f0828007.xsph.ru
Open in
urlscan Pro
141.8.192.151
Malicious Activity!
Public Scan
Effective URL: http://f0828007.xsph.ru/
Submission: On June 07 via api from US — Scanned from DE
Summary
This is the only time f0828007.xsph.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco de la República Oriental del Uruguay (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 185.176.43.98 185.176.43.98 | 44476 (ZETTA-AS) (ZETTA-AS) | |
3 | 141.8.192.151 141.8.192.151 | 35278 (SPRINTHOST) (SPRINTHOST) | |
1 | 2a00:1450:400... 2a00:1450:4001:831::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::2003 | 15169 (GOOGLE) (GOOGLE) | |
7 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
xsph.ru
f0828007.xsph.ru |
59 KB |
1 |
gstatic.com
fonts.gstatic.com |
14 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2712 |
7 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 67 |
732 B |
1 |
myartsonline.com
bic32brou3uru4guclw.myartsonline.com |
424 B |
7 | 5 |
Domain | Requested by | |
---|---|---|
3 | f0828007.xsph.ru |
f0828007.xsph.ru
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | stackpath.bootstrapcdn.com |
f0828007.xsph.ru
|
1 | fonts.googleapis.com |
f0828007.xsph.ru
|
1 | bic32brou3uru4guclw.myartsonline.com | |
7 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1C3 |
2023-05-19 - 2023-08-11 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-05-19 - 2023-08-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://f0828007.xsph.ru/
Frame ID: 5CB8C49F717FD2B1D05910C3BFC80072
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
brouPage URL History Show full URLs
- http://bic32brou3uru4guclw.myartsonline.com/ Page URL
- http://f0828007.xsph.ru/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://bic32brou3uru4guclw.myartsonline.com/ Page URL
- http://f0828007.xsph.ru/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
bic32brou3uru4guclw.myartsonline.com/ |
195 B 424 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
f0828007.xsph.ru/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 732 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
f0828007.xsph.ru/css/ |
217 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m.png
f0828007.xsph.ru/css/ |
24 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v24/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco de la República Oriental del Uruguay (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bic32brou3uru4guclw.myartsonline.com
f0828007.xsph.ru
fonts.googleapis.com
fonts.gstatic.com
stackpath.bootstrapcdn.com
141.8.192.151
185.176.43.98
2606:4700::6812:acf
2a00:1450:4001:810::2003
2a00:1450:4001:831::200a
3dc57ad6ef050d43fc94a423c51447f6f6cb97ea5d0d4012939ec5bf7998c72c
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
9631702e97cc0bb44eb14d9b62c1fe0c2ba71845b322012d339d1b5251d25fb1
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
f54a516b1cbca74c63b907da7b5f66693ff40fa512c202c18afc809d4c62af63
f82e4e7cba09762227e6c1e2dc0f6562cbc3b1eceb0ed4cab156a300e79f8deb
f84164e60aeb8c58fc32a8a9ad99151860a5701f0dbab46d38d7460d7b69bd28