sarratillo.com
Open in
urlscan Pro
185.37.226.205
Malicious Activity!
Public Scan
Effective URL: https://sarratillo.com/Trust_wallet/TrustW-phrase.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXB...
Submission: On August 16 via api from JP — Scanned from ES
Summary
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on September 8th 2021. Valid for: a year.
This is the only time sarratillo.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Trustwallet (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 185.37.226.205 185.37.226.205 | 57286 (ASGIGAS) (ASGIGAS) | |
2 | 2 |
ASN57286 (ASGIGAS, ES)
PTR: gracious-leakey.185-37-226-205.plesk.page
sarratillo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
sarratillo.com
1 redirects
sarratillo.com |
340 KB |
2 | 1 |
Domain | Requested by | |
---|---|---|
3 | sarratillo.com |
1 redirects
sarratillo.com
|
2 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.sarratillo.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 |
2021-09-08 - 2022-09-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sarratillo.com/Trust_wallet/TrustW-phrase.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNC4wLjUxMTIuNzkgU2FmYXJpLzUzNy4zNjQ1LjE1Mi4xODMuMjkyMDIyOkF1ZzpUdWU=
Frame ID: 0CC8ADA41DA802AE678472E15176A21B
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Best Cryptocurrency Wallet | Ethereum Wallet | ERC20 Wallet | Trust WalletPage URL History Show full URLs
-
https://sarratillo.com/Trust_wallet/
HTTP 302
https://sarratillo.com/Trust_wallet/TrustW-phrase.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDs... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://sarratillo.com/Trust_wallet/
HTTP 302
https://sarratillo.com/Trust_wallet/TrustW-phrase.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwNC4wLjUxMTIuNzkgU2FmYXJpLzUzNy4zNjQ1LjE1Mi4xODMuMjkyMDIyOkF1ZzpUdWU= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
2 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
TrustW-phrase.php
sarratillo.com/Trust_wallet/ Redirect Chain
|
705 KB 310 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
58 KB 58 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
55 KB 55 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
55 KB 55 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
260 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
53 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
sarratillo.com/Trust_wallet/TrustW_files/ |
86 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
96 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Trustwallet (Crypto)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
sarratillo.com
185.37.226.205
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
4391d332477e8753d93fea4d414cb314bc95a7d701b23b7a7dc51d4f005c53e9
8899b62d74d06f482f132b600d49c9a51cf13a3d830ac35d158f8cce65079c20
a1b7af64192de2e72f7f2d676d357ac14997c68a0bfd4e3a5107be949e652f22
a61c089861e3cd5bb3a48cf80da84cbe10bd65b5ef6a9276fa43f4e8599876cf
b0f88497ffd84bfb6b27394369e6de99f09c4836a0e3a27d573c7c23371eede9
c8acb08a3eb31d5773627ecc8e364edef3ec417fd794ce4cac7b8f536e7b46aa
d41a3a2099cef3b3c68e1096580a9093a358bd7292b89caf8edb93d66df58864
d875556135e6cd96c417240f22d3744feede77b33fa93287c553193fed04233e
dd6cd52bf15d2f5bf7519cd3d876ae2d37306e77d1a95a63e867e6c95ab9c49e