f0646170.xsph.ru Open in urlscan Pro
141.8.193.236 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://f0646170.xsph.ru/Atencion%20en%20linea.html
Submission: On April 25 via manual (April 25th 2022, 1:27:58 pm UTC) from IN — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 141.8.193.236, located in Russian Federation and belongs to SPRINTHOST, RU. The main domain is f0646170.xsph.ru.

This is the only time f0646170.xsph.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
8	141.8.193.236 141.8.193.236		35278 (SPRINTHOST) (SPRINTHOST)
8	1

8 141.8.193.236 (Russian Federation)

ASN35278 (SPRINTHOST, RU)
PTR: eldir.from.sh

f0646170.xsph.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	xsph.ru f0646170.xsph.ru	74 KB
8	1

	Domain	Requested by
8	f0646170.xsph.ru	f0646170.xsph.ru
8	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://f0646170.xsph.ru/Atencion%20en%20linea.html
Frame ID: 6692D5AF649F258D903218434136D384
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Iniciar sesión es tu cuenta Microsoft

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

74 kB
Transfer

171 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Atencion%20en%20linea.html Show response f0646170.xsph.ru/	5 KB 2 KB	257ms 219ms	Document text/html	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0646170.xsph.ru/Atencion%20en%20linea.html Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `2e7233c8b60f749a26bbaa0848695e2f7fba021c9040bbc4d15233ae18c4802f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html Date Mon, 25 Apr 2022 13:27:53 GMT ETag W/"1590-5da29df93a7d8" Last-Modified Mon, 14 Mar 2022 08:57:43 GMT Server openresty Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	2.css f0646170.xsph.ru/files/	45 KB 11 KB	40ms 40ms	Stylesheet text/css	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0646170.xsph.ru/files/2.css Requested by Host: f0646170.xsph.ru URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `96b7d659b2bd72fccb5a9fc9677b058a744ed4ed52327bc94d6284b55a889d4f` Request headers accept-language de-DE,de;q=0.9 Referer http://f0646170.xsph.ru/Atencion%20en%20linea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Date Mon, 25 Apr 2022 13:27:53 GMT Content-Encoding gzip Last-Modified Mon, 14 Mar 2022 08:57:49 GMT Server openresty ETag W/"622f038d-b251" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=604800 Transfer-Encoding chunked Connection keep-alive Expires Mon, 02 May 2022 13:27:53 GMT
GET H/1.1	200 OK	1.css f0646170.xsph.ru/files/	8 KB 2 KB	75ms 38ms	Stylesheet text/css	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0646170.xsph.ru/files/1.css Requested by Host: f0646170.xsph.ru URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `cdfc93fe1f472c90889d322fb40a79e9abe45a91fa9e1706ad33fe5ba14d2c68` Request headers accept-language de-DE,de;q=0.9 Referer http://f0646170.xsph.ru/Atencion%20en%20linea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Date Mon, 25 Apr 2022 13:27:53 GMT Content-Encoding gzip Last-Modified Mon, 14 Mar 2022 08:57:48 GMT Server openresty ETag W/"622f038c-2071" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=604800 Transfer-Encoding chunked Connection keep-alive Expires Mon, 02 May 2022 13:27:53 GMT
GET H/1.1	200 OK	script.min.js Show response f0646170.xsph.ru/files/	85 KB 33 KB	80ms 43ms	Script application/x-javascript	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0646170.xsph.ru/files/script.min.js Requested by Host: f0646170.xsph.ru URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef` Request headers accept-language de-DE,de;q=0.9 Referer http://f0646170.xsph.ru/Atencion%20en%20linea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Date Mon, 25 Apr 2022 13:27:53 GMT Content-Encoding gzip Last-Modified Mon, 14 Mar 2022 08:57:51 GMT Server openresty ETag W/"622f038f-1538f" Vary Accept-Encoding Content-Type application/x-javascript Cache-Control max-age=604800 Transfer-Encoding chunked Connection keep-alive Expires Mon, 02 May 2022 13:27:53 GMT
GET H/1.1	200 OK	red.js Show response f0646170.xsph.ru/files/	4 KB 1 KB	80ms 43ms	Script application/x-javascript	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Full URL http://f0646170.xsph.ru/files/red.js Requested by Host: f0646170.xsph.ru URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `6f9de051b3485aedd86666d148b89048cbd5580a47ff96a62f601216e75ccb22` Request headers accept-language de-DE,de;q=0.9 Referer http://f0646170.xsph.ru/Atencion%20en%20linea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Date Mon, 25 Apr 2022 13:27:53 GMT Content-Encoding gzip Last-Modified Mon, 14 Mar 2022 08:57:50 GMT Server openresty ETag W/"622f038e-1192" Vary Accept-Encoding Content-Type application/x-javascript Cache-Control max-age=604800 Transfer-Encoding chunked Connection keep-alive Expires Mon, 02 May 2022 13:27:53 GMT
GET H/1.1	200 OK	favicon.png f0646170.xsph.ru/files/	188 B 493 B	39ms 39ms	Image image/png	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Show image Full URL http://f0646170.xsph.ru/files/favicon.png Requested by Host: f0646170.xsph.ru URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `d471d6c6da2b74c5bc56981dbe78f886a5d86762efd706bc9f3b0318035f8925` Request headers accept-language de-DE,de;q=0.9 Referer http://f0646170.xsph.ru/Atencion%20en%20linea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Date Mon, 25 Apr 2022 13:27:53 GMT Last-Modified Mon, 14 Mar 2022 08:57:49 GMT Server openresty ETag "622f038d-bc" Content-Type image/png Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 188 Expires Mon, 02 May 2022 13:27:53 GMT
GET H/1.1	200 OK	question.png f0646170.xsph.ru/files/	2 KB 2 KB	39ms 38ms	Image image/png	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Show image Full URL http://f0646170.xsph.ru/files/question.png Requested by Host: f0646170.xsph.ru URL: http://f0646170.xsph.ru/Atencion%20en%20linea.html Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `366588b2182e749ba43d54af705e94beef1d76fc3dbbf721f4dd44679d977cb4` Request headers accept-language de-DE,de;q=0.9 Referer http://f0646170.xsph.ru/Atencion%20en%20linea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Date Mon, 25 Apr 2022 13:27:53 GMT Last-Modified Mon, 14 Mar 2022 08:57:50 GMT Server openresty ETag "622f038e-8cc" Content-Type image/png Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 2252 Expires Mon, 02 May 2022 13:27:53 GMT
GET H/1.1	200 OK	background.png f0646170.xsph.ru/fotos/	22 KB 22 KB	39ms 38ms	Image image/png	141.8.193.236 SPRINTHOST
General Check archive.org Show headers Download Go to Show image Full URL http://f0646170.xsph.ru/fotos/background.png Requested by Host: f0646170.xsph.ru URL: http://f0646170.xsph.ru/files/1.css Protocol HTTP/1.1 Server 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU), Reverse DNS eldir.from.sh Software openresty / Resource Hash `c6de8e3914915518eaefd09ab2e49528b13d6a2abf0ef598998e2b8780d45f5a` Request headers accept-language de-DE,de;q=0.9 Referer http://f0646170.xsph.ru/files/1.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Response headers Date Mon, 25 Apr 2022 13:27:53 GMT Last-Modified Mon, 14 Mar 2022 08:57:46 GMT Server openresty ETag "622f038a-560f" Content-Type image/png Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 22031 Expires Mon, 02 May 2022 13:27:53 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

f0646170.xsph.ru
141.8.193.236
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2e7233c8b60f749a26bbaa0848695e2f7fba021c9040bbc4d15233ae18c4802f
366588b2182e749ba43d54af705e94beef1d76fc3dbbf721f4dd44679d977cb4
6f9de051b3485aedd86666d148b89048cbd5580a47ff96a62f601216e75ccb22
96b7d659b2bd72fccb5a9fc9677b058a744ed4ed52327bc94d6284b55a889d4f
c6de8e3914915518eaefd09ab2e49528b13d6a2abf0ef598998e2b8780d45f5a
cdfc93fe1f472c90889d322fb40a79e9abe45a91fa9e1706ad33fe5ba14d2c68
d471d6c6da2b74c5bc56981dbe78f886a5d86762efd706bc9f3b0318035f8925

f0646170.xsph.ru Open in urlscan Pro 141.8.193.236 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

74 kBTransfer

171 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

Indicators

f0646170.xsph.ru Open in urlscan Pro
141.8.193.236 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

74 kB
Transfer

171 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!