raftersbrand.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 107.172.59.23, located in United States and belongs to AS-COLOCROSSING, US. The main domain is raftersbrand.com.
TLS certificate: Issued by R3 on February 27th 2022. Valid for: 3 months.

This is the only time raftersbrand.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banca di Asti (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.25.233.53 104.25.233.53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	107.172.59.23 107.172.59.23	36352 (AS-COLOCR...) (AS-COLOCROSSING)
1	104.16.125.175 104.16.125.175	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2

1 104.25.233.53 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

is.gd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 107.172.59.23 (United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: 107-172-59-23-host.colocrossing.com

raftersbrand.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.125.175 (None, )

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	raftersbrand.com raftersbrand.com	114 KB
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 821	4 KB
1	is.gd 1 redirects is.gd — Cisco Umbrella Rank: 72181	464 B
5	3

	Domain	Requested by
4	raftersbrand.com	raftersbrand.com
1	unpkg.com	raftersbrand.com
1	is.gd	1 redirects
5	3

This site contains no links.

Subject Issuer	Validity	Valid
raftersbrand.com R3	`2022-02-27` - `2022-05-28`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-02` - `2022-07-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://raftersbrand.com/
Frame ID: F010A8BA7D595150619E20F3FFA91682
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://is.gd/2IqN2o HTTP 301
https://raftersbrand.com/ Page URL

Detected technologies

Pure CSS (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+(?:([\d.])+/)?pure(?:-min)?\.css

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

118 kB
Transfer

129 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://is.gd/2IqN2o HTTP 301
https://raftersbrand.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
raftersbrand.com/
Redirect Chain

https://is.gd/2IqN2o
https://raftersbrand.com/

3 KB
3 KB

432ms
180ms

Document
text/html

107.172.59.23
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://raftersbrand.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 107.172.59.23 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 107-172-59-23-host.colocrossing.com
Software: Apache /
Resource Hash: f0ad917557abf48b95b162acee14bdbf018f2b09ce8d9051f0490b1d0fb89fa9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: it-IT,it;q=0.9

Response headers

Date: Mon, 07 Mar 2022 15:15:45 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

date: Mon, 07 Mar 2022 15:15:45 GMT
content-type: text/html; charset=UTF-8
location: https://raftersbrand.com/
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k1eubtIkCcafDSYUw1GYTK1KGJB9rgIdoy%2FMl9696d743kkzts8Scy0rbb492NR%2FNzMxWp6woxvBJnJk%2BX8erapHNYEnedpyDC4n2NI0nidIPN%2FTTIt8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e8449cfb82bf937-MXP

GET
H/1.1 200
OK logo.png
raftersbrand.com/ 9 KB
9 KB 122ms
122ms Image
image/png 107.172.59.23
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://raftersbrand.com/logo.png
Requested by: Host: raftersbrand.com
URL: https://raftersbrand.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 107.172.59.23 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 107-172-59-23-host.colocrossing.com
Software: Apache /
Resource Hash: 79f6681aa1158003c52df80aef7cf4ae050c3fe3e99bffa907edb01da1079880

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://raftersbrand.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 07 Mar 2022 15:15:45 GMT
Last-Modified: Tue, 21 Sep 2021 01:08:12 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 9115

GET
H2 200 pure-min.css
unpkg.com/purecss@2.0.5/build/ 16 KB
4 KB 75ms
42ms Stylesheet
text/css 104.16.125.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/purecss@2.0.5/build/pure-min.css

Requested by

Host: raftersbrand.com
URL: https://raftersbrand.com/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

104.16.125.175 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d0b11cc95b046dabdab9a5bbe9c3035d2db1d7036e644acbb9e00b7c639f3f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://raftersbrand.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 07 Mar 2022 15:15:45 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 27514560
fly-request-id: 01F3YF8ZY13MQCA9RNR1HQE6D4
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"4195-XLNKX4yxaMYG7+jslQdUA8knpHQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 6e8449d3b8be5a19-MXP

GET
H/1.1 200
OK jquery-latest.min.js Show response
raftersbrand.com/ 84 KB
84 KB 244ms
121ms Script
application/javascript 107.172.59.23
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://raftersbrand.com/jquery-latest.min.js
Requested by: Host: raftersbrand.com
URL: https://raftersbrand.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 107.172.59.23 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 107-172-59-23-host.colocrossing.com
Software: Apache /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://raftersbrand.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 07 Mar 2022 15:15:46 GMT
Last-Modified: Wed, 27 Jan 2021 04:41:18 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 85578

GET
H/1.1 200
OK alert.png
raftersbrand.com/ 17 KB
18 KB 362ms
121ms Image
image/png 107.172.59.23
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://raftersbrand.com/alert.png
Requested by: Host: raftersbrand.com
URL: https://raftersbrand.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 107.172.59.23 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 107-172-59-23-host.colocrossing.com
Software: Apache /
Resource Hash: db74a5ed1d75f14480e2b93449eebb5f4764e4dce1a16ff6b010cb5a43711534

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://raftersbrand.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 07 Mar 2022 15:15:46 GMT
Last-Modified: Tue, 21 Sep 2021 03:03:12 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 17877

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banca di Asti (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			raftersbrand.com/	1970-01-23 17:00:26	Name: COOKIE_KEY Value: 164666614576

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

is.gd
raftersbrand.com
unpkg.com
104.16.125.175
104.25.233.53
107.172.59.23
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2d0b11cc95b046dabdab9a5bbe9c3035d2db1d7036e644acbb9e00b7c639f3f6
79f6681aa1158003c52df80aef7cf4ae050c3fe3e99bffa907edb01da1079880
db74a5ed1d75f14480e2b93449eebb5f4764e4dce1a16ff6b010cb5a43711534
f0ad917557abf48b95b162acee14bdbf018f2b09ce8d9051f0490b1d0fb89fa9

raftersbrand.com Open in urlscan Pro 107.172.59.23 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

118 kBTransfer

129 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

Indicators

raftersbrand.com Open in urlscan Pro
107.172.59.23 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

118 kB
Transfer

129 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!