ruralvia.es.xsph.ru Open in urlscan Pro
2a0a:2b47:c:6777:: Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://opera3energy.com/qwqweqw/
Effective URL:
http://ruralvia.es.xsph.ru/isum/
Submission: On September 16 via manual (September 16th 2020, 4:16:19 pm UTC) from ES

Summary HTTP 18 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 8 domains to perform 18 HTTP transactions. The main IP is 2a0a:2b47:c:6777::, located in Russian Federation and belongs to SPRINTHOST, RU. The main domain is ruralvia.es.xsph.ru.

This is the only time ruralvia.es.xsph.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Grupo Caja Rural (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	112.213.89.102 112.213.89.102	45544 (SUPERDATA...) (SUPERDATA-AS-VN SUPERDATA-)
11	2a0a:2b47:c:6... 2a0a:2b47:c:6777::	35278 (SPRINTHOST) (SPRINTHOST)
1 2	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:819::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:81f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE)
18	6

1 112.213.89.102 (Viet Nam)

ASN45544 (SUPERDATA-AS-VN SUPERDATA-, VN)
PTR: ns89102.dotvndns.vn

opera3energy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a0a:2b47:c:6777:: (Russian Federation)

ASN35278 (SPRINTHOST, RU)

ruralvia.es.xsph.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	xsph.ru ruralvia.es.xsph.ru	93 KB
3	gstatic.com fonts.gstatic.com	27 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
1	google.de www.google.de	513 B
1	google.com 1 redirects www.google.com	590 B
1	doubleclick.net 1 redirects stats.g.doubleclick.net	484 B
1	googleapis.com fonts.googleapis.com	1 KB
1	opera3energy.com opera3energy.com	426 B
18	8

	Domain	Requested by
11	ruralvia.es.xsph.ru	ruralvia.es.xsph.ru
3	fonts.gstatic.com	fonts.googleapis.com
2	www.google-analytics.com	1 redirects ruralvia.es.xsph.ru
1	www.google.de	ruralvia.es.xsph.ru
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	fonts.googleapis.com	ruralvia.es.xsph.ru
1	opera3energy.com
18	8

This site contains links to these domains. Also see Links.

Domain
www.ruralvia.com

Subject Issuer	Validity	Valid
opera3energy.com cPanel, Inc. Certification Authority	`2020-09-10` - `2020-12-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://ruralvia.es.xsph.ru/isum/
Frame ID: 7E890AEA4E9DA364AC83D12C9EBC759C
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://opera3energy.com/qwqweqw/ Page URL
http://ruralvia.es.xsph.ru/isum/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

18
Requests

39 %
HTTPS

88 %
IPv6

8
Domains

8
Subdomains

6
IPs

4
Countries

140 kB
Transfer

185 kB
Size

5
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ruralvia.com/isum/Main?ISUM_SCR=login&loginType=accesoSeguro&ISUM_Portal=17&acceso_idioma=es_ES
Title: recordar clave.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://opera3energy.com/qwqweqw/ Page URL
http://ruralvia.es.xsph.ru/isum/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

http://www.google-analytics.com/ga.js HTTP 307
https://www.google-analytics.com/ga.js

Request Chain 8

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=2122088533&utmhn=ruralvia.es.xsph.ru&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Caja%20Rural%20de%20Jaen&utmhid=1106561623&utmr=-&utmp=%2Fisum%2F&utmht=1600272961647&utmac=UA-17067881-1&utmcc=__utma%3D109820166.1614318871.1600272962.1600272962.1600272962.1%3B%2B__utmz%3D109820166.1600272962.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=347746419&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=2122088533&utmhn=ruralvia.es.xsph.ru&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Caja%20Rural%20de%20Jaen&utmhid=1106561623&utmr=-&utmp=%2Fisum%2F&utmht=1600272961647&utmac=UA-17067881-1&utmcc=__utma%3D109820166.1614318871.1600272962.1600272962.1600272962.1%3B%2B__utmz%3D109820166.1600272962.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=347746419&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-17067881-1&cid=1614318871.1600272962&jid=347746419&_v=5.7.2&z=2122088533 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17067881-1&cid=1614318871.1600272962&jid=347746419&_v=5.7.2&z=2122088533 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17067881-1&cid=1614318871.1600272962&jid=347746419&_v=5.7.2&z=2122088533&slf_rd=1&random=3930745036

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
opera3energy.com/qwqweqw/ 76 B
426 B 1052ms
281ms Document
text/html 112.213.89.102
SUPERDATA-AS-VN S...

General

Check archive.org

Show headers Download Go to

Full URL: https://opera3energy.com/qwqweqw/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 112.213.89.102 , Viet Nam, ASN45544 (SUPERDATA-AS-VN SUPERDATA-, VN),
Reverse DNS: ns89102.dotvndns.vn
Software: Apache / PHP/7.0.33
Resource Hash: 1ff9abbe5aa89f68079e2aab30cf3d30cd59efbbd820a833d5ec8ee421fa5f34

Request headers

Host: opera3energy.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 16:16:01 GMT
Server: Apache
X-Powered-By: PHP/7.0.33
Vary: Accept-Encoding
Content-Encoding: br
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 73
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Primary Request / Show response
ruralvia.es.xsph.ru/isum/ 12 KB
4 KB 108ms
49ms Document
text/html 2a0a:2b47:c:6777::
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://ruralvia.es.xsph.ru/isum/
Protocol: HTTP/1.1
Server: 2a0a:2b47:c:6777:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: 921500c50d33687b45ca636df979047502e2837b3adf00ab0cc95432a7b8bd10

Request headers

Host: ruralvia.es.xsph.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: openresty
Date: Wed, 16 Sep 2020 16:16:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

GET
H/1.1 200
OK rviaLogin.css
ruralvia.es.xsph.ru/isum/content/ 17 KB
18 KB 50ms
49ms Stylesheet
text/css 2a0a:2b47:c:6777::
SPRINTHOST

General

Check archive.org

Show headers Download Go to

Full URL: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
Requested by: Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/
Protocol: HTTP/1.1
Server: 2a0a:2b47:c:6777:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: 09f9dd607eeb33de09253f98ea18774107fad60ee3a5d710ac6ed8c0caa6079a

Request headers

Referer: http://ruralvia.es.xsph.ru/isum/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 16:16:01 GMT
Server: openresty
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=604800
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Expires: Wed, 23 Sep 2020 16:16:01 GMT

GET
H2

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

45 KB
17 KB

27ms
6ms

Script
text/javascript

2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://ruralvia.es.xsph.ru/isum/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 4061
date: Wed, 16 Sep 2020 15:08:20 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Wed, 16 Sep 2020 17:08:20 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK info_psd2.svg
ruralvia.es.xsph.ru/isum/content/ 47 KB
47 KB 88ms
45ms Image
image/svg+xml 2a0a:2b47:c:6777::
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ruralvia.es.xsph.ru/isum/content/info_psd2.svg
Requested by: Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/
Protocol: HTTP/1.1
Server: 2a0a:2b47:c:6777:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: 509805421bb51434ceb54f81e2210cff4968a8c4140587cc70264e15d45e6696

Request headers

Referer: http://ruralvia.es.xsph.ru/isum/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 16:16:01 GMT
Server: openresty
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=604800
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Expires: Wed, 23 Sep 2020 16:16:01 GMT

GET
H/1.1 200
OK telefono.jpg
ruralvia.es.xsph.ru/isum/content/ 2 KB
2 KB 133ms
89ms Image
image/jpeg 2a0a:2b47:c:6777::
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ruralvia.es.xsph.ru/isum/content/telefono.jpg
Requested by: Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/
Protocol: HTTP/1.1
Server: 2a0a:2b47:c:6777:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: 5819e059aaa02db4ba199f883386b688eaaf1c71c50666d881947b618ae2c8b6

Request headers

Referer: http://ruralvia.es.xsph.ru/isum/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 16:16:01 GMT
Server: openresty
Transfer-Encoding: chunked
Content-Type: image/jpeg
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Expires: Wed, 23 Sep 2020 16:16:01 GMT

GET
H2 200 css
fonts.googleapis.com/ 15 KB
1 KB 34ms
15ms Stylesheet
text/css 2a00:1450:4001:819::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,700italic,400,700,600

Requested by

Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ac0c9d6111c2cd0da6ca1226037334a26e146e7efae3267b77822cea69a15726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 16 Sep 2020 16:16:01 GMT
server: ESF
date: Wed, 16 Sep 2020 16:16:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 16 Sep 2020 16:16:01 GMT

GET
H/1.1 200
OK logo.svg
ruralvia.es.xsph.ru/isum/content/ 12 KB
12 KB 47ms
46ms Image
image/svg+xml 2a0a:2b47:c:6777::
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ruralvia.es.xsph.ru/isum/content/logo.svg
Requested by: Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
Protocol: HTTP/1.1
Server: 2a0a:2b47:c:6777:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: aad5e9744b12853a66dc04189bfbba8b367613e51643aa91b000563074d3672b

Request headers

Referer: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 16:16:01 GMT
Server: openresty
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=604800
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Expires: Wed, 23 Sep 2020 16:16:01 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 25ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,700italic,400,700,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://ruralvia.es.xsph.ru
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,700italic,400,700,600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 18:25:30 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 78631
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Wed, 15 Sep 2021 18:25:30 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=2122088533&utmhn=ruralvia.es.xsph.ru&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=2122088533&utmhn=ruralvia.es.xsph.ru&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-17067881-1&cid=1614318871.1600272962&jid=347746419&_v=5.7.2&z=2122088533
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17067881-1&cid=1614318871.1600272962&jid=347746419&_v=5.7.2&z=2122088533
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17067881-1&cid=1614318871.1600272962&jid=347746419&_v=5.7.2&z=2122088533&slf_rd=1&random=3930745036

42 B
513 B

50ms
30ms

Image
image/gif

2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17067881-1&cid=1614318871.1600272962&jid=347746419&_v=5.7.2&z=2122088533&slf_rd=1&random=3930745036

Requested by

Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://ruralvia.es.xsph.ru/isum/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Sep 2020 16:16:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 16 Sep 2020 16:16:01 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17067881-1&cid=1614318871.1600272962&jid=347746419&_v=5.7.2&z=2122088533&slf_rd=1&random=3930745036
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK eye-view.svg
ruralvia.es.xsph.ru/isum/content/ 2 KB
2 KB 67ms
66ms Image
image/svg+xml 2a0a:2b47:c:6777::
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ruralvia.es.xsph.ru/isum/content/eye-view.svg
Requested by: Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
Protocol: HTTP/1.1
Server: 2a0a:2b47:c:6777:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: e6356f8b5072cd803d7dbd4fd05fa6e1a9fbc7b37847c91869a363f8947bb86e

Request headers

Referer: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 16:16:01 GMT
Server: openresty
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=604800
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Expires: Wed, 23 Sep 2020 16:16:01 GMT

GET
H/1.1 200
OK arrow.svg
ruralvia.es.xsph.ru/isum/content/ 964 B
1 KB 69ms
60ms Image
image/svg+xml 2a0a:2b47:c:6777::
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ruralvia.es.xsph.ru/isum/content/arrow.svg
Requested by: Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
Protocol: HTTP/1.1
Server: 2a0a:2b47:c:6777:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: 804059be177f745bf8b6ab1aa52106fd39c772da4df5067817cfae8a29cfeab0

Request headers

Referer: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 16:16:01 GMT
Server: openresty
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Expires: Wed, 23 Sep 2020 16:16:01 GMT

GET
H/1.1 200
OK icon-info.svg
ruralvia.es.xsph.ru/isum/content/ 683 B
944 B 117ms
99ms Image
image/svg+xml 2a0a:2b47:c:6777::
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ruralvia.es.xsph.ru/isum/content/icon-info.svg
Requested by: Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
Protocol: HTTP/1.1
Server: 2a0a:2b47:c:6777:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: a7437ba825edd317914a9d7e90bf9425dd7e90e8a56dee13fe2e1b2ac394927f

Request headers

Origin: http://ruralvia.es.xsph.ru
Referer: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 16:16:01 GMT
Server: openresty
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Expires: Wed, 23 Sep 2020 16:16:01 GMT

GET
H/1.1 200
OK ico-warning.svg
ruralvia.es.xsph.ru/isum/content/ 2 KB
2 KB 116ms
75ms Image
image/svg+xml 2a0a:2b47:c:6777::
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ruralvia.es.xsph.ru/isum/content/ico-warning.svg
Requested by: Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
Protocol: HTTP/1.1
Server: 2a0a:2b47:c:6777:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: b7f5a8431ee4a984e1590927d7c1069ca86cf4852074c26846e1a8b21a49c95c

Request headers

Referer: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 16:16:01 GMT
Server: openresty
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=604800
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Expires: Wed, 23 Sep 2020 16:16:01 GMT

GET
H/1.1 404
Not Found aviso.svg
ruralvia.es.xsph.ru/isum/content/images/ 294 B
294 B 120ms
86ms Image
text/html 2a0a:2b47:c:6777::
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ruralvia.es.xsph.ru/isum/content/images/aviso.svg
Requested by: Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
Protocol: HTTP/1.1
Server: 2a0a:2b47:c:6777:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: 023d5f913d783c955258f62afc24a3f2c0d39017a9cdd033d6ebdfec634d465a

Request headers

Referer: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 16:16:01 GMT
Content-Encoding: gzip
Server: openresty
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK contacto.svg
ruralvia.es.xsph.ru/isum/content/ 3 KB
3 KB 148ms
123ms Image
image/svg+xml 2a0a:2b47:c:6777::
SPRINTHOST

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ruralvia.es.xsph.ru/isum/content/contacto.svg
Requested by: Host: ruralvia.es.xsph.ru
URL: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
Protocol: HTTP/1.1
Server: 2a0a:2b47:c:6777:: , Russian Federation, ASN35278 (SPRINTHOST, RU),
Reverse DNS
Software: openresty /
Resource Hash: 36ec8a2c1c3a936316b64f686261db7eb0d1bc301f1d779cd844db268a933978

Request headers

Referer: http://ruralvia.es.xsph.ru/isum/content/rviaLogin.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 16 Sep 2020 16:16:01 GMT
Server: openresty
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=604800
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Expires: Wed, 23 Sep 2020 16:16:01 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,700italic,400,700,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://ruralvia.es.xsph.ru
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,700italic,400,700,600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 18:23:17 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 78764
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Wed, 15 Sep 2021 18:23:17 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,700italic,400,700,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://ruralvia.es.xsph.ru
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,700italic,400,700,600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 15 Sep 2020 18:23:48 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:49 GMT
server: sffe
age: 78733
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9180
x-xss-protection: 0
expires: Wed, 15 Sep 2021 18:23:48 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Grupo Caja Rural (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ruralvia.es.xsph.ru/	1970-01-19 12:31:13	Name: __utmt Value: 1
.ruralvia.es.xsph.ru/	1970-01-19 12:31:14	Name: __utmb Value: 109820166.1.10.1600272962
.ruralvia.es.xsph.ru/	1970-01-19 16:54:00	Name: __utmz Value: 109820166.1600272962.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.ruralvia.es.xsph.ru/	1969-12-31 23:59:59	Name: __utmc Value: 109820166
.ruralvia.es.xsph.ru/	1970-01-20 06:02:24	Name: __utma Value: 109820166.1614318871.1600272962.1600272962.1600272962.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
opera3energy.com
ruralvia.es.xsph.ru
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
112.213.89.102
2a00:1450:4001:800::2003
2a00:1450:4001:803::200e
2a00:1450:4001:819::2003
2a00:1450:4001:819::200a
2a00:1450:4001:81f::2004
2a00:1450:400c:c00::9a
2a0a:2b47:c:6777::
023d5f913d783c955258f62afc24a3f2c0d39017a9cdd033d6ebdfec634d465a
09f9dd607eeb33de09253f98ea18774107fad60ee3a5d710ac6ed8c0caa6079a
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1ff9abbe5aa89f68079e2aab30cf3d30cd59efbbd820a833d5ec8ee421fa5f34
36ec8a2c1c3a936316b64f686261db7eb0d1bc301f1d779cd844db268a933978
509805421bb51434ceb54f81e2210cff4968a8c4140587cc70264e15d45e6696
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
5819e059aaa02db4ba199f883386b688eaaf1c71c50666d881947b618ae2c8b6
804059be177f745bf8b6ab1aa52106fd39c772da4df5067817cfae8a29cfeab0
921500c50d33687b45ca636df979047502e2837b3adf00ab0cc95432a7b8bd10
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
a7437ba825edd317914a9d7e90bf9425dd7e90e8a56dee13fe2e1b2ac394927f
aad5e9744b12853a66dc04189bfbba8b367613e51643aa91b000563074d3672b
ac0c9d6111c2cd0da6ca1226037334a26e146e7efae3267b77822cea69a15726
b7f5a8431ee4a984e1590927d7c1069ca86cf4852074c26846e1a8b21a49c95c
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
e6356f8b5072cd803d7dbd4fd05fa6e1a9fbc7b37847c91869a363f8947bb86e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

ruralvia.es.xsph.ru Open in urlscan Pro 2a0a:2b47:c:6777:: Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

39 %HTTPS

88 %IPv6

8 Domains

8 Subdomains

6 IPs

4 Countries

140 kBTransfer

185 kBSize

5 Cookies

1 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

5 Cookies

Indicators

ruralvia.es.xsph.ru Open in urlscan Pro
2a0a:2b47:c:6777:: Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

39 %
HTTPS

88 %
IPv6

8
Domains

8
Subdomains

6
IPs

4
Countries

140 kB
Transfer

185 kB
Size

5
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!