162.13.99.118
Open in
urlscan Pro
162.13.99.118
Malicious Activity!
Public Scan
Effective URL: https://162.13.99.118/
Submission: On January 02 via manual from GB
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 6th 2018. Valid for: 3 months.
This is the only time 162.13.99.118 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 17 | 162.13.99.118 162.13.99.118 | 15395 (RACKSPACE...) (RACKSPACE-LON) | |
1 | 209.197.3.15 209.197.3.15 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
1 2 | 2a04:4e42::144 2a04:4e42::144 | 54113 (FASTLY) (FASTLY - Fastly) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:825::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 1 | 2a00:1450:400... 2a00:1450:400c:c08::9a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:820::2004 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:81d::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
20 | 6 |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net
maxcdn.bootstrapcdn.com |
ASN54113 (FASTLY - Fastly, US)
assets.digital.cabinet-office.gov.uk | |
assets.publishing.service.gov.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
google-analytics.com
1 redirects
www.google-analytics.com |
17 KB |
1 |
google.de
www.google.de |
109 B |
1 |
google.com
1 redirects
www.google.com |
182 B |
1 |
doubleclick.net
1 redirects
stats.g.doubleclick.net |
164 B |
1 |
service.gov.uk
assets.publishing.service.gov.uk |
196 KB |
1 |
cabinet-office.gov.uk
1 redirects
assets.digital.cabinet-office.gov.uk |
496 B |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
6 KB |
20 | 7 |
Domain | Requested by | |
---|---|---|
2 | www.google-analytics.com |
1 redirects
162.13.99.118
|
1 | www.google.de |
162.13.99.118
|
1 | www.google.com | 1 redirects |
1 | stats.g.doubleclick.net | 1 redirects |
1 | assets.publishing.service.gov.uk |
162.13.99.118
|
1 | assets.digital.cabinet-office.gov.uk | 1 redirects |
1 | maxcdn.bootstrapcdn.com |
162.13.99.118
|
20 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.nationalarchives.gov.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
civilservicelearning.civilservice.gov.uk Let's Encrypt Authority X3 |
2018-11-06 - 2019-02-04 |
3 months | crt.sh |
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA |
2018-10-03 - 2019-10-12 |
a year | crt.sh |
www.gov.uk GlobalSign Organization Validation CA - SHA256 - G2 |
2018-10-04 - 2020-11-14 |
2 years | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2018-12-04 - 2019-02-26 |
3 months | crt.sh |
www.google.de Google Internet Authority G3 |
2018-12-04 - 2019-02-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://162.13.99.118/
Frame ID: 7DD21EBF79E3648506CB382B66A9EF53
Requests: 22 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://162.13.99.118/
HTTP 302
https://162.13.99.118/ Page URL
Detected technologies
Drupal (CMS) ExpandDetected patterns
- html /<(?:link|style)[^>]+sites\/(?:default|all)\/(?:themes|modules)\//i
- meta generator /Drupal(?:\s([\d.]+))?/i
- headers expires /19 Nov 1978/i
- env /^Drupal$/i
PHP (Programming Languages) Expand
Detected patterns
- html /<(?:link|style)[^>]+sites\/(?:default|all)\/(?:themes|modules)\//i
- meta generator /Drupal(?:\s([\d.]+))?/i
- headers expires /19 Nov 1978/i
- env /^Drupal$/i
CentOS (Operating Systems) Expand
Detected patterns
- headers server /CentOS/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
SweetAlert (JavaScript Libraries) Expand
Detected patterns
- env /^swal$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Open Government Licence
Search URL Search Domain Scan URL
Title: © Crown copyright
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://162.13.99.118/
HTTP 302
https://162.13.99.118/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://assets.digital.cabinet-office.gov.uk/static/fonts-5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745.css HTTP 301
- https://assets.publishing.service.gov.uk/static/fonts-5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745.css
- https://www.google-analytics.com/r/collect?v=1&_v=j72&a=1716492257&t=pageview&_s=1&dl=https%3A%2F%2F162.13.99.118%2F&ul=en-us&de=UTF-8&dt=Civil%20Service%20Learning&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=1718659661&gjid=1262282901&cid=845856038.1546443779&tid=UA-22141655-1&_gid=612554140.1546443779&_r=1&z=668414145 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-22141655-1&cid=845856038.1546443779&jid=1718659661&_gid=612554140.1546443779&gjid=1262282901&_v=j72&z=668414145 HTTP 302
- https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-22141655-1&cid=845856038.1546443779&jid=1718659661&_v=j72&z=668414145 HTTP 302
- https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-22141655-1&cid=845856038.1546443779&jid=1718659661&_v=j72&z=668414145&slf_rd=1&random=365036138
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
162.13.99.118/ Redirect Chain
|
15 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_FBmovEFAeAN5HKSsKlqKLzYdtPHXklDYhKXkrfevttU.css
162.13.99.118/sites/default/files/css/ |
18 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_AiGuUEttRreeWzxab89Sux4i7hZgpYYKrHnwE95Hf_M.css
162.13.99.118/sites/default/files/css/ |
36 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_17uC8ihnfU1O3f_PEcbFuO0hiO06hHzkee1pIz1uDTE.css
162.13.99.118/sites/default/files/css/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_ZWXGvREkXsZZtXFa0-yuCIKsy052y0lEMO2vWQkGdQA.css
162.13.99.118/sites/default/files/css/ |
264 KB 264 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_FtgiaU_xGVlIwvwlJvI5wCaZiFfsDXKIdA6M0HAzSy8.js
162.13.99.118/sites/default/files/js/ |
129 KB 129 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_D9V9VLIQ5FPZlZfCZjpEGM7JiPYZkcIMyE6mOrdjB4g.js
162.13.99.118/sites/default/files/js/ |
27 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_el8I027IE_a-bZJD3yIisY-1Rd85mwMVyt3ltFixIvs.js
162.13.99.118/sites/default/files/js/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_d-cXlpLs19ekfQTGtzgyefC-rIZfOmD__Kx0bxb72xE.js
162.13.99.118/sites/default/files/js/ |
29 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_i-ubC2n1_GFyJajKuLbSvctXN2U-Dyh0tMVwv4WiCcE.js
162.13.99.118/sites/default/files/js/ |
71 KB 71 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_CwP66t6LdsqLgaXhhlSqVekMekJtInqRpmnECh57PGw.js
162.13.99.118/sites/default/files/js/ |
67 KB 67 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_a7gvnDFj8MytSirq8He8XUMaosfe13h3QN5_FPsT93c.js
162.13.99.118/sites/default/files/js/ |
6 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fonts-5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745.css
assets.publishing.service.gov.uk/static/ Redirect Chain
|
267 KB 196 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_l1pO2PrGnUptHCjXkWTy166d0cDWebEKBiXcCWo4n3U.js
162.13.99.118/sites/default/files/js/ |
7 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
org_crest_33px_white.png
162.13.99.118/sites/all/themes/cslportalbootstrap/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
open-government-licence.png
162.13.99.118/sites/all/themes/cslportalbootstrap/images/ |
761 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
govuk-crest.png
162.13.99.118/sites/all/themes/cslportalbootstrap/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
94 KB 0 |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
71 KB 0 |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ Redirect Chain
|
42 B 109 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| Drupal undefined| $ function| jQuery string| GoogleAnalyticsObject function| ga undefined| renderSwal function| getElementContentHeight function| sweetAlertInitialize function| swal function| sweetAlert function| hexToRgb object| jQuery110201725360072241211 object| google_tag_data object| gaplugins object| gaGlobal object| gaData5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
162.13.99.118/ | Name: _gat Value: 1 |
|
162.13.99.118/ | Name: _ga Value: GA1.1.845856038.1546443779 |
|
162.13.99.118/ | Name: has_js Value: 1 |
|
162.13.99.118/ | Name: _gid Value: GA1.1.612554140.1546443779 |
|
162.13.99.118/ | Name: b1P Value: 784dc79e6ef5e0be45e76b5d3386e801_1546443778 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.digital.cabinet-office.gov.uk
assets.publishing.service.gov.uk
maxcdn.bootstrapcdn.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
162.13.99.118
209.197.3.15
2a00:1450:4001:81d::2003
2a00:1450:4001:820::2004
2a00:1450:4001:825::200e
2a00:1450:400c:c08::9a
2a04:4e42::144
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
0221ae504b6d46b79e5b3c5a6fcf52bb1e22ee1660a5860aac79f013de477ff3
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
0b03faeade8b76ca8b81a5e18654aa55e90c7a426d227a91a669c40a1e7b3c6c
0fd57d54b210e453d99597c2663a4418cec988f61991c20cc84ea63ab7630788
1419a8bc41407803791ca4ac2a5a8a2f361db4f1d79250d884a5e4adf7afb6d5
16d822694ff1195948c2fc2526f239c026998857ec0d7288740e8cd070334b2f
5ff8c53913434afd0072a480d7cfca67cace4c8d03f6ef96b78a4455728ce745
6565c6bd11245ec659b5715ad3ecae0882accb4e76cb494430edaf5909067500
6bb82f9c3163f0ccad4a2aeaf077bc5d431aa2c7ded7787740de7f14fb13f777
77e7179692ecd7d7a47d04c6b7383279f0beac865f3a60fffcac746f16fbdb11
7a5f08d36ec813f6be6d9243df2222b18fb545df399b0315cadde5b458b122fb
8beb9b0b69f5fc617225a8cab8b6d2bdcb5737653e0f2874b4c570bf85a209c1
972499f676904d77375d042f573fd526a1f1d012f2b2e2434689c8d3b81f2015
975a4ed8fac69d4a6d1c28d79164f2d7ae9dd1c0d679b10a0625dc096a389f75
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
d7bb82f228677d4d4eddffcf11c6c5b8ed2188ed3a847ce479ed69233d6e0d31
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
e23d683738907d5f08cd9b1534720cea345343b7b9695fee54ad456328e734a8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629