ratarsed.co.uk
Open in
urlscan Pro
2606:4700:3037::ac43:c753
Malicious Activity!
Public Scan
Submission: On November 24 via manual from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 23rd 2020. Valid for: a year.
This is the only time ratarsed.co.uk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer) Excel / PDF download (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
17 | 2606:4700:303... 2606:4700:3037::ac43:c753 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
ratarsed.co.uk
ratarsed.co.uk |
200 KB |
17 | 1 |
Domain | Requested by | |
---|---|---|
17 | ratarsed.co.uk |
ratarsed.co.uk
|
17 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-11-23 - 2021-11-22 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
Frame ID: 19DB2BDAD8B6EE7511527F40E829ECF4
Requests: 8 HTTP requests in this frame
Frame:
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
Frame ID: 7DC63FAF6D8B48C7BECD78017F16D154
Requests: 9 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Windows Server (Operating Systems) Expand
Detected patterns
- html /<input[^>]+name="__VIEWSTATE/i
Microsoft ASP.NET (Web Frameworks) Expand
Detected patterns
- html /<input[^>]+name="__VIEWSTATE/i
IIS (Web Servers) Expand
Detected patterns
- html /<input[^>]+name="__VIEWSTATE/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
f9b164fa64523a613d71527a1ed3.php
ratarsed.co.uk/excel/6/oauth2/authorize/files/ |
40 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_1.css
ratarsed.co.uk/excel/6/oauth2/authorize/files/ |
45 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ewaother.png
ratarsed.co.uk/excel/6/oauth2/authorize/files/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ewacommon.png
ratarsed.co.uk/excel/6/oauth2/authorize/files/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ewaedit.png
ratarsed.co.uk/excel/6/oauth2/authorize/files/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.7.2.min.js
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ |
93 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.sim.utils.js
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ |
13 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.jpg
ratarsed.co.uk/excel/6/oauth2/authorize/files/ |
48 KB 48 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.php
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6 |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.7.2.min.js
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6 |
93 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.sim.utils.js
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6 |
13 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sfm-png-fix.js
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6 |
2 KB 848 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
excel.css
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6 |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
294.GIF
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6 |
7 KB 7 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
excel-Submit-0.png
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6 |
549 B 867 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
excel2013.png
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6 |
18 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6 |
673 B 1003 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer) Excel / PDF download (Online)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| sfm_refresh_captcha function| sfm_hyper_link_popup function| sfm_popup_form function| sfm_window_popup_form function| sfmFormObj function| sfm_show_loading_on_formsubmit function| sfm_clear_form function| sfm_init_special_action_button function| sfm_init_default_text object| $ifr1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ratarsed.co.uk/ | Name: __cfduid Value: de53943dc894ba140365bc41deb75bcf41606238068 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ratarsed.co.uk
2606:4700:3037::ac43:c753
3b3ddbd5a8dea7f9743b3d9a9821e219f33c21a91088f27424dba087c208870b
43a526a07a078d736e5c9d67d8479dd54072b7e5c6ddd2cd466f86a086e49ef5
9880c1bf4b33d130d7b977f068ddf6b566dc23453007fea4bab13de42fe40b55
9d16c77980e69cd796fbac3ab5b828fc707867303c991eebf2c5c14112ea655c
a14334cecd2ff3eab027a8cfa5c3632f7b630a9b4e4a7bc5804c6bdd027efb73
a1d3a4b5db9a1dae0dde8d18e7edc94ed4253290ea2e3a8ba43203657311022b
a379adb1028e345f0c739e3401ff7ff60c8663e898ca0e746f140aba329f74c0
a6bba9179a5ec451dc6f4c93ab99525f4fb5918ad1f65e201a03f54ad7f6c8c3
a9d68907dc3aba1d0be80f20a3f1b5d40dee98469ad512d14225a2712b0fd97c
b017df1defe56bb74395e69cf291beea481d7f97cdbe2cd50e9ea9f86f5570ca
baa641ac1e002d1f34211836f31e81832c05ac2c8545078488c07b5e2d58df03
bb87e9c96059f20821e4fe13900f60b7394752324574d38569381b98adc84196
e415b0a145ada29079ab18ceded80d4e597742c74f78cee816012412c825b85d
e65540513cb2a3e47e1d83f002ec50edb09a1b5572be0c0847cbc668569ade24
fef58f4d384c2763c7be72b7df1180f9e4a0c64f128659fb3d16a44fd5c0ef06