f0742786.xsph.ru
Open in
urlscan Pro
141.8.193.236
Malicious Activity!
Public Scan
Effective URL: http://f0742786.xsph.ru/
Submission Tags: #phishing @ecarlesi Search All
Submission: On November 17 via api from FI — Scanned from FI
Summary
This is the only time f0742786.xsph.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Credit Agricole (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 15.197.142.173 15.197.142.173 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 141.8.193.236 141.8.193.236 | 35278 (SPRINTHOST) (SPRINTHOST) | |
2 | 104.16.89.20 104.16.89.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.186.138 142.250.186.138 | 15169 (GOOGLE) (GOOGLE) | |
1 | 216.58.212.163 216.58.212.163 | 15169 (GOOGLE) (GOOGLE) | |
18 | 6 |
ASN16509 (AMAZON-02, US)
PTR: a4ec4c6ea1c92e2e6.awsglobalaccelerator.com
anamsali.com |
ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com |
ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f163.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
xsph.ru
f0742786.xsph.ru |
334 KB |
2 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2222 |
83 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 374 |
99 KB |
1 |
gstatic.com
fonts.gstatic.com |
38 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 43 |
1 KB |
1 |
anamsali.com
1 redirects
anamsali.com |
294 B |
18 | 6 |
Domain | Requested by | |
---|---|---|
12 | f0742786.xsph.ru |
f0742786.xsph.ru
|
2 | stackpath.bootstrapcdn.com |
f0742786.xsph.ru
stackpath.bootstrapcdn.com |
2 | cdn.jsdelivr.net |
f0742786.xsph.ru
cdn.jsdelivr.net |
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
f0742786.xsph.ru
|
1 | anamsali.com | 1 redirects |
18 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-02 - 2023-06-01 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-10-25 - 2023-01-17 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-10-25 - 2023-01-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://f0742786.xsph.ru/
Frame ID: CBB23E27C938575F191268C7EEF12D8A
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
Accès CR - Crédit AgricolePage URL History Show full URLs
-
http://anamsali.com/
HTTP 301
http://f0742786.xsph.ru/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://anamsali.com/
HTTP 301
http://f0742786.xsph.ru/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
f0742786.xsph.ru/ Redirect Chain
|
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-icons.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ |
64 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.css
f0742786.xsph.ru/css/ |
188 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
over.css
f0742786.xsph.ru/css/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
big.svg
f0742786.xsph.ru/image/ |
22 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
web_1.png
f0742786.xsph.ru/image/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
web_2.png
f0742786.xsph.ru/image/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
web_3.png
f0742786.xsph.ru/image/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
soon.svg
f0742786.xsph.ru/image/ |
16 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
look.png
f0742786.xsph.ru/image/ |
581 B 887 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.1.min.js
f0742786.xsph.ru/js/ |
87 KB 34 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mask.js
f0742786.xsph.ru/js/ |
23 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
20 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background_cc.jpg
f0742786.xsph.ru/image/ |
238 KB 239 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
183 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v12/ |
37 KB 38 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap-icons.woff2
cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/fonts/ |
88 KB 89 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Credit Agricole (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
f0742786.xsph.ru/ | Name: PHPSESSID Value: 3f808d87954ceb73651d6ee13105555a |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
anamsali.com
cdn.jsdelivr.net
f0742786.xsph.ru
fonts.googleapis.com
fonts.gstatic.com
stackpath.bootstrapcdn.com
104.16.89.20
104.18.11.207
141.8.193.236
142.250.186.138
15.197.142.173
216.58.212.163
0c159070e198b7ed2a9162d6c9751f5914ff62803914d8512d60b1f5ffde4334
17ec4a572a7e747f47a755bf0f22b0a8150d0ece6ac760cd46b4826d13cf6256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3c325075337b768950583012228055ae392e384688d77ec5235e6ca88dcec6ef
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
4976f0796d8f82ad9766b9ef9e270e5e082ee57a79f6fbb121e9f3279e4cb4dd
4a3b0d2a941677f6fb37a438d20deacc3cea1d6fdc728f72cf3d7ca099cc0ca9
576dbb9ac470cc8ba17f6df967ccc1913bb6b82132d7b41105f505e932346a85
5c44321c0ba44a1fa665ba4c928fbebd869a3082c458bd2d20a0d07a4e5fcc24
5db63f3ba53740ed463cc68dbf63e1412944ed6f647aaab85c7507abfaacf6f1
76506e128f2b47b7179f5037bd885a1674455ffeb6b5093cdb4c7eefbf436ce8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
829ad3ed0c2f892e7df84989078dd4246fc0a5f1a179439e6314462465dbb2f6
8c40de2f4f4739d1fe369662082fa9f14338c79f8f8e68d1d7fbc38bc97c6797
934a748fcf633dd95ee78bbd83dae2f8e3586d27e54d7423fe73717724398f31
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
b2dc460864a60ac3ce89c4c6fab1c62ef9171ac1365cc47aa8aca95ecb06f0cf
c4966ab5e78e2270952b89576c4a0a386e8a7ea673c56f0f396d620abf4f81b8
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d