Submitted URL: http://gatcombefarmshop.co.uk/red.htm
Effective URL: https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2f...
Submission: On March 16 via manual from SG

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 6 HTTP transactions. The main IP is 213.186.33.40, located in France and belongs to OVH, FR. The main domain is www.ohletsgo.fr.
TLS certificate: Issued by Let's Encrypt Authority X3 on February 12th 2019. Valid for: 3 months.
This is the only time www.ohletsgo.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 3 2001:8d8:100f... 8560 (ONEANDONE...)
1 151.101.1.111 54113 (FASTLY)
4 213.186.33.40 16276 (OVH)
6 3
Apex Domain
Subdomains
Transfer
4 ohletsgo.fr
www.ohletsgo.fr
105 KB
3 gatcombefarmshop.co.uk
gatcombefarmshop.co.uk
2 KB
1 guim.co.uk
i.guim.co.uk
49 KB
6 3
Domain Requested by
4 www.ohletsgo.fr www.ohletsgo.fr
3 gatcombefarmshop.co.uk 2 redirects
1 i.guim.co.uk gatcombefarmshop.co.uk
6 3

This site contains links to these domains. Also see Links.

Domain
msft.sts.microsoft.com
Subject Issuer Validity Valid
guardian.map.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2018-10-23 -
2019-06-08
8 months crt.sh
odilebertrand.com
Let's Encrypt Authority X3
2019-02-12 -
2019-05-13
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f
Frame ID: 9B56627A4690E28E016BBDF3ABD331E3
Requests: 6 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://gatcombefarmshop.co.uk/red.htm Page URL
  2. http://gatcombefarmshop.co.uk/ox HTTP 301
    http://gatcombefarmshop.co.uk/ox/ HTTP 302
    https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosof... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

6
Requests

83 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

156 kB
Transfer

180 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://gatcombefarmshop.co.uk/red.htm Page URL
  2. http://gatcombefarmshop.co.uk/ox HTTP 301
    http://gatcombefarmshop.co.uk/ox/ HTTP 302
    https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
red.htm
gatcombefarmshop.co.uk/
2 KB
1 KB
Document
General
Full URL
http://gatcombefarmshop.co.uk/red.htm
Protocol
HTTP/1.1
Server
2001:8d8:100f:f000::2cb , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software
Apache /
Resource Hash
6397bfac8d0c2e08378406130d3b8b384d411052a2ea235e31b3e0e0c6d2ce65

Request headers

Host
gatcombefarmshop.co.uk
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type
text/html
Content-Length
978
Connection
keep-alive
Keep-Alive
timeout=15
Date
Sat, 16 Mar 2019 15:43:31 GMT
Server
Apache
Last-Modified
Fri, 15 Mar 2019 13:34:40 GMT
ETag
"740-5842219ca5c00-gzip"
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Cache-Control
max-age=3600
Expires
Sat, 16 Mar 2019 16:43:31 GMT
4013.jpg
i.guim.co.uk/img/media/9c38a0ee99de7c6b448d4f3f09dafcb78b5cf31c/236_240_4013_2408/master/
49 KB
49 KB
Image
General
Full URL
https://i.guim.co.uk/img/media/9c38a0ee99de7c6b448d4f3f09dafcb78b5cf31c/236_240_4013_2408/master/4013.jpg?width=1200&height=630&quality=85&auto=format&fit=crop&overlay-align=bottom%2Cleft&overlay-width=100p&overlay-base64=L2ltZy9zdGF0aWMvb3ZlcmxheXMvdGctZGVmYXVsdC5wbmc&s=7ca4575239aaf1a154a7059b8d49028c
Requested by
Host: gatcombefarmshop.co.uk
URL: http://gatcombefarmshop.co.uk/red.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.111 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bd39f2a7abe46091afc46900f75b268ef4812feca714ea5b5775111ff46512dc

Request headers

Referer
http://gatcombefarmshop.co.uk/red.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 16 Mar 2019 15:43:31 GMT
via
1.1 varnish, 1.1 varnish
age
215773
x-cache
HIT, MISS
fastly-io-info
ifsz=5002323 idim=4013x2408 ifmt=jpeg ofsz=50100 odim=1200x630 ofmt=webp
status
200
fastly-stats
io=1
content-length
50100
x-served-by
cache-lcy19227-LCY, cache-fra19170-FRA
server
AmazonS3
x-timer
S1552751012.561139,VS0,VE14
etag
"7wgRXWIbHEwcthl2xu2nTKTEm+Eiz1Va6C3aPJUfMZk"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 0
Primary Request Cookie set /
www.ohletsgo.fr/drt/
Redirect Chain
  • http://gatcombefarmshop.co.uk/ox
  • http://gatcombefarmshop.co.uk/ox/
  • https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21...
7 KB
3 KB
Document
General
Full URL
https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.186.33.40 , France, ASN16276 (OVH, FR),
Reverse DNS
cluster011.ovh.net
Software
Apache / PHP/5.4
Resource Hash
3d1cd4f8f79fb88e6e7237e8f2b9c7226bf3162bf5ea1aaab05de5625d05da88

Request headers

Host
www.ohletsgo.fr
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://gatcombefarmshop.co.uk/red.htm
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://gatcombefarmshop.co.uk/red.htm

Response headers

Set-Cookie
300gpBAK=R4178756556; path=/; expires=Sat, 16-Mar-2019 17:00:55 GMT 300gp=R588124257; path=/; expires=Sat, 16-Mar-2019 16:47:29 GMT PHPSESSID=9b3a477a0e28edd7b515a3c4d6d250ce; path=/
Date
Sat, 16 Mar 2019 15:43:33 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Server
Apache
X-Powered-By
PHP/5.4
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
X-IPLB-Instance
17343

Redirect headers

Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=15
Date
Sat, 16 Mar 2019 15:43:33 GMT
Server
Apache
X-Powered-By
PHP/7.2.15
Location
https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f
Cookie set style.css
www.ohletsgo.fr/drt/
27 KB
5 KB
Stylesheet
General
Full URL
https://www.ohletsgo.fr/drt/style.css
Requested by
Host: www.ohletsgo.fr
URL: https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.186.33.40 , France, ASN16276 (OVH, FR),
Reverse DNS
cluster011.ovh.net
Software
Apache /
Resource Hash
f6f351d7497a480963957fc49433646f2a97af7c84e502f0e7737f4d6fbd5185

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.ohletsgo.fr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f
Cookie
300gpBAK=R4178756556; 300gp=R588124257; PHPSESSID=9b3a477a0e28edd7b515a3c4d6d250ce
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 16 Mar 2019 15:43:33 GMT
Content-Encoding
gzip
Last-Modified
Fri, 15 Mar 2019 01:28:02 GMT
Server
Apache
X-IPLB-Instance
17343
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=900
Set-Cookie
300gp=R588124257; path=/; expires=Sat, 16-Mar-2019 17:01:37 GMT
Accept-Ranges
bytes
Content-Length
4729
Expires
Sat, 16 Mar 2019 15:58:33 GMT
Cookie set logo.png
www.ohletsgo.fr/drt/
1 KB
1 KB
Image
General
Full URL
https://www.ohletsgo.fr/drt/logo.png
Requested by
Host: www.ohletsgo.fr
URL: https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.186.33.40 , France, ASN16276 (OVH, FR),
Reverse DNS
cluster011.ovh.net
Software
Apache /
Resource Hash
f664b8138c2da6ec7565500a7cc839da6372614a31dc04c5a2169a26b8d9767c

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.ohletsgo.fr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f
Cookie
300gpBAK=R4178756556; 300gp=R588124257; PHPSESSID=9b3a477a0e28edd7b515a3c4d6d250ce
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 16 Mar 2019 15:43:33 GMT
Last-Modified
Fri, 15 Mar 2019 01:28:02 GMT
Server
Apache
X-IPLB-Instance
17343
Content-Type
image/png
Cache-Control
max-age=900
Set-Cookie
300gp=R588124257; path=/; expires=Sat, 16-Mar-2019 17:01:37 GMT
Accept-Ranges
bytes
Content-Length
1057
Expires
Sat, 16 Mar 2019 15:58:33 GMT
Cookie set msit_fba.jpg
www.ohletsgo.fr/drt/
95 KB
96 KB
Image
General
Full URL
https://www.ohletsgo.fr/drt/msit_fba.jpg
Requested by
Host: www.ohletsgo.fr
URL: https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.186.33.40 , France, ASN16276 (OVH, FR),
Reverse DNS
cluster011.ovh.net
Software
Apache /
Resource Hash
472642e023f7bbc385c990c398c26a2f9b78de91649dd1ffaefe2efab983481f

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.ohletsgo.fr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f
Cookie
300gpBAK=R4178756556; 300gp=R588124257; PHPSESSID=9b3a477a0e28edd7b515a3c4d6d250ce
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.ohletsgo.fr/drt/?certauth=031519&a123=wsfed?wa=wsignin1.0&wtrealm=https%3a%2f%2fmicrosoft.onmicrosoft.com%2foutlooksupport&wctx=rm%3d0%26id%3dpassive%26ru%3d%252f&wct=2019-03-14T20%3a21%3a29Z&wreply=https%3a%2f%2foutlook.support.office.net%2f
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 16 Mar 2019 15:43:33 GMT
Last-Modified
Fri, 15 Mar 2019 01:28:02 GMT
Server
Apache
X-IPLB-Instance
17330
Content-Type
image/jpeg
Cache-Control
max-age=900
Set-Cookie
300gp=R588124257; path=/; expires=Sat, 16-Mar-2019 16:47:29 GMT
Accept-Ranges
bytes
Content-Length
97769
Expires
Sat, 16 Mar 2019 15:58:33 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| ts

3 Cookies

Domain/Path Name / Value
www.ohletsgo.fr/ Name: PHPSESSID
Value: 9b3a477a0e28edd7b515a3c4d6d250ce
www.ohletsgo.fr/ Name: 300gp
Value: R588124257
www.ohletsgo.fr/ Name: 300gpBAK
Value: R4178756556