f0742786.xsph.ru Open in urlscan Pro
141.8.193.236 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://anamsali.com/
Effective URL:
http://f0742786.xsph.ru/
Submission Tags: #phishing @ecarlesi Search All
Submission: On November 17 via api (November 17th 2022, 9:13:12 am UTC) from FI — Scanned from FI

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 18 HTTP transactions. The main IP is 141.8.193.236, located in Russian Federation and belongs to SPRINTHOST, RU. The main domain is f0742786.xsph.ru.

This is the only time f0742786.xsph.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	15.197.142.173 15.197.142.173	16509 (AMAZON-02) (AMAZON-02)
12	141.8.193.236 141.8.193.236	35278 (SPRINTHOST) (SPRINTHOST)
2	104.16.89.20 104.16.89.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.11.207 104.18.11.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.138 142.250.186.138	15169 (GOOGLE) (GOOGLE)
1	216.58.212.163 216.58.212.163	15169 (GOOGLE) (GOOGLE)
18	6

1 15.197.142.173 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a4ec4c6ea1c92e2e6.awsglobalaccelerator.com

anamsali.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 141.8.193.236 (Russian Federation)

ASN35278 (SPRINTHOST, RU)
PTR: eldir.from.sh

f0742786.xsph.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.89.20 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.11.207 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.138 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.163 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f163.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	xsph.ru f0742786.xsph.ru	334 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2222	83 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 374	99 KB
1	gstatic.com fonts.gstatic.com	38 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	1 KB
1	anamsali.com 1 redirects anamsali.com	294 B
18	6

	Domain	Requested by
12	f0742786.xsph.ru	f0742786.xsph.ru
2	stackpath.bootstrapcdn.com	f0742786.xsph.ru stackpath.bootstrapcdn.com
2	cdn.jsdelivr.net	f0742786.xsph.ru cdn.jsdelivr.net
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	f0742786.xsph.ru
1	anamsali.com	1 redirects
18	6

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-10-25` - `2023-01-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://f0742786.xsph.ru/
Frame ID: CBB23E27C938575F191268C7EEF12D8A
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Accès CR - Crédit Agricole

Page URL History Show full URLs

http://anamsali.com/ HTTP 301
http://f0742786.xsph.ru/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

18
Requests

33 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

555 kB
Transfer

921 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://anamsali.com/ HTTP 301
http://f0742786.xsph.ru/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
f0742786.xsph.ru/
Redirect Chain

http://anamsali.com/
http://f0742786.xsph.ru/

10 KB
3 KB

494ms
330ms

Document
text/html

141.8.193.236
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://f0742786.xsph.ru/
Protocol: HTTP/1.1
Server: 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS: eldir.from.sh
Software: openresty /
Resource Hash: 934a748fcf633dd95ee78bbd83dae2f8e3586d27e54d7423fe73717724398f31

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 17 Nov 2022 09:13:04 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: openresty
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Length: 59
Content-Type: text/html; charset=utf-8
Date: Thu, 17 Nov 2022 09:13:04 GMT
Location: http://f0742786.xsph.ru/
Server: ip-100-74-3-72.eu-west-2.compute.internal
X-Request-Id: 5f5108ab-7990-4976-9886-abd3628b91f6

GET
H2 200 bootstrap-icons.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ 64 KB
9 KB 451ms
49ms Stylesheet
text/css 104.16.89.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css

Requested by

Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.89.20 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c325075337b768950583012228055ae392e384688d77ec5235e6ca88dcec6ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 17 Nov 2022 09:13:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
fastly-original-body-size: 9183
age: 20821875
x-jsd-version: 1.5.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19158-FRA, cache-bma1635-BMA
x-jsd-version-type: version
server: cloudflare
etag: W/"100a0-GGXd3Lt7Z9zvQlDlkMyalXSrpnM"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Juiji8tOT0PggHGXd0gcDDpiE7C7xlE5VccFfxxkxiP6qpu1DDYMSVWkZCKjJdgdbLr%2FYpECw8GisFrN6W25xVsRZjBcUrdM9ygK1yOskmZEsCxnap3loAMYAM28X7VlBCc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 76b7592eb91b1669-ARN

GET
H2 200 font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 452ms
49ms Stylesheet
text/css 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.11.207 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 17 Nov 2022 09:13:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 723
age: 2348013
cdn-cachedat: 11/15/2021 21:49:00
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
server: cloudflare
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 2729ae8f2fc6c761bdc17d91cc795f58
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 76b7592ecdcd9939-ARN
cdn-requestpullsuccess: True

GET
H/1.1 200
OK bootstrap.css
f0742786.xsph.ru/css/ 188 KB
29 KB 68ms
68ms Stylesheet
text/css 141.8.193.236
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://f0742786.xsph.ru/css/bootstrap.css
Requested by: Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/
Protocol: HTTP/1.1
Server: 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS: eldir.from.sh
Software: openresty /
Resource Hash: 0c159070e198b7ed2a9162d6c9751f5914ff62803914d8512d60b1f5ffde4334

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Thu, 17 Nov 2022 09:13:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Nov 2022 13:07:52 GMT
Server: openresty
ETag: W/"63626ba8-2f1f7"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Thu, 24 Nov 2022 09:13:04 GMT

GET
H/1.1 200
OK over.css
f0742786.xsph.ru/css/ 15 KB
3 KB 118ms
56ms Stylesheet
text/css 141.8.193.236
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://f0742786.xsph.ru/css/over.css
Requested by: Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/
Protocol: HTTP/1.1
Server: 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS: eldir.from.sh
Software: openresty /
Resource Hash: 576dbb9ac470cc8ba17f6df967ccc1913bb6b82132d7b41105f505e932346a85

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Thu, 17 Nov 2022 09:13:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Nov 2022 13:07:52 GMT
Server: openresty
ETag: W/"63626ba8-3d37"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Thu, 24 Nov 2022 09:13:04 GMT

GET
H/1.1 200
OK big.svg
f0742786.xsph.ru/image/ 22 KB
7 KB 116ms
54ms Image
image/svg+xml 141.8.193.236
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://f0742786.xsph.ru/image/big.svg
Requested by: Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/
Protocol: HTTP/1.1
Server: 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS: eldir.from.sh
Software: openresty /
Resource Hash: 5c44321c0ba44a1fa665ba4c928fbebd869a3082c458bd2d20a0d07a4e5fcc24

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Thu, 17 Nov 2022 09:13:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Nov 2022 13:07:52 GMT
Server: openresty
ETag: W/"63626ba8-580d"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Thu, 24 Nov 2022 09:13:04 GMT

GET
H/1.1 200
OK web_1.png
f0742786.xsph.ru/image/ 2 KB
2 KB 116ms
55ms Image
image/png 141.8.193.236
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://f0742786.xsph.ru/image/web_1.png
Requested by: Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/
Protocol: HTTP/1.1
Server: 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS: eldir.from.sh
Software: openresty /
Resource Hash: 5db63f3ba53740ed463cc68dbf63e1412944ed6f647aaab85c7507abfaacf6f1

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Thu, 17 Nov 2022 09:13:04 GMT
Last-Modified: Wed, 02 Nov 2022 13:07:52 GMT
Server: openresty
ETag: "63626ba8-86d"
Content-Type: image/png
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2157
Expires: Thu, 24 Nov 2022 09:13:04 GMT

GET
H/1.1 200
OK web_2.png
f0742786.xsph.ru/image/ 2 KB
2 KB 55ms
51ms Image
image/png 141.8.193.236
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://f0742786.xsph.ru/image/web_2.png
Requested by: Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/
Protocol: HTTP/1.1
Server: 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS: eldir.from.sh
Software: openresty /
Resource Hash: 4976f0796d8f82ad9766b9ef9e270e5e082ee57a79f6fbb121e9f3279e4cb4dd

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Thu, 17 Nov 2022 09:13:04 GMT
Last-Modified: Wed, 02 Nov 2022 13:07:52 GMT
Server: openresty
ETag: "63626ba8-7b2"
Content-Type: image/png
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1970
Expires: Thu, 24 Nov 2022 09:13:04 GMT

GET
H/1.1 200
OK web_3.png
f0742786.xsph.ru/image/ 2 KB
2 KB 55ms
51ms Image
image/png 141.8.193.236
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://f0742786.xsph.ru/image/web_3.png
Requested by: Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/
Protocol: HTTP/1.1
Server: 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS: eldir.from.sh
Software: openresty /
Resource Hash: 8c40de2f4f4739d1fe369662082fa9f14338c79f8f8e68d1d7fbc38bc97c6797

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Thu, 17 Nov 2022 09:13:04 GMT
Last-Modified: Wed, 02 Nov 2022 13:07:52 GMT
Server: openresty
ETag: "63626ba8-774"
Content-Type: image/png
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1908
Expires: Thu, 24 Nov 2022 09:13:04 GMT

GET
H/1.1 200
OK soon.svg
f0742786.xsph.ru/image/ 16 KB
5 KB 56ms
51ms Image
image/svg+xml 141.8.193.236
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://f0742786.xsph.ru/image/soon.svg
Requested by: Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/
Protocol: HTTP/1.1
Server: 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS: eldir.from.sh
Software: openresty /
Resource Hash: 4a3b0d2a941677f6fb37a438d20deacc3cea1d6fdc728f72cf3d7ca099cc0ca9

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Thu, 17 Nov 2022 09:13:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Nov 2022 13:07:52 GMT
Server: openresty
ETag: W/"63626ba8-3f78"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Thu, 24 Nov 2022 09:13:04 GMT

GET
H/1.1 200
OK look.png
f0742786.xsph.ru/image/ 581 B
887 B 56ms
52ms Image
image/png 141.8.193.236
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://f0742786.xsph.ru/image/look.png
Requested by: Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/
Protocol: HTTP/1.1
Server: 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS: eldir.from.sh
Software: openresty /
Resource Hash: 17ec4a572a7e747f47a755bf0f22b0a8150d0ece6ac760cd46b4826d13cf6256

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Thu, 17 Nov 2022 09:13:04 GMT
Last-Modified: Wed, 02 Nov 2022 13:07:52 GMT
Server: openresty
ETag: "63626ba8-245"
Content-Type: image/png
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 581
Expires: Thu, 24 Nov 2022 09:13:04 GMT

GET
H/1.1 200
OK jquery-3.5.1.min.js Show response
f0742786.xsph.ru/js/ 87 KB
34 KB 118ms
56ms Script
application/x-javascript 141.8.193.236
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://f0742786.xsph.ru/js/jquery-3.5.1.min.js
Requested by: Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/
Protocol: HTTP/1.1
Server: 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS: eldir.from.sh
Software: openresty /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Thu, 17 Nov 2022 09:13:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Nov 2022 13:07:54 GMT
Server: openresty
ETag: W/"63626baa-15d84"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Thu, 24 Nov 2022 09:13:04 GMT

GET
H/1.1 200
OK jquery.mask.js Show response
f0742786.xsph.ru/js/ 23 KB
7 KB 115ms
53ms Script
application/x-javascript 141.8.193.236
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://f0742786.xsph.ru/js/jquery.mask.js
Requested by: Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/
Protocol: HTTP/1.1
Server: 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS: eldir.from.sh
Software: openresty /
Resource Hash: a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Thu, 17 Nov 2022 09:13:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Nov 2022 13:07:54 GMT
Server: openresty
ETag: W/"63626baa-5a88"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=604800
Connection: keep-alive
Expires: Thu, 24 Nov 2022 09:13:04 GMT

GET
H2 200 css2
fonts.googleapis.com/ 20 KB
1 KB 545ms
73ms Stylesheet
text/css 142.250.186.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap

Requested by

Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/css/over.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f10.1e100.net

Software

ESF /

Resource Hash

b2dc460864a60ac3ce89c4c6fab1c62ef9171ac1365cc47aa8aca95ecb06f0cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 17 Nov 2022 09:13:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Nov 2022 07:51:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Nov 2022 09:13:05 GMT

GET
H/1.1 200
OK background_cc.jpg
f0742786.xsph.ru/image/ 238 KB
239 KB 44ms
43ms Image
image/jpeg 141.8.193.236
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://f0742786.xsph.ru/image/background_cc.jpg
Requested by: Host: f0742786.xsph.ru
URL: http://f0742786.xsph.ru/css/over.css
Protocol: HTTP/1.1
Server: 141.8.193.236 , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS: eldir.from.sh
Software: openresty /
Resource Hash: c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/css/over.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Thu, 17 Nov 2022 09:13:05 GMT
Last-Modified: Wed, 02 Nov 2022 13:07:52 GMT
Server: openresty
ETag: "63626ba8-3b8cf"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 243919
Expires: Thu, 24 Nov 2022 09:13:05 GMT

GET
DATA 200
OK truncated
/ 183 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 829ad3ed0c2f892e7df84989078dd4246fc0a5f1a179439e6314462465dbb2f6

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: http://f0742786.xsph.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v12/ 37 KB
38 KB 528ms
78ms Font
font/woff2 216.58.212.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f163.1e100.net

Software

sffe /

Resource Hash

450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://f0742786.xsph.ru
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 14 Nov 2022 16:54:37 GMT
x-content-type-options: nosniff
age: 231508
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37924
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Nov 2023 16:54:37 GMT

GET
H2 200 bootstrap-icons.woff2
cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/fonts/ 88 KB
89 KB 436ms
52ms Font
font/woff2 104.16.89.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/fonts/bootstrap-icons.woff2?856008caa5eb66df68595e734e59580d

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.89.20 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76506e128f2b47b7179f5037bd885a1674455ffeb6b5093cdb4c7eefbf436ce8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css
Origin: http://f0742786.xsph.ru
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 17 Nov 2022 09:13:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 20821878
x-jsd-version: 1.5.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 90528
x-served-by: cache-fra19178-FRA, cache-bma1645-BMA
x-jsd-version-type: version
server: cloudflare
etag: W/"161a0-RkmHeGigBozlCxBdDSojXoAQyY8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tg2FXonQTfa9YQgFL0LJe7KI4p460dcZikxNcSbq7y905kv%2Bz1f5AN8SqJmFR6vVD6gmXPPs24OirD2%2F%2BqfOE2s2BKUE3dWkqfHk8DCMSOkiS1c4xdBZfvMNnSzi8Ff4Db8%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 76b759335a729936-ARN

GET
H2 200 fontawesome-webfont.woff2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 479ms
96ms Font
font/woff2 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: stackpath.bootstrapcdn.com
URL: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.11.207 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin: http://f0742786.xsph.ru
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 17 Nov 2022 09:13:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
cdn-edgestorageid: 752
cdn-cachedat: 08/17/2022 18:20:14
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: "af7ae505a9eed503f8b8e6982036873e"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: e52b90977fa819f693ad7a769d4f1abf
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 76b759335c35992c-ARN
cdn-requestpullsuccess: True

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			f0742786.xsph.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: 3f808d87954ceb73651d6ee13105555a

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

anamsali.com
cdn.jsdelivr.net
f0742786.xsph.ru
fonts.googleapis.com
fonts.gstatic.com
stackpath.bootstrapcdn.com
104.16.89.20
104.18.11.207
141.8.193.236
142.250.186.138
15.197.142.173
216.58.212.163
0c159070e198b7ed2a9162d6c9751f5914ff62803914d8512d60b1f5ffde4334
17ec4a572a7e747f47a755bf0f22b0a8150d0ece6ac760cd46b4826d13cf6256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3c325075337b768950583012228055ae392e384688d77ec5235e6ca88dcec6ef
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
4976f0796d8f82ad9766b9ef9e270e5e082ee57a79f6fbb121e9f3279e4cb4dd
4a3b0d2a941677f6fb37a438d20deacc3cea1d6fdc728f72cf3d7ca099cc0ca9
576dbb9ac470cc8ba17f6df967ccc1913bb6b82132d7b41105f505e932346a85
5c44321c0ba44a1fa665ba4c928fbebd869a3082c458bd2d20a0d07a4e5fcc24
5db63f3ba53740ed463cc68dbf63e1412944ed6f647aaab85c7507abfaacf6f1
76506e128f2b47b7179f5037bd885a1674455ffeb6b5093cdb4c7eefbf436ce8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
829ad3ed0c2f892e7df84989078dd4246fc0a5f1a179439e6314462465dbb2f6
8c40de2f4f4739d1fe369662082fa9f14338c79f8f8e68d1d7fbc38bc97c6797
934a748fcf633dd95ee78bbd83dae2f8e3586d27e54d7423fe73717724398f31
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
b2dc460864a60ac3ce89c4c6fab1c62ef9171ac1365cc47aa8aca95ecb06f0cf
c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

f0742786.xsph.ru Open in urlscan Pro 141.8.193.236 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

33 %HTTPS

0 %IPv6

6 Domains

6 Subdomains

6 IPs

3 Countries

555 kBTransfer

921 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Indicators

f0742786.xsph.ru Open in urlscan Pro
141.8.193.236 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

33 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

555 kB
Transfer

921 kB
Size

1
Cookies

18 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!