162.13.99.118 Open in urlscan Pro
162.13.99.118 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://162.13.99.118/
Effective URL:
https://162.13.99.118/
Submission: On January 02 via manual (January 2nd 2019, 3:43:14 pm UTC) from GB

Summary HTTP 20 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 7 domains to perform 20 HTTP transactions. The main IP is 162.13.99.118, located in United Kingdom and belongs to RACKSPACE-LON, GB. The main domain is 162.13.99.118.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 6th 2018. Valid for: 3 months.

This is the only time 162.13.99.118 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 17	162.13.99.118 162.13.99.118	15395 (RACKSPACE...) (RACKSPACE-LON)
1	209.197.3.15 209.197.3.15	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1 2	2a04:4e42::144 2a04:4e42::144	54113 (FASTLY) (FASTLY - Fastly)
1 2	2a00:1450:400... 2a00:1450:4001:825::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:820::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
20	6

17 162.13.99.118 (United Kingdom) 1 redirects

ASN15395 (RACKSPACE-LON, GB)

162.13.99.118	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.197.3.15 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::144 (European Union) 1 redirects

ASN54113 (FASTLY - Fastly, US)

assets.digital.cabinet-office.gov.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.publishing.service.gov.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9a (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2004 (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	google-analytics.com 1 redirects www.google-analytics.com	17 KB
1	google.de www.google.de	109 B
1	google.com 1 redirects www.google.com	182 B
1	doubleclick.net 1 redirects stats.g.doubleclick.net	164 B
1	service.gov.uk assets.publishing.service.gov.uk	196 KB
1	cabinet-office.gov.uk 1 redirects assets.digital.cabinet-office.gov.uk	496 B
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	6 KB
20	7

	Domain	Requested by
2	www.google-analytics.com	1 redirects 162.13.99.118
1	www.google.de	162.13.99.118
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	assets.publishing.service.gov.uk	162.13.99.118
1	assets.digital.cabinet-office.gov.uk	1 redirects
1	maxcdn.bootstrapcdn.com	162.13.99.118
20	7

This site contains links to these domains. Also see Links.

Domain
www.nationalarchives.gov.uk

Subject Issuer	Validity	Valid
civilservicelearning.civilservice.gov.uk Let's Encrypt Authority X3	`2018-11-06` - `2019-02-04`	3 months	crt.sh
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA	`2018-10-03` - `2019-10-12`	a year	crt.sh
www.gov.uk GlobalSign Organization Validation CA - SHA256 - G2	`2018-10-04` - `2020-11-14`	2 years	crt.sh
*.google-analytics.com Google Internet Authority G3	`2018-12-04` - `2019-02-26`	3 months	crt.sh
www.google.de Google Internet Authority G3	`2018-12-04` - `2019-02-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://162.13.99.118/
Frame ID: 7DD21EBF79E3648506CB382B66A9EF53
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://162.13.99.118/ HTTP 302
https://162.13.99.118/ Page URL

Detected technologies

Drupal (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<(?:link|style)[^>]+sites\/(?:default|all)\/(?:themes|modules)\//i
meta generator /Drupal(?:\s([\d.]+))?/i
headers expires /19 Nov 1978/i
env /^Drupal$/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<(?:link|style)[^>]+sites\/(?:default|all)\/(?:themes|modules)\//i
meta generator /Drupal(?:\s([\d.]+))?/i
headers expires /19 Nov 1978/i
env /^Drupal$/i

CentOS (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /CentOS/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

SweetAlert (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^swal$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

20
Requests

20 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

6
IPs

4
Countries

910 kB
Transfer

1185 kB
Size

5
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
Title: Open Government Licence

Search URL Search Domain Scan URL

URL: http://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/copyright-and-re-use/crown-copyright/
Title: © Crown copyright

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://162.13.99.118/ HTTP 302
https://162.13.99.118/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://assets.digital.cabinet-office.gov.uk/static/fonts-5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745.css HTTP 301
https://assets.publishing.service.gov.uk/static/fonts-5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745.css

Request Chain 20

https://www.google-analytics.com/r/collect?v=1&_v=j72&a=1716492257&t=pageview&_s=1&dl=https%3A%2F%2F162.13.99.118%2F&ul=en-us&de=UTF-8&dt=Civil%20Service%20Learning&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=1718659661&gjid=1262282901&cid=845856038.1546443779&tid=UA-22141655-1&_gid=612554140.1546443779&_r=1&z=668414145 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-22141655-1&cid=845856038.1546443779&jid=1718659661&_gid=612554140.1546443779&gjid=1262282901&_v=j72&z=668414145 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-22141655-1&cid=845856038.1546443779&jid=1718659661&_v=j72&z=668414145 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-22141655-1&cid=845856038.1546443779&jid=1718659661&_v=j72&z=668414145&slf_rd=1&random=365036138

20 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
162.13.99.118/
Redirect Chain

http://162.13.99.118/
https://162.13.99.118/

15 KB
16 KB

447ms
385ms

Document
text/html

162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

972499f676904d77375d042f573fd526a1f1d012f2b2e2434689c8d3b81f2015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: 162.13.99.118
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:58 GMT
Server: Apache/2.4.6 (CentOS)
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-Content-Type-Options: nosniff
X-XRDS-Location: https://162.13.99.118/xrds
X-Yadis-Location: https://162.13.99.118/xrds
Content-Language: en
X-Generator: Drupal 7 (http://drupal.org)
Link: <https://162.13.99.118/>; rel="canonical",<https://162.13.99.118/>; rel="shortlink"
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Set-Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778;Path=/
X-USER-COUNT: 1109

Redirect headers

Location: https://162.13.99.118/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

GET
H/1.1 200
OK css_FBmovEFAeAN5HKSsKlqKLzYdtPHXklDYhKXkrfevttU.css
162.13.99.118/sites/default/files/css/ 18 KB
19 KB 39ms
22ms Stylesheet
text/css 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/sites/default/files/css/css_FBmovEFAeAN5HKSsKlqKLzYdtPHXklDYhKXkrfevttU.css

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

1419a8bc41407803791ca4ac2a5a8a2f361db4f1d79250d884a5e4adf7afb6d5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://162.13.99.118/
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:58 GMT
Last-Modified: Fri, 23 Nov 2018 09:35:21 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 18871
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:58 GMT

GET
H/1.1 200
OK css_AiGuUEttRreeWzxab89Sux4i7hZgpYYKrHnwE95Hf_M.css
162.13.99.118/sites/default/files/css/ 36 KB
36 KB 61ms
22ms Stylesheet
text/css 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/sites/default/files/css/css_AiGuUEttRreeWzxab89Sux4i7hZgpYYKrHnwE95Hf_M.css

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

0221ae504b6d46b79e5b3c5a6fcf52bb1e22ee1660a5860aac79f013de477ff3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://162.13.99.118/
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:58 GMT
Last-Modified: Fri, 23 Nov 2018 09:35:20 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 36368
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:58 GMT

GET
H/1.1 200
OK css_17uC8ihnfU1O3f_PEcbFuO0hiO06hHzkee1pIz1uDTE.css
162.13.99.118/sites/default/files/css/ 1 KB
2 KB 83ms
21ms Stylesheet
text/css 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/sites/default/files/css/css_17uC8ihnfU1O3f_PEcbFuO0hiO06hHzkee1pIz1uDTE.css

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

d7bb82f228677d4d4eddffcf11c6c5b8ed2188ed3a847ce479ed69233d6e0d31

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://162.13.99.118/
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Fri, 23 Nov 2018 09:35:20 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1530
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
H/1.1 200
OK css_ZWXGvREkXsZZtXFa0-yuCIKsy052y0lEMO2vWQkGdQA.css
162.13.99.118/sites/default/files/css/ 264 KB
264 KB 88ms
22ms Stylesheet
text/css 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/sites/default/files/css/css_ZWXGvREkXsZZtXFa0-yuCIKsy052y0lEMO2vWQkGdQA.css

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

6565c6bd11245ec659b5715ad3ecae0882accb4e76cb494430edaf5909067500

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://162.13.99.118/
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Fri, 23 Nov 2018 09:35:21 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 269998
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
H/1.1 200
OK js_FtgiaU_xGVlIwvwlJvI5wCaZiFfsDXKIdA6M0HAzSy8.js Show response
162.13.99.118/sites/default/files/js/ 129 KB
129 KB 93ms
25ms Script
application/javascript 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/sites/default/files/js/js_FtgiaU_xGVlIwvwlJvI5wCaZiFfsDXKIdA6M0HAzSy8.js

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

16d822694ff1195948c2fc2526f239c026998857ec0d7288740e8cd070334b2f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://162.13.99.118/
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Fri, 23 Nov 2018 09:35:24 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 132038
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
H/1.1 200
OK js_D9V9VLIQ5FPZlZfCZjpEGM7JiPYZkcIMyE6mOrdjB4g.js Show response
162.13.99.118/sites/default/files/js/ 27 KB
28 KB 98ms
25ms Script
application/javascript 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/sites/default/files/js/js_D9V9VLIQ5FPZlZfCZjpEGM7JiPYZkcIMyE6mOrdjB4g.js

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

0fd57d54b210e453d99597c2663a4418cec988f61991c20cc84ea63ab7630788

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://162.13.99.118/
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Fri, 23 Nov 2018 09:35:24 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 27785
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
H/1.1 200
OK js_el8I027IE_a-bZJD3yIisY-1Rd85mwMVyt3ltFixIvs.js Show response
162.13.99.118/sites/default/files/js/ 7 KB
7 KB 98ms
25ms Script
application/javascript 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/sites/default/files/js/js_el8I027IE_a-bZJD3yIisY-1Rd85mwMVyt3ltFixIvs.js

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

7a5f08d36ec813f6be6d9243df2222b18fb545df399b0315cadde5b458b122fb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://162.13.99.118/
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Fri, 23 Nov 2018 09:35:25 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 6835
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
H/1.1 200
OK js_d-cXlpLs19ekfQTGtzgyefC-rIZfOmD__Kx0bxb72xE.js Show response
162.13.99.118/sites/default/files/js/ 29 KB
30 KB 108ms
28ms Script
application/javascript 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/sites/default/files/js/js_d-cXlpLs19ekfQTGtzgyefC-rIZfOmD__Kx0bxb72xE.js

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

77e7179692ecd7d7a47d04c6b7383279f0beac865f3a60fffcac746f16fbdb11

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://162.13.99.118/
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Fri, 23 Nov 2018 09:35:26 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 30194
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
H/1.1 200
OK js_i-ubC2n1_GFyJajKuLbSvctXN2U-Dyh0tMVwv4WiCcE.js Show response
162.13.99.118/sites/default/files/js/ 71 KB
71 KB 103ms
21ms Script
application/javascript 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/sites/default/files/js/js_i-ubC2n1_GFyJajKuLbSvctXN2U-Dyh0tMVwv4WiCcE.js

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

8beb9b0b69f5fc617225a8cab8b6d2bdcb5737653e0f2874b4c570bf85a209c1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://162.13.99.118/
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Fri, 23 Nov 2018 09:35:26 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 72300
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
H/1.1 200
OK js_CwP66t6LdsqLgaXhhlSqVekMekJtInqRpmnECh57PGw.js Show response
162.13.99.118/sites/default/files/js/ 67 KB
67 KB 145ms
25ms Script
application/javascript 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/sites/default/files/js/js_CwP66t6LdsqLgaXhhlSqVekMekJtInqRpmnECh57PGw.js

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

0b03faeade8b76ca8b81a5e18654aa55e90c7a426d227a91a669c40a1e7b3c6c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://162.13.99.118/
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Fri, 23 Nov 2018 09:35:21 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 68386
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
H/1.1 200
OK js_a7gvnDFj8MytSirq8He8XUMaosfe13h3QN5_FPsT93c.js Show response
162.13.99.118/sites/default/files/js/ 6 KB
7 KB 144ms
21ms Script
application/javascript 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/sites/default/files/js/js_a7gvnDFj8MytSirq8He8XUMaosfe13h3QN5_FPsT93c.js

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

6bb82f9c3163f0ccad4a2aeaf077bc5d431aa2c7ded7787740de7f14fb13f777

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://162.13.99.118/
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Fri, 23 Nov 2018 09:35:25 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 6569
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 27 KB
6 KB 20ms
19ms Stylesheet
text/css 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Requested by: Host: 162.13.99.118
URL: https://162.13.99.118/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Request headers

Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 02 Jan 2019 15:42:58 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:35:19 GMT
access-control-allow-origin: *
etag: "1544639719"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 6241

GET
H/1.1

200
OK

fonts-5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745.css
assets.publishing.service.gov.uk/static/
Redirect Chain

https://assets.digital.cabinet-office.gov.uk/static/fonts-5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745.css
https://assets.publishing.service.gov.uk/static/fonts-5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745.css

267 KB
196 KB

59ms
21ms

Stylesheet
text/css

2a04:4e42::144
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.publishing.service.gov.uk/static/fonts-5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745.css

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::144 , European Union, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Age: 544922
X-Cache: HIT
Date: Wed, 02 Jan 2019 15:42:59 GMT
X-Cache-Hits: 1
Connection: keep-alive
Content-Length: 199895
Via: 1.1 varnish
X-Served-By: cache-fra19138-FRA
Last-Modified: Tue, 29 Sep 2015 11:47:26 GMT
Server: nginx
Fastly-Backend-Name: origin
ETag: "560a7a4e-30cd7"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public, immutable
Accept-Ranges: bytes
X-Timer: S1546443779.092772,VS0,VE8
Access-Control-Allow-Headers: origin, authorization
Expires: Thu, 31 Dec 2037 23:55:55 GMT

Redirect headers

Strict-Transport-Security: max-age=31536000
Via: 1.1 varnish
Server: nginx
Age: 0
Date: Wed, 02 Jan 2019 15:42:59 GMT
X-Cache: MISS
Location: https://assets.publishing.service.gov.uk/static/fonts-5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745.css
Cache-Control: public, max-age=3600
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
X-Timer: S1546443779.992357,VS0,VE58
Content-Length: 0
X-Served-By: cache-fra19149-FRA

GET
H/1.1 200
OK js_l1pO2PrGnUptHCjXkWTy166d0cDWebEKBiXcCWo4n3U.js Show response
162.13.99.118/sites/default/files/js/ 7 KB
8 KB 155ms
27ms Script
application/javascript 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL

https://162.13.99.118/sites/default/files/js/js_l1pO2PrGnUptHCjXkWTy166d0cDWebEKBiXcCWo4n3U.js

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

975a4ed8fac69d4a6d1c28d79164f2d7ae9dd1c0d679b10a0625dc096a389f75

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://162.13.99.118/
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Fri, 23 Nov 2018 09:35:24 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 7309
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:825::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:825::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 05 Nov 2018 21:10:09 GMT
server: Golfe2
age: 3233
date: Wed, 02 Jan 2019 14:49:06 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 17404
expires: Wed, 02 Jan 2019 16:49:06 GMT

GET
H/1.1 200
OK org_crest_33px_white.png
162.13.99.118/sites/all/themes/cslportalbootstrap/images/ 2 KB
3 KB 24ms
23ms Image
image/png 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://162.13.99.118/sites/all/themes/cslportalbootstrap/images/org_crest_33px_white.png

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

e23d683738907d5f08cd9b1534720cea345343b7b9695fee54ad456328e734a8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://162.13.99.118/sites/default/files/css/css_ZWXGvREkXsZZtXFa0-yuCIKsy052y0lEMO2vWQkGdQA.css
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778; has_js=1
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/sites/default/files/css/css_ZWXGvREkXsZZtXFa0-yuCIKsy052y0lEMO2vWQkGdQA.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Thu, 16 Jun 2016 13:42:04 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2506
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
H/1.1 200
OK open-government-licence.png
162.13.99.118/sites/all/themes/cslportalbootstrap/images/ 761 B
1 KB 26ms
26ms Image
image/png 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://162.13.99.118/sites/all/themes/cslportalbootstrap/images/open-government-licence.png

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://162.13.99.118/sites/default/files/css/css_ZWXGvREkXsZZtXFa0-yuCIKsy052y0lEMO2vWQkGdQA.css
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778; has_js=1
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/sites/default/files/css/css_ZWXGvREkXsZZtXFa0-yuCIKsy052y0lEMO2vWQkGdQA.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Thu, 16 Jun 2016 13:42:04 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 761
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
H/1.1 200
OK govuk-crest.png
162.13.99.118/sites/all/themes/cslportalbootstrap/images/ 4 KB
4 KB 25ms
25ms Image
image/png 162.13.99.118
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://162.13.99.118/sites/all/themes/cslportalbootstrap/images/govuk-crest.png

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

162.13.99.118 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),

Reverse DNS

Software

Apache/2.4.6 (CentOS) /

Resource Hash

bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: 162.13.99.118
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://162.13.99.118/sites/default/files/css/css_ZWXGvREkXsZZtXFa0-yuCIKsy052y0lEMO2vWQkGdQA.css
Cookie: b1P=784dc79e6ef5e0be45e76b5d3386e801_1546443778; has_js=1
Connection: keep-alive
Cache-Control: no-cache
Referer: https://162.13.99.118/sites/default/files/css/css_ZWXGvREkXsZZtXFa0-yuCIKsy052y0lEMO2vWQkGdQA.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 02 Jan 2019 15:42:59 GMT
Last-Modified: Thu, 16 Jun 2016 13:42:04 GMT
Server: Apache/2.4.6 (CentOS)
X-USER-COUNT: 1109
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=1209600
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3584
X-XSS-Protection: 1; mode=block
Expires: Wed, 16 Jan 2019 15:42:59 GMT

GET
DATA 200
OK truncated
/ 94 KB
0 Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin: https://162.13.99.118

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 71 KB
0 Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin: https://162.13.99.118

Response headers

Content-Type: application/font-woff

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j72&a=1716492257&t=pageview&_s=1&dl=https%3A%2F%2F162.13.99.118%2F&ul=en-us&de=UTF-8&dt=Civil%20Service%20Learning&sd=24-bit&sr=1600x1200&vp=1585x1...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-22141655-1&cid=845856038.1546443779&jid=1718659661&_gid=612554140.1546443779&gjid=1262282901&_v=j72&z=668414145
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-22141655-1&cid=845856038.1546443779&jid=1718659661&_v=j72&z=668414145
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-22141655-1&cid=845856038.1546443779&jid=1718659661&_v=j72&z=668414145&slf_rd=1&random=365036138

42 B
109 B

16ms
16ms

Image
image/gif

2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-22141655-1&cid=845856038.1546443779&jid=1718659661&_v=j72&z=668414145&slf_rd=1&random=365036138

Requested by

Host: 162.13.99.118
URL: https://162.13.99.118/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://162.13.99.118/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Jan 2019 15:42:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 02 Jan 2019 15:42:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-22141655-1&cid=845856038.1546443779&jid=1718659661&_v=j72&z=668414145&slf_rd=1&random=365036138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
162.13.99.118/	1970-01-18 21:34:03	Name: _gat Value: 1
162.13.99.118/	1970-01-19 15:05:15	Name: _ga Value: GA1.1.845856038.1546443779
162.13.99.118/	1969-12-31 23:59:59	Name: has_js Value: 1
162.13.99.118/	1970-01-18 21:35:30	Name: _gid Value: GA1.1.612554140.1546443779
162.13.99.118/	1969-12-31 23:59:59	Name: b1P Value: 784dc79e6ef5e0be45e76b5d3386e801_1546443778

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.digital.cabinet-office.gov.uk
assets.publishing.service.gov.uk
maxcdn.bootstrapcdn.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
162.13.99.118
209.197.3.15
2a00:1450:4001:81d::2003
2a00:1450:4001:820::2004
2a00:1450:4001:825::200e
2a00:1450:400c:c08::9a
2a04:4e42::144
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
0221ae504b6d46b79e5b3c5a6fcf52bb1e22ee1660a5860aac79f013de477ff3
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
0b03faeade8b76ca8b81a5e18654aa55e90c7a426d227a91a669c40a1e7b3c6c
0fd57d54b210e453d99597c2663a4418cec988f61991c20cc84ea63ab7630788
1419a8bc41407803791ca4ac2a5a8a2f361db4f1d79250d884a5e4adf7afb6d5
16d822694ff1195948c2fc2526f239c026998857ec0d7288740e8cd070334b2f
5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745
6565c6bd11245ec659b5715ad3ecae0882accb4e76cb494430edaf5909067500
6bb82f9c3163f0ccad4a2aeaf077bc5d431aa2c7ded7787740de7f14fb13f777
77e7179692ecd7d7a47d04c6b7383279f0beac865f3a60fffcac746f16fbdb11
7a5f08d36ec813f6be6d9243df2222b18fb545df399b0315cadde5b458b122fb
8beb9b0b69f5fc617225a8cab8b6d2bdcb5737653e0f2874b4c570bf85a209c1
972499f676904d77375d042f573fd526a1f1d012f2b2e2434689c8d3b81f2015
975a4ed8fac69d4a6d1c28d79164f2d7ae9dd1c0d679b10a0625dc096a389f75
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
d7bb82f228677d4d4eddffcf11c6c5b8ed2188ed3a847ce479ed69233d6e0d31
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
e23d683738907d5f08cd9b1534720cea345343b7b9695fee54ad456328e734a8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

162.13.99.118 Open in urlscan Pro 162.13.99.118 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

20 %HTTPS

71 %IPv6

7 Domains

7 Subdomains

6 IPs

4 Countries

910 kBTransfer

1185 kBSize

5 Cookies

2 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

19 JavaScript Global Variables

5 Cookies

Security Headers

Indicators

162.13.99.118 Open in urlscan Pro
162.13.99.118 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

20 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

6
IPs

4
Countries

910 kB
Transfer

1185 kB
Size

5
Cookies

20 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!