ratarsed.co.uk Open in urlscan Pro
2606:4700:3037::ac43:c753  Malicious Activity! Public Scan

URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170cc...
Submission: On November 24 via manual from US

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3037::ac43:c753, located in United States and belongs to CLOUDFLARENET, US. The main domain is ratarsed.co.uk.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 23rd 2020. Valid for: a year.
This is the only time ratarsed.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer) Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
17 2606:4700:303... 13335 (CLOUDFLAR...)
17 1
Apex Domain
Subdomains
Transfer
17 ratarsed.co.uk
ratarsed.co.uk
200 KB
17 1
Domain Requested by
17 ratarsed.co.uk ratarsed.co.uk
17 1

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-11-23 -
2021-11-22
a year crt.sh

This page contains 2 frames:

Primary Page: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
Frame ID: 19DB2BDAD8B6EE7511527F40E829ECF4
Requests: 8 HTTP requests in this frame

Frame: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
Frame ID: 7DC63FAF6D8B48C7BECD78017F16D154
Requests: 9 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i

Overall confidence: 100%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i

Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

17
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

200 kB
Transfer

415 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request f9b164fa64523a613d71527a1ed3.php
ratarsed.co.uk/excel/6/oauth2/authorize/files/
40 KB
5 KB
Document
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.11
Resource Hash
e415b0a145ada29079ab18ceded80d4e597742c74f78cee816012412c825b85d

Request headers

:method
GET
:authority
ratarsed.co.uk
:scheme
https
:path
/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:28 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=de53943dc894ba140365bc41deb75bcf41606238068; expires=Thu, 24-Dec-20 17:14:28 GMT; path=/; domain=.ratarsed.co.uk; HttpOnly; SameSite=Lax
x-powered-by
PHP/7.4.11
cf-cache-status
DYNAMIC
cf-request-id
069cd8f7bf00000ebbaa9fe000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tDsQisMC%2FaVCaVJAJlEultPx5oHmYGGDn8%2Bx5ERWerDvBQN8cnAlFaP1l%2BHQ2icD%2B2yg8PsCFgHRk3zQvtcikYuL%2BUdQBHxOWJIeFRDjT9ZiuNtizEpoQmwElA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
5f74c43939bb0ebb-FRA
content-encoding
br
index_1.css
ratarsed.co.uk/excel/6/oauth2/authorize/files/
45 KB
8 KB
Stylesheet
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/index_1.css
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6bba9179a5ec451dc6f4c93ab99525f4fb5918ad1f65e201a03f54ad7f6c8c3

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:28 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
etag
W/"b301-5b243820dcadd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uJrDVw%2BDJUNNZgJAksxWkkHUlq9W6NUTb1QZCh%2FqzRQETzXTouHkrvo3QKITIXBQRWIjTNTZZBxKqI7TsRkLeiWYNjRQXAz%2BGGFBgwfN6yNXk%2Bc7TbGunBB0EA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
5f74c43a9cc70ebb-FRA
cf-request-id
069cd8f8a000000ebb6c0fc000000001
ewaother.png
ratarsed.co.uk/excel/6/oauth2/authorize/files/
9 KB
9 KB
Image
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/ewaother.png
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb87e9c96059f20821e4fe13900f60b7394752324574d38569381b98adc84196

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:28 GMT
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
etag
"2293-5b243820d1b15"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KpyfNc1cTm1woP7ls7HKFhfglH9bMfINn0l8xa4ZmhMlN%2Bf7vyv6dbARj5V8MIhFg%2FcgHSesHnezhY2mgSPeoHdyojGGNlMT2u2H%2BqHi4m2%2FougPKo6acUfEvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
5f74c43a9ccc0ebb-FRA
content-length
8851
cf-request-id
069cd8f8a300000ebb4da09000000001
ewacommon.png
ratarsed.co.uk/excel/6/oauth2/authorize/files/
16 KB
16 KB
Image
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/ewacommon.png
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e65540513cb2a3e47e1d83f002ec50edb09a1b5572be0c0847cbc668569ade24

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:28 GMT
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:57 GMT
server
cloudflare
etag
"402a-5b243820ce07b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wgeLwjjAZDAgpuYxZVXvE6N%2B97VbpCcdvLehU%2F0mOcZz9ViwNjziuUSnNaG92mRk5wFh2%2FuumSbIB4cF63F7aDkF3HHP8I8xt0M45XnUnj7ezHXAj4y01yuzUg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
5f74c43a9cda0ebb-FRA
content-length
16426
cf-request-id
069cd8f8a300000ebb81376000000001
ewaedit.png
ratarsed.co.uk/excel/6/oauth2/authorize/files/
12 KB
13 KB
Image
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/ewaedit.png
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
baa641ac1e002d1f34211836f31e81832c05ac2c8545078488c07b5e2d58df03

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:28 GMT
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:57 GMT
server
cloudflare
etag
"30f6-5b243820d03a3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6H7uo0qXQEExhUL80yh711d%2FjuVXFptO%2Fca60qKGBXxoT%2BAZZ719bk5qgsqrlRoVlkGDPO%2Fl2rxmubPZb8D7fiuPHZ%2BfmsD1pkoXYaVblSieNPnZ2zOFfax54g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
5f74c43a9cdd0ebb-FRA
content-length
12534
cf-request-id
069cd8f8a300000ebb7236e000000001
jquery-1.7.2.min.js
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/
93 KB
32 KB
Script
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/jquery-1.7.2.min.js
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a14334cecd2ff3eab027a8cfa5c3632f7b630a9b4e4a7bc5804c6bdd027efb73

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:29 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
etag
W/"1727b-5b24382131419"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5qFxElYsdVOS1MTWd4BYqvq3ZhRLTBgfhU5kwmbonuHzr5UbLTo2NTgxvbVzVzaNRmXHyMQI%2F5ceZIo8YBa3EvqwnwkY608YsPxhohlnOklDy95YCFFD3wvT1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
5f74c43aacf20ebb-FRA
cf-request-id
069cd8f8a800000ebb31896000000001
jquery.sim.utils.js
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/
13 KB
4 KB
Script
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/jquery.sim.utils.js
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a379adb1028e345f0c739e3401ff7ff60c8663e898ca0e746f140aba329f74c0

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:29 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
etag
W/"3561-5b24382135122"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bgS2WC85EFAX%2BJkJOU3YUs%2FIlwQIpXNpufEx0YfIgBDsKJQhGsIML9qF5MHNCRgX7LGk%2B34IMqDfZQqnYF163x0lfBUFggTNb6waCdotY8x2S27UhWYv0gsV2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
5f74c43aacf50ebb-FRA
cf-request-id
069cd8f8a800000ebb2f276000000001
index.jpg
ratarsed.co.uk/excel/6/oauth2/authorize/files/
48 KB
48 KB
Image
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/index.jpg
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b017df1defe56bb74395e69cf291beea481d7f97cdbe2cd50e9ea9f86f5570ca

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:29 GMT
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
etag
"bedd-5b243820d78d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=G7WnTzDYi1V9tUzoMWjwzXGEZpdNRBq01vrdsjITFmzvwNNh57SRCMPr5biPXlmZw%2FGl%2Bve7OMZq%2BHnRSfwMsoY9K2aRRNtJH6TybP9Ee2L7T2Ry2dbp4DP1EA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
5f74c43b3e450ebb-FRA
content-length
48861
cf-request-id
069cd8f90800000ebb389b4000000001
login.php
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6
2 KB
1 KB
Document
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/jquery-1.7.2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.11
Resource Hash
9880c1bf4b33d130d7b977f068ddf6b566dc23453007fea4bab13de42fe40b55

Request headers

:method
GET
:authority
ratarsed.co.uk
:scheme
https
:path
/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=de53943dc894ba140365bc41deb75bcf41606238068
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/f9b164fa64523a613d71527a1ed3.php?client_id=77Inboxaspxnef1fd170ccfbdc0221777f74dfc8&Idef1fd170ccfbdc0221777f74dfc8&docbc2d58a2af3fbc8e4d7f80642bf3&login=

Response headers

date
Tue, 24 Nov 2020 17:14:29 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.4.11
cf-cache-status
DYNAMIC
cf-request-id
069cd8f95200000ebbba394000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wnrKORGKKY98BjjaQEQb1sEm3vm%2BLeMjLgFFBvjNjY535l98czvYB01aFw0p9s1TWMa%2F8%2FEZ%2FL0LCri7UgvpQt8fxIPOA5qQbIJZb116Jp7%2BDV2aJk96%2BEUZoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
5f74c43bbf3a0ebb-FRA
content-encoding
br
jquery-1.7.2.min.js
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6
93 KB
32 KB
Script
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/jquery-1.7.2.min.js
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a14334cecd2ff3eab027a8cfa5c3632f7b630a9b4e4a7bc5804c6bdd027efb73

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
age
1
etag
W/"1727b-5b24382131419"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ocR%2BpxLY48rSJ1I7n191xVmqVXWTBjD2X0%2F%2BEUhP8d4QJN4R5V2QA4YaPGpupy3ox%2BH0f2jtOiQbbcNdvEQldfoFDaasksGieBGspzFyXtmfxnhPfg9iJKy0xA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
5f74c43bffda0ebb-FRA
cf-request-id
069cd8f97e00000ebb389c3000000001
jquery.sim.utils.js
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6
13 KB
4 KB
Script
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/jquery.sim.utils.js
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a379adb1028e345f0c739e3401ff7ff60c8663e898ca0e746f140aba329f74c0

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
age
1
etag
W/"3561-5b24382135122"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mgKq%2FjuBI4Pvtu7mv%2BIBZAfvFnhb5OL18eQCS8fLww0yENC6RZWBfxkVTiHXaHvBxc7PDYFJTFVhrmAIJvHsW1JIJiJZ68DLsHLMrDX8KuQueWaRsfV9LY3tlg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
5f74c43bffdc0ebb-FRA
cf-request-id
069cd8f97e00000ebb72385000000001
sfm-png-fix.js
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6
2 KB
848 B
Script
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/sfm-png-fix.js
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1d3a4b5db9a1dae0dde8d18e7edc94ed4253290ea2e3a8ba43203657311022b

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:29 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
etag
W/"648-5b2438214fc6a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=M1c5MtlTNnUH01vsmoHyVVEGBC%2B68L%2FiCIibZfueufkIkjXhNkAKIasIOre5p0bq%2FOmDHEGgIlBhGeVWLqlMne64JC9rGk%2FaJu9jedz37M5w%2B7WWrTDPHXxAnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
5f74c43bffde0ebb-FRA
cf-request-id
069cd8f97e00000ebb6c117000000001
excel.css
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6
4 KB
1 KB
Stylesheet
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/excel.css
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d16c77980e69cd796fbac3ab5b828fc707867303c991eebf2c5c14112ea655c

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:29 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
etag
W/"ea5-5b24382122161"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Y%2FRQqCz8OUJXjt2GYQ5XDi99mtrg0cRULZarOAgnwCIELyiln%2FwufAOJ1azoOWvpiCu%2FkFy9m%2BbeH3LlMXaLzxVEot16QqWbNiJk4bSHQIH%2BlLze0y7%2FHnoKgg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
5f74c43bffd90ebb-FRA
cf-request-id
069cd8f97e00000ebbae96e000000001
294.GIF
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6
7 KB
7 KB
Image
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/294.GIF
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fef58f4d384c2763c7be72b7df1180f9e4a0c64f128659fb3d16a44fd5c0ef06

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:29 GMT
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
etag
"1ba5-5b24382112bd4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=E6gtWOCSzwvbd5cvO132XLvVdHgFTIo9Ud1z%2BnzWBe6WfQ5qTZnVD2lKYGcTBJrhIn%2BgHeemDEij74%2FTE59GbrjEJXFcbF4zD9WvwbeC9E4EmV6zH08yAO%2BFig%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
5f74c43c78f10ebb-FRA
content-length
7077
cf-request-id
069cd8f9c800000ebb389cc000000001
excel-Submit-0.png
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6
549 B
867 B
Image
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/excel-Submit-0.png
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b3ddbd5a8dea7f9743b3d9a9821e219f33c21a91088f27424dba087c208870b

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:29 GMT
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
etag
"225-5b2438211e2ec"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LGrKMJRJNxUrUU6Y6uPhLO%2FHQZir6ZUUudC34Q9RhiEYToDtlo2c8MaGAQ4XvecCVbl0QrYIqeHnAVXCwApBHf9%2FAIcVBY%2F6K%2BLl%2B5AmBKGL5rywgf%2Fy1Y4%2BaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
5f74c43c78f80ebb-FRA
content-length
549
cf-request-id
069cd8f9c900000ebb8e961000000001
excel2013.png
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6
18 KB
19 KB
Image
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/excel2013.png
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9d68907dc3aba1d0be80f20a3f1b5d40dee98469ad512d14225a2712b0fd97c

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/login.php?login=&sfm_from_iframe=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:29 GMT
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
etag
"4963-5b24382129a07"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nTAdHtsjozaGds0gUgrE52imasTnbgi%2B07b2VielG0N%2BoTwY%2FQyixT4DH6kN8iNWD1eg1qvFNhffpved%2FD73PiQdono42v8VYfhC9STgh9uUW5NkObxVAH8RhA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
5f74c43c78fb0ebb-FRA
content-length
18787
cf-request-id
069cd8f9cf00000ebb3c82b000000001
loading.gif
ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/ Frame 7DC6
673 B
1003 B
Image
General
Full URL
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/loading.gif
Requested by
Host: ratarsed.co.uk
URL: https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/excel.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c753 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43a526a07a078d736e5c9d67d8479dd54072b7e5c6ddd2cd466f86a086e49ef5

Request headers

Referer
https://ratarsed.co.uk/excel/6/oauth2/authorize/files/trademanager/excel/excel.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 24 Nov 2020 17:14:29 GMT
cf-cache-status
MISS
last-modified
Thu, 22 Oct 2020 14:44:58 GMT
server
cloudflare
etag
"2a1-5b24382138e3a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mm41WlzF%2FdZZktwk5fvljOvq75KlTjSlTwedJpxzy5dSTI4hegMBpL5iskkdlL%2BkZAPulRyZpgI3GtOHHpI7I02vrywTlkh7kF2nzCWo%2Fcf4ylRKfEPeN3%2FwsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
5f74c43cb97d0ebb-FRA
content-length
673
cf-request-id
069cd8f9fa00000ebb8e967000000001

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer) Excel / PDF download (Online)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| sfm_refresh_captcha function| sfm_hyper_link_popup function| sfm_popup_form function| sfm_window_popup_form function| sfmFormObj function| sfm_show_loading_on_formsubmit function| sfm_clear_form function| sfm_init_special_action_button function| sfm_init_default_text object| $ifr

1 Cookies

Domain/Path Name / Value
.ratarsed.co.uk/ Name: __cfduid
Value: de53943dc894ba140365bc41deb75bcf41606238068