owa.healthcarepatientportal.co.uk
Open in
urlscan Pro
18.156.26.130
Malicious Activity!
Public Scan
Submission: On February 27 via api from US — Scanned from US
Summary
This is the only time owa.healthcarepatientportal.co.uk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 18.156.26.130 18.156.26.130 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2607:f8b0:400... 2607:f8b0:4004:c09::61 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2607:f8b0:400... 2607:f8b0:4004:c08::5f | 15169 (GOOGLE) (GOOGLE) | |
3 | 2607:f8b0:400... 2607:f8b0:4004:c09::65 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2607:f8b0:400... 2607:f8b0:4004:c1b::5e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2607:f8b0:400... 2607:f8b0:4004:c0b::9b | 15169 (GOOGLE) (GOOGLE) | |
19 | 6 |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-26-130.eu-central-1.compute.amazonaws.com
owa.healthcarepatientportal.co.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
healthcarepatientportal.co.uk
owa.healthcarepatientportal.co.uk |
117 KB |
3 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31 |
21 KB |
2 |
gstatic.com
fonts.gstatic.com |
93 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 32 |
3 KB |
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40 |
153 KB |
1 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 85 |
357 B |
19 | 6 |
Domain | Requested by | |
---|---|---|
9 | owa.healthcarepatientportal.co.uk |
owa.healthcarepatientportal.co.uk
|
3 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | fonts.googleapis.com |
owa.healthcarepatientportal.co.uk
|
2 | www.googletagmanager.com |
owa.healthcarepatientportal.co.uk
www.googletagmanager.com |
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
19 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.google-analytics.com GTS CA 1C3 |
2024-02-05 - 2024-04-29 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-02-05 - 2024-04-29 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-02-05 - 2024-04-29 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2024-02-05 - 2024-04-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965
Frame ID: A3EB608BDA211DCDCB3B520E71F5F1C9
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
Sign in - Google AccountsDetected technologies
Google Analytics (Analytics) ExpandDetected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
91450609-afca-45bc-b7de-6d9394533965
owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/ |
8 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
193 KB 70 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
content-data-entry-boilerplate.min.css
owa.healthcarepatientportal.co.uk/system/content_files/uploads/26b/ad3/4b-/original/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google-landing-styles.css
owa.healthcarepatientportal.co.uk/system/content_files/uploads/ebf/645/b2-/original/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google-logo.png
owa.healthcarepatientportal.co.uk/system/content_images/uploads/ad1/eb2/33-/original/ |
55 KB 56 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
error-icon-red.png
owa.healthcarepatientportal.co.uk/system/content_images/uploads/467/f6c/c5-/original/ |
432 B 854 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
user-icon-grey.png
owa.healthcarepatientportal.co.uk/system/content_images/uploads/681/235/99-/original/ |
460 B 881 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-latest.min.js
owa.healthcarepatientportal.co.uk/system/content_files/uploads/5b8/ee7/1e-/original/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
content-data-entry-boilerplate.js
owa.healthcarepatientportal.co.uk/system/content_files/uploads/dae/552/5f-/original/ |
84 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
static-education-l10n.min.js
owa.healthcarepatientportal.co.uk/system/content_files/uploads/8f2/ed2/42-/original/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
12 KB 859 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
231 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
17 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/g/ |
0 182 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ |
46 KB 46 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ |
47 KB 47 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
collect
www.google-analytics.com/j/ |
2 B 22 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
1 B 357 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| gtag object| dataLayer function| username_handler function| password_handler object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaGlobal function| $ function| jQuery object| gaplugins object| gaData function| headerTopMargin object| BSN function| Affix function| Alert function| Button function| Carousel function| Collapse function| Dropdown function| Modal function| Popover function| ScrollSpy function| Tab function| Tooltip string| fallbackLanguage boolean| languageDetection object| COFENSE_LANG_WITH_SUBLANGUAGES string| languageListDisplay object| nonFallbackLangs function| addLangSelectorListeners function| languageAppend function| languageNegotiation function| showAndHideLangs function| titleUpdatePickup function| togglebroswerLanguageDetection function| setFallbackLanguage function| subLanguagesSupported function| languageSpecificContainerCheck function| rtlCheck function| loadRtlStyles function| removeRtlStyles string| customFallbackLanguage boolean| broswerLanguageDetection5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
owa.healthcarepatientportal.co.uk/ | Name: _phishme.com_session_id Value: 113bd049a41255117885aafbd1dc7348 |
|
.healthcarepatientportal.co.uk/ | Name: _ga_JPRZ9JVKLJ Value: GS1.1.1709037857.1.0.1709037857.0.0.0 |
|
.healthcarepatientportal.co.uk/ | Name: _ga Value: GA1.3.1845142798.1709037857 |
|
.healthcarepatientportal.co.uk/ | Name: _gid Value: GA1.3.1822514206.1709037857 |
|
.healthcarepatientportal.co.uk/ | Name: _gat_gtag_UA_126808791_4 Value: 1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
owa.healthcarepatientportal.co.uk
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
18.156.26.130
2607:f8b0:4004:c08::5f
2607:f8b0:4004:c09::61
2607:f8b0:4004:c09::65
2607:f8b0:4004:c0b::9b
2607:f8b0:4004:c1b::5e
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
10f568950e3e99ea5d5ef4ab7d0c08bc2c9b1cf62e7a5d767e2227ecce2a1343
118b17a5c8752bb05843e47c7175ca28b2ae6598cb672d1ff8128581334a8010
3797b52b6841f7f9ff3b749dde37e768c622bd2fcd0b32c0dd94409652f85e25
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3dbafa5eadeabb1a5e30a447d2dcf43c272466febd9ad7c2204b90e5d4e8b308
51829c6361406bbe6bbc441e575d760fb1ee39891a7729878b7d3304d4c1399c
627f1e0ebd79c4e01024265d14af515961a8533e04d98a0f4f86e1d66e20d83f
648d18f8adcfba7d26b20c51328a2d13dcabb8465d673073cefe45735c80bda3
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
9a82fb23e9cc8f9737aad0494a658d2819c7ad0c1fdf4a58b95757c42eb5d680
b0d060f4ccedabbac85abb7a5ae4021d534958cd35a746efbbb0e31005e73919
c92bed5c8d3b84e7e86daf005b0ceead29de4229cfc0e2492a19cabd0ec2270c
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec180d2bc1f49cde05d2dd6db4270f5cba1b7011a4b351c3c796bed587ef55b6
f3950399539e973776f35e7de8bbbdfce97c3abc04f7540e5a1b00e99c60d299