urlscan.io logo urlscan.io
SecurityTrails logo

nabs762gma.temp.swtest.ru Open in urlscan Pro
77.222.40.105  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://itsssl.com/ruralvia
Effective URL: http://nabs762gma.temp.swtest.ru/client/login.php
Submission: On March 29 via manual from ES — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 5 countries across 9 domains to perform 17 HTTP transactions. The main IP is 77.222.40.105, located in Russian Federation and belongs to SWEB-AS, RU. The main domain is nabs762gma.temp.swtest.ru.
This is the only time nabs762gma.temp.swtest.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Grupo Caja Rural (Banking)

Domain & IP information

2    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
itsssl.com
13    77.222.40.105 (Russian Federation)

ASN44112 (SWEB-AS, RU)
PTR: vh297.sweb.ru
nabs762gma.temp.swtest.ru
2    2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    195.53.82.162 (Terrassa, Spain)

ASN57117 (RSI, ES)
PTR: 162.red-195-53-82.customer.static.ccgg.telefonica.net
www.ruralvia.com
1    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.nl
Apex Domain
Subdomains		 Transfer
13 swtest.ru
nabs762gma.temp.swtest.ru
177 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 35
17 KB
2 itsssl.com
itsssl.com
1 KB
1 google.nl
www.google.nl — Cisco Umbrella Rank: 8940
408 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
484 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 100
379 B
1 gstatic.com
fonts.gstatic.com
44 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47
1 KB
1 ruralvia.com
www.ruralvia.com
2 KB
17 9
Domain Requested by
13 nabs762gma.temp.swtest.ru 1 redirects nabs762gma.temp.swtest.ru
2 www.google-analytics.com 1 redirects nabs762gma.temp.swtest.ru
2 itsssl.com 2 redirects
1 www.google.nl nabs762gma.temp.swtest.ru
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com nabs762gma.temp.swtest.ru
1 www.ruralvia.com nabs762gma.temp.swtest.ru
17 9

This site contains no links.

Subject Issuer Validity Valid
www.ruralvia.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-03-13 -
2023-06-05		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://nabs762gma.temp.swtest.ru/client/login.php
Frame ID: E6403A06450A4A2B3D68B16BF13B69A1
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Caja Rural

Page URL History Show full URLs

  1. http://itsssl.com/ruralvia HTTP 301
    https://itsssl.com/ruralvia HTTP 301
    http://nabs762gma.temp.swtest.ru/ HTTP 302
    http://nabs762gma.temp.swtest.ru/client/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

17
Requests

18 %
HTTPS

78 %
IPv6

9
Domains

9
Subdomains

6
IPs

5
Countries

242 kB
Transfer

547 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://itsssl.com/ruralvia HTTP 301
    https://itsssl.com/ruralvia HTTP 301
    http://nabs762gma.temp.swtest.ru/ HTTP 302
    http://nabs762gma.temp.swtest.ru/client/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://www.google-analytics.com/ga.js HTTP 307
  • https://www.google-analytics.com/ga.js
Request Chain 9
  • http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1406268617&utmhn=nabs762gma.temp.swtest.ru&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Caja%20Rural&utmhid=2114413181&utmr=-&utmp=%2Fclient%2Flogin.php&utmht=1680082605829&utmac=UA-12835961-1&utmcc=__utma%3D81648008.992932416.1680082606.1680082606.1680082606.1%3B%2B__utmz%3D81648008.1680082606.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1232480029&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
  • https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1406268617&utmhn=nabs762gma.temp.swtest.ru&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Caja%20Rural&utmhid=2114413181&utmr=-&utmp=%2Fclient%2Flogin.php&utmht=1680082605829&utmac=UA-12835961-1&utmcc=__utma%3D81648008.992932416.1680082606.1680082606.1680082606.1%3B%2B__utmz%3D81648008.1680082606.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1232480029&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-12835961-1&cid=992932416.1680082606&jid=1232480029&_v=5.7.2&z=1406268617 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-12835961-1&cid=992932416.1680082606&jid=1232480029&_v=5.7.2&z=1406268617 HTTP 302
  • https://www.google.nl/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-12835961-1&cid=992932416.1680082606&jid=1232480029&_v=5.7.2&z=1406268617&slf_rd=1&random=2084330961

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
nabs762gma.temp.swtest.ru/client/
Redirect Chain
  • http://itsssl.com/ruralvia
  • https://itsssl.com/ruralvia
  • http://nabs762gma.temp.swtest.ru/
  • http://nabs762gma.temp.swtest.ru/client/login.php
13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://nabs762gma.temp.swtest.ru/client/login.php
Protocol
HTTP/1.1
Server
77.222.40.105 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh297.sweb.ru
Software
nginx/1.23.2 / PHP/7.1.33
Resource Hash
f143f88d3952e78a275a6bbe19574c90508dc1e74c10e0b51ed8f0f9f9bb34c4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 29 Mar 2023 09:36:45 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=10
Pragma
no-cache
Server
nginx/1.23.2
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Powered-By
PHP/7.1.33

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 29 Mar 2023 09:36:44 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=10
Pragma
no-cache
Server
nginx/1.23.2
X-Powered-By
PHP/7.1.33
location
client/login.php
rviaLogin.css
nabs762gma.temp.swtest.ru/client/res/ 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/login.php
Protocol
HTTP/1.1
Server
77.222.40.105 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh297.sweb.ru
Software
nginx/1.23.2 /
Resource Hash
246c037026a7a16b204b4688fbcf320b35d95b17423082d9cee36b312a0c368b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/client/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 29 Mar 2023 09:36:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Feb 2023 22:10:54 GMT
Server
nginx/1.23.2
ETag
W/"30257df-4442-5f4236bd97780"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Keep-Alive
timeout=10
ga.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/ga.js
  • https://www.google-analytics.com/ga.js
45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/ga.js
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/login.php
Protocol
H2
Server
2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 29 Mar 2023 08:05:15 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
5490
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17168
expires
Wed, 29 Mar 2023 10:05:15 GMT

Redirect headers

Location
https://www.google-analytics.com/ga.js
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
info_psd2.svg
nabs762gma.temp.swtest.ru/client/res/ 		47 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nabs762gma.temp.swtest.ru/client/res/info_psd2.svg
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/login.php
Protocol
HTTP/1.1
Server
77.222.40.105 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh297.sweb.ru
Software
nginx/1.23.2 /
Resource Hash
509805421bb51434ceb54f81e2210cff4968a8c4140587cc70264e15d45e6696

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/client/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 29 Mar 2023 09:36:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Feb 2023 22:12:30 GMT
Server
nginx/1.23.2
ETag
W/"30257db-ba9c-5f42371924f80"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
image/svg+xml
Connection
keep-alive
Keep-Alive
timeout=10
telefono.jpg
www.ruralvia.com/accesos_cms/es/contenido_tres_archivos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.ruralvia.com/accesos_cms/es/contenido_tres_archivos/telefono.jpg
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.53.82.162 Terrassa, Spain, ASN57117 (RSI, ES),
Reverse DNS
162.red-195-53-82.customer.static.ccgg.telefonica.net
Software
/
Resource Hash
5819e059aaa02db4ba199f883386b688eaaf1c71c50666d881947b618ae2c8b6

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 29 Mar 2023 09:36:48 GMT
Last-Modified
Mon, 05 Nov 2018 02:20:38 GMT
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=98
Content-Length
1833
Content-Type
image/jpeg
loading.gif
nabs762gma.temp.swtest.ru/client/res/ 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nabs762gma.temp.swtest.ru/client/res/loading.gif
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/login.php
Protocol
HTTP/1.1
Server
77.222.40.105 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh297.sweb.ru
Software
nginx/1.23.2 /
Resource Hash
923e03262d1069a5e8a5071a04359e6e356756d5116c4ed3a496861095c894da

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/client/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 29 Mar 2023 09:36:45 GMT
Last-Modified
Wed, 08 Feb 2023 13:02:12 GMT
Server
nginx/1.23.2
ETag
"30257dc-df99-5f42fdf62fd00"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=10
Content-Length
57241
jq.js
nabs762gma.temp.swtest.ru/client/res/cdns/ 		287 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://nabs762gma.temp.swtest.ru/client/res/cdns/jq.js
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/login.php
Protocol
HTTP/1.1
Server
77.222.40.105 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh297.sweb.ru
Software
nginx/1.23.2 /
Resource Hash
9d02ee01919145c20b03ee9d3013af7118793dedf5d2c0696a773af90066c953

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/client/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 29 Mar 2023 09:36:45 GMT
Content-Encoding
gzip
Last-Modified
Mon, 02 Jan 2023 13:14:00 GMT
Server
nginx/1.23.2
ETag
W/"30257d4-47b27-5f147b9755600"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
Connection
keep-alive
Keep-Alive
timeout=10
css
fonts.googleapis.com/ 		16 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,700italic,400,700,600
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a125f56731750f15001719ac3c2b9ee3beec5bc37c3c21b46eef08c53c7fa07f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 29 Mar 2023 09:36:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 29 Mar 2023 09:20:23 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 29 Mar 2023 09:36:45 GMT
logo-ruralvia-mantenimiento.svg
nabs762gma.temp.swtest.ru/client/res/ 		12 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nabs762gma.temp.swtest.ru/client/res/logo-ruralvia-mantenimiento.svg
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
Protocol
HTTP/1.1
Server
77.222.40.105 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh297.sweb.ru
Software
nginx/1.23.2 /
Resource Hash
aad5e9744b12853a66dc04189bfbba8b367613e51643aa91b000563074d3672b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 29 Mar 2023 09:36:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Feb 2023 22:09:08 GMT
Server
nginx/1.23.2
ETag
W/"30257dd-2f1e-5f42365880900"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
image/svg+xml
Connection
keep-alive
Keep-Alive
timeout=10
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,700italic,400,700,600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://nabs762gma.temp.swtest.ru
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 08:37:39 GMT
x-content-type-options
nosniff
age
89946
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44856
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:20:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 27 Mar 2024 08:37:39 GMT
ga-audiences
www.google.nl/ads/
Redirect Chain
  • http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1406268617&utmhn=nabs762gma.temp.swtest.ru&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&u...
  • https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1406268617&utmhn=nabs762gma.temp.swtest.ru&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-12835961-1&cid=992932416.1680082606&jid=1232480029&_v=5.7.2&z=1406268617
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-12835961-1&cid=992932416.1680082606&jid=1232480029&_v=5.7.2&z=1406268617
  • https://www.google.nl/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-12835961-1&cid=992932416.1680082606&jid=1232480029&_v=5.7.2&z=1406268617&slf_rd=1&random=2084330961
42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.nl/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-12835961-1&cid=992932416.1680082606&jid=1232480029&_v=5.7.2&z=1406268617&slf_rd=1&random=2084330961
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/login.php
Protocol
H2
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Mar 2023 09:36:46 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 29 Mar 2023 09:36:46 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.nl/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-12835961-1&cid=992932416.1680082606&jid=1232480029&_v=5.7.2&z=1406268617&slf_rd=1&random=2084330961
content-type
text/html; charset=UTF-8
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
eye-view-mantenimiento.svg
nabs762gma.temp.swtest.ru/client/res/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nabs762gma.temp.swtest.ru/client/res/eye-view-mantenimiento.svg
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
Protocol
HTTP/1.1
Server
77.222.40.105 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh297.sweb.ru
Software
nginx/1.23.2 /
Resource Hash
e6356f8b5072cd803d7dbd4fd05fa6e1a9fbc7b37847c91869a363f8947bb86e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 29 Mar 2023 09:36:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Feb 2023 22:11:22 GMT
Server
nginx/1.23.2
ETag
W/"30257d8-8bf-5f4236d84b680"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
image/svg+xml
Connection
keep-alive
Keep-Alive
timeout=10
arrow-mantenimiento.svg
nabs762gma.temp.swtest.ru/client/res/ 		964 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nabs762gma.temp.swtest.ru/client/res/arrow-mantenimiento.svg
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
Protocol
HTTP/1.1
Server
77.222.40.105 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh297.sweb.ru
Software
nginx/1.23.2 /
Resource Hash
804059be177f745bf8b6ab1aa52106fd39c772da4df5067817cfae8a29cfeab0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 29 Mar 2023 09:36:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Feb 2023 22:14:24 GMT
Server
nginx/1.23.2
ETag
W/"30257cf-3c4-5f423785dd000"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
image/svg+xml
Connection
keep-alive
Keep-Alive
timeout=10
icon-info.svg
nabs762gma.temp.swtest.ru/client/res/ 		683 B
690 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nabs762gma.temp.swtest.ru/client/res/icon-info.svg
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
Protocol
HTTP/1.1
Server
77.222.40.105 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh297.sweb.ru
Software
nginx/1.23.2 /
Resource Hash
a7437ba825edd317914a9d7e90bf9425dd7e90e8a56dee13fe2e1b2ac394927f

Request headers

Referer
http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
Origin
http://nabs762gma.temp.swtest.ru
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 29 Mar 2023 09:36:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Feb 2023 22:11:44 GMT
Server
nginx/1.23.2
ETag
W/"30257da-2ab-5f4236ed46800"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
image/svg+xml
Connection
keep-alive
Keep-Alive
timeout=10
ico-warning-mantenimiento.svg
nabs762gma.temp.swtest.ru/client/res/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nabs762gma.temp.swtest.ru/client/res/ico-warning-mantenimiento.svg
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
Protocol
HTTP/1.1
Server
77.222.40.105 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh297.sweb.ru
Software
nginx/1.23.2 /
Resource Hash
b7f5a8431ee4a984e1590927d7c1069ca86cf4852074c26846e1a8b21a49c95c

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 29 Mar 2023 09:36:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Feb 2023 22:12:10 GMT
Server
nginx/1.23.2
ETag
W/"30257d9-762-5f42370612280"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
image/svg+xml
Connection
keep-alive
Keep-Alive
timeout=10
aviso.svg
nabs762gma.temp.swtest.ru/client/res/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nabs762gma.temp.swtest.ru/client/res/aviso.svg
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
Protocol
HTTP/1.1
Server
77.222.40.105 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh297.sweb.ru
Software
nginx/1.23.2 /
Resource Hash
7945d38f7854f4302e0e2914b064a5392a0b16ca617a0e70599a229b73ef058b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 29 Mar 2023 09:36:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Feb 2023 22:12:48 GMT
Server
nginx/1.23.2
ETag
W/"30257d0-847-5f42372a4f800"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
image/svg+xml
Connection
keep-alive
Keep-Alive
timeout=10
contacto.svg
nabs762gma.temp.swtest.ru/client/res/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://nabs762gma.temp.swtest.ru/client/res/contacto.svg
Requested by
Host: nabs762gma.temp.swtest.ru
URL: http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
Protocol
HTTP/1.1
Server
77.222.40.105 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS
vh297.sweb.ru
Software
nginx/1.23.2 /
Resource Hash
fa76f1a895b98f61e4103cfcb8343aa978bece5adbf80df8bd6558849797d0fe

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://nabs762gma.temp.swtest.ru/client/res/rviaLogin.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Wed, 29 Mar 2023 09:36:45 GMT
Content-Encoding
gzip
Server
nginx/1.23.2
Transfer-Encoding
chunked
Vary
Accept-Encoding, accept-language,accept-charset
Content-Language
nl
Content-Type
text/html; charset=iso-8859-1
Connection
keep-alive
Keep-Alive
timeout=10

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Grupo Caja Rural (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| _gat object| _gaq object| gaGlobal function| regeneracionClave function| validaAcceso undefined| iPass undefined| iNif function| changeNifVisibility function| changePassVisibility function| $ function| jQuery function| sendLogin

8 Cookies

Domain/Path Name / Value
itsssl.com/ Name: PHPSESSID
Value: 47f40f63b7122bc00686071f847fcd46
itsssl.com/ Name: short_ruralvia
Value: 1
nabs762gma.temp.swtest.ru/ Name: PHPSESSID
Value: 177282c8e6de62486a1a5ffa2e9e1572
.nabs762gma.temp.swtest.ru/ Name: __utma
Value: 81648008.992932416.1680082606.1680082606.1680082606.1
.nabs762gma.temp.swtest.ru/ Name: __utmc
Value: 81648008
.nabs762gma.temp.swtest.ru/ Name: __utmz
Value: 81648008.1680082606.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.nabs762gma.temp.swtest.ru/ Name: __utmt
Value: 1
.nabs762gma.temp.swtest.ru/ Name: __utmb
Value: 81648008.1.10.1680082606

1 Console Messages

Source Level URL
Text
network error URL: http://nabs762gma.temp.swtest.ru/client/res/contacto.svg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
itsssl.com
nabs762gma.temp.swtest.ru
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.nl
www.ruralvia.com
195.53.82.162
2001:4860:4802:38::178
2a00:1450:4001:80b::2004
2a00:1450:4001:811::2003
2a00:1450:4001:828::200a
2a00:1450:4001:82b::2003
2a00:1450:400c:c00::9a
2a06:98c1:3120::3
77.222.40.105
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
246c037026a7a16b204b4688fbcf320b35d95b17423082d9cee36b312a0c368b
509805421bb51434ceb54f81e2210cff4968a8c4140587cc70264e15d45e6696
5819e059aaa02db4ba199f883386b688eaaf1c71c50666d881947b618ae2c8b6
7945d38f7854f4302e0e2914b064a5392a0b16ca617a0e70599a229b73ef058b
804059be177f745bf8b6ab1aa52106fd39c772da4df5067817cfae8a29cfeab0
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
923e03262d1069a5e8a5071a04359e6e356756d5116c4ed3a496861095c894da
9d02ee01919145c20b03ee9d3013af7118793dedf5d2c0696a773af90066c953
a125f56731750f15001719ac3c2b9ee3beec5bc37c3c21b46eef08c53c7fa07f
a7437ba825edd317914a9d7e90bf9425dd7e90e8a56dee13fe2e1b2ac394927f
aad5e9744b12853a66dc04189bfbba8b367613e51643aa91b000563074d3672b
b7f5a8431ee4a984e1590927d7c1069ca86cf4852074c26846e1a8b21a49c95c
e6356f8b5072cd803d7dbd4fd05fa6e1a9fbc7b37847c91869a363f8947bb86e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f143f88d3952e78a275a6bbe19574c90508dc1e74c10e0b51ed8f0f9f9bb34c4
fa76f1a895b98f61e4103cfcb8343aa978bece5adbf80df8bd6558849797d0fe