a0256651.xsph.ru
Open in
urlscan Pro
141.8.195.39
Malicious Activity!
Public Scan
Submission: On December 02 via manual from US
Summary
This is the only time a0256651.xsph.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 141.8.195.39 141.8.195.39 | 35278 (SPRINTHOST) (SPRINTHOST) | |
5 | 1 |
ASN35278 (SPRINTHOST, RU)
PTR: lik.from.sh
a0256651.xsph.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
xsph.ru
a0256651.xsph.ru |
56 KB |
5 | 1 |
Domain | Requested by | |
---|---|---|
5 | a0256651.xsph.ru |
a0256651.xsph.ru
|
5 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://a0256651.xsph.ru/paypalactivating/gs_gen/gs4875276af85b5dcbd0cbb8ab67ed6c17/?dispatch=tG9WEPKw3LCjQWjBno7YQM3NLj1eVfSpW2mBR67VSJeIGxk4Wr
Frame ID: BECBD8E97B8A5BC0B747A1D4C2CC4D86
Requests: 5 HTTP requests in this frame
Screenshot
Detected technologies
Lua (Programming Languages) ExpandDetected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
a0256651.xsph.ru/paypalactivating/gs_gen/gs4875276af85b5dcbd0cbb8ab67ed6c17/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gs_login.css
a0256651.xsph.ru/paypalactivating/gs_gen/gs4875276af85b5dcbd0cbb8ab67ed6c17/css/ |
73 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
a0256651.xsph.ru/paypalactivating/gs_gen/gs4875276af85b5dcbd0cbb8ab67ed6c17/js/ |
94 KB 36 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
a0256651.xsph.ru/paypalactivating/gs_gen/gs4875276af85b5dcbd0cbb8ab67ed6c17/js/ |
696 B 1017 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paypal-logo-129x32.svg
a0256651.xsph.ru/paypalactivating/gs_gen/gs4875276af85b5dcbd0cbb8ab67ed6c17/images/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| IsEmail function| Nextgs function| change1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
a0256651.xsph.ru/ | Name: PHPSESSID Value: kbp09qqqmprh58hjgsrsbsp401 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a0256651.xsph.ru
141.8.195.39
161ddce728615bd31a9c34fbb1cd047a4fe165e30cb86f826d1c856a956016ca
80a154d4d2c0d0f52dd5e5f112c4bd4dd84a8330a06322a97024c511b4c311ff
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
d1392fa12aac3ca18b4affae5bafbaf45c40ea904d3852343e58244dadfd6290
e11af7d139a5662450db6a0c86ae436be08a7cf86ada8c7d038e9edb955f1ce4