www.sandbox.stwrks-dev.net Open in urlscan Pro
13.224.198.67 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.sandbox.stwrks-dev.net/
Submission: On June 09 via manual (June 9th 2020, 10:18:23 am UTC) from GB

Summary HTTP 15 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 13.224.198.67, located in Seattle, United States and belongs to AMAZON-02, US. The main domain is www.sandbox.stwrks-dev.net.
TLS certificate: Issued by Amazon on November 14th 2019. Valid for: a year.

This is the only time www.sandbox.stwrks-dev.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1	13.224.198.67 13.224.198.67	16509 (AMAZON-02) (AMAZON-02)
14	13.226.158.171 13.226.158.171	16509 (AMAZON-02) (AMAZON-02)
15	2

1 13.224.198.67 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-198-67.fra2.r.cloudfront.net

www.sandbox.stwrks-dev.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 13.226.158.171 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-158-171.dus51.r.cloudfront.net

d1l9eozf53tzcz.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	cloudfront.net d1l9eozf53tzcz.cloudfront.net	269 KB
1	stwrks-dev.net www.sandbox.stwrks-dev.net	5 KB
15	2

	Domain	Requested by
14	d1l9eozf53tzcz.cloudfront.net	www.sandbox.stwrks-dev.net
1	www.sandbox.stwrks-dev.net
15	2

This site contains links to these domains. Also see Links.

Domain
www.gov.uk
departmentfortransport.github.io
www.nationalarchives.gov.uk

Subject Issuer	Validity	Valid
*.sandbox.stwrks-dev.net Amazon	`2019-11-14` - `2020-12-14`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2019-07-17` - `2020-07-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.sandbox.stwrks-dev.net/
Frame ID: 3BEE6BD15888933BCDE58B2EC916A528
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

275 kB
Transfer

465 kB
Size

2
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gov.uk/
Title: GOV.UK

Search URL Search Domain Scan URL

URL: https://departmentfortransport.github.io/street-manager-docs/terms
Title: terms of use

Search URL Search Domain Scan URL

URL: https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
Title: Open Government Licence

Search URL Search Domain Scan URL

URL: https://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/uk-government-licensing-framework/crown-copyright/
Title: © Crown copyright

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.sandbox.stwrks-dev.net/ 9 KB
5 KB 206ms
132ms Document
text/html 13.224.198.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sandbox.stwrks-dev.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.224.198.67 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-198-67.fra2.r.cloudfront.net

Software

Resource Hash

f0a54efd84f46822f2b0be862aa9832ea76fd3ce506b099013129ebbce3e2191

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-eval' 'sha256-+6WnXIl4mbFTCARd8N3COQmT3bJJmo32N8q8ZSQAIcU=' 'sha256-G29/qSW/JHHANtFhlrZVDZW1HOkCDRc78ggbqwwIJ2g=' 'nonce-4ac1b2a4-d7f9-4059-aa78-16763014882a' https://d1l9eozf53tzcz.cloudfront.net; style-src 'self' https://cdn.rawgit.com/openlayers/openlayers.github.io/master/en/v5.1.3/css/ol.css https://d1l9eozf53tzcz.cloudfront.net; font-src 'self' https://d1l9eozf53tzcz.cloudfront.net; img-src 'self' https://tile.viaeuropa.uk.com https://www.googletagmanager.com https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net; connect-src 'self' https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-eval' 'sha256-+6WnXIl4mbFTCARd8N3COQmT3bJJmo32N8q8ZSQAIcU=' 'sha256-G29/qSW/JHHANtFhlrZVDZW1HOkCDRc78ggbqwwIJ2g=' 'nonce-4ac1b2a4-d7f9-4059-aa78-16763014882a' https://d1l9eozf53tzcz.cloudfront.net; style-src 'self' https://cdn.rawgit.com/openlayers/openlayers.github.io/master/en/v5.1.3/css/ol.css https://d1l9eozf53tzcz.cloudfront.net; font-src 'self' https://d1l9eozf53tzcz.cloudfront.net; img-src 'self' https://tile.viaeuropa.uk.com https://www.googletagmanager.com https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net; connect-src 'self' https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.sandbox.stwrks-dev.net
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-type: text/html; charset=utf-8
date: Tue, 09 Jun 2020 10:18:04 GMT
x-dns-prefetch-control: off
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
referrer-policy: no-referrer
content-security-policy: default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-eval' 'sha256-+6WnXIl4mbFTCARd8N3COQmT3bJJmo32N8q8ZSQAIcU=' 'sha256-G29/qSW/JHHANtFhlrZVDZW1HOkCDRc78ggbqwwIJ2g=' 'nonce-4ac1b2a4-d7f9-4059-aa78-16763014882a' https://d1l9eozf53tzcz.cloudfront.net; style-src 'self' https://cdn.rawgit.com/openlayers/openlayers.github.io/master/en/v5.1.3/css/ol.css https://d1l9eozf53tzcz.cloudfront.net; font-src 'self' https://d1l9eozf53tzcz.cloudfront.net; img-src 'self' https://tile.viaeuropa.uk.com https://www.googletagmanager.com https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net; connect-src 'self' https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net
x-content-security-policy: default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-eval' 'sha256-+6WnXIl4mbFTCARd8N3COQmT3bJJmo32N8q8ZSQAIcU=' 'sha256-G29/qSW/JHHANtFhlrZVDZW1HOkCDRc78ggbqwwIJ2g=' 'nonce-4ac1b2a4-d7f9-4059-aa78-16763014882a' https://d1l9eozf53tzcz.cloudfront.net; style-src 'self' https://cdn.rawgit.com/openlayers/openlayers.github.io/master/en/v5.1.3/css/ol.css https://d1l9eozf53tzcz.cloudfront.net; font-src 'self' https://d1l9eozf53tzcz.cloudfront.net; img-src 'self' https://tile.viaeuropa.uk.com https://www.googletagmanager.com https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net; connect-src 'self' https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net
x-webkit-csp: default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-eval' 'sha256-+6WnXIl4mbFTCARd8N3COQmT3bJJmo32N8q8ZSQAIcU=' 'sha256-G29/qSW/JHHANtFhlrZVDZW1HOkCDRc78ggbqwwIJ2g=' 'nonce-4ac1b2a4-d7f9-4059-aa78-16763014882a' https://d1l9eozf53tzcz.cloudfront.net; style-src 'self' https://cdn.rawgit.com/openlayers/openlayers.github.io/master/en/v5.1.3/css/ol.css https://d1l9eozf53tzcz.cloudfront.net; font-src 'self' https://d1l9eozf53tzcz.cloudfront.net; img-src 'self' https://tile.viaeuropa.uk.com https://www.googletagmanager.com https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net; connect-src 'self' https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net
set-cookie: _csrf=o-zpetVi3l-Hld6G52Mfl6Dv; Path=/; HttpOnly; Secure; SameSite=Strict
x-request-id: 93e8acf55fbdbcd65fc22918081d2c15
x-response-time: 19.362ms
content-encoding: gzip
feature-policy: geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none';
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 59d92388a3a66e5f245f384a437fa025.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: G8eYdbyxd6N0E__1IJEKQEIgr_Rmwq0kiZgogHkrpsRkP6tzEHU2hg==

GET
H2 200 govuk-template.3564a366feab7d410461d0af65ebc69c.css
d1l9eozf53tzcz.cloudfront.net/stylesheets/ 20 KB
4 KB 139ms
88ms Stylesheet
text/css 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/govuk-template.3564a366feab7d410461d0af65ebc69c.css?0.24.1
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a3d1bdeb448a74ba13fc068eed78a11fdb6c9f9a64457d7d0e0af9ed1f251d76

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Jun 2020 10:18:05 GMT
content-encoding: gzip
last-modified: Thu, 28 May 2020 12:33:23 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: null
status: 200
content-type: text/css
x-amz-cf-id: _XYaoedjdrra9yigkFYiMiac3LHYuRxFDk4ONqyu626MGmp1dNO2dA==
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)

GET
H2 200 fonts.9cff477d3be5e64a2ce3024449beb068.css
d1l9eozf53tzcz.cloudfront.net/stylesheets/ 2 KB
959 B 176ms
126ms Stylesheet
text/css 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/fonts.9cff477d3be5e64a2ce3024449beb068.css?0.24.1
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b2cb2094c2abc6572276f7f25fa32bcbf1ad80c89dcc6d00406906d356bc2514

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Jun 2020 10:18:05 GMT
content-encoding: gzip
last-modified: Thu, 28 May 2020 12:33:17 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: null
status: 200
content-type: text/css
x-amz-cf-id: tp_G7UUFH2Ef-dLeTEEUs6ydAmDHZ_F723pxuaAa8BesM5X_rP8zhQ==
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)

GET
H2 200 application.5490a8eafc7fb2d9c74aed664fcc8535.css
d1l9eozf53tzcz.cloudfront.net/stylesheets/ 83 KB
13 KB 175ms
125ms Stylesheet
text/css 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/application.5490a8eafc7fb2d9c74aed664fcc8535.css
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 77bf316e64db66a0b543268c6e67d005d536f579a85af41d7dbda693e51aff49

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Jun 2020 10:18:05 GMT
content-encoding: gzip
last-modified: Thu, 28 May 2020 12:33:17 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: null
status: 200
content-type: text/css
x-amz-cf-id: CUq5L30wz09CdluuZetqf-R_vcmY9d08CjCLSisqbKNsBYGVpBJuHQ==
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)

GET
H2 200 font-awesome.css
d1l9eozf53tzcz.cloudfront.net/font-awesome/css/ 55 KB
12 KB 152ms
101ms Stylesheet
text/css 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1l9eozf53tzcz.cloudfront.net/font-awesome/css/font-awesome.css
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7995d7688877281c77aac6d6342d67b67a45f01aef89504609610d86a7ce006f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Jun 2020 10:18:05 GMT
content-encoding: gzip
last-modified: Thu, 28 May 2020 12:32:29 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: null
status: 200
content-type: text/css
x-amz-cf-id: 7YBgT8jBcJAeN6E4yz3MMCMp88K0y1tcpvXt_NXPYIdO94lZ3kAC3Q==
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)

GET
H2 200 gov.uk_logotype_crown_invert_trans.png
d1l9eozf53tzcz.cloudfront.net/images/ 1 KB
1 KB 79ms
78ms Image
image/png 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1l9eozf53tzcz.cloudfront.net/images/gov.uk_logotype_crown_invert_trans.png?0.24.1
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 203e1db49d3eff430d7dc450ce723c1002542fe1d2bce661b6d8571f14c1043c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 09 Jun 2020 10:18:06 GMT
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)
last-modified: Thu, 28 May 2020 12:32:48 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
etag: "b67c8964cddff14c05d04db0afa4855f"
x-cache: Miss from cloudfront
x-amz-version-id: null
status: 200
accept-ranges: bytes
content-type: image/png
content-length: 1049
x-amz-cf-id: 5VRW-Qe-5mDFy4gVx-Zx7zKpM4BQwypMfgactmx21Gajm86L00FrXw==

GET
H2 200 govuk-template.js Show response
d1l9eozf53tzcz.cloudfront.net/javascripts/ 2 KB
1 KB 160ms
111ms Script
application/javascript 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1l9eozf53tzcz.cloudfront.net/javascripts/govuk-template.js
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6207e33160e95a2c39af21e84f238f12e3fbed725da66b872e27f8bf412aa30e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Jun 2020 10:18:05 GMT
content-encoding: gzip
last-modified: Thu, 28 May 2020 12:33:09 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: null
status: 200
content-type: application/javascript
x-amz-cf-id: G-PjF-Izh6hJ45CmN3hA_0EjW_NyjvhPSgnaDeznSQViJNahS8lo4Q==
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)

GET
H2 200 application.c5792a6e9fa5bf35ccb2.min.js Show response
d1l9eozf53tzcz.cloudfront.net/javascripts/ 91 KB
32 KB 194ms
145ms Script
application/javascript 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1l9eozf53tzcz.cloudfront.net/javascripts/application.c5792a6e9fa5bf35ccb2.min.js
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2cde985e0bd252e2b39c1cfde2c39ddf15948ae7d75e7068cab21c24fd1080c5

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Jun 2020 10:18:05 GMT
content-encoding: gzip
last-modified: Thu, 28 May 2020 12:33:02 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: null
status: 200
content-type: application/javascript
x-amz-cf-id: vt3evy00F6hF4Sk7kWWfmXHPiURkeu_wsF5ORS2kAp0uQuGXqIMGnQ==
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)

GET
H2 200 govuk-template-print.84567db7a55e2c908ef44ad90b5382a2.css
d1l9eozf53tzcz.cloudfront.net/stylesheets/ 2 KB
1 KB 103ms
102ms Stylesheet
text/css 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/govuk-template-print.84567db7a55e2c908ef44ad90b5382a2.css?0.24.1
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e0802f373ba85750e678d0d6160e6fe2521300943b6671051f8a3ab2d5e3686f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Jun 2020 10:18:06 GMT
content-encoding: gzip
last-modified: Thu, 28 May 2020 12:33:20 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: null
status: 200
content-type: text/css
x-amz-cf-id: qm2ON6zfcoYRqQBnHUJEyBbSAqNgFAXFSdSq3hytuFFwUkbqj6QWSw==
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)

GET
H2 200 gov.uk_logotype_crown.png
d1l9eozf53tzcz.cloudfront.net/stylesheets/images/ 1 KB
2 KB 50ms
49ms Image
image/png 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/images/gov.uk_logotype_crown.png?0.24.1
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ea874a79e09423d63420aff44f016fd0b92dc6dec0cc2668d63b150c8669875e

Request headers

Referer: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/govuk-template.3564a366feab7d410461d0af65ebc69c.css?0.24.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 09 Jun 2020 10:18:06 GMT
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)
last-modified: Thu, 28 May 2020 12:33:21 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
etag: "8e2f454e2b10c4d8b90393d0d8b183da"
x-cache: Miss from cloudfront
x-amz-version-id: null
status: 200
accept-ranges: bytes
content-type: image/png
content-length: 1415
x-amz-cf-id: 3qrSupG23lqsKyHIVNhDCpNd5-fLJOs36SJB7NPZMXwjefskEDpx5A==

GET
H2 200 open-government-licence.png
d1l9eozf53tzcz.cloudfront.net/stylesheets/images/ 761 B
1 KB 36ms
34ms Image
image/png 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/images/open-government-licence.png?0.24.1
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042

Request headers

Referer: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/govuk-template.3564a366feab7d410461d0af65ebc69c.css?0.24.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 09 Jun 2020 10:18:06 GMT
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)
last-modified: Thu, 28 May 2020 12:33:22 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
etag: "b506ae6b6ac1305cfbb6502e9e14d912"
x-cache: Miss from cloudfront
x-amz-version-id: null
status: 200
accept-ranges: bytes
content-type: image/png
content-length: 761
x-amz-cf-id: xio2QQUIJ79U5qwLMd07Aj1MyQ6QoB2632fsA8LXl0eEC42NllQKPg==

GET
H2 200 govuk-crest.png
d1l9eozf53tzcz.cloudfront.net/stylesheets/images/ 4 KB
4 KB 47ms
45ms Image
image/png 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/images/govuk-crest.png?0.24.1
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b

Request headers

Referer: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/govuk-template.3564a366feab7d410461d0af65ebc69c.css?0.24.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 09 Jun 2020 10:18:06 GMT
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)
last-modified: Thu, 28 May 2020 12:33:22 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
etag: "bcd5768bd7721641ee71ba103bb38900"
x-cache: Miss from cloudfront
x-amz-version-id: null
status: 200
accept-ranges: bytes
content-type: image/png
content-length: 3584
x-amz-cf-id: yRDSXdoeseQjW5DwP9b1yg1OHDtHoSr3y9P7JzPAqGv7R9CEmUZprA==

GET
H2 200 v1-f38ad40456-light.woff2
d1l9eozf53tzcz.cloudfront.net/stylesheets/fonts/ 66 KB
67 KB 94ms
72ms Font
binary/octet-stream 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/fonts/v1-f38ad40456-light.woff2?0.24.1
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b98fe790388f58c950f2bed1ca8ad02fa168d6effa7aae7cb7fee81e51183f46

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/fonts.9cff477d3be5e64a2ce3024449beb068.css?0.24.1
Origin: https://www.sandbox.stwrks-dev.net

Response headers

date: Tue, 09 Jun 2020 10:18:06 GMT
via: 1.1 a608f2055229f2ea193f6b8f15267a71.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
content-length: 67900
last-modified: Thu, 28 May 2020 12:33:19 GMT
server: AmazonS3
etag: "f38ad40456df126d75363b9d7b12c979"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: null
access-control-allow-origin: https://www.sandbox.stwrks-dev.net
access-control-allow-credentials: true
accept-ranges: bytes
content-type: binary/octet-stream
x-amz-cf-id: NkUb3FML2imifC_0EqZ-B0tCloSNvdOh3Q-SCGWTZy8GDnw5iN4pBQ==

GET
H2 200 v1-a2452cb66f-bold.woff2
d1l9eozf53tzcz.cloudfront.net/stylesheets/fonts/ 54 KB
55 KB 87ms
65ms Font
binary/octet-stream 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/fonts/v1-a2452cb66f-bold.woff2?0.24.1
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: be83c947da6c602697be56d5f04bab2074ad9e8e7fe39807f814654fd691d328

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://d1l9eozf53tzcz.cloudfront.net/stylesheets/fonts.9cff477d3be5e64a2ce3024449beb068.css?0.24.1
Origin: https://www.sandbox.stwrks-dev.net

Response headers

date: Tue, 09 Jun 2020 10:18:06 GMT
via: 1.1 a608f2055229f2ea193f6b8f15267a71.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
content-length: 55428
last-modified: Thu, 28 May 2020 12:33:19 GMT
server: AmazonS3
etag: "a2452cb66fcc8cd179b55ccf8f8c96a5"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: null
access-control-allow-origin: https://www.sandbox.stwrks-dev.net
access-control-allow-credentials: true
accept-ranges: bytes
content-type: binary/octet-stream
x-amz-cf-id: cxwZ9Qbz7o4l4d59WOQ57g30uCYk2cPbKxQLXVT_EEyrk_LbHVPR1A==

GET
H2 200 fa-solid-900.woff2
d1l9eozf53tzcz.cloudfront.net/font-awesome/webfonts/ 74 KB
75 KB 94ms
72ms Font
binary/octet-stream 13.226.158.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1l9eozf53tzcz.cloudfront.net/font-awesome/webfonts/fa-solid-900.woff2
Requested by: Host: www.sandbox.stwrks-dev.net
URL: https://www.sandbox.stwrks-dev.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.158.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-158-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://d1l9eozf53tzcz.cloudfront.net/font-awesome/css/font-awesome.css
Origin: https://www.sandbox.stwrks-dev.net

Response headers

date: Tue, 09 Jun 2020 10:18:06 GMT
via: 1.1 a608f2055229f2ea193f6b8f15267a71.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
content-length: 76120
last-modified: Thu, 16 Apr 2020 13:03:57 GMT
server: AmazonS3
etag: "55eb2a60e8181f0e68b558c991973bf0"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: null
access-control-allow-origin: https://www.sandbox.stwrks-dev.net
access-control-allow-credentials: true
accept-ranges: bytes
content-type: binary/octet-stream
x-amz-cf-id: s3jysZSF-XeYB6R1Z6E3AMMkYVsmVe0PIN8USEyawlOwhnYNU1y7Cw==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| GOVUK function| jQuery

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.sandbox.stwrks-dev.net/	1970-01-19 10:48:37	Name: seen_cookie_message Value: yes
			www.sandbox.stwrks-dev.net/	1969-12-31 23:59:59	Name: _csrf Value: o-zpetVi3l-Hld6G52Mfl6Dv

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-eval' 'sha256-+6WnXIl4mbFTCARd8N3COQmT3bJJmo32N8q8ZSQAIcU=' 'sha256-G29/qSW/JHHANtFhlrZVDZW1HOkCDRc78ggbqwwIJ2g=' 'nonce-4ac1b2a4-d7f9-4059-aa78-16763014882a' https://d1l9eozf53tzcz.cloudfront.net; style-src 'self' https://cdn.rawgit.com/openlayers/openlayers.github.io/master/en/v5.1.3/css/ol.css https://d1l9eozf53tzcz.cloudfront.net; font-src 'self' https://d1l9eozf53tzcz.cloudfront.net; img-src 'self' https://tile.viaeuropa.uk.com https://www.googletagmanager.com https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net; connect-src 'self' https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-eval' 'sha256-+6WnXIl4mbFTCARd8N3COQmT3bJJmo32N8q8ZSQAIcU=' 'sha256-G29/qSW/JHHANtFhlrZVDZW1HOkCDRc78ggbqwwIJ2g=' 'nonce-4ac1b2a4-d7f9-4059-aa78-16763014882a' https://d1l9eozf53tzcz.cloudfront.net; style-src 'self' https://cdn.rawgit.com/openlayers/openlayers.github.io/master/en/v5.1.3/css/ol.css https://d1l9eozf53tzcz.cloudfront.net; font-src 'self' https://d1l9eozf53tzcz.cloudfront.net; img-src 'self' https://tile.viaeuropa.uk.com https://www.googletagmanager.com https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net; connect-src 'self' https://www.google-analytics.com https://d1l9eozf53tzcz.cloudfront.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d1l9eozf53tzcz.cloudfront.net
www.sandbox.stwrks-dev.net
13.224.198.67
13.226.158.171
203e1db49d3eff430d7dc450ce723c1002542fe1d2bce661b6d8571f14c1043c
2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c
2cde985e0bd252e2b39c1cfde2c39ddf15948ae7d75e7068cab21c24fd1080c5
6207e33160e95a2c39af21e84f238f12e3fbed725da66b872e27f8bf412aa30e
77bf316e64db66a0b543268c6e67d005d536f579a85af41d7dbda693e51aff49
7995d7688877281c77aac6d6342d67b67a45f01aef89504609610d86a7ce006f
a3d1bdeb448a74ba13fc068eed78a11fdb6c9f9a64457d7d0e0af9ed1f251d76
b2cb2094c2abc6572276f7f25fa32bcbf1ad80c89dcc6d00406906d356bc2514
b98fe790388f58c950f2bed1ca8ad02fa168d6effa7aae7cb7fee81e51183f46
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
be83c947da6c602697be56d5f04bab2074ad9e8e7fe39807f814654fd691d328
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
e0802f373ba85750e678d0d6160e6fe2521300943b6671051f8a3ab2d5e3686f
ea874a79e09423d63420aff44f016fd0b92dc6dec0cc2668d63b150c8669875e
f0a54efd84f46822f2b0be862aa9832ea76fd3ce506b099013129ebbce3e2191

www.sandbox.stwrks-dev.net Open in urlscan Pro 13.224.198.67 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

275 kBTransfer

465 kBSize

2 Cookies

4 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

www.sandbox.stwrks-dev.net Open in urlscan Pro
13.224.198.67 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

275 kB
Transfer

465 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!