ybsfdownsee.info/	1970-01-19 13:51:50	Name: _ym_uid Value: 1573574485710862199

hvcep.ybsfdownsee.info Open in urlscan Pro 185.244.217.73 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

71 Requests

7 %HTTPS

38 %IPv6

8 Domains

8 Subdomains

8 IPs

5 Countries

1070 kBTransfer

1395 kBSize

4 Cookies

1 Outgoing links

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hvcep.ybsfdownsee.info Open in urlscan Pro
185.244.217.73 Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

7 %
HTTPS

38 %
IPv6

8
Domains

8
Subdomains

8
IPs

5
Countries

1070 kB
Transfer

1395 kB
Size

4
Cookies

71 HTTP transactions
0 data transactions