f0767472.xsph.ru Open in urlscan Pro
141.8.192.151 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522
Submission: On January 18 via automatic, source phishtank (January 18th 2023, 11:13:09 pm UTC) — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 141.8.192.151, located in Russian Federation and belongs to SPRINTHOST, RU. The main domain is f0767472.xsph.ru.

This is the only time f0767472.xsph.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit du Nord (Banking)

Domain & IP information

	IP Address		AS Autonomous System
16	141.8.192.151 141.8.192.151		35278 (SPRINTHOST) (SPRINTHOST)
16	1

16 141.8.192.151 (Russian Federation)

ASN35278 (SPRINTHOST, RU)
PTR: vilir.from.sh

f0767472.xsph.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	xsph.ru f0767472.xsph.ru	742 KB
16	1

	Domain	Requested by
16	f0767472.xsph.ru	f0767472.xsph.ru
16	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522
Frame ID: 5C90CDFA37B56779799716DB6ECE8DED
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Connexion

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

742 kB
Transfer

1724 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/	9 KB 2 KB	380ms 289ms	Document text/html	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `d87b5b8af707d4a29e31ecda11abebd11e4790a0eab5dda357e7c83efd963586` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Wed, 18 Jan 2023 23:13:04 GMT Server openresty Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	bootstrap.min.css f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/css/	152 KB 27 KB	48ms 48ms	Stylesheet text/css	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/css/bootstrap.min.css Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Content-Encoding gzip Last-Modified Tue, 17 Jan 2023 11:33:33 GMT Server openresty ETag W/"63c6878d-2606e" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=604800 Connection keep-alive Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	helpers.css f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/css/	41 KB 6 KB	89ms 45ms	Stylesheet text/css	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/css/helpers.css Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `4f170247e1768f40ceb39a7e08a9250b3e0d1fe5d85e9ac437b6fba12ccf61ba` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Content-Encoding gzip Last-Modified Tue, 17 Jan 2023 11:33:34 GMT Server openresty ETag W/"63c6878e-a317" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=604800 Connection keep-alive Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	fonts.css f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/css/	4 KB 811 B	92ms 46ms	Stylesheet text/css	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/css/fonts.css Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `34033ffe8b5d88ef59cc47c49e55e1a293128d34e5996ade5e40ec298634ad87` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Content-Encoding gzip Last-Modified Tue, 17 Jan 2023 11:33:33 GMT Server openresty ETag W/"63c6878d-e46" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=604800 Connection keep-alive Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	main.css f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/css/	7 KB 2 KB	97ms 48ms	Stylesheet text/css	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/css/main.css Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `2d44e2c8ceca3b2f8be46ddfbc1431ca8e618df2d65c32d1e4de4336367e84be` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Content-Encoding gzip Last-Modified Tue, 17 Jan 2023 11:33:34 GMT Server openresty ETag W/"63c6878e-1c0b" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css Cache-Control max-age=604800 Connection keep-alive Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	logo.png f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/images/	4 KB 4 KB	63ms 44ms	Image image/png	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Show image Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/images/logo.png Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `0b9704379696c137fb3380b9d79713289b3128a7d87eb34dac6ca1b4f24eccbd` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Last-Modified Tue, 17 Jan 2023 11:34:02 GMT Server openresty ETag "63c687aa-e3b" Content-Type image/png Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 3643 Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	logo2.png f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/images/	2 KB 3 KB	44ms 44ms	Image image/png	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Show image Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/images/logo2.png Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `bac5f2ce50081b02f191dd8c69ead03566a1c47056235c701aec779f432fc417` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Last-Modified Tue, 17 Jan 2023 11:34:03 GMT Server openresty ETag "63c687ab-959" Content-Type image/png Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 2393 Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	left-content.png f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/images/	90 KB 90 KB	109ms 44ms	Image image/png	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Show image Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/images/left-content.png Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `f87ae8f3875c0e3dfea234e2b36af52cada0b04da1131f52a2c01e5cc363055b` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Last-Modified Tue, 17 Jan 2023 11:34:02 GMT Server openresty ETag "63c687aa-167e7" Content-Type image/png Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 92135 Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	right-content.png f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/images/	10 KB 10 KB	91ms 49ms	Image image/png	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Show image Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/images/right-content.png Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `69477cc4ea8a06114fc1e4de99a378f36749c064696c9e1930849710526e2c50` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Last-Modified Tue, 17 Jan 2023 11:34:04 GMT Server openresty ETag "63c687ac-2878" Content-Type image/png Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 10360 Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	jquery.min.js Show response f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/js/	86 KB 33 KB	91ms 47ms	Script application/x-javascript	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/js/jquery.min.js Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Content-Encoding gzip Last-Modified Tue, 17 Jan 2023 11:34:08 GMT Server openresty ETag W/"63c687b0-15850" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/x-javascript Cache-Control max-age=604800 Connection keep-alive Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	popper.min.js Show response f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/js/	20 KB 8 KB	88ms 45ms	Script application/x-javascript	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/js/popper.min.js Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `d2b9f29ea1f42a60a8beb1c04f76868287f2a48d6ec50fb39d6b888584a03c49` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Content-Encoding gzip Last-Modified Tue, 17 Jan 2023 11:34:09 GMT Server openresty ETag W/"63c687b1-4f70" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/x-javascript Cache-Control max-age=604800 Connection keep-alive Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	bootstrap.min.js Show response f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/js/	129 KB 29 KB	48ms 47ms	Script application/x-javascript	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/js/bootstrap.min.js Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `a65d5b4abb65aad37f302c96f1751362e2422a8869f7f889112556d77e384813` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Content-Encoding gzip Last-Modified Tue, 17 Jan 2023 11:34:07 GMT Server openresty ETag W/"63c687af-20235" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/x-javascript Cache-Control max-age=604800 Connection keep-alive Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	fontawesome.min.js Show response f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/js/	1 MB 405 KB	67ms 66ms	Script application/x-javascript	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/js/fontawesome.min.js Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `16e8f08eb363930ccc9f0e91f33ded7905fed943045a040078196294db8a9b17` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Content-Encoding gzip Last-Modified Tue, 17 Jan 2023 11:34:08 GMT Server openresty ETag W/"63c687b0-10314a" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/x-javascript Cache-Control max-age=604800 Connection keep-alive Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	jquery.payment.js Show response f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/js/	17 KB 4 KB	47ms 47ms	Script application/x-javascript	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/js/jquery.payment.js Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `64b9e1158d25d8d595187dd4c277656d54a8165f9e2c58504b686ea0107e33d7` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Content-Encoding gzip Last-Modified Tue, 17 Jan 2023 11:34:09 GMT Server openresty ETag W/"63c687b1-44a7" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/x-javascript Cache-Control max-age=604800 Connection keep-alive Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	main.js Show response f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/js/	2 KB 1 KB	49ms 49ms	Script application/x-javascript	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/js/main.js Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `a7b74b21f2f1392a25d1f6f1227eff5acd9636719d7bc8b8e722b660fee071af` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/espace/login.php?ID=85900584522 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Content-Encoding gzip Last-Modified Tue, 17 Jan 2023 11:34:09 GMT Server openresty ETag W/"63c687b1-8a2" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/x-javascript Cache-Control max-age=604800 Connection keep-alive Expires Wed, 25 Jan 2023 23:13:04 GMT
GET H/1.1	200 OK	img.jpg f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/images/	116 KB 116 KB	81ms 46ms	Image image/jpeg	141.8.192.151 SPRINTHOST
General Check archive.org Show headers Download Go to Show image Full URL http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/images/img.jpg Requested by Host: f0767472.xsph.ru URL: http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/css/main.css Protocol HTTP/1.1 Server 141.8.192.151 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS vilir.from.sh Software openresty / Resource Hash `86d7c9abfa683b2cd4282b25ae927db3c7fd0fd3bd2b49a9a9cad06c81685420` Request headers accept-language de-DE,de;q=0.9 Referer http://f0767472.xsph.ru/secure-fr-credit2nord-fr/m/assets/css/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36 Response headers Date Wed, 18 Jan 2023 23:13:04 GMT Last-Modified Tue, 17 Jan 2023 11:34:01 GMT Server openresty ETag "63c687a9-1ce77" Content-Type image/jpeg Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 118391 Expires Wed, 25 Jan 2023 23:13:04 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit du Nord (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

f0767472.xsph.ru
141.8.192.151
0b9704379696c137fb3380b9d79713289b3128a7d87eb34dac6ca1b4f24eccbd
16e8f08eb363930ccc9f0e91f33ded7905fed943045a040078196294db8a9b17
2d44e2c8ceca3b2f8be46ddfbc1431ca8e618df2d65c32d1e4de4336367e84be
34033ffe8b5d88ef59cc47c49e55e1a293128d34e5996ade5e40ec298634ad87
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
4f170247e1768f40ceb39a7e08a9250b3e0d1fe5d85e9ac437b6fba12ccf61ba
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
64b9e1158d25d8d595187dd4c277656d54a8165f9e2c58504b686ea0107e33d7
69477cc4ea8a06114fc1e4de99a378f36749c064696c9e1930849710526e2c50
86d7c9abfa683b2cd4282b25ae927db3c7fd0fd3bd2b49a9a9cad06c81685420
a65d5b4abb65aad37f302c96f1751362e2422a8869f7f889112556d77e384813
a7b74b21f2f1392a25d1f6f1227eff5acd9636719d7bc8b8e722b660fee071af
bac5f2ce50081b02f191dd8c69ead03566a1c47056235c701aec779f432fc417
d2b9f29ea1f42a60a8beb1c04f76868287f2a48d6ec50fb39d6b888584a03c49
d87b5b8af707d4a29e31ecda11abebd11e4790a0eab5dda357e7c83efd963586
f87ae8f3875c0e3dfea234e2b36af52cada0b04da1131f52a2c01e5cc363055b

f0767472.xsph.ru Open in urlscan Pro 141.8.192.151 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

742 kBTransfer

1724 kBSize

0 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

0 Cookies

Indicators

f0767472.xsph.ru Open in urlscan Pro
141.8.192.151 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

742 kB
Transfer

1724 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!