Report - f0809950.xsph.ru/

Report Overview

Submitted URL
f0809950.xsph.ru/
IP
141.8.193.236
ASN
#35278 Sprinthost.ru LLC
Submitted
2023-06-04 18:36:00
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
5
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
f0809950.xsph.ru	unknown	2008-07-30	2023-04-25	2023-04-26	734 B	1.6 kB	141.8.193.236
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-06-04	423 B	82 kB	142.250.74.168
chatbot.theb.ai	unknown	2023-03-02	2023-03-18	2023-05-29	507 B	1.4 kB	104.26.7.188
autofaucet.org	341274	2018-04-18	2018-07-15	2023-05-31	984 B	14 kB	104.21.5.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-04 18:35:42	low	Client IP	Internal IP	ET INFO Observed DNS Query to xsph .ru Domain
2023-06-04 18:35:42	low	Client IP	Internal IP	ET INFO Observed DNS Query to xsph .ru Domain
2023-06-04 18:35:42	low	Client IP	Internal IP	ET INFO Observed DNS Query to xsph .ru Domain
2023-06-04 18:35:42	low	Client IP	Internal IP	ET INFO Observed DNS Query to xsph .ru Domain
2023-06-04 18:35:42	low	Client IP	Internal IP	ET INFO Observed DNS Query to xsph .ru Domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-STC3CT2301	231 kB	2023-06-04	2023-06-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-STC3CT2301 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-04 20:36:00 Last Seen2023-06-04 20:36:00 Times Seen2 Hash 81329b29e9122a038007e85612406774 532ece102855181f0b55f5037f458d081f271534 42cccd0d13b05ef980473b5962d3e3f36425bc7c744f7126021e42855f7d1f0e Loading...

	autofaucet.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	12 kB	2023-03-07	2024-04-19
Pretty URL autofaucet.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 104.21.5.68 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-19 15:08:35 Times Seen42902 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	unknown	226 B	2023-03-07	2023-11-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:28:21 Last Seen2023-11-28 11:07:49 Times Seen294 Hash ddf501315c49b19f530082bad78a6467 f17423b72f63c8febc8e9f0da790fb26980c4bcb 6e12f890aa860ddbf483276afdb4ffee72252d8eebddb1bb35d1feb1106935c4 Loading...

	unknown	159 B	2023-04-25	2023-07-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-25 21:15:05 Last Seen2023-07-19 03:50:39 Times Seen7 Hash fd689055fe932f23db0f39dba364f3bf b8415abffbd97c2dc5bb2af9f19dbb8be941c9f8 3bcb140202b911b9af3cb34646245fc233e73d5801c36edc21559b5c70c39b66 Loading...

HTTP Transactions (6)

	URL	IP	Response	Size
	f0809950.xsph.ru/	141.8.193.236	200 OK	919 B
URL User Request GET HTTP/1.1 f0809950.xsph.ru/ IP 141.8.193.236:80 ASN #35278 Sprinthost.ru LLC File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text Size 919 B (919 bytes) Hash 886c55f928f1047a4953707be810ff51 59e26ee46c822226888e4b0b684e03d956fba154 9fb96dcda84a79076c6a67e73ccba0b4cf5769d85044687750d73cecda83c157 HTTP Headers `GET / HTTP/1.1 Host: f0809950.xsph.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: openresty Date: Sun, 04 Jun 2023 18:35:43 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Last-Modified: Mon, 22 May 2023 17:55:18 GMT ETag: W/"6e2-5fc4bf94ec51a" Content-Encoding: gzip`

	f0809950.xsph.ru/favicon.ico	141.8.193.236	404 Not Found	281 B
URL GET HTTP/1.1 f0809950.xsph.ru/favicon.ico IP 141.8.193.236:80 ASN #35278 Sprinthost.ru LLC Requested by http://f0809950.xsph.ru/ File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size 281 B (281 bytes) Hash f6bd098894335e0b813b66e0a14fd7b5 b9d3c601fa4bc322725c21b9331f741009b8f79f 1b8d5b24c1f2eb7ad90a73b31d14c7601f630f9b02e223dd0e11032ccc0edb6b HTTP Headers `GET /favicon.ico HTTP/1.1 Host: f0809950.xsph.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://f0809950.xsph.ru/ Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 404 Not Found Server: openresty Date: Sun, 04 Jun 2023 18:35:43 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 281 Connection: keep-alive`

	www.googletagmanager.com/gtag/js?id=G-STC3CT2301	142.250.74.168	200 OK	81 kB
URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-STC3CT2301 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://autofaucet.org/wm/snobby/2 Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint73:BF:B0:D4:62:48:8E:EF:09:5F:00:57:95:98:82:16:BB:07:35:0C ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT File type ASCII text, with very long lines (3288) Size 81 kB (81092 bytes) Hash 81329b29e9122a038007e85612406774 532ece102855181f0b55f5037f458d081f271534 42cccd0d13b05ef980473b5962d3e3f36425bc7c744f7126021e42855f7d1f0e HTTP Headers `GET /gtag/js?id=G-STC3CT2301 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://autofaucet.org/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Sun, 04 Jun 2023 18:35:43 GMT expires: Sun, 04 Jun 2023 18:35:43 GMT cache-control: private, max-age=900 strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 81092 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	chatbot.theb.ai/	104.26.7.188	200 OK	0 B
URL GET HTTP/2 chatbot.theb.ai/ IP 104.26.7.188:443 ASN #13335 CLOUDFLARENET Requested by http://f0809950.xsph.ru/ Certificate IssuerLet's Encrypt Subjecttheb.ai Fingerprint23:DE:46:69:37:E3:A6:8E:4C:65:15:5C:98:99:EA:A6:FE:47:F4:F9 ValidityTue, 18 Apr 2023 09:05:18 GMT - Mon, 17 Jul 2023 09:05:17 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET / HTTP/1.1 Host: chatbot.theb.ai User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://f0809950.xsph.ru/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 04 Jun 2023 18:35:43 GMT content-type: text/html last-modified: Wed, 15 Mar 2023 15:11:51 GMT vary: Accept-Encoding x-frame-options: SAMEORIGIN cf-cache-status: DYNAMIC nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t2LXLz%2F%2BW68BB5Jra1PcP1G1ZTqWnTPsFMpi%2Byb1jHwoKCyu3vRWWCnQ1bbs01wUzxUuXDlUYB9mULv%2FwqYL3W05qTSK%2F9BccIkXCVgqD5%2BaypmkmHr%2BntW6ue%2F9OsEizw%3D%3D"}],"group":"cf-nel","max_age":604800}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=t7C9XhczB39_oQgWLL9rEA.aPxp_fQMz8UVU8tFdu6w-1685903743-0-AUXnH-mi58ACej2AIA8EK_zI_zaaV2MR_wEbNEVbyEkKfnWD7Ij0l3iL-VT49j0kSHiW5y62ZkyKBfaBNk57tisgRaOKcYltXJjYR9RXjXLbvD6yKH__QfYn-QFvKMpdIdt805ldqrzW26WFS0Cu9UA"}],"group":"cf-csp-endpoint","max_age":86400} content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=t7C9XhczB39_oQgWLL9rEA.aPxp_fQMz8UVU8tFdu6w-1685903743-0-AUXnH-mi58ACej2AIA8EK_zI_zaaV2MR_wEbNEVbyEkKfnWD7Ij0l3iL-VT49j0kSHiW5y62ZkyKBfaBNk57tisgRaOKcYltXJjYR9RXjXLbvD6yKH__QfYn-QFvKMpdIdt805ldqrzW26WFS0Cu9UA; report-to cf-csp-endpoint server: cloudflare cf-ray: 7d2246fbdb7efab8-OSL content-encoding: br X-Firefox-Spdy: h2

	autofaucet.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	104.21.5.68	200 OK	12 kB
URL GET HTTP/3 autofaucet.org/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 104.21.5.68:443 ASN #13335 CLOUDFLARENET Requested by https://autofaucet.org/wm/snobby/2 Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint14:40:F0:2E:9B:46:AE:23:F0:CB:D0:1A:CB:9B:0A:E0:96:F8:AA:22 ValidityMon, 11 Jul 2022 00:00:00 GMT - Mon, 10 Jul 2023 23:59:59 GMT File type ASCII text, with very long lines (12331) Size 12 kB (12332 bytes) Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 HTTP Headers `GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1 Host: autofaucet.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://autofaucet.org/wm/snobby/2 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Sun, 04 Jun 2023 18:35:43 GMT content-type: application/javascript last-modified: Tue, 30 May 2023 15:21:01 GMT etag: W/"6476145d-302c" report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kK51A2x2LKmGsH1wxyIcb5ruko9qUbFwvB3gl3o2%2FEdQYAYHbfBae3oPHJthiA4xxFYSwEmaOLIEW0kwzYKeIHqFT50Gncflgy1PUnoOMrB9Olj9zE1jwB%2F4Ue%2BB70RRDQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 7d2246fe892ab524-OSL x-frame-options: DENY x-content-type-options: nosniff expires: Tue, 06 Jun 2023 18:35:43 GMT cache-control: max-age=172800, public content-encoding: gzip

	autofaucet.org/wm/snobby/2	104.21.5.68	200 OK	902 B
URL GET HTTP/2 autofaucet.org/wm/snobby/2 IP 104.21.5.68:443 ASN #13335 CLOUDFLARENET Requested by http://f0809950.xsph.ru/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint14:40:F0:2E:9B:46:AE:23:F0:CB:D0:1A:CB:9B:0A:E0:96:F8:AA:22 ValidityMon, 11 Jul 2022 00:00:00 GMT - Mon, 10 Jul 2023 23:59:59 GMT File type HTML document, ASCII text, with very long lines (941), with no line terminators Size 902 B (902 bytes) Hash 42586d7b51d4d25bed8a826b4a81faa6 5fa1db86ad2cd67df240a7596df1548ef8f1736c 96d34528817c904bc17b7dbf4de42e5fc8a574467dfdbd16c74d791949d17713 HTTP Headers `GET /wm/snobby/2 HTTP/1.1 Host: autofaucet.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: http://f0809950.xsph.ru/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 04 Jun 2023 18:35:43 GMT content-type: text/html; charset=UTF-8 cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qqMOb6wO6%2FNHpWf43yrif24pYEILedyOFR1Rmp03gCEDhGlp5NrXNMmu4BMpdY6RUiy9J1O22psyNGd4tbHx%2BDu2cfZgvopox1dk1460opqE6y%2B0QK4FkH0V%2BUXcJZu7Ug%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 7d2246fbc84cb50c-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2