keungz.store Open in urlscan Pro
45.142.212.234 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://keungz.store/
Effective URL:
https://keungz.store/
Submission Tags: @ecarlesi threat phishing nhs Search All
Submission: On December 17 via api (December 17th 2023, 3:26:12 am UTC) from IT — Scanned from IT

Summary HTTP 10 Redirects Links 46 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 45.142.212.234, located in Chisinau, Moldova and belongs to STARK-INDUSTRIES, GB. The main domain is keungz.store.
TLS certificate: Issued by R3 on December 17th 2023. Valid for: 3 months.

This is the only time keungz.store was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NHS UK (Healthcare)

Domain & IP information

	IP Address	AS Autonomous System
1 6	45.142.212.234 45.142.212.234	44477 (STARK-IND...) (STARK-INDUSTRIES)
3	23.197.138.50 23.197.138.50	16625 (AKAMAI-AS) (AKAMAI-AS)
10	3

6 45.142.212.234 (Chisinau, Moldova) 1 redirects

ASN44477 (STARK-INDUSTRIES, GB)
PTR: vm1919143.stark-industries.solutions

keungz.store	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.197.138.50 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-138-50.deploy.static.akamaitechnologies.com

assets.nhs.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.nhs.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	keungz.store 1 redirects keungz.store	103 KB
2	assets.nhs.uk assets.nhs.uk — Cisco Umbrella Rank: 51416	35 KB
1	www.nhs.uk www.nhs.uk — Cisco Umbrella Rank: 53472
10	3

	Domain	Requested by
6	keungz.store	1 redirects keungz.store
2	assets.nhs.uk	keungz.store
1	www.nhs.uk	keungz.store
10	3

This site contains links to these domains. Also see Links.

Domain
www.nhs.uk

Subject Issuer	Validity	Valid
keungz.store R3	`2023-12-17` - `2024-03-16`	3 months	crt.sh
www.nhs.uk DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://keungz.store/
Frame ID: BE3DA12C139EA054E168282AAA030B50
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

8 tips for healthy eating - NHS

Page URL History Show full URLs

http://keungz.store/ HTTP 301
https://keungz.store/ Page URL

Page Statistics

10
Requests

80 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

137 kB
Transfer

497 kB
Size

1
Cookies

46 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nhs.uk/our-policies/cookies-policy/
Title: read more about our cookies

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/nhs-app/account/
Title: My account

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/conditions/
Title: Health A-Z

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/nhs-services/
Title: NHS services

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/
Title: Live Well

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/mental-health/
Title: Mental health

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/conditions/social-care-and-support-guide/
Title: Care and support

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/pregnancy/
Title: Pregnancy

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/
Title: Eat well

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/how-to-eat-a-balanced-diet/
Title: How to eat a balanced diet

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/food-types/starchy-foods-and-carbohydrates/
Title: Starchy carbohydrates

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/5-a-day/
Title: 5 A Day

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/conditions/vitamins-and-minerals/
Title: vitamins and minerals

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/food-types/fish-and-shellfish-nutrition/
Title: Find out more about fish and shellfish

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/how-to-eat-a-balanced-diet/eat-less-saturated-fat/
Title: eat less saturated fat

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/food-types/how-does-sugar-in-our-diet-affect-our-health/
Title: sugar

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/conditions/obesity/
Title: obesity

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/conditions/tooth-decay/
Title: tooth decay

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/food-guidelines-and-food-labels/how-to-read-food-labels/
Title: Food labels

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/how-to-eat-a-balanced-diet/how-to-cut-down-on-sugar-in-your-diet/
Title: Find out how to cut down on sugar in your diet

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/conditions/high-blood-pressure-hypertension/
Title: high blood pressure

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/how-to-eat-a-balanced-diet/tips-for-a-lower-salt-diet/
Title: Get tips for a lower salt diet

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/exercise/exercise-health-benefits/
Title: benefits of exercise

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/exercise/exercise-guidelines/physical-activity-guidelines-for-adults-aged-19-to-64/
Title: physical activity guidelines for adults

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/healthy-weight/bmi-calculator/
Title: BMI healthy weight calculator

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/better-health/lose-weight/
Title: Lose weight with the NHS weight loss plan

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/healthy-weight/managing-your-weight/healthy-ways-to-gain-weight/
Title: underweight adults

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/food-guidelines-and-food-labels/the-eatwell-guide/
Title: Eatwell Guide

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/how-to-eat-a-balanced-diet/eating-a-balanced-diet/
Title: eating a balanced diet

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/healthy-weight/managing-your-weight/understanding-calories/
Title: understanding calories

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/how-to-eat-a-balanced-diet/the-vegan-diet/
Title: The vegan diet

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/how-to-eat-a-balanced-diet/the-vegetarian-diet/
Title: The vegetarian diet

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/eat-well/how-to-eat-a-balanced-diet/what-are-processed-foods/
Title: Eating processed foods

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/conditions/coronavirus-covid-19/
Title: Coronavirus (COVID-19)

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/nhs-app/
Title: NHS App

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/nhs-services/online-services/find-nhs-number/
Title: Find my NHS number

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/nhs-services/gps/view-your-gp-health-record/
Title: View your GP health record

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/using-the-nhs/about-the-nhs/
Title: About the NHS

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/using-the-nhs/healthcare-abroad/apply-for-a-free-uk-global-health-insurance-card-ghic/
Title: Healthcare abroad

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/contact-us/
Title: Contact us

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/nhs-sites/
Title: Other NHS websites

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/our-policies/profile-editor-login/
Title: Profile editor login

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/about-us/
Title: About us

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/accessibility-statement/
Title: Accessibility statement

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/our-policies/
Title: Our policies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://keungz.store/ HTTP 301
https://keungz.store/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
keungz.store/
Redirect Chain

http://keungz.store/
https://keungz.store/

53 KB
12 KB

193ms
66ms

Document
text/html

45.142.212.234
STARK-INDUSTRIES

General

Check archive.org

Show headers Download Go to

Full URL: https://keungz.store/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.142.212.234 Chisinau, Moldova, ASN44477 (STARK-INDUSTRIES, GB),
Reverse DNS: vm1919143.stark-industries.solutions
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: 8a69b0bb521ca0d8791c4c67530cb1b4d216e931eb2e31de9918e03720f2e180

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 12446
Content-Type: text/html
Date: Sun, 17 Dec 2023 03:26:07 GMT
ETag: "d5fa-60caa82e0ff54-gzip"
Keep-Alive: timeout=5, max=100
Last-Modified: Sun, 17 Dec 2023 01:25:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 307
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 17 Dec 2023 03:26:07 GMT
Keep-Alive: timeout=5, max=100
Location: https://keungz.store/
Server: Apache/2.4.52 (Ubuntu)

GET
H2 200 FrutigerLTW01-55Roman.woff2
assets.nhs.uk/fonts/ 17 KB
17 KB 192ms
58ms Font
application/octet-stream 23.197.138.50
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.nhs.uk/fonts/FrutigerLTW01-55Roman.woff2

Requested by

Host: keungz.store
URL: https://keungz.store/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.138.50 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-138-50.deploy.static.akamaitechnologies.com

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

886f640d4cb31c0114351f25e5eeba98b79e7ae405fcc2ca50aac6ed79ff8995

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://keungz.store/
Origin: https://keungz.store
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 17 Dec 2023 03:26:08 GMT
strict-transport-security: max-age=63072000
content-md5: lRIDEWIJgHewKikdW/afDg==
content-length: 17284
x-ms-lease-status: unlocked
last-modified: Tue, 09 Apr 2019 10:17:13 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D6BCD488B0257A
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: 73e5b240-601e-0060-3de5-71ed67000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=2628288
x-ms-version: 2009-09-19
expires: Tue, 16 Jan 2024 13:30:56 GMT

GET
H2 200 FrutigerLTW01-65Bold.woff2
assets.nhs.uk/fonts/ 17 KB
17 KB 174ms
40ms Font
application/octet-stream 23.197.138.50
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.nhs.uk/fonts/FrutigerLTW01-65Bold.woff2

Requested by

Host: keungz.store
URL: https://keungz.store/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.138.50 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-138-50.deploy.static.akamaitechnologies.com

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

d7a61b8131c25f4f7949162fcf342c8ba52b0257756aaacf23aa948f0403c842

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://keungz.store/
Origin: https://keungz.store
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 17 Dec 2023 03:26:08 GMT
strict-transport-security: max-age=63072000
content-md5: OPdl6/MQFVFaVJuAqOKjeg==
content-length: 17216
x-ms-lease-status: unlocked
last-modified: Tue, 09 Apr 2019 10:17:14 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D6BCD48962A5B8
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: 80dbecb9-701e-005d-4547-ce5841000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=2628288
x-ms-version: 2009-09-19
x-datastream-cache-status: 1
expires: Tue, 16 Jan 2024 13:30:56 GMT

GET
H/1.1 200
OK main.483ebeb3425e.css
keungz.store/8%20tips%20for%20healthy%20eating%20-%20NHS_files/ 226 KB
31 KB 106ms
73ms Stylesheet
text/css 45.142.212.234
STARK-INDUSTRIES

General

Check archive.org

Show headers Download Go to

Full URL: https://keungz.store/8%20tips%20for%20healthy%20eating%20-%20NHS_files/main.483ebeb3425e.css
Requested by: Host: keungz.store
URL: https://keungz.store/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.142.212.234 Chisinau, Moldova, ASN44477 (STARK-INDUSTRIES, GB),
Reverse DNS: vm1919143.stark-industries.solutions
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: 89f98a39be95eb365f7dfa02ea591cfa4bb679b87931969a815e1a54e65c45e7

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://keungz.store/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 03:26:07 GMT
Content-Encoding: gzip
Last-Modified: Sun, 17 Dec 2023 01:25:51 GMT
Server: Apache/2.4.52 (Ubuntu)
ETag: "38951-60caa8390d63d-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 31126

GET
H/1.1 200
OK main.5d922234f8af.js Show response
keungz.store/8%20tips%20for%20healthy%20eating%20-%20NHS_files/ 75 KB
23 KB 68ms
67ms Script
text/javascript 45.142.212.234
STARK-INDUSTRIES

General

Check archive.org

Show headers Download Go to

Full URL: https://keungz.store/8%20tips%20for%20healthy%20eating%20-%20NHS_files/main.5d922234f8af.js
Requested by: Host: keungz.store
URL: https://keungz.store/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.142.212.234 Chisinau, Moldova, ASN44477 (STARK-INDUSTRIES, GB),
Reverse DNS: vm1919143.stark-industries.solutions
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: 2282f90780c5ff5b796c1a88d3f550483b2f0780fe3e5d671f9019cae70fd7c3

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://keungz.store/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 03:26:08 GMT
Content-Encoding: gzip
Last-Modified: Sun, 17 Dec 2023 01:25:48 GMT
Server: Apache/2.4.52 (Ubuntu)
ETag: "12d90-60caa83686ea7-gzip"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 23296

GET
H/1.1 200
OK cookie-consent.js Show response
keungz.store/8%20tips%20for%20healthy%20eating%20-%20NHS_files/ 105 KB
34 KB 90ms
72ms Script
text/javascript 45.142.212.234
STARK-INDUSTRIES

General

Check archive.org

Show headers Download Go to

Full URL: https://keungz.store/8%20tips%20for%20healthy%20eating%20-%20NHS_files/cookie-consent.js
Requested by: Host: keungz.store
URL: https://keungz.store/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.142.212.234 Chisinau, Moldova, ASN44477 (STARK-INDUSTRIES, GB),
Reverse DNS: vm1919143.stark-industries.solutions
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: 64e70bc34a11a62fb7fddd40dad684178474c4888bee50ed042305c6d9c04f0b

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://keungz.store/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 03:26:08 GMT
Content-Encoding: gzip
Last-Modified: Sun, 17 Dec 2023 01:25:47 GMT
Server: Apache/2.4.52 (Ubuntu)
ETag: "1a42e-60caa83590d37-gzip"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 34785

GET
H/1.1 200
OK login.js Show response
keungz.store/8%20tips%20for%20healthy%20eating%20-%20NHS_files/ 3 KB
2 KB 168ms
67ms Script
text/javascript 45.142.212.234
STARK-INDUSTRIES

General

Check archive.org

Show headers Download Go to

Full URL: https://keungz.store/8%20tips%20for%20healthy%20eating%20-%20NHS_files/login.js
Requested by: Host: keungz.store
URL: https://keungz.store/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.142.212.234 Chisinau, Moldova, ASN44477 (STARK-INDUSTRIES, GB),
Reverse DNS: vm1919143.stark-industries.solutions
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: 05ce4d18c096e5f89940ada97c05fcee34c1887cc023271e8e18628eac797d92

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://keungz.store/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Sun, 17 Dec 2023 03:26:08 GMT
Content-Encoding: gzip
Last-Modified: Sun, 17 Dec 2023 01:25:44 GMT
Server: Apache/2.4.52 (Ubuntu)
ETag: "cd0-60caa831ed334-gzip"
Vary: Accept-Encoding
Content-Type: text/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1504

GET
DATA 200
OK truncated
/ 296 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453c06b657dfde66cb3a88a952795b75884a028f7397d20c2d4c071bc58c719c

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/svg+xml

OPTIONS
H2 405 bannerfeed
www.nhs.uk/externalservices/surveyfeedapi/api/ 0
0 141ms
114ms Preflight 23.197.138.50
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nhs.uk/externalservices/surveyfeedapi/api/bannerfeed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.138.50 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-138-50.deploy.static.akamaitechnologies.com

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://keungz.store
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

allow: GET
content-length: 0
date: Sun, 17 Dec 2023 03:26:08 GMT
server: Microsoft-IIS/10.0
strict-transport-security: max-age=63072000
x-powered-by: ASP.NET

GET bannerfeed
www.nhs.uk/externalservices/surveyfeedapi/api/ 0
0

GET /
www.nhs.uk/our-policies/cookies-policy/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.nhs.uk
URL: https://www.nhs.uk/externalservices/surveyfeedapi/api/bannerfeed

Domain: www.nhs.uk
URL: https://www.nhs.uk/our-policies/cookies-policy/?policy-action=seen

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NHS UK (Healthcare)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			keungz.store/	1969-12-31 23:59:59	Name: nhsuk-cookie-consent Value: %7B%22necessary%22%3Atrue%2C%22preferences%22%3Afalse%2C%22statistics%22%3Afalse%2C%22marketing%22%3Afalse%2C%22consented%22%3Afalse%2C%22version%22%3A4%7D

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://keungz.store/ Message: Access to XMLHttpRequest at 'https://www.nhs.uk/our-policies/cookies-policy/?policy-action=seen' from origin 'https://keungz.store' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.nhs.uk/our-policies/cookies-policy/?policy-action=seen Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://keungz.store/ Message: Access to XMLHttpRequest at 'https://www.nhs.uk/externalservices/surveyfeedapi/api/bannerfeed' from origin 'https://keungz.store' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.nhs.uk/externalservices/surveyfeedapi/api/bannerfeed Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nhs.uk
keungz.store
www.nhs.uk
www.nhs.uk
23.197.138.50
45.142.212.234
05ce4d18c096e5f89940ada97c05fcee34c1887cc023271e8e18628eac797d92
2282f90780c5ff5b796c1a88d3f550483b2f0780fe3e5d671f9019cae70fd7c3
453c06b657dfde66cb3a88a952795b75884a028f7397d20c2d4c071bc58c719c
64e70bc34a11a62fb7fddd40dad684178474c4888bee50ed042305c6d9c04f0b
886f640d4cb31c0114351f25e5eeba98b79e7ae405fcc2ca50aac6ed79ff8995
89f98a39be95eb365f7dfa02ea591cfa4bb679b87931969a815e1a54e65c45e7
8a69b0bb521ca0d8791c4c67530cb1b4d216e931eb2e31de9918e03720f2e180
d7a61b8131c25f4f7949162fcf342c8ba52b0257756aaacf23aa948f0403c842

keungz.store Open in urlscan Pro 45.142.212.234 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

80 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

137 kBTransfer

497 kBSize

1 Cookies

46 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

keungz.store Open in urlscan Pro
45.142.212.234 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

80 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

137 kB
Transfer

497 kB
Size

1
Cookies

10 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!