sandworm.staging.riskbasedsecurity.net Open in urlscan Pro
18.211.178.55 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sandworm.staging.riskbasedsecurity.net/
Effective URL:
https://sandworm.staging.riskbasedsecurity.net/users/sign_in
Submission: On April 21 via api (April 21st 2022, 12:10:34 pm UTC) from US — Scanned from US

Summary HTTP 15 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 15 HTTP transactions. The main IP is 18.211.178.55, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is sandworm.staging.riskbasedsecurity.net.
TLS certificate: Issued by Amazon on March 19th 2022. Valid for: a year.

This is the only time sandworm.staging.riskbasedsecurity.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 16	18.211.178.55 18.211.178.55	14618 (AMAZON-AES) (AMAZON-AES)
1	2607:f8b0:400... 2607:f8b0:4006:822::2008	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81e::200e	15169 (GOOGLE) (GOOGLE)
15	3

16 18.211.178.55 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-211-178-55.compute-1.amazonaws.com

sandworm.staging.riskbasedsecurity.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:822::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::200e (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	riskbasedsecurity.net 3 redirects sandworm.staging.riskbasedsecurity.net	7 MB
1	google.com analytics.google.com — Cisco Umbrella Rank: 724	363 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	66 KB
15	3

	Domain	Requested by
16	sandworm.staging.riskbasedsecurity.net	3 redirects sandworm.staging.riskbasedsecurity.net
1	analytics.google.com	www.googletagmanager.com
1	www.googletagmanager.com	sandworm.staging.riskbasedsecurity.net
15	3

This site contains links to these domains. Also see Links.

Domain
www.riskbasedsecurity.com
support.riskbasedsecurity.com
goo.gl
www.facebook.com
www.linkedin.com
twitter.com

Subject Issuer	Validity	Valid
riskbasedsecurity.net Amazon	`2022-03-19` - `2023-04-17`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sandworm.staging.riskbasedsecurity.net/users/sign_in
Frame ID: DE983D2CB9E9C706EB73E38DC233404D
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In | RBS Platform

Page URL History Show full URLs

http://sandworm.staging.riskbasedsecurity.net/ HTTP 301
https://sandworm.staging.riskbasedsecurity.net/ HTTP 301
https://sandworm.staging.riskbasedsecurity.net/home HTTP 302
https://sandworm.staging.riskbasedsecurity.net/users/sign_in Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

15
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

7275 kB
Transfer

7555 kB
Size

3
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.riskbasedsecurity.com/contactus
Title: Request a Demo

Search URL Search Domain Scan URL

URL: https://www.riskbasedsecurity.com/
Title: Visit our Website

Search URL Search Domain Scan URL

URL: https://www.riskbasedsecurity.com/events/
Title: Events and Speaking

Search URL Search Domain Scan URL

URL: https://www.riskbasedsecurity.com/press/
Title: Press

Search URL Search Domain Scan URL

URL: https://www.riskbasedsecurity.com/partners-integrations/
Title: Partners & Integrations

Search URL Search Domain Scan URL

URL: https://www.riskbasedsecurity.com/careers/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.riskbasedsecurity.com/researchadv/
Title: Research

Search URL Search Domain Scan URL

URL: https://www.riskbasedsecurity.com/researchadv/#reports
Title: Data Breach and Vulnerability Reports

Search URL Search Domain Scan URL

URL: https://www.riskbasedsecurity.com/mailing-list/
Title: Breach Exchange Mailing List

Search URL Search Domain Scan URL

URL: https://www.riskbasedsecurity.com/news/
Title: Read Our Latest Blog Posts

Search URL Search Domain Scan URL

URL: https://support.riskbasedsecurity.com/hc/en-us
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: https://goo.gl/maps/rxWBMNSDVabQZS3U6
Title: Risk Based Security 3308 W Clay St Richmond, VA 23230

Search URL Search Domain Scan URL

URL: https://www.facebook.com/riskbased/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/riskbased/

Search URL Search Domain Scan URL

URL: https://twitter.com/riskbased

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sandworm.staging.riskbasedsecurity.net/ HTTP 301
https://sandworm.staging.riskbasedsecurity.net/ HTTP 301
https://sandworm.staging.riskbasedsecurity.net/home HTTP 302
https://sandworm.staging.riskbasedsecurity.net/users/sign_in Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request sign_in Show response
sandworm.staging.riskbasedsecurity.net/users/
Redirect Chain

http://sandworm.staging.riskbasedsecurity.net/
https://sandworm.staging.riskbasedsecurity.net/
https://sandworm.staging.riskbasedsecurity.net/home
https://sandworm.staging.riskbasedsecurity.net/users/sign_in

49 KB
50 KB

30ms
30ms

Document
text/html

18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://sandworm.staging.riskbasedsecurity.net/users/sign_in

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-211-178-55.compute-1.amazonaws.com

Software

Resource Hash

b5a9c04df6baddfe46bf1ef9d773de2afe5e5e9d6022c38d867678921cdeb9aa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .riskbasedsecurity.com .riskbasedsecurity.net .sentry.io .openstreetmap.org .zendesk.com .zdassets.com unpkg.com s3.amazonaws.com www.googletagmanager.com www.google-analytics.com analytics.google.com;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: max-age=0, private, must-revalidate
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.riskbasedsecurity.com *.riskbasedsecurity.net *.sentry.io *.openstreetmap.org *.zendesk.com *.zdassets.com unpkg.com s3.amazonaws.com www.googletagmanager.com www.google-analytics.com analytics.google.com;
content-type: text/html; charset=utf-8
date: Thu, 21 Apr 2022 12:10:28 GMT
etag: W/"b5a9c04df6baddfe46bf1ef9d773de2a"
link: </assets/application-3c4e62df9d32755c87a620720f30d7f763cd21b2f529b17fd0376ae576bee525.css>; rel=preload; as=style; nopush,</packs/js/runtime~application-9b7b79b2b6ef77476489.js>; rel=preload; as=script; nopush,</packs/js/vendors~application~hello_react~sentry~server_rendering-03069bfc9d8bbb8e6386.chunk.js>; rel=preload; as=script; nopush,</packs/js/vendors~application~hello_react~server_rendering-3327b5c99cd1c273035d.chunk.js>; rel=preload; as=script; nopush,</packs/js/vendors~application~sentry~server_rendering-747502a44761a90beaaf.chunk.js>; rel=preload; as=script; nopush,</packs/js/vendors~application~server_rendering-ce48866842d5df22b66c.chunk.js>; rel=preload; as=script; nopush,</packs/js/vendors~application-b0a34ee40ee22fe7e481.chunk.js>; rel=preload; as=script; nopush,</packs/js/application~server_rendering-518c8c1eaca4b096454f.chunk.js>; rel=preload; as=script; nopush,</packs/js/application-e5ec3c363001587c3b92.chunk.js>; rel=preload; as=script; nopush
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000
vary: Origin
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: 9a7b272e-8ec4-48c4-92c7-876835735ab4
x-runtime: 0.009757
x-xss-protection: 0

Redirect headers

cache-control: no-cache
content-type: text/html; charset=utf-8
date: Thu, 21 Apr 2022 12:10:28 GMT
location: https://sandworm.staging.riskbasedsecurity.net/users/sign_in
vary: Origin
x-request-id: e3e82286-c0fa-407b-b710-cdf16d652247
x-runtime: 0.004333

GET
H2 200 application-3c4e62df9d32755c87a620720f30d7f763cd21b2f529b17fd0376ae576bee525.css
sandworm.staging.riskbasedsecurity.net/assets/ 221 KB
42 KB 13ms
12ms Stylesheet
text/css 18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sandworm.staging.riskbasedsecurity.net/assets/application-3c4e62df9d32755c87a620720f30d7f763cd21b2f529b17fd0376ae576bee525.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-178-55.compute-1.amazonaws.com
Software: /
Resource Hash: 12ae689ba946141a4aa4e7842c68add1a2853fb1033eee6cd4ea209025182ddb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sandworm.staging.riskbasedsecurity.net/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:28 GMT
content-encoding: gzip
last-modified: Tue, 19 Apr 2022 16:28:16 GMT
content-length: 42506
vary: Accept-Encoding, Origin
content-type: text/css

GET
H2 200 runtime~application-9b7b79b2b6ef77476489.js Show response
sandworm.staging.riskbasedsecurity.net/packs/js/ 2 KB
2 KB 11ms
10ms Script
application/javascript 18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sandworm.staging.riskbasedsecurity.net/packs/js/runtime~application-9b7b79b2b6ef77476489.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-178-55.compute-1.amazonaws.com
Software: /
Resource Hash: 36ce7bf227fc8567ee227c5f9b9aa069cfb3bc0dc94e5a4e91b75c27461d5961

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sandworm.staging.riskbasedsecurity.net/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:28 GMT
last-modified: Tue, 19 Apr 2022 16:30:42 GMT
content-length: 1588
vary: Origin
content-type: application/javascript

GET
H2 200 vendors~application~hello_react~sentry~server_rendering-03069bfc9d8bbb8e6386.chunk.js Show response
sandworm.staging.riskbasedsecurity.net/packs/js/ 24 KB
24 KB 22ms
20ms Script
application/javascript 18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sandworm.staging.riskbasedsecurity.net/packs/js/vendors~application~hello_react~sentry~server_rendering-03069bfc9d8bbb8e6386.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-178-55.compute-1.amazonaws.com
Software: /
Resource Hash: 0f1be8fb773fa2990d1c2e12af93642037fe1eded26f4baa0f55b5a4ad29fadb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sandworm.staging.riskbasedsecurity.net/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:28 GMT
last-modified: Tue, 19 Apr 2022 16:30:42 GMT
content-length: 24611
vary: Origin
content-type: application/javascript

GET
H2 200 vendors~application~hello_react~server_rendering-3327b5c99cd1c273035d.chunk.js Show response
sandworm.staging.riskbasedsecurity.net/packs/js/ 259 KB
260 KB 18ms
17ms Script
application/javascript 18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sandworm.staging.riskbasedsecurity.net/packs/js/vendors~application~hello_react~server_rendering-3327b5c99cd1c273035d.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-178-55.compute-1.amazonaws.com
Software: /
Resource Hash: 3782e3ee44a31359e0e9f134af1151ccd803f7bd123a4b3452a4e19f4ad4868f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sandworm.staging.riskbasedsecurity.net/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:28 GMT
last-modified: Tue, 19 Apr 2022 16:30:42 GMT
content-length: 265326
vary: Origin
content-type: application/javascript

GET
H2 200 vendors~application~sentry~server_rendering-747502a44761a90beaaf.chunk.js Show response
sandworm.staging.riskbasedsecurity.net/packs/js/ 148 KB
148 KB 21ms
20ms Script
application/javascript 18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sandworm.staging.riskbasedsecurity.net/packs/js/vendors~application~sentry~server_rendering-747502a44761a90beaaf.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-178-55.compute-1.amazonaws.com
Software: /
Resource Hash: e0de7fa6523e0810575e01e7288d005026a9c431939d1ef00742b64511ae6547

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sandworm.staging.riskbasedsecurity.net/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:28 GMT
last-modified: Tue, 19 Apr 2022 16:30:42 GMT
content-length: 151097
vary: Origin
content-type: application/javascript

GET
H2 200 vendors~application~server_rendering-ce48866842d5df22b66c.chunk.js Show response
sandworm.staging.riskbasedsecurity.net/packs/js/ 4 MB
4 MB 20ms
20ms Script
application/javascript 18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sandworm.staging.riskbasedsecurity.net/packs/js/vendors~application~server_rendering-ce48866842d5df22b66c.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-178-55.compute-1.amazonaws.com
Software: /
Resource Hash: 6f4838d776cfd7efe7fe223aac98d11312e4cf79a5570568c9df4ced4c8b3f4d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sandworm.staging.riskbasedsecurity.net/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:28 GMT
last-modified: Tue, 19 Apr 2022 16:30:42 GMT
content-length: 4009447
vary: Origin
content-type: application/javascript

GET
H2 200 vendors~application-b0a34ee40ee22fe7e481.chunk.js Show response
sandworm.staging.riskbasedsecurity.net/packs/js/ 30 KB
30 KB 94ms
94ms Script
application/javascript 18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sandworm.staging.riskbasedsecurity.net/packs/js/vendors~application-b0a34ee40ee22fe7e481.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-178-55.compute-1.amazonaws.com
Software: /
Resource Hash: db5c8b275d2b3014f2d5edcdda4028fe52c2635d78ed552ca4b626afdcb3ad60

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sandworm.staging.riskbasedsecurity.net/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:29 GMT
last-modified: Tue, 19 Apr 2022 16:30:42 GMT
content-length: 30987
vary: Origin
content-type: application/javascript

GET
H2 200 application~server_rendering-518c8c1eaca4b096454f.chunk.js Show response
sandworm.staging.riskbasedsecurity.net/packs/js/ 2 MB
2 MB 92ms
92ms Script
application/javascript 18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sandworm.staging.riskbasedsecurity.net/packs/js/application~server_rendering-518c8c1eaca4b096454f.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-178-55.compute-1.amazonaws.com
Software: /
Resource Hash: fa5c51ba74475c10825a47dae00c9c19eafae32a7645f22ff21da2932f3b72a4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sandworm.staging.riskbasedsecurity.net/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:29 GMT
last-modified: Tue, 19 Apr 2022 16:30:42 GMT
content-length: 1846720
vary: Origin
content-type: application/javascript

GET
H2 200 application-e5ec3c363001587c3b92.chunk.js Show response
sandworm.staging.riskbasedsecurity.net/packs/js/ 7 KB
7 KB 92ms
92ms Script
application/javascript 18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sandworm.staging.riskbasedsecurity.net/packs/js/application-e5ec3c363001587c3b92.chunk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-178-55.compute-1.amazonaws.com
Software: /
Resource Hash: 2035d311f643eee9a0190c9deb8bdb3329a1be44482b7434ddc2f03bc6246199

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sandworm.staging.riskbasedsecurity.net/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:29 GMT
last-modified: Tue, 19 Apr 2022 16:30:42 GMT
content-length: 6896
vary: Origin
content-type: application/javascript

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
66 KB 75ms
41ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-TJN6WFXWBF

Requested by

Host: sandworm.staging.riskbasedsecurity.net
URL: https://sandworm.staging.riskbasedsecurity.net/users/sign_in

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fdb54a9101090885b67eba464c977a43897ab0b4229846320a4dd87a358a16e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sandworm.staging.riskbasedsecurity.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:29 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67519
x-xss-protection: 0
expires: Thu, 21 Apr 2022 12:10:29 GMT

GET
H2 200 NotoSans-Bold-ea9ce50184ee8bdc3c382589761035c914830f23098e006348c831b5e93e7303.ttf
sandworm.staging.riskbasedsecurity.net/assets/ 306 KB
307 KB 14ms
12ms Font
application/octet-stream 18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sandworm.staging.riskbasedsecurity.net/assets/NotoSans-Bold-ea9ce50184ee8bdc3c382589761035c914830f23098e006348c831b5e93e7303.ttf
Requested by: Host: sandworm.staging.riskbasedsecurity.net
URL: https://sandworm.staging.riskbasedsecurity.net/assets/application-3c4e62df9d32755c87a620720f30d7f763cd21b2f529b17fd0376ae576bee525.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-178-55.compute-1.amazonaws.com
Software: /
Resource Hash: c6a598dd4930384a35990fa0c08b11381c6771c39256e51eb0a5a559a2223fd7

Request headers

Referer: https://sandworm.staging.riskbasedsecurity.net/assets/application-3c4e62df9d32755c87a620720f30d7f763cd21b2f529b17fd0376ae576bee525.css
Origin: https://sandworm.staging.riskbasedsecurity.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:29 GMT
last-modified: Tue, 19 Apr 2022 16:28:16 GMT
vary: Origin
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
content-type: application/octet-stream
access-control-allow-origin: https://sandworm.staging.riskbasedsecurity.net
access-control-max-age: 7200
content-length: 313792
access-control-expose-headers

GET
H2 200 NotoSans-Regular-050f092b0d8ecbba7fc7b302e1be19acdb266ca621d7590bdc04659e840660d7.ttf
sandworm.staging.riskbasedsecurity.net/assets/ 306 KB
306 KB 39ms
38ms Font
application/octet-stream 18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sandworm.staging.riskbasedsecurity.net/assets/NotoSans-Regular-050f092b0d8ecbba7fc7b302e1be19acdb266ca621d7590bdc04659e840660d7.ttf
Requested by: Host: sandworm.staging.riskbasedsecurity.net
URL: https://sandworm.staging.riskbasedsecurity.net/assets/application-3c4e62df9d32755c87a620720f30d7f763cd21b2f529b17fd0376ae576bee525.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-178-55.compute-1.amazonaws.com
Software: /
Resource Hash: c8cff31fcae0edc0e4ffd3628f36361dfc24d71cc5b9793e5ffad8e76e6f182b

Request headers

Referer: https://sandworm.staging.riskbasedsecurity.net/assets/application-3c4e62df9d32755c87a620720f30d7f763cd21b2f529b17fd0376ae576bee525.css
Origin: https://sandworm.staging.riskbasedsecurity.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:29 GMT
last-modified: Tue, 19 Apr 2022 16:28:16 GMT
vary: Origin
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
content-type: application/octet-stream
access-control-allow-origin: https://sandworm.staging.riskbasedsecurity.net
access-control-max-age: 7200
content-length: 313144
access-control-expose-headers

GET
H2 200 NotoSans-Medium-d8db4ab3b40f99e3c80ef8d5d9bd4b4521ec23f8d7e8bd5d7f912f5cb9673968.ttf
sandworm.staging.riskbasedsecurity.net/assets/ 306 KB
307 KB 15ms
14ms Font
application/octet-stream 18.211.178.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sandworm.staging.riskbasedsecurity.net/assets/NotoSans-Medium-d8db4ab3b40f99e3c80ef8d5d9bd4b4521ec23f8d7e8bd5d7f912f5cb9673968.ttf
Requested by: Host: sandworm.staging.riskbasedsecurity.net
URL: https://sandworm.staging.riskbasedsecurity.net/assets/application-3c4e62df9d32755c87a620720f30d7f763cd21b2f529b17fd0376ae576bee525.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.211.178.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-211-178-55.compute-1.amazonaws.com
Software: /
Resource Hash: a0cf3e73ac27bff9a4c22f2807c84e1eb3d0740134e84f5455b0a39c14a76e11

Request headers

Referer: https://sandworm.staging.riskbasedsecurity.net/assets/application-3c4e62df9d32755c87a620720f30d7f763cd21b2f529b17fd0376ae576bee525.css
Origin: https://sandworm.staging.riskbasedsecurity.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 21 Apr 2022 12:10:29 GMT
last-modified: Tue, 19 Apr 2022 16:28:16 GMT
vary: Origin
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
content-type: application/octet-stream
access-control-allow-origin: https://sandworm.staging.riskbasedsecurity.net
access-control-max-age: 7200
content-length: 313296
access-control-expose-headers

POST
H2 204 collect
analytics.google.com/g/ 0
363 B 36ms
18ms Ping
text/plain 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-TJN6WFXWBF&gtm=2oe4i1&_p=1719363956&_z=ccd.NbB&_gaz=1&cid=674664353.1650543030&ul=en-us&sr=1600x1200&_s=1&sid=1650543029&sct=1&seg=0&dl=https%3A%2F%2Fsandworm.staging.riskbasedsecurity.net%2Fusers%2Fsign_in&dt=Sign%20In%20%7C%20RBS%20Platform&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TJN6WFXWBF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://sandworm.staging.riskbasedsecurity.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Apr 2022 12:10:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://sandworm.staging.riskbasedsecurity.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sandworm.staging.riskbasedsecurity.net/	1969-12-31 23:59:59	Name: _sandworm_session Value: m%2B5zoQYoPm7h4IUZfWB8Y%2BQcZnzEWiq1plnbvNNKkosnQVdpxLy%2By7Baso42C25hg5hh20YGLHMPqmPGyILKv0LCj9AdoAVXzNJGnJntm7Q%2Fj7yVNtR3NBFRrGkrPnrfz05ulZSLr%2F22nToEbEePkR%2B%2FexJodZq5AiEI9Mzk8%2F6vyvqzhFpQsBhqWTxAUfCf3dGXVVHAdoCUsCJLf9Yyx8Sr6Cc%2BFgNK8hufoTpO%2BEVet8dn%2Fk0HV8C9bIF1vgSwxABpByZ64rI1YOzrkQP8yQen1nWryUgIGATReae5e6LgjwnSp4sdZ4xhMEv4QJ2PjdsrvqdanorG--h4Ly7o7%2BaITFQ%2Bz0--CcKu0WJhDwc0JKYSBYb9Zw%3D%3D
.riskbasedsecurity.net/	1970-01-20 20:00:15	Name: _ga_TJN6WFXWBF Value: GS1.1.1650543029.1.0.1650543029.60
.riskbasedsecurity.net/	1970-01-20 20:00:15	Name: _ga Value: GA1.1.674664353.1650543030

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-TJN6WFXWBF(Line 49) Message: Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-TJN6WFXWBF&cid=674664353.1650543030&gtm=2oe4i1&aip=1' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .riskbasedsecurity.com .riskbasedsecurity.net .sentry.io .openstreetmap.org .zendesk.com .zdassets.com unpkg.com s3.amazonaws.com www.googletagmanager.com www.google-analytics.com analytics.google.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: .riskbasedsecurity.com .riskbasedsecurity.net .sentry.io .openstreetmap.org .zendesk.com .zdassets.com unpkg.com s3.amazonaws.com www.googletagmanager.com www.google-analytics.com analytics.google.com;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
sandworm.staging.riskbasedsecurity.net
www.googletagmanager.com
18.211.178.55
2607:f8b0:4006:81e::200e
2607:f8b0:4006:822::2008
0f1be8fb773fa2990d1c2e12af93642037fe1eded26f4baa0f55b5a4ad29fadb
12ae689ba946141a4aa4e7842c68add1a2853fb1033eee6cd4ea209025182ddb
2035d311f643eee9a0190c9deb8bdb3329a1be44482b7434ddc2f03bc6246199
36ce7bf227fc8567ee227c5f9b9aa069cfb3bc0dc94e5a4e91b75c27461d5961
3782e3ee44a31359e0e9f134af1151ccd803f7bd123a4b3452a4e19f4ad4868f
6f4838d776cfd7efe7fe223aac98d11312e4cf79a5570568c9df4ced4c8b3f4d
a0cf3e73ac27bff9a4c22f2807c84e1eb3d0740134e84f5455b0a39c14a76e11
b5a9c04df6baddfe46bf1ef9d773de2afe5e5e9d6022c38d867678921cdeb9aa
c6a598dd4930384a35990fa0c08b11381c6771c39256e51eb0a5a559a2223fd7
c8cff31fcae0edc0e4ffd3628f36361dfc24d71cc5b9793e5ffad8e76e6f182b
db5c8b275d2b3014f2d5edcdda4028fe52c2635d78ed552ca4b626afdcb3ad60
e0de7fa6523e0810575e01e7288d005026a9c431939d1ef00742b64511ae6547
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fa5c51ba74475c10825a47dae00c9c19eafae32a7645f22ff21da2932f3b72a4
fdb54a9101090885b67eba464c977a43897ab0b4229846320a4dd87a358a16e9

sandworm.staging.riskbasedsecurity.net Open in urlscan Pro 18.211.178.55 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

7275 kBTransfer

7555 kBSize

3 Cookies

15 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

3 Cookies

1 Console Messages

Security Headers

Indicators

sandworm.staging.riskbasedsecurity.net Open in urlscan Pro
18.211.178.55 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

7275 kB
Transfer

7555 kB
Size

3
Cookies

15 HTTP transactions
0 data transactions