f0736983.xsph.ru
Open in
urlscan Pro
141.8.193.236
Malicious Activity!
Public Scan
Effective URL: http://f0736983.xsph.ru/
Submission: On November 16 via manual from IN — Scanned from DE
Summary
This is the only time f0736983.xsph.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 217.11.236.171 217.11.236.171 | 15685 (CASABLANC...) (CASABLANCA-AS Internet & Collocation Provider) | |
8 | 141.8.193.236 141.8.193.236 | 35278 (SPRINTHOST) (SPRINTHOST) | |
8 | 1 |
ASN15685 (CASABLANCA-AS Internet & Collocation Provider, CZ)
PTR: assigned-217-11-236-171.casablanca.cz
ccca.cz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
xsph.ru
f0736983.xsph.ru |
1 MB |
1 |
ccca.cz
1 redirects
ccca.cz |
374 B |
8 | 2 |
Domain | Requested by | |
---|---|---|
8 | f0736983.xsph.ru |
f0736983.xsph.ru
|
1 | ccca.cz | 1 redirects |
8 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://f0736983.xsph.ru/
Frame ID: 91FD65AD6E0F43EE9D2A7EC3CF3F4FF0
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
MSN:VALIDARPage URL History Show full URLs
-
http://ccca.cz/sasa
HTTP 301
http://f0736983.xsph.ru/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ccca.cz/sasa
HTTP 301
http://f0736983.xsph.ru/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
f0736983.xsph.ru/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
util.css
f0736983.xsph.ru/css/ |
82 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
f0736983.xsph.ru/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
material-design-iconic-font.min.css
f0736983.xsph.ru/fonts/iconic/css/ |
69 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fond.png
f0736983.xsph.ru/images/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Poppins-Regular.ttf
f0736983.xsph.ru/fonts/poppins/ |
142 KB 142 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Poppins-Medium.ttf
f0736983.xsph.ru/fonts/poppins/ |
140 KB 140 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Material-Design-Iconic-Font.woff2
f0736983.xsph.ru/fonts/iconic/fonts/ |
37 KB 38 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| soloNumeros1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ccca.cz/ | Name: UserTrack Value: 80.255.7.104.1668601006360815 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ccca.cz
f0736983.xsph.ru
141.8.193.236
217.11.236.171
1a43460c366fcd1fc92909cbaec17f1556a442478e4507e85a84b5f4d32d512a
2425ebbc021bfdd18fe55edbeeb1539d22a217212c14430a7d4d75266a333bbc
45870260a29fa7d3e0eff8cdd91993fb4a9ce4cced3d7b72c3ef7d24380bfc2d
837494f2b4a3de7bceb87d79e841ae48b96f81082a2421858e06b1d5d1e117f8
90b87983a346c4968b798fa8259d113a0533ba604ba8dd1c1667501d3f71602d
afeb11f10efd640c24caf08ceef8be509a4507a2796672852ad9b2d667858a22
dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c