cr.thesafelink.co.uk Open in urlscan Pro
178.62.116.151 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://cr.thesafelink.co.uk/?rid=JPqGvyZ
Submission: On October 20 via manual (October 20th 2023, 7:52:57 am UTC) from GB — Scanned from GB

Summary HTTP 16 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 178.62.116.151, located in Slough, United Kingdom and belongs to DIGITALOCEAN-ASN, US. The main domain is cr.thesafelink.co.uk.

This is the only time cr.thesafelink.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1	178.62.116.151 178.62.116.151	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
11	2600:9000:223... 2600:9000:223f:7200:3:6111:2f00:93a1	16509 (AMAZON-02) (AMAZON-02)
16	3

1 178.62.116.151 (Slough, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)

cr.thesafelink.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:223f:7200:3:6111:2f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.access.service.gov.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	service.gov.uk www.access.service.gov.uk — Cisco Umbrella Rank: 102700	446 KB
1	thesafelink.co.uk cr.thesafelink.co.uk	5 KB
16	2

	Domain	Requested by
11	www.access.service.gov.uk	cr.thesafelink.co.uk www.access.service.gov.uk
1	cr.thesafelink.co.uk
16	2

This site contains links to these domains. Also see Links.

Domain
www.access.service.gov.uk
www.gov.uk
www.nationalarchives.gov.uk

Subject Issuer	Validity	Valid
access.service.gov.uk Amazon RSA 2048 M03	`2023-10-16` - `2024-11-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://cr.thesafelink.co.uk/?rid=JPqGvyZ
Frame ID: 3C6D87293913D423E476940B9F272824
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in using Government Gateway - GOV.UK

Detected technologies

GOV.UK Frontend (UI frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?govuk-frontend(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
<body[^>]+govuk-template__body
<a[^>]+govuk-link
govuk-frontend(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

16
Requests

69 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

451 kB
Transfer

487 kB
Size

0
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.access.service.gov.uk/login/signin/creds#skip-target
Title: Skip to main content

Search URL Search Domain Scan URL

URL: https://www.gov.uk/
Title: GOV.UK

Search URL Search Domain Scan URL

URL: https://www.access.service.gov.uk/login/signin/creds?lang=cy
Title: Cymraeg

Search URL Search Domain Scan URL

URL: https://www.access.service.gov.uk/login/create-account
Title: Create sign in details

Search URL Search Domain Scan URL

URL: https://www.access.service.gov.uk/login/forgot-password
Title: I have forgotten my password

Search URL Search Domain Scan URL

URL: https://www.access.service.gov.uk/login/forgot-userid
Title: I have forgotten my Government Gateway user ID

Search URL Search Domain Scan URL

URL: https://www.access.service.gov.uk/login/forgot-userid-password
Title: I have forgotten my Government Gateway user ID and password

Search URL Search Domain Scan URL

URL: https://www.access.service.gov.uk/help?referrerUrl=%2Flogin%2Fsignin%2Fcreds
Title: Get help with this page

Search URL Search Domain Scan URL

URL: https://www.access.service.gov.uk/accessibility?referrerUrl=%2Flogin%2Fsignin%2Fcreds
Title: Accessibility statement

Search URL Search Domain Scan URL

URL: https://www.access.service.gov.uk/cookies
Title: Cookies

Search URL Search Domain Scan URL

URL: https://www.access.service.gov.uk/privacy-notice
Title: Privacy notice

Search URL Search Domain Scan URL

URL: https://www.access.service.gov.uk/terms-and-conditions
Title: Terms and conditions

Search URL Search Domain Scan URL

URL: https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
Title: Open Government Licence v3.0

Search URL Search Domain Scan URL

URL: https://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/uk-government-licensing-framework/crown-copyright/
Title: © Crown copyright

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
cr.thesafelink.co.uk/ 13 KB
5 KB 177ms
120ms Document
text/html 178.62.116.151
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ
Protocol: HTTP/1.1
Server: 178.62.116.151 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 9af9f291c3fc4c7af9a013591b9be812a454218eb915a3e0bb6dcb369b3f6190

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 20 Oct 2023 07:52:51 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Server: gophish

GET
H/1.1 200
OK govuk-frontend.css
www.access.service.gov.uk/assets/stylesheets/ 151 KB
151 KB 181ms
50ms Stylesheet
text/css 2600:9000:223f:7200:3:6111:2f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.access.service.gov.uk/assets/stylesheets/govuk-frontend.css

Requested by

Host: cr.thesafelink.co.uk
URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:7200:3:6111:2f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

ba8f8f78cd6edf95b807015162d59b91101911872b3510cc7d91132199ae512f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://cr.thesafelink.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 20 Oct 2023 03:03:30 GMT
Via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-content-type-options: nosniff
X-Amz-Cf-Pop: FRA56-P5
Age: 17361
X-Cache: Hit from cloudfront
x-envoy-upstream-service-time: 6
Connection: keep-alive
Content-Length: 154435
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
Last-Modified: Wed, 19 Jul 2023 07:19:39 GMT
Server: istio-envoy
ETag: "64b78e8b-25b43"
x-frame-options: deny
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Amz-Cf-Id: DSyVLf7qBwd-_6kQ-vT6P4NsGqys60gVW0bU2iEFHJtH5d13886bxw==

GET
H/1.1 200
OK scp.css
www.access.service.gov.uk/assets/stylesheets/ 4 KB
5 KB 676ms
544ms Stylesheet
text/css 2600:9000:223f:7200:3:6111:2f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.access.service.gov.uk/assets/stylesheets/scp.css?v=1.105.0

Requested by

Host: cr.thesafelink.co.uk
URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:7200:3:6111:2f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

883ff9e5691884f93679c3e40bf4b3eb12c3e7e87f4d1ac944b3870b2d047c67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://cr.thesafelink.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 20 Oct 2023 07:52:52 GMT
Via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
X-Amz-Cf-Pop: FRA56-P5
X-Cache: Miss from cloudfront
x-envoy-upstream-service-time: 3
Connection: keep-alive
Content-Length: 4142
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
Last-Modified: Wed, 19 Jul 2023 07:19:40 GMT
Server: istio-envoy
ETag: "64b78e8c-102e"
x-frame-options: deny
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Amz-Cf-Id: g2GH5MOzWtaiU5AlQEwsW32aptoBSFOm2frrq9ryGi0dz0xCTf54Hg==

GET
H/1.1 200
OK page-start.js Show response
www.access.service.gov.uk/assets/javascripts/ 2 KB
3 KB 653ms
522ms Script
application/javascript 2600:9000:223f:7200:3:6111:2f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.access.service.gov.uk/assets/javascripts/page-start.js?v=1.105.0

Requested by

Host: cr.thesafelink.co.uk
URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:7200:3:6111:2f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

e048ac204fd5545b080c39176bff4229bd42a0c0db310ec9345b78d7e1aa12ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://cr.thesafelink.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 20 Oct 2023 07:52:52 GMT
Via: 1.1 98652de9f742fc1df9de714d921e14c2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
X-Amz-Cf-Pop: FRA56-P5
X-Cache: Miss from cloudfront
x-envoy-upstream-service-time: 1
Connection: keep-alive
Content-Length: 2070
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
Last-Modified: Wed, 19 Jul 2023 07:19:11 GMT
Server: istio-envoy
ETag: "64b78e6f-816"
x-frame-options: deny
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Amz-Cf-Id: 2NhzZNGlAzlkPXhiIVPruMTLz8jhTipe44E_fD5HkwEavxYtbuMqFw==

GET
H/1.1 200
OK CData.js Show response
www.access.service.gov.uk/login/assets/javascripts/ 34 KB
12 KB 235ms
104ms Script
application/javascript 2600:9000:223f:7200:3:6111:2f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.access.service.gov.uk/login/assets/javascripts/CData.js

Requested by

Host: cr.thesafelink.co.uk
URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:7200:3:6111:2f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

e31924058df0daa2632c283b1cefaebce7b74a432b949d01735468fcbe18ac35

Security Headers

Name	Value
Content-Security-Policy	default-src 'nonce-QSNHdEiAtWbHo2UIFygQ4Q==' 'self'; connect-src 'self' https://www.google-analytics.com/ https://region1.google-analytics.com/; base-uri 'none'; img-src 'nonce-QSNHdEiAtWbHo2UIFygQ4Q==' 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/; script-src 'nonce-QSNHdEiAtWbHo2UIFygQ4Q==' 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/; object-src 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://cr.thesafelink.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 20 Oct 2023 07:52:51 GMT
content-security-policy: default-src 'nonce-QSNHdEiAtWbHo2UIFygQ4Q==' 'self'; connect-src 'self' https://www.google-analytics.com/ https://region1.google-analytics.com/; base-uri 'none'; img-src 'nonce-QSNHdEiAtWbHo2UIFygQ4Q==' 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/; script-src 'nonce-QSNHdEiAtWbHo2UIFygQ4Q==' 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
Content-Encoding: gzip
x-permitted-cross-domain-policies: master-only
Via: 1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P5
Transfer-Encoding: chunked
X-Cache: Miss from cloudfront
x-envoy-upstream-service-time: 1
Connection: keep-alive
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 01 Jan 2010 00:00:00 GMT
server: istio-envoy
etag: W/"4594ec1d9cd0ed95dbda2102b6e5166233df3170"
Vary: Accept-Encoding
x-frame-options: DENY
Content-Type: application/javascript; charset=UTF-8
cache-control: no-store
x-robots-tag: none
X-Amz-Cf-Id: ZJ2H2oUY_q-Io0il6u1LtOeSePyiNnyEMMaYC_wt-3Ed8fJROLfGJA==

GET
H/1.1 200
OK device-reputation.js Show response
www.access.service.gov.uk/login/assets/javascripts/ 18 KB
6 KB 223ms
92ms Script
application/javascript 2600:9000:223f:7200:3:6111:2f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.access.service.gov.uk/login/assets/javascripts/device-reputation.js

Requested by

Host: cr.thesafelink.co.uk
URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:7200:3:6111:2f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

1eb889a0056afde014bc3d573b6462b07ed5f0bd96863e0889885a8c07231633

Security Headers

Name	Value
Content-Security-Policy	default-src 'nonce-eIORBtxsDZxvYYKRLwNTEg==' 'self'; connect-src 'self' https://www.google-analytics.com/ https://region1.google-analytics.com/; base-uri 'none'; img-src 'nonce-eIORBtxsDZxvYYKRLwNTEg==' 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/; script-src 'nonce-eIORBtxsDZxvYYKRLwNTEg==' 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/; object-src 'none'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://cr.thesafelink.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 20 Oct 2023 07:52:51 GMT
content-security-policy: default-src 'nonce-eIORBtxsDZxvYYKRLwNTEg==' 'self'; connect-src 'self' https://www.google-analytics.com/ https://region1.google-analytics.com/; base-uri 'none'; img-src 'nonce-eIORBtxsDZxvYYKRLwNTEg==' 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/; script-src 'nonce-eIORBtxsDZxvYYKRLwNTEg==' 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/; object-src 'none'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
Content-Encoding: gzip
x-permitted-cross-domain-policies: master-only
Via: 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P5
Transfer-Encoding: chunked
X-Cache: Miss from cloudfront
x-envoy-upstream-service-time: 1
Connection: keep-alive
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 01 Jan 2010 00:00:00 GMT
server: istio-envoy
etag: W/"970a763c718bac7368f75de8f1b98bd2952c889c"
Vary: Accept-Encoding
x-frame-options: DENY
Content-Type: application/javascript; charset=UTF-8
cache-control: no-store
x-robots-tag: none
X-Amz-Cf-Id: SL1yZE41D7wHxcc9OrXOPkrHkl5AYHPSU10RgKmPflwz3Tc1vQK1Iw==

GET
H/1.1 200
OK all.js Show response
www.access.service.gov.uk/assets/javascripts/ 93 KB
94 KB 182ms
51ms Script
application/javascript 2600:9000:223f:7200:3:6111:2f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.access.service.gov.uk/assets/javascripts/all.js

Requested by

Host: cr.thesafelink.co.uk
URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:7200:3:6111:2f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

141d832be41453303b433360fa2d7b87798b5ceb74a36060c0c5979dad7f082f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://cr.thesafelink.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 20 Oct 2023 02:06:01 GMT
Via: 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
X-Amz-Cf-Pop: FRA56-P5
Age: 20810
X-Cache: Hit from cloudfront
x-envoy-upstream-service-time: 3
Connection: keep-alive
Content-Length: 95136
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
Last-Modified: Sat, 26 Oct 1985 08:15:00 GMT
Server: istio-envoy
ETag: "1dc09d84-173a0"
x-frame-options: deny
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Amz-Cf-Id: oNw51EX02aFkNaIlVltsWGHwnZFzrOFuTr-Q-Z1AWyPCynNDIzhzMA==

GET
H/1.1 200
OK page-complete.js Show response
www.access.service.gov.uk/assets/javascripts/ 12 KB
13 KB 371ms
145ms Script
application/javascript 2600:9000:223f:7200:3:6111:2f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.access.service.gov.uk/assets/javascripts/page-complete.js?v=1.105.0

Requested by

Host: cr.thesafelink.co.uk
URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:7200:3:6111:2f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

c5118bc65138cec2cb60fce144b1705a1b2d6501319ea69b8527025e9711c81a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://cr.thesafelink.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 20 Oct 2023 07:52:52 GMT
Via: 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
X-Amz-Cf-Pop: FRA56-P5
X-Cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 1
Connection: keep-alive
Content-Length: 12228
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
Last-Modified: Wed, 19 Jul 2023 07:19:11 GMT
Server: istio-envoy
ETag: "64b78e6f-2fc4"
x-frame-options: deny
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Amz-Cf-Id: MawHJv0u_TOgyAmZkh7wnkOnBnfpnv8m59jTQ-ytl502q6gxAgvdug==

GET
H/1.1 200
OK govuk-frontend.css
www.access.service.gov.uk/assets/stylesheets/ 151 KB
151 KB 53ms
51ms Stylesheet
text/css 2600:9000:223f:7200:3:6111:2f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.access.service.gov.uk/assets/stylesheets/govuk-frontend.css

Requested by

Host: cr.thesafelink.co.uk
URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:7200:3:6111:2f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

ba8f8f78cd6edf95b807015162d59b91101911872b3510cc7d91132199ae512f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://cr.thesafelink.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 20 Oct 2023 03:03:30 GMT
Via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
X-Amz-Cf-Pop: FRA56-P5
Age: 17362
X-Cache: Hit from cloudfront
x-envoy-upstream-service-time: 6
Connection: keep-alive
Content-Length: 154435
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
Last-Modified: Wed, 19 Jul 2023 07:19:39 GMT
Server: istio-envoy
ETag: "64b78e8b-25b43"
x-frame-options: deny
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Amz-Cf-Id: ntRSzqpWPq4THNFGGqX3seD3E6BC1Mqto5lMDDWPIVqWZTJYDwbMDw==

GET
H/1.1 200
OK scp.css
www.access.service.gov.uk/assets/stylesheets/ 4 KB
5 KB 51ms
50ms Stylesheet
text/css 2600:9000:223f:7200:3:6111:2f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.access.service.gov.uk/assets/stylesheets/scp.css?v=1.105.0

Requested by

Host: cr.thesafelink.co.uk
URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:7200:3:6111:2f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

883ff9e5691884f93679c3e40bf4b3eb12c3e7e87f4d1ac944b3870b2d047c67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://cr.thesafelink.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 20 Oct 2023 07:52:52 GMT
Via: 1.1 98652de9f742fc1df9de714d921e14c2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
X-Amz-Cf-Pop: FRA56-P5
X-Cache: Hit from cloudfront
x-envoy-upstream-service-time: 3
Connection: keep-alive
Content-Length: 4142
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
Last-Modified: Wed, 19 Jul 2023 07:19:40 GMT
Server: istio-envoy
ETag: "64b78e8c-102e"
x-frame-options: deny
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Amz-Cf-Id: WzViQJXLIupOkUvKu01vqo7udDLXsS5m-qyVqOzv26nptX3Zdg86nQ==

GET
H/1.1 200
OK page-start.js Show response
www.access.service.gov.uk/assets/javascripts/ 2 KB
3 KB 50ms
48ms Script
application/javascript 2600:9000:223f:7200:3:6111:2f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.access.service.gov.uk/assets/javascripts/page-start.js?v=1.105.0

Requested by

Host: cr.thesafelink.co.uk
URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:7200:3:6111:2f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

e048ac204fd5545b080c39176bff4229bd42a0c0db310ec9345b78d7e1aa12ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: http://cr.thesafelink.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 20 Oct 2023 07:52:52 GMT
Via: 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
X-Amz-Cf-Pop: FRA56-P5
X-Cache: Hit from cloudfront
x-envoy-upstream-service-time: 1
Connection: keep-alive
Content-Length: 2070
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
Last-Modified: Wed, 19 Jul 2023 07:19:11 GMT
Server: istio-envoy
ETag: "64b78e6f-816"
x-frame-options: deny
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Amz-Cf-Id: bTHj9sDOB81KKaAlLh_-9tXgoeqSf27Gw2jxJnp_RU4N16_IxVFgcw==

GET light-94a07e06a1-v2.woff2
www.access.service.gov.uk/assets/fonts/ 0
0

GET bold-b542beb274-v2.woff2
www.access.service.gov.uk/assets/fonts/ 0
0

GET
H/1.1 200
OK govuk-crest.png
www.access.service.gov.uk/assets/images/ 4 KB
4 KB 45ms
45ms Image
image/png 2600:9000:223f:7200:3:6111:2f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.access.service.gov.uk/assets/images/govuk-crest.png

Requested by

Host: www.access.service.gov.uk
URL: https://www.access.service.gov.uk/assets/stylesheets/govuk-frontend.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:7200:3:6111:2f00:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.access.service.gov.uk/assets/stylesheets/govuk-frontend.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Fri, 20 Oct 2023 04:04:05 GMT
Via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
X-Amz-Cf-Pop: FRA56-P5
Age: 13727
X-Cache: Hit from cloudfront
x-envoy-upstream-service-time: 1
Connection: keep-alive
Content-Length: 3584
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
Last-Modified: Sat, 26 Oct 1985 08:15:00 GMT
Server: istio-envoy
ETag: "1dc09d84-e00"
x-frame-options: deny
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=86400
Accept-Ranges: bytes
X-Amz-Cf-Id: kWm91_Z-suMzU17EwwUDU9K_pnzkQqpch5nMtERSS_zyo57rAVrvuw==

GET light-f591b13f7d-v2.woff
www.access.service.gov.uk/assets/fonts/ 0
0

GET bold-affa96571d-v2.woff
www.access.service.gov.uk/assets/fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.access.service.gov.uk
URL: https://www.access.service.gov.uk/assets/fonts/light-94a07e06a1-v2.woff2

Domain: www.access.service.gov.uk
URL: https://www.access.service.gov.uk/assets/fonts/bold-b542beb274-v2.woff2

Domain: www.access.service.gov.uk
URL: https://www.access.service.gov.uk/assets/fonts/light-f591b13f7d-v2.woff

Domain: www.access.service.gov.uk
URL: https://www.access.service.gov.uk/assets/fonts/bold-affa96571d-v2.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ Message: Access to font at 'https://www.access.service.gov.uk/assets/fonts/light-94a07e06a1-v2.woff2' from origin 'http://cr.thesafelink.co.uk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.access.service.gov.uk/assets/fonts/light-94a07e06a1-v2.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ Message: Access to font at 'https://www.access.service.gov.uk/assets/fonts/bold-b542beb274-v2.woff2' from origin 'http://cr.thesafelink.co.uk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.access.service.gov.uk/assets/fonts/bold-b542beb274-v2.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ Message: Access to font at 'https://www.access.service.gov.uk/assets/fonts/bold-affa96571d-v2.woff' from origin 'http://cr.thesafelink.co.uk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.access.service.gov.uk/assets/fonts/bold-affa96571d-v2.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cr.thesafelink.co.uk/?rid=JPqGvyZ Message: Access to font at 'https://www.access.service.gov.uk/assets/fonts/light-f591b13f7d-v2.woff' from origin 'http://cr.thesafelink.co.uk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.access.service.gov.uk/assets/fonts/light-f591b13f7d-v2.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cr.thesafelink.co.uk
www.access.service.gov.uk
www.access.service.gov.uk
178.62.116.151
2600:9000:223f:7200:3:6111:2f00:93a1
141d832be41453303b433360fa2d7b87798b5ceb74a36060c0c5979dad7f082f
1eb889a0056afde014bc3d573b6462b07ed5f0bd96863e0889885a8c07231633
883ff9e5691884f93679c3e40bf4b3eb12c3e7e87f4d1ac944b3870b2d047c67
9af9f291c3fc4c7af9a013591b9be812a454218eb915a3e0bb6dcb369b3f6190
ba8f8f78cd6edf95b807015162d59b91101911872b3510cc7d91132199ae512f
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c5118bc65138cec2cb60fce144b1705a1b2d6501319ea69b8527025e9711c81a
e048ac204fd5545b080c39176bff4229bd42a0c0db310ec9345b78d7e1aa12ef
e31924058df0daa2632c283b1cefaebce7b74a432b949d01735468fcbe18ac35

cr.thesafelink.co.uk Open in urlscan Pro 178.62.116.151 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

69 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

451 kBTransfer

487 kBSize

0 Cookies

14 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

8 Console Messages

Indicators

cr.thesafelink.co.uk Open in urlscan Pro
178.62.116.151 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

69 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

451 kB
Transfer

487 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!