spiritswalnut.com - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 7 HTTP transactions. The main IP is 162.241.175.18, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is spiritswalnut.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 20th 2020. Valid for: 3 months.

This is the only time spiritswalnut.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.123.54 167.89.123.54	11377 (SENDGRID) (SENDGRID)
1 6	162.241.175.18 162.241.175.18	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE)
1	69.89.31.230 69.89.31.230	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
7	3

1 167.89.123.54 (United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789123x54.outbound-mail.sendgrid.net

sendgrid.ara.cat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 162.241.175.18 (Provo, United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-175-18.unifiedlayer.com

spiritswalnut.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.89.31.230 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box430.bluehost.com

smallenvelop.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	spiritswalnut.com 1 redirects spiritswalnut.com	109 KB
1	smallenvelop.com smallenvelop.com
1	googleapis.com ajax.googleapis.com	29 KB
1	ara.cat 1 redirects sendgrid.ara.cat	236 B
7	4

	Domain	Requested by
6	spiritswalnut.com	1 redirects spiritswalnut.com
1	smallenvelop.com	spiritswalnut.com
1	ajax.googleapis.com	spiritswalnut.com
1	sendgrid.ara.cat	1 redirects
7	4

This site contains no links.

Subject Issuer	Validity	Valid
spiritswalnut.com cPanel, Inc. Certification Authority	`2020-05-20` - `2020-08-18`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-05-05` - `2020-07-28`	3 months	crt.sh
smallenvelop.com Let's Encrypt Authority X3	`2020-04-24` - `2020-07-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
Frame ID: 3CF1092F1806C245D0A4621A9EF77E1D
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://sendgrid.ara.cat/ls/click?upn=rIL7XOxopnl2OE56BQDPUgbLx8LDTWE1lm-2B139pVG3ddzNagKKct1wOy4jC5V... HTTP 302
https://spiritswalnut.com/retail/ HTTP 302
https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b398... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

7
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

138 kB
Transfer

191 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sendgrid.ara.cat/ls/click?upn=rIL7XOxopnl2OE56BQDPUgbLx8LDTWE1lm-2B139pVG3ddzNagKKct1wOy4jC5VE54iqYU_2MrNHf1wewIZRjNjStYSGkpwVZ8p2QtcF3iNhnpYXj7zPNnyi8DW-2FDQqxRo5AXxK4MYo9oNwwktoUzMGELYyIfTzFPnTasiakQcCVsmrbiCb60QDaU3rXL9cS4rQQm4u9LecuGFO8XUP4pHYikl6BWubm-2F9vbAGwjKKMg5Ufw3-2FbKieG2UnYjskqir0giE6Fzi8GjZe2exddCn9FoonqRJo4BeVQBAu8sxZ-2FetUwTYY-3D HTTP 302
https://spiritswalnut.com/retail/ HTTP 302
https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login.php Show response
spiritswalnut.com/retail/
Redirect Chain

http://sendgrid.ara.cat/ls/click?upn=rIL7XOxopnl2OE56BQDPUgbLx8LDTWE1lm-2B139pVG3ddzNagKKct1wOy4jC5VE54iqYU_2MrNHf1wewIZRjNjStYSGkpwVZ8p2QtcF3iNhnpYXj7zPNnyi8DW-2FDQqxRo5AXxK4MYo9oNwwktoUzMGELYyIfT...
https://spiritswalnut.com/retail/
https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9

3 KB
3 KB

259ms
259ms

Document
text/html

162.241.175.18
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.241.175.18 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-175-18.unifiedlayer.com
Software: Apache /
Resource Hash: 84e91b50cad72188fc33a63f340675081ab10a97655a0c99ff9435ecdeb77df1

Request headers

Host: spiritswalnut.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 26 May 2020 09:56:52 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Tue, 26 May 2020 09:56:52 GMT
Server: Apache
location: login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
29 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:820::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: spiritswalnut.com
URL: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 18 May 2020 23:22:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 642851
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 May 2021 23:22:41 GMT

GET
H/1.1 200
OK s1.png
spiritswalnut.com/retail/images/ 60 KB
60 KB 231ms
231ms Image
image/png 162.241.175.18
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://spiritswalnut.com/retail/images/s1.png
Requested by: Host: spiritswalnut.com
URL: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.241.175.18 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-175-18.unifiedlayer.com
Software: Apache /
Resource Hash: 2a19f97eff4abb6b5d0c706c5c396d544e3210a78903b4b5f231a7be77fc9bc5

Request headers

Referer: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 26 May 2020 09:56:52 GMT
Last-Modified: Thu, 30 Apr 2020 11:17:48 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 61683

GET
H/1.1 200
OK s2.png
spiritswalnut.com/retail/images/ 42 KB
42 KB 692ms
233ms Image
image/png 162.241.175.18
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://spiritswalnut.com/retail/images/s2.png
Requested by: Host: spiritswalnut.com
URL: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.241.175.18 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-175-18.unifiedlayer.com
Software: Apache /
Resource Hash: 8b3e0c45dba3e0a501572d4fa56a5e435a1b99372b1f2248d5754674eafe6228

Request headers

Referer: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 26 May 2020 09:56:53 GMT
Last-Modified: Thu, 30 Apr 2020 11:17:48 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 42725

GET
H/1.1 200
OK s3.png
spiritswalnut.com/retail/images/ 1 KB
2 KB 692ms
232ms Image
image/png 162.241.175.18
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://spiritswalnut.com/retail/images/s3.png
Requested by: Host: spiritswalnut.com
URL: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.241.175.18 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-175-18.unifiedlayer.com
Software: Apache /
Resource Hash: b274c87e5fd1680c0391260f1ed68a0ac242f59b6a97442e4d479c189c7111d7

Request headers

Referer: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 26 May 2020 09:56:53 GMT
Last-Modified: Thu, 30 Apr 2020 11:17:48 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1458

GET
H/1.1 200
OK s4.png
spiritswalnut.com/retail/images/ 1 KB
2 KB 712ms
235ms Image
image/png 162.241.175.18
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://spiritswalnut.com/retail/images/s4.png
Requested by: Host: spiritswalnut.com
URL: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.241.175.18 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 162-241-175-18.unifiedlayer.com
Software: Apache /
Resource Hash: 63016c9e4ab4573cc13ecf2cea6321e2e931b3c7e184ef6c72fd7099ab0fc2ba

Request headers

Referer: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 26 May 2020 09:56:53 GMT
Last-Modified: Thu, 30 Apr 2020 11:17:48 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1327

GET
H2 403 Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/ 0
0 839ms
283ms Image
text/html 69.89.31.230
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif
Requested by: Host: spiritswalnut.com
URL: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 69.89.31.230 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box430.bluehost.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spiritswalnut.com/retail/login.php?cmd=login_submit&id=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9&session=893b39853c5230c59c126641438fc9c9893b39853c5230c59c126641438fc9c9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
sendgrid.ara.cat
smallenvelop.com
spiritswalnut.com
162.241.175.18
167.89.123.54
2a00:1450:4001:820::200a
69.89.31.230
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2a19f97eff4abb6b5d0c706c5c396d544e3210a78903b4b5f231a7be77fc9bc5
63016c9e4ab4573cc13ecf2cea6321e2e931b3c7e184ef6c72fd7099ab0fc2ba
84e91b50cad72188fc33a63f340675081ab10a97655a0c99ff9435ecdeb77df1
8b3e0c45dba3e0a501572d4fa56a5e435a1b99372b1f2248d5754674eafe6228
b274c87e5fd1680c0391260f1ed68a0ac242f59b6a97442e4d479c189c7111d7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

spiritswalnut.com Open in urlscan Pro 162.241.175.18 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

138 kBTransfer

191 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

spiritswalnut.com Open in urlscan Pro
162.241.175.18 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

138 kB
Transfer

191 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!