www.sandbox.stwrks-dev.net
Open in
urlscan Pro
13.225.73.116
Malicious Activity!
Public Scan
Submission: On April 13 via manual from US
Summary
TLS certificate: Issued by Amazon on November 14th 2019. Valid for: a year.
This is the only time www.sandbox.stwrks-dev.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 13.225.73.116 13.225.73.116 | 16509 (AMAZON-02) (AMAZON-02) | |
14 | 143.204.101.57 143.204.101.57 | 16509 (AMAZON-02) (AMAZON-02) | |
15 | 2 |
ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-116.fra2.r.cloudfront.net
www.sandbox.stwrks-dev.net |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-57.fra50.r.cloudfront.net
d1l9eozf53tzcz.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
cloudfront.net
d1l9eozf53tzcz.cloudfront.net |
267 KB |
1 |
stwrks-dev.net
www.sandbox.stwrks-dev.net |
5 KB |
15 | 2 |
Domain | Requested by | |
---|---|---|
14 | d1l9eozf53tzcz.cloudfront.net |
www.sandbox.stwrks-dev.net
|
1 | www.sandbox.stwrks-dev.net | |
15 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.gov.uk |
departmentfortransport.github.io |
www.nationalarchives.gov.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.sandbox.stwrks-dev.net Amazon |
2019-11-14 - 2020-12-14 |
a year | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2019-07-17 - 2020-07-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.sandbox.stwrks-dev.net/
Frame ID: FC00CE3CFB422DC4DFCE51EF00B0857A
Requests: 15 HTTP requests in this frame
Screenshot
Detected technologies
Amazon Web Services (PaaS) ExpandDetected patterns
- headers via /\(CloudFront\)$/i
Amazon Cloudfront (CDN) Expand
Detected patterns
- headers via /\(CloudFront\)$/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: GOV.UK
Search URL Search Domain Scan URL
Title: terms of use
Search URL Search Domain Scan URL
Title: Open Government Licence
Search URL Search Domain Scan URL
Title: © Crown copyright
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.sandbox.stwrks-dev.net/ |
9 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-template.3564a366feab7d410461d0af65ebc69c.css
d1l9eozf53tzcz.cloudfront.net/stylesheets/ |
20 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.9cff477d3be5e64a2ce3024449beb068.css
d1l9eozf53tzcz.cloudfront.net/stylesheets/ |
2 KB 973 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application.0c4fd67337034fefdb0f57739b193bb0.css
d1l9eozf53tzcz.cloudfront.net/stylesheets/ |
82 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.css
d1l9eozf53tzcz.cloudfront.net/font-awesome/css/ |
54 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gov.uk_logotype_crown_invert_trans.png
d1l9eozf53tzcz.cloudfront.net/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-template.js
d1l9eozf53tzcz.cloudfront.net/javascripts/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application.3fbd8ef4efb78474571d.min.js
d1l9eozf53tzcz.cloudfront.net/javascripts/ |
90 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-template-print.84567db7a55e2c908ef44ad90b5382a2.css
d1l9eozf53tzcz.cloudfront.net/stylesheets/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gov.uk_logotype_crown.png
d1l9eozf53tzcz.cloudfront.net/stylesheets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-government-licence.png
d1l9eozf53tzcz.cloudfront.net/stylesheets/images/ |
761 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-crest.png
d1l9eozf53tzcz.cloudfront.net/stylesheets/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v1-f38ad40456-light.woff2
d1l9eozf53tzcz.cloudfront.net/stylesheets/fonts/ |
66 KB 67 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v1-a2452cb66f-bold.woff2
d1l9eozf53tzcz.cloudfront.net/stylesheets/fonts/ |
54 KB 55 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
d1l9eozf53tzcz.cloudfront.net/font-awesome/webfonts/ |
73 KB 73 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| GOVUK function| jQuery2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.sandbox.stwrks-dev.net/ | Name: seen_cookie_message Value: yes |
|
www.sandbox.stwrks-dev.net/ | Name: _csrf Value: Qj3h5zmpca5OVnY19w-7R8rV |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-eval' 'sha256-+6WnXIl4mbFTCARd8N3COQmT3bJJmo32N8q8ZSQAIcU=' 'sha256-G29/qSW/JHHANtFhlrZVDZW1HOkCDRc78ggbqwwIJ2g=' 'nonce-c8ef25fc-ccab-44ca-9f66-0ba3639125fc' https://d1l9eozf53tzcz.cloudfront.net; style-src 'self' https://cdn.rawgit.com/openlayers/openlayers.github.io/master/en/v5.1.3/css/ol.css https://d1l9eozf53tzcz.cloudfront.net; font-src 'self' https://d1l9eozf53tzcz.cloudfront.net; img-src 'self' https://tile.viaeuropa.uk.com https://www.googletagmanager.com https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net; connect-src 'self' https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Security-Policy | default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-eval' 'sha256-+6WnXIl4mbFTCARd8N3COQmT3bJJmo32N8q8ZSQAIcU=' 'sha256-G29/qSW/JHHANtFhlrZVDZW1HOkCDRc78ggbqwwIJ2g=' 'nonce-c8ef25fc-ccab-44ca-9f66-0ba3639125fc' https://d1l9eozf53tzcz.cloudfront.net; style-src 'self' https://cdn.rawgit.com/openlayers/openlayers.github.io/master/en/v5.1.3/css/ol.css https://d1l9eozf53tzcz.cloudfront.net; font-src 'self' https://d1l9eozf53tzcz.cloudfront.net; img-src 'self' https://tile.viaeuropa.uk.com https://www.googletagmanager.com https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net; connect-src 'self' https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d1l9eozf53tzcz.cloudfront.net
www.sandbox.stwrks-dev.net
13.225.73.116
143.204.101.57
0fe6a4357505cb0d3ca8ba0671ad57df6b7410ca02cb8065eed58e2c0381e640
203e1db49d3eff430d7dc450ce723c1002542fe1d2bce661b6d8571f14c1043c
2310bcc79051de70af7994978847ab0ce7be18637cac26c88e46c23bd4371ca8
603e823a44d9838ab46c9fc8d951fcbcbab285e7d1739c406f3933d6d7be78f2
6207e33160e95a2c39af21e84f238f12e3fbed725da66b872e27f8bf412aa30e
a3d1bdeb448a74ba13fc068eed78a11fdb6c9f9a64457d7d0e0af9ed1f251d76
af67252a02323fb78853441190ad8991de55fc0a50a3c59738f26f9e3e1b33ce
b2cb2094c2abc6572276f7f25fa32bcbf1ad80c89dcc6d00406906d356bc2514
b98fe790388f58c950f2bed1ca8ad02fa168d6effa7aae7cb7fee81e51183f46
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
be83c947da6c602697be56d5f04bab2074ad9e8e7fe39807f814654fd691d328
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
c365ef7b1874f398adcf31bb108d12b27679465a7f1373a041be729b96943d40
e0802f373ba85750e678d0d6160e6fe2521300943b6671051f8a3ab2d5e3686f
ea874a79e09423d63420aff44f016fd0b92dc6dec0cc2668d63b150c8669875e