ventilator.herokuapp.com
Open in
urlscan Pro
52.49.203.214
Malicious Activity!
Public Scan
Submission: On March 20 via manual from PL
Summary
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on April 19th 2017. Valid for: 3 years.
This is the only time ventilator.herokuapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 52.49.203.214 52.49.203.214 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2600:9000:205... 2600:9000:2057:1200:1b:3d9:cc80:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 54.82.251.206 54.82.251.206 | 14618 (AMAZON-AES) (AMAZON-AES) | |
11 | 3 |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-203-214.eu-west-1.compute.amazonaws.com
ventilator.herokuapp.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-82-251-206.compute-1.amazonaws.com
img3.usefathom.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
herokuapp.com
ventilator.herokuapp.com |
1 MB |
2 |
usefathom.com
cdn.usefathom.com img3.usefathom.com |
2 KB |
11 | 2 |
Domain | Requested by | |
---|---|---|
9 | ventilator.herokuapp.com |
ventilator.herokuapp.com
|
1 | img3.usefathom.com |
ventilator.herokuapp.com
|
1 | cdn.usefathom.com |
ventilator.herokuapp.com
|
11 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.gov.uk |
www.nationalarchives.gov.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.herokuapp.com DigiCert SHA2 High Assurance Server CA |
2017-04-19 - 2020-06-22 |
3 years | crt.sh |
*.usefathom.com Amazon |
2020-01-16 - 2021-02-16 |
a year | crt.sh |
usefathom.com Amazon |
2019-08-14 - 2020-09-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ventilator.herokuapp.com/
Frame ID: D611C369AC9E29E8D8B4752CFDF7F17A
Requests: 11 HTTP requests in this frame
Screenshot
Detected technologies
Erlang (Programming Languages) ExpandDetected patterns
- headers server /^Cowboy$/i
Cowboy (Web Frameworks) Expand
Detected patterns
- headers server /^Cowboy$/i
TrackJs (Analytics) Expand
Detected patterns
- script /tracker\.js/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Home
Search URL Search Domain Scan URL
Title: Open Government Licence v3.0
Search URL Search Domain Scan URL
Title: © Crown copyright
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
ventilator.herokuapp.com/ |
78 KB 78 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application.css
ventilator.herokuapp.com/public/stylesheets/ |
600 KB 600 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.3.js
ventilator.herokuapp.com/public/javascripts/ |
278 KB 278 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.js
ventilator.herokuapp.com/extension-assets/govuk-frontend/govuk/ |
80 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application.js
ventilator.herokuapp.com/public/javascripts/ |
248 B 585 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
auto-store-data.js
ventilator.herokuapp.com/public/javascripts/ |
742 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
light-94a07e06a1-v2.woff2
ventilator.herokuapp.com/govuk/assets/fonts/ |
33 KB 33 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
govuk-crest.png
ventilator.herokuapp.com/govuk/assets/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bold-b542beb274-v2.woff2
ventilator.herokuapp.com/govuk/assets/fonts/ |
31 KB 31 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tracker.js
cdn.usefathom.com/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scooby
img3.usefathom.com/collector/ |
43 B 246 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| fathom function| $ function| jQuery object| GOVUKFrontend2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ventilator.herokuapp.com/ | Name: govuk-prototype-kit-56656e74696c61746f72204368616c6c656e6765205175657374696f6e73 Value: s%3AudxZlaSSKKMuZApaiFYj3DeUNLrYHxHm.eVGkLeFWyINW27%2Fage2q3VEeLaOjfSouvMDHtLC7K0A |
|
ventilator.herokuapp.com/ | Name: seen_cookie_message Value: yes |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.usefathom.com
img3.usefathom.com
ventilator.herokuapp.com
2600:9000:2057:1200:1b:3d9:cc80:93a1
52.49.203.214
54.82.251.206
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
08bd55d79b4be7bf8a0aff836120ff3a741084c09dbe850bf9eedd073c0b8b7d
158a2bd1aab87ad8afc55a153fe0dcd2c302f5300bd909517990a23c2e427c68
3b6f944997a9fdd21ac4254b95a963dd0182eececb1750e78a859a4de1ee0886
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
bcade9ca60febc64f361b92f505a4630f9769b0a15ffc596eeb582a8ed4996fd
c94808499128801fc15e6c213d07cdfbf428e4056b55c42322865def96b7e8f4
cd50ab8616f7c73f3f001fa0ef3b839277bba622e355b693ced19bdb4ae1ec1f
dae18fec9b6096b415595e580bcdf87c02c8b941d6e6340252d7f03f067c241d
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0