f0646170.xsph.ru
Open in
urlscan Pro
141.8.193.236
Malicious Activity!
Public Scan
Submission: On April 25 via manual from IN — Scanned from DE
Summary
This is the only time f0646170.xsph.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 141.8.193.236 141.8.193.236 | 35278 (SPRINTHOST) (SPRINTHOST) | |
8 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
xsph.ru
f0646170.xsph.ru |
74 KB |
8 | 1 |
Domain | Requested by | |
---|---|---|
8 | f0646170.xsph.ru |
f0646170.xsph.ru
|
8 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://f0646170.xsph.ru/Atencion%20en%20linea.html
Frame ID: 6692D5AF649F258D903218434136D384
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Atencion%20en%20linea.html
f0646170.xsph.ru/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.css
f0646170.xsph.ru/files/ |
45 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.css
f0646170.xsph.ru/files/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.min.js
f0646170.xsph.ru/files/ |
85 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
red.js
f0646170.xsph.ru/files/ |
4 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.png
f0646170.xsph.ru/files/ |
188 B 493 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
question.png
f0646170.xsph.ru/files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background.png
f0646170.xsph.ru/fotos/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| $ function| jQuery function| hideMessage function| validateEmail function| getUrlParameter function| continuar function| continuar2 function| continuar3 function| continuar40 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
f0646170.xsph.ru
141.8.193.236
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2e7233c8b60f749a26bbaa0848695e2f7fba021c9040bbc4d15233ae18c4802f
366588b2182e749ba43d54af705e94beef1d76fc3dbbf721f4dd44679d977cb4
6f9de051b3485aedd86666d148b89048cbd5580a47ff96a62f601216e75ccb22
96b7d659b2bd72fccb5a9fc9677b058a744ed4ed52327bc94d6284b55a889d4f
c6de8e3914915518eaefd09ab2e49528b13d6a2abf0ef598998e2b8780d45f5a
cdfc93fe1f472c90889d322fb40a79e9abe45a91fa9e1706ad33fe5ba14d2c68
d471d6c6da2b74c5bc56981dbe78f886a5d86762efd706bc9f3b0318035f8925