urlscan.io logo urlscan.io
SecurityTrails logo

post16-portal-service.gov.wales Open in urlscan Pro
20.90.9.9  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://post16-portal-service.gov.wales/
Effective URL: https://post16-portal-service.gov.wales/login
Submission: On July 04 via automatic, source certstream-suspicious — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 7 HTTP transactions. The main IP is 20.90.9.9, located in Cardiff, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is post16-portal-service.gov.wales.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on June 7th 2023. Valid for: a year.
This is the only time post16-portal-service.gov.wales was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 20.90.9.9 8075 (MICROSOFT...)
1 2606:2800:133... 15133 (EDGECAST)
1 1 18.134.183.188 16509 (AMAZON-02)
1 18.66.102.124 16509 (AMAZON-02)
2 20.50.88.245 8075 (MICROSOFT...)
7 5
4    20.90.9.9 (Cardiff, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
post16-portal-service.gov.wales
1    2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST, US)
az416426.vo.msecnd.net
1    18.134.183.188 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-134-183-188.eu-west-2.compute.amazonaws.com
gov.wales
1    18.66.102.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-124.fra56.r.cloudfront.net
www.gov.wales
2    20.50.88.245 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
dc.services.visualstudio.com
Apex Domain
Subdomains		 Transfer
6 gov.wales
post16-portal-service.gov.wales
gov.wales — Cisco Umbrella Rank: 221990
www.gov.wales — Cisco Umbrella Rank: 503486
103 KB
2 visualstudio.com
dc.services.visualstudio.com — Cisco Umbrella Rank: 563
201 B
1 msecnd.net
az416426.vo.msecnd.net — Cisco Umbrella Rank: 2932
47 KB
7 3
Domain Requested by
4 post16-portal-service.gov.wales 1 redirects post16-portal-service.gov.wales
2 dc.services.visualstudio.com az416426.vo.msecnd.net
1 www.gov.wales post16-portal-service.gov.wales
1 gov.wales 1 redirects
1 az416426.vo.msecnd.net post16-portal-service.gov.wales
7 5

This site contains links to these domains. Also see Links.

Domain
gov.wales
ico.org.uk
Subject Issuer Validity Valid
post16-portal.gov.wales
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-07 -
2024-07-07		 a year crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA		 2024-06-06 -
2025-06-06		 a year crt.sh
prod.ai.ingestion.msftcloudes.com
Microsoft Azure RSA TLS Issuing CA 04		 2024-06-25 -
2025-06-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://post16-portal-service.gov.wales/login
Frame ID: 8B08FF218EDFF659B504D0510EA774EA
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to the Welsh Government Education, Skills and Employment portal

Page URL History Show full URLs

  1. https://post16-portal-service.gov.wales/ HTTP 302
    https://post16-portal-service.gov.wales/login Page URL

Page Statistics

7
Requests

86 %
HTTPS

20 %
IPv6

3
Domains

5
Subdomains

5
IPs

3
Countries

150 kB
Transfer

233 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://post16-portal-service.gov.wales/ HTTP 302
    https://post16-portal-service.gov.wales/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://gov.wales/themes/custom/govwales/storage/smartsurvey/white_arrow_right.png HTTP 301
  • https://www.gov.wales/themes/custom/govwales/storage/smartsurvey/white_arrow_right.png

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
post16-portal-service.gov.wales/
Redirect Chain
  • https://post16-portal-service.gov.wales/
  • https://post16-portal-service.gov.wales/login
9 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://post16-portal-service.gov.wales/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.90.9.9 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c0ad601bef45f8fdfa718fdb21b6ef8a0b27731e7626101b99bc363f8a916c49
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Accept-Language
es-ES,es;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Content-Type
text/html; charset=utf-8
Date
Thu, 04 Jul 2024 07:03:42 GMT
Request-Context
appId=
Strict-Transport-Security
max-age=2592000
Transfer-Encoding
chunked

Redirect headers

Cache-control
no-store no-cache must-revalidate
Connection
Close
Content-Length
0
Location
/login
X-Content-Type-Options
nosniff
X-FRAME-OPTIONS
SAMEORIGIN
X-XSS-Protection
1; mode=block
gel2.min.css
post16-portal-service.gov.wales/content/ 		89 KB
89 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://post16-portal-service.gov.wales/content/gel2.min.css
Requested by
Host: post16-portal-service.gov.wales
URL: https://post16-portal-service.gov.wales/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.90.9.9 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ae55b4e7034c24096b79ecad6d63b93fa2e59ca13c4e01dc2601f8239331e294
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://post16-portal-service.gov.wales/login
Accept-Language
es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=2592000
Date
Thu, 04 Jul 2024 07:03:42 GMT
Last-Modified
Tue, 27 Apr 2021 09:38:22 GMT
ETag
"1d73b4910201fb3"
Transfer-Encoding
chunked
Content-Type
text/css
Accept-Ranges
bytes
Request-Context
appId=
ai.2.min.js
az416426.vo.msecnd.net/scripts/b/ 		120 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Requested by
Host: post16-portal-service.gov.wales
URL: https://post16-portal-service.gov.wales/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mdr/6756) /
Resource Hash
bde9be4cbe799089a419225f87c2a9986043f6c7cb55853aaadab7200713f136

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://post16-portal-service.gov.wales/
Accept-Language
es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 04 Jul 2024 07:03:44 GMT
content-encoding
gzip
x-ms-meta-lastmodified
2020-10-07 00:07:47
content-md5
MPOa5dHQWkOQRqdkBRC0hg==
age
395
x-cache
HIT
x-ms-meta-aijssdksrc
[cdn]/scripts/b/ai.2.8.18.min.js
content-length
48078
x-ms-lease-status
unlocked
last-modified
Wed, 20 Mar 2024 17:31:27 GMT
server
ECAcc (mdr/6756)
x-ms-meta-aijssdkver
2.8.18
etag
0x8DC490392FC747D
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
a7f69a53-c01e-005c-22df-cdaed5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800, immutable, no-transform
x-ms-version
2009-09-19
expires
Thu, 04 Jul 2024 07:33:44 GMT
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95e064e7e9115263a47a6c90d74d777730be457691a8d81ee5cae8c3dc68c60c

Request headers

Accept-Language
es-ES,es;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
white_arrow_right.png
www.gov.wales/themes/custom/govwales/storage/smartsurvey/
Redirect Chain
  • https://gov.wales/themes/custom/govwales/storage/smartsurvey/white_arrow_right.png
  • https://www.gov.wales/themes/custom/govwales/storage/smartsurvey/white_arrow_right.png
1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gov.wales/themes/custom/govwales/storage/smartsurvey/white_arrow_right.png
Requested by
Host: post16-portal-service.gov.wales
URL: https://post16-portal-service.gov.wales/content/gel2.min.css
Protocol
H2
Server
18.66.102.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-124.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
0076557a2b59f4e2531241e2e4479c2e0aab14dad1e9442e61e6bfc569cdf7f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
es-ES,es;q=0.9;q=0.9
Referer
https://post16-portal-service.gov.wales/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Jul 2024 07:03:44 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
last-modified
Tue, 19 Apr 2022 09:47:20 GMT
server
nginx
via
1.1 3a3c1dcacd115187f53f40028ae4bd24.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
"625e8528-4fe"
x-cache
Miss from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
1278
x-amz-cf-id
qsJfY56ezeBdbsTn-1swtbe4jadkljwF7Brxgf1fpqKPm1XJSpFA1Q==

Redirect headers

Location
https://www.gov.wales/themes/custom/govwales/storage/smartsurvey/white_arrow_right.png
Date
Thu, 04 Jul 2024 07:03:43 GMT
X-Content-Type-Options
nosniff
Server
nginx
Connection
keep-alive
Content-Length
162
Content-Type
text/html
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
969067833694312c26ce121f1c9d5c8dd7950de223c2fb91a7f3497118977d77

Request headers

Accept-Language
es-ES,es;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
favicon.ico
post16-portal-service.gov.wales/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://post16-portal-service.gov.wales/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.90.9.9 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
11b8f19b25cbe0652cd618e1f0bfbed3c376c83b0f9cef4c1d4e60444bddad5b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://post16-portal-service.gov.wales/login
Accept-Language
es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=2592000
Date
Thu, 04 Jul 2024 07:03:44 GMT
Last-Modified
Wed, 02 Mar 2022 13:24:16 GMT
ETag
"1d82e38d096847e"
Content-Type
image/x-icon
Accept-Ranges
bytes
Content-Length
1150
Request-Context
appId=
track
dc.services.visualstudio.com/v2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://post16-portal-service.gov.wales
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Thu, 04 Jul 2024 07:03:44 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
dc.services.visualstudio.com/v2/ 		96 B
201 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
3817c566eb03a0bdc15f69994aa2bf94883ce52f9091e47af711d3926fb20b16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
es-ES,es;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Sdk-Context
appId
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://post16-portal-service.gov.wales/
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Thu, 04 Jul 2024 07:03:44 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage string| method object| appInsights object| Microsoft object| __dynProto$Gbl

4 Cookies

Domain/Path Name / Value
.post16-portal-service.gov.wales/ Name: BNIS_AuthSuccessURL
Value: https://post16-portal-service.gov.wales/
.post16-portal-service.gov.wales/ Name: BNIS_AuthzInfo
Value:
post16-portal-service.gov.wales/ Name: ai_user
Value: sF9ferZ9oASKWwpQB1NQfL|2024-07-04T07:03:44.329Z
post16-portal-service.gov.wales/ Name: ai_session
Value: bIfuqOtjMJ+WEy5us+xMs2|1720076624534|1720076624534

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=2592000