f0736983.xsph.ru Open in urlscan Pro
141.8.193.236 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ccca.cz/sasa
Effective URL:
http://f0736983.xsph.ru/
Submission: On November 16 via manual (November 16th 2022, 12:16:52 pm UTC) from IN — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 141.8.193.236, located in Russian Federation and belongs to SPRINTHOST, RU. The main domain is f0736983.xsph.ru.

This is the only time f0736983.xsph.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	217.11.236.171 217.11.236.171	15685 (CASABLANC...) (CASABLANCA-AS Internet & Collocation Provider)
8	141.8.193.236 141.8.193.236	35278 (SPRINTHOST) (SPRINTHOST)
8	1

1 217.11.236.171 (Czech Republic) 1 redirects

ASN15685 (CASABLANCA-AS Internet & Collocation Provider, CZ)
PTR: assigned-217-11-236-171.casablanca.cz

ccca.cz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 141.8.193.236 (Russian Federation)

ASN35278 (SPRINTHOST, RU)
PTR: eldir.from.sh

f0736983.xsph.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	xsph.ru f0736983.xsph.ru	1 MB
1	ccca.cz 1 redirects ccca.cz	374 B
8	2

	Domain	Requested by
8	f0736983.xsph.ru	f0736983.xsph.ru
1	ccca.cz	1 redirects
8	2

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://f0736983.xsph.ru/
Frame ID: 91FD65AD6E0F43EE9D2A7EC3CF3F4FF0
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MSN:VALIDAR

Page URL History Show full URLs

http://ccca.cz/sasa HTTP 301
http://f0736983.xsph.ru/ Page URL

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

1526 kB
Transfer

1658 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ccca.cz/sasa HTTP 301
http://f0736983.xsph.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response f0736983.xsph.ru/ Redirect Chain http://ccca.cz/sasa http://f0736983.xsph.ru/	2 KB 1 KB	255ms 86ms	Document text/html	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0736983.xsph.ru/ Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `1a43460c366fcd1fc92909cbaec17f1556a442478e4507e85a84b5f4d32d512a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Wed, 16 Nov 2022 12:16:46 GMT Server openresty Transfer-Encoding chunked Vary Accept-Encoding Redirect headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=utf-8 Date Wed, 16 Nov 2022 12:16:46 GMT Keep-Alive timeout=15, max=100 Location http://f0736983.xsph.ru/ Server Apache X-Powered-By PHP/5.3.29-pl0-gentoo
GET H/1.1	200 OK	util.css f0736983.xsph.ru/css/	82 KB 15 KB	95ms 94ms	Stylesheet text/css	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0736983.xsph.ru/css/util.css Requested by Host: f0736983.xsph.ru URL: http://f0736983.xsph.ru/ Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `837494f2b4a3de7bceb87d79e841ae48b96f81082a2421858e06b1d5d1e117f8` Request headers accept-language de-DE,de;q=0.9 Referer http://f0736983.xsph.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 12:16:46 GMT Content-Encoding gzip Last-Modified Thu, 10 Nov 2022 15:41:11 GMT Server openresty ETag W/"636d1b97-1476d" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=604800 Connection keep-alive Expires Wed, 23 Nov 2022 12:16:46 GMT
GET H/1.1	200 OK	main.css f0736983.xsph.ru/css/	8 KB 2 KB	173ms 88ms	Stylesheet text/css	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0736983.xsph.ru/css/main.css Requested by Host: f0736983.xsph.ru URL: http://f0736983.xsph.ru/ Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `afeb11f10efd640c24caf08ceef8be509a4507a2796672852ad9b2d667858a22` Request headers accept-language de-DE,de;q=0.9 Referer http://f0736983.xsph.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 12:16:46 GMT Content-Encoding gzip Last-Modified Thu, 10 Nov 2022 15:41:10 GMT Server openresty ETag W/"636d1b96-2041" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=604800 Connection keep-alive Expires Wed, 23 Nov 2022 12:16:46 GMT
GET H/1.1	200 OK	material-design-iconic-font.min.css f0736983.xsph.ru/fonts/iconic/css/	69 KB 10 KB	176ms 90ms	Stylesheet text/css	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0736983.xsph.ru/fonts/iconic/css/material-design-iconic-font.min.css Requested by Host: f0736983.xsph.ru URL: http://f0736983.xsph.ru/ Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56` Request headers accept-language de-DE,de;q=0.9 Referer http://f0736983.xsph.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 12:16:46 GMT Content-Encoding gzip Last-Modified Thu, 10 Nov 2022 15:41:52 GMT Server openresty ETag W/"636d1bc0-1149f" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=604800 Connection keep-alive Expires Wed, 23 Nov 2022 12:16:46 GMT
GET H/1.1	200 OK	fond.png f0736983.xsph.ru/images/	1 MB 1 MB	90ms 90ms	Image image/png	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Show image Full URL http://f0736983.xsph.ru/images/fond.png Requested by Host: f0736983.xsph.ru URL: http://f0736983.xsph.ru/ Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `90b87983a346c4968b798fa8259d113a0533ba604ba8dd1c1667501d3f71602d` Request headers accept-language de-DE,de;q=0.9 Referer http://f0736983.xsph.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 12:16:46 GMT Last-Modified Thu, 10 Nov 2022 15:42:00 GMT Server openresty ETag "636d1bc8-126532" Content-Type image/png Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 1205554 Expires Wed, 23 Nov 2022 12:16:46 GMT
GET H/1.1	200 OK	Poppins-Regular.ttf f0736983.xsph.ru/fonts/poppins/	142 KB 142 KB	97ms 97ms	Font application/octet-stream	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0736983.xsph.ru/fonts/poppins/Poppins-Regular.ttf Requested by Host: f0736983.xsph.ru URL: http://f0736983.xsph.ru/css/main.css Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `2425ebbc021bfdd18fe55edbeeb1539d22a217212c14430a7d4d75266a333bbc` Request headers Referer http://f0736983.xsph.ru/css/main.css Origin http://f0736983.xsph.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 12:16:46 GMT Last-Modified Thu, 10 Nov 2022 15:41:24 GMT Server openresty ETag "636d1ba4-237a0" Content-Type application/octet-stream Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 145312 Expires Wed, 23 Nov 2022 12:16:46 GMT
GET H/1.1	200 OK	Poppins-Medium.ttf f0736983.xsph.ru/fonts/poppins/	140 KB 140 KB	94ms 93ms	Font application/octet-stream	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0736983.xsph.ru/fonts/poppins/Poppins-Medium.ttf Requested by Host: f0736983.xsph.ru URL: http://f0736983.xsph.ru/css/main.css Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `45870260a29fa7d3e0eff8cdd91993fb4a9ce4cced3d7b72c3ef7d24380bfc2d` Request headers Referer http://f0736983.xsph.ru/css/main.css Origin http://f0736983.xsph.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 12:16:46 GMT Last-Modified Thu, 10 Nov 2022 15:41:22 GMT Server openresty ETag "636d1ba2-2309c" Content-Type application/octet-stream Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 143516 Expires Wed, 23 Nov 2022 12:16:46 GMT
GET H/1.1	200 OK	Material-Design-Iconic-Font.woff2 f0736983.xsph.ru/fonts/iconic/fonts/	37 KB 38 KB	175ms 89ms	Font application/octet-stream	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0736983.xsph.ru/fonts/iconic/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0 Requested by Host: f0736983.xsph.ru URL: http://f0736983.xsph.ru/fonts/iconic/css/material-design-iconic-font.min.css Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c` Request headers Referer http://f0736983.xsph.ru/fonts/iconic/css/material-design-iconic-font.min.css Origin http://f0736983.xsph.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Wed, 16 Nov 2022 12:16:46 GMT Last-Modified Thu, 10 Nov 2022 15:41:56 GMT Server openresty ETag "636d1bc4-95f0" Content-Type application/octet-stream Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 38384 Expires Wed, 23 Nov 2022 12:16:46 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| soloNumeros

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ccca.cz/	1970-01-20 07:30:08	Name: UserTrack Value: 80.255.7.104.1668601006360815

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ccca.cz
f0736983.xsph.ru
141.8.193.236
217.11.236.171
1a43460c366fcd1fc92909cbaec17f1556a442478e4507e85a84b5f4d32d512a
2425ebbc021bfdd18fe55edbeeb1539d22a217212c14430a7d4d75266a333bbc
45870260a29fa7d3e0eff8cdd91993fb4a9ce4cced3d7b72c3ef7d24380bfc2d
837494f2b4a3de7bceb87d79e841ae48b96f81082a2421858e06b1d5d1e117f8
90b87983a346c4968b798fa8259d113a0533ba604ba8dd1c1667501d3f71602d
afeb11f10efd640c24caf08ceef8be509a4507a2796672852ad9b2d667858a22
dec3e9f0190a504ed0c8f4a5e957c107206ba106cac4a1bbb6cbac6369a16d56
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c

f0736983.xsph.ru Open in urlscan Pro 141.8.193.236 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

1526 kBTransfer

1658 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

f0736983.xsph.ru Open in urlscan Pro
141.8.193.236 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

1526 kB
Transfer

1658 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!