URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html
Submission: On April 25 via manual from IN — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 141.8.193.236, located in Russian Federation and belongs to SPRINTHOST, RU. The main domain is f0646170.xsph.ru.
This is the only time f0646170.xsph.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
8 141.8.193.236 35278 (SPRINTHOST)
8 1
Apex Domain
Subdomains
Transfer
8 xsph.ru
f0646170.xsph.ru
74 KB
8 1
Domain Requested by
8 f0646170.xsph.ru f0646170.xsph.ru
8 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://f0646170.xsph.ru/Atencion%20en%20linea.html
Frame ID: 6692D5AF649F258D903218434136D384
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Iniciar sesiĆ³n es tu cuenta Microsoft

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

74 kB
Transfer

171 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Atencion%20en%20linea.html
f0646170.xsph.ru/
5 KB
2 KB
Document
General
Full URL
http://f0646170.xsph.ru/Atencion%20en%20linea.html
Protocol
HTTP/1.1
Server
141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
eldir.from.sh
Software
openresty /
Resource Hash
2e7233c8b60f749a26bbaa0848695e2f7fba021c9040bbc4d15233ae18c4802f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 25 Apr 2022 13:27:53 GMT
ETag
W/"1590-5da29df93a7d8"
Last-Modified
Mon, 14 Mar 2022 08:57:43 GMT
Server
openresty
Transfer-Encoding
chunked
Vary
Accept-Encoding
2.css
f0646170.xsph.ru/files/
45 KB
11 KB
Stylesheet
General
Full URL
http://f0646170.xsph.ru/files/2.css
Requested by
Host: f0646170.xsph.ru
URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html
Protocol
HTTP/1.1
Server
141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
eldir.from.sh
Software
openresty /
Resource Hash
96b7d659b2bd72fccb5a9fc9677b058a744ed4ed52327bc94d6284b55a889d4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://f0646170.xsph.ru/Atencion%20en%20linea.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 13:27:53 GMT
Content-Encoding
gzip
Last-Modified
Mon, 14 Mar 2022 08:57:49 GMT
Server
openresty
ETag
W/"622f038d-b251"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=604800
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 02 May 2022 13:27:53 GMT
1.css
f0646170.xsph.ru/files/
8 KB
2 KB
Stylesheet
General
Full URL
http://f0646170.xsph.ru/files/1.css
Requested by
Host: f0646170.xsph.ru
URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html
Protocol
HTTP/1.1
Server
141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
eldir.from.sh
Software
openresty /
Resource Hash
cdfc93fe1f472c90889d322fb40a79e9abe45a91fa9e1706ad33fe5ba14d2c68

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://f0646170.xsph.ru/Atencion%20en%20linea.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 13:27:53 GMT
Content-Encoding
gzip
Last-Modified
Mon, 14 Mar 2022 08:57:48 GMT
Server
openresty
ETag
W/"622f038c-2071"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=604800
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 02 May 2022 13:27:53 GMT
script.min.js
f0646170.xsph.ru/files/
85 KB
33 KB
Script
General
Full URL
http://f0646170.xsph.ru/files/script.min.js
Requested by
Host: f0646170.xsph.ru
URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html
Protocol
HTTP/1.1
Server
141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
eldir.from.sh
Software
openresty /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://f0646170.xsph.ru/Atencion%20en%20linea.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 13:27:53 GMT
Content-Encoding
gzip
Last-Modified
Mon, 14 Mar 2022 08:57:51 GMT
Server
openresty
ETag
W/"622f038f-1538f"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=604800
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 02 May 2022 13:27:53 GMT
red.js
f0646170.xsph.ru/files/
4 KB
1 KB
Script
General
Full URL
http://f0646170.xsph.ru/files/red.js
Requested by
Host: f0646170.xsph.ru
URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html
Protocol
HTTP/1.1
Server
141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
eldir.from.sh
Software
openresty /
Resource Hash
6f9de051b3485aedd86666d148b89048cbd5580a47ff96a62f601216e75ccb22

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://f0646170.xsph.ru/Atencion%20en%20linea.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 13:27:53 GMT
Content-Encoding
gzip
Last-Modified
Mon, 14 Mar 2022 08:57:50 GMT
Server
openresty
ETag
W/"622f038e-1192"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=604800
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 02 May 2022 13:27:53 GMT
favicon.png
f0646170.xsph.ru/files/
188 B
493 B
Image
General
Full URL
http://f0646170.xsph.ru/files/favicon.png
Requested by
Host: f0646170.xsph.ru
URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html
Protocol
HTTP/1.1
Server
141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
eldir.from.sh
Software
openresty /
Resource Hash
d471d6c6da2b74c5bc56981dbe78f886a5d86762efd706bc9f3b0318035f8925

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://f0646170.xsph.ru/Atencion%20en%20linea.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 13:27:53 GMT
Last-Modified
Mon, 14 Mar 2022 08:57:49 GMT
Server
openresty
ETag
"622f038d-bc"
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
188
Expires
Mon, 02 May 2022 13:27:53 GMT
question.png
f0646170.xsph.ru/files/
2 KB
2 KB
Image
General
Full URL
http://f0646170.xsph.ru/files/question.png
Requested by
Host: f0646170.xsph.ru
URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html
Protocol
HTTP/1.1
Server
141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
eldir.from.sh
Software
openresty /
Resource Hash
366588b2182e749ba43d54af705e94beef1d76fc3dbbf721f4dd44679d977cb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://f0646170.xsph.ru/Atencion%20en%20linea.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 13:27:53 GMT
Last-Modified
Mon, 14 Mar 2022 08:57:50 GMT
Server
openresty
ETag
"622f038e-8cc"
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2252
Expires
Mon, 02 May 2022 13:27:53 GMT
background.png
f0646170.xsph.ru/fotos/
22 KB
22 KB
Image
General
Full URL
http://f0646170.xsph.ru/fotos/background.png
Requested by
Host: f0646170.xsph.ru
URL: http://f0646170.xsph.ru/files/1.css
Protocol
HTTP/1.1
Server
141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
eldir.from.sh
Software
openresty /
Resource Hash
c6de8e3914915518eaefd09ab2e49528b13d6a2abf0ef598998e2b8780d45f5a

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://f0646170.xsph.ru/files/1.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date
Mon, 25 Apr 2022 13:27:53 GMT
Last-Modified
Mon, 14 Mar 2022 08:57:46 GMT
Server
openresty
ETag
"622f038a-560f"
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22031
Expires
Mon, 02 May 2022 13:27:53 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| $ function| jQuery function| hideMessage function| validateEmail function| getUrlParameter function| continuar function| continuar2 function| continuar3 function| continuar4

0 Cookies