owa.healthcarepatientportal.co.uk Open in urlscan Pro
18.156.26.130  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 91450609-afca-45bc-b7de-6d9394533965 Show response owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/	8 KB 4 KB	290ms 192ms	Document text/html	18.156.26.130 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 Protocol HTTP/1.1 Server 18.156.26.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-156-26-130.eu-central-1.compute.amazonaws.com Software Apache / Resource Hash c92bed5c8d3b84e7e86daf005b0ceead29de4229cfc0e2492a19cabd0ec2270c Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Access-Control-Allow-Origin http://landing.phishme.co.uk Cache-Control no-store Connection Keep-Alive Content-Encoding gzip Content-Length 2807 Content-Type text/html; charset=utf-8 Date Tue, 27 Feb 2024 12:44:16 GMT ETag W/"c92bed5c8d3b84e7e86daf005b0ceead-gzip" Expires Fri, 01 Jan 1990 00:00:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Referrer-Policy strict-origin-when-cross-origin Server Apache Status 200 OK Vary Accept-Encoding X-Content-Type-Options nosniff X-Download-Options noopen noopen X-Frame-Options DENY X-Permitted-Cross-Domain-Policies none X-Request-Id 3473a91f-202b-4379-9284-6a227c2d88dc X-Runtime 0.101623 X-XSS-Protection 1; mode=block
GET H2	200	js Show response www.googletagmanager.com/gtag/	193 KB 70 KB	61ms 30ms	Script application/javascript	2607:f8b0:4004:c09::61 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-126808791-4 Requested by Host: owa.healthcarepatientportal.co.uk URL: http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c09::61 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash b0d060f4ccedabbac85abb7a5ae4021d534958cd35a746efbbb0e31005e73919 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Tue, 27 Feb 2024 12:44:16 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 71707 x-xss-protection 0 last-modified Tue, 27 Feb 2024 12:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 27 Feb 2024 12:44:16 GMT
GET H/1.1	200 OK	content-data-entry-boilerplate.min.css owa.healthcarepatientportal.co.uk/system/content_files/uploads/26b/ad3/4b-/original/	18 KB 4 KB	92ms 91ms	Stylesheet text/css	18.156.26.130 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://owa.healthcarepatientportal.co.uk/system/content_files/uploads/26b/ad3/4b-/original/content-data-entry-boilerplate.min.css Requested by Host: owa.healthcarepatientportal.co.uk URL: http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 Protocol HTTP/1.1 Server 18.156.26.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-156-26-130.eu-central-1.compute.amazonaws.com Software Apache / Resource Hash 51829c6361406bbe6bbc441e575d760fb1ee39891a7729878b7d3304d4c1399c Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Tue, 27 Feb 2024 12:44:16 GMT Content-Encoding gzip Last-Modified Tue, 24 May 2022 14:30:06 GMT Server Apache ETag "4772-5dfc2cb005780-gzip" X-Download-Options noopen Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin http://landing.phishme.co.uk Cache-Control max-age=0 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3341 Expires Tue, 27 Feb 2024 12:44:16 GMT
GET H/1.1	200 OK	google-landing-styles.css owa.healthcarepatientportal.co.uk/system/content_files/uploads/ebf/645/b2-/original/	6 KB 2 KB	184ms 91ms	Stylesheet text/css	18.156.26.130 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://owa.healthcarepatientportal.co.uk/system/content_files/uploads/ebf/645/b2-/original/google-landing-styles.css Requested by Host: owa.healthcarepatientportal.co.uk URL: http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 Protocol HTTP/1.1 Server 18.156.26.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-156-26-130.eu-central-1.compute.amazonaws.com Software Apache / Resource Hash f3950399539e973776f35e7de8bbbdfce97c3abc04f7540e5a1b00e99c60d299 Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Tue, 27 Feb 2024 12:44:17 GMT Content-Encoding gzip Last-Modified Tue, 07 Nov 2023 17:10:06 GMT Server Apache ETag "166f-609930ac83780-gzip" X-Download-Options noopen Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin http://landing.phishme.co.uk Cache-Control max-age=0 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1650 Expires Tue, 27 Feb 2024 12:44:17 GMT
GET H/1.1	200 OK	google-logo.png owa.healthcarepatientportal.co.uk/system/content_images/uploads/ad1/eb2/33-/original/	55 KB 56 KB	184ms 91ms	Image image/png	18.156.26.130 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL http://owa.healthcarepatientportal.co.uk/system/content_images/uploads/ad1/eb2/33-/original/google-logo.png Requested by Host: owa.healthcarepatientportal.co.uk URL: http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 Protocol HTTP/1.1 Server 18.156.26.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-156-26-130.eu-central-1.compute.amazonaws.com Software Apache / Resource Hash 627f1e0ebd79c4e01024265d14af515961a8533e04d98a0f4f86e1d66e20d83f Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Tue, 27 Feb 2024 12:44:17 GMT Last-Modified Mon, 06 Nov 2023 09:10:12 GMT Server Apache ETag "dd43-6097838af4500" X-Download-Options noopen Content-Type image/png Access-Control-Allow-Origin http://landing.phishme.co.uk Cache-Control max-age=0 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 56643 Expires Tue, 27 Feb 2024 12:44:17 GMT
GET H/1.1	200 OK	error-icon-red.png owa.healthcarepatientportal.co.uk/system/content_images/uploads/467/f6c/c5-/original/	432 B 854 B	183ms 90ms	Image image/png	18.156.26.130 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL http://owa.healthcarepatientportal.co.uk/system/content_images/uploads/467/f6c/c5-/original/error-icon-red.png Requested by Host: owa.healthcarepatientportal.co.uk URL: http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 Protocol HTTP/1.1 Server 18.156.26.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-156-26-130.eu-central-1.compute.amazonaws.com Software Apache / Resource Hash 10f568950e3e99ea5d5ef4ab7d0c08bc2c9b1cf62e7a5d767e2227ecce2a1343 Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Tue, 27 Feb 2024 12:44:17 GMT Last-Modified Wed, 21 Jun 2023 08:30:09 GMT Server Apache ETag "1b0-5fe9f935aa640" X-Download-Options noopen Content-Type image/png Access-Control-Allow-Origin http://landing.phishme.co.uk Cache-Control max-age=0 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 432 Expires Tue, 27 Feb 2024 12:44:17 GMT
GET H/1.1	200 OK	user-icon-grey.png owa.healthcarepatientportal.co.uk/system/content_images/uploads/681/235/99-/original/	460 B 881 B	165ms 90ms	Image image/png	18.156.26.130 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL http://owa.healthcarepatientportal.co.uk/system/content_images/uploads/681/235/99-/original/user-icon-grey.png Requested by Host: owa.healthcarepatientportal.co.uk URL: http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 Protocol HTTP/1.1 Server 18.156.26.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-156-26-130.eu-central-1.compute.amazonaws.com Software Apache / Resource Hash 118b17a5c8752bb05843e47c7175ca28b2ae6598cb672d1ff8128581334a8010 Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Tue, 27 Feb 2024 12:44:17 GMT Last-Modified Wed, 21 Jun 2023 08:30:10 GMT Server Apache ETag "1cc-5fe9f9369e880" X-Download-Options noopen Content-Type image/png Access-Control-Allow-Origin http://landing.phishme.co.uk Cache-Control max-age=0 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 460 Expires Tue, 27 Feb 2024 12:44:17 GMT
GET H/1.1	200 OK	jquery-latest.min.js Show response owa.healthcarepatientportal.co.uk/system/content_files/uploads/5b8/ee7/1e-/original/	86 KB 30 KB	183ms 93ms	Script application/javascript	18.156.26.130 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://owa.healthcarepatientportal.co.uk/system/content_files/uploads/5b8/ee7/1e-/original/jquery-latest.min.js Requested by Host: owa.healthcarepatientportal.co.uk URL: http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 Protocol HTTP/1.1 Server 18.156.26.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-156-26-130.eu-central-1.compute.amazonaws.com Software Apache / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Tue, 27 Feb 2024 12:44:17 GMT Content-Encoding gzip Last-Modified Fri, 03 May 2019 16:00:05 GMT Server Apache ETag "15851-587fdd810ab40-gzip" X-Download-Options noopen Vary Accept-Encoding Content-Type application/javascript Access-Control-Allow-Origin http://landing.phishme.co.uk Cache-Control max-age=0 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 30677 Expires Tue, 27 Feb 2024 12:44:17 GMT
GET H/1.1	200 OK	content-data-entry-boilerplate.js Show response owa.healthcarepatientportal.co.uk/system/content_files/uploads/dae/552/5f-/original/	84 KB 18 KB	112ms 94ms	Script application/javascript	18.156.26.130 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://owa.healthcarepatientportal.co.uk/system/content_files/uploads/dae/552/5f-/original/content-data-entry-boilerplate.js Requested by Host: owa.healthcarepatientportal.co.uk URL: http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 Protocol HTTP/1.1 Server 18.156.26.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-156-26-130.eu-central-1.compute.amazonaws.com Software Apache / Resource Hash ec180d2bc1f49cde05d2dd6db4270f5cba1b7011a4b351c3c796bed587ef55b6 Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Tue, 27 Feb 2024 12:44:17 GMT Content-Encoding gzip Last-Modified Thu, 05 May 2022 09:20:07 GMT Server Apache ETag "150e9-5de403f6dffc0-gzip" X-Download-Options noopen Vary Accept-Encoding Content-Type application/javascript Access-Control-Allow-Origin http://landing.phishme.co.uk Cache-Control max-age=0 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 17552 Expires Tue, 27 Feb 2024 12:44:17 GMT
GET H/1.1	200 OK	static-education-l10n.min.js Show response owa.healthcarepatientportal.co.uk/system/content_files/uploads/8f2/ed2/42-/original/	6 KB 2 KB	91ms 90ms	Script application/javascript	18.156.26.130 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://owa.healthcarepatientportal.co.uk/system/content_files/uploads/8f2/ed2/42-/original/static-education-l10n.min.js Requested by Host: owa.healthcarepatientportal.co.uk URL: http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 Protocol HTTP/1.1 Server 18.156.26.130 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-156-26-130.eu-central-1.compute.amazonaws.com Software Apache / Resource Hash 648d18f8adcfba7d26b20c51328a2d13dcabb8465d673073cefe45735c80bda3 Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/q3p2nscm/973f31/91450609-afca-45bc-b7de-6d9394533965 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Tue, 27 Feb 2024 12:44:17 GMT Content-Encoding gzip Last-Modified Thu, 19 May 2022 09:00:06 GMT Server Apache ETag "18b8-5df59999f7180-gzip" X-Download-Options noopen Vary Accept-Encoding Content-Type application/javascript Access-Control-Allow-Origin http://landing.phishme.co.uk Cache-Control max-age=0 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 1960 Expires Tue, 27 Feb 2024 12:44:17 GMT
GET H2	200	css2 fonts.googleapis.com/	12 KB 859 B	184ms 25ms	Stylesheet text/css	2607:f8b0:4004:c08::5f GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;700&display=swap Requested by Host: owa.healthcarepatientportal.co.uk URL: http://owa.healthcarepatientportal.co.uk/system/content_files/uploads/26b/ad3/4b-/original/content-data-entry-boilerplate.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c08::5f Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 3dbafa5eadeabb1a5e30a447d2dcf43c272466febd9ad7c2204b90e5d4e8b308 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 27 Feb 2024 12:44:17 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 27 Feb 2024 12:44:17 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 27 Feb 2024 12:44:17 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	231 KB 82 KB	36ms 34ms	Script application/javascript	2607:f8b0:4004:c09::61 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-JPRZ9JVKLJ&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-126808791-4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c09::61 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 9a82fb23e9cc8f9737aad0494a658d2819c7ad0c1fdf4a58b95757c42eb5d680 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Tue, 27 Feb 2024 12:44:17 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 84220 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Tue, 27 Feb 2024 12:44:17 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	145ms 14ms	Script text/javascript	2607:f8b0:4004:c09::65 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-126808791-4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c09::65 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Tue, 27 Feb 2024 12:36:23 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT server Golfe2 age 474 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Tue, 27 Feb 2024 14:36:23 GMT
GET H2	200	css2 fonts.googleapis.com/	17 KB 2 KB	91ms 25ms	Stylesheet text/css	2607:f8b0:4004:c08::5f GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;700&display=swap Requested by Host: owa.healthcarepatientportal.co.uk URL: http://owa.healthcarepatientportal.co.uk/system/content_files/uploads/ebf/645/b2-/original/google-landing-styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c08::5f Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 3797b52b6841f7f9ff3b749dde37e768c622bd2fcd0b32c0dd94409652f85e25 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 27 Feb 2024 12:44:17 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Tue, 27 Feb 2024 10:51:18 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 27 Feb 2024 12:44:17 GMT
POST H2	204	collect www.google-analytics.com/g/	0 182 B	23ms 23ms	Ping text/plain	2607:f8b0:4004:c09::65 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/g/collect?v=2&tid=G-JPRZ9JVKLJ&gtm=45je42q0v9126286100za220&_p=1709037856900&gcd=13l3l3l3l1&npa=0&dma=0&cid=1845142798.1709037857&ul=en-us&sr=1600x1200&pscdl=noapi&_eu=AAAI&_s=1&dt=PhishMe&dl=http%3A%2F%2Fowa.healthcarepatientportal.co.uk%2Fq3p2nscm%2F973f31%2F91450609-afca-45bc-b7de-6d9394533965&sid=1709037857&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&ep.anonymize_ip=true&tfd=583 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-JPRZ9JVKLJ&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c09::65 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-US,en;q=0.9 Referer http://owa.healthcarepatientportal.co.uk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers pragma no-cache date Tue, 27 Feb 2024 12:44:17 GMT server Golfe2 content-type text/plain access-control-allow-origin http://owa.healthcarepatientportal.co.uk cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 fonts.gstatic.com/s/inter/v13/	46 KB 46 KB	46ms 15ms	Font font/woff2	2607:f8b0:4004:c1b::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin http://owa.healthcarepatientportal.co.uk accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Thu, 22 Feb 2024 07:48:12 GMT x-content-type-options nosniff age 449765 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 46704 x-xss-protection 0 last-modified Wed, 13 Sep 2023 23:49:07 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 21 Feb 2025 07:48:12 GMT
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v40/	47 KB 47 KB	62ms 31ms	Font font/woff2	2607:f8b0:4004:c1b::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c1b::5e Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin http://owa.healthcarepatientportal.co.uk accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Thu, 22 Feb 2024 07:31:13 GMT x-content-type-options nosniff age 450784 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 48236 x-xss-protection 0 last-modified Thu, 14 Dec 2023 02:08:40 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 21 Feb 2025 07:31:13 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	2 B 22 B	24ms 24ms	XHR text/plain	2607:f8b0:4004:c09::65 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=716324504&t=pageview&_s=1&dl=http%3A%2F%2Fowa.healthcarepatientportal.co.uk%2Fq3p2nscm%2F973f31%2F91450609-afca-45bc-b7de-6d9394533965&ul=en-us&de=UTF-8&dt=PhishMe&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACgCI~&jid=652581312&gjid=1139717279&cid=1845142798.1709037857&tid=UA-126808791-4&_gid=1822514206.1709037857&_r=1&gtm=457e42q0za200&gcd=13l3l3l3l1&dma=0&z=1055384086 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4004:c09::65 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://owa.healthcarepatientportal.co.uk/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 27 Feb 2024 12:44:17 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin http://owa.healthcarepatientportal.co.uk cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	1 B 357 B	56ms 25ms	XHR text/plain	2607:f8b0:4004:c0b::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-126808791-4&cid=1845142798.1709037857&jid=652581312&gjid=1139717279&_gid=1822514206.1709037857&_u=YADAAUAAAAAAACgCI~&z=1622239243 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c0b::9b Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer http://owa.healthcarepatientportal.co.uk/ accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Tue, 27 Feb 2024 12:44:17 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin http://owa.healthcarepatientportal.co.uk cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| gtag object| dataLayer function| username_handler function| password_handler object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaGlobal function| $ function| jQuery object| gaplugins object| gaData function| headerTopMargin object| BSN function| Affix function| Alert function| Button function| Carousel function| Collapse function| Dropdown function| Modal function| Popover function| ScrollSpy function| Tab function| Tooltip string| fallbackLanguage boolean| languageDetection object| COFENSE_LANG_WITH_SUBLANGUAGES string| languageListDisplay object| nonFallbackLangs function| addLangSelectorListeners function| languageAppend function| languageNegotiation function| showAndHideLangs function| titleUpdatePickup function| togglebroswerLanguageDetection function| setFallbackLanguage function| subLanguagesSupported function| languageSpecificContainerCheck function| rtlCheck function| loadRtlStyles function| removeRtlStyles string| customFallbackLanguage boolean| broswerLanguageDetection

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			owa.healthcarepatientportal.co.uk/	1969-12-31 23:59:59	Name: _phishme.com_session_id Value: 113bd049a41255117885aafbd1dc7348
			.healthcarepatientportal.co.uk/	1970-01-21 04:19:57	Name: _ga_JPRZ9JVKLJ Value: GS1.1.1709037857.1.0.1709037857.0.0.0
			.healthcarepatientportal.co.uk/	1970-01-21 04:19:57	Name: _ga Value: GA1.3.1845142798.1709037857
			.healthcarepatientportal.co.uk/	1970-01-20 18:45:24	Name: _gid Value: GA1.3.1822514206.1709037857
			.healthcarepatientportal.co.uk/	1970-01-20 18:43:57	Name: _gat_gtag_UA_126808791_4 Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
owa.healthcarepatientportal.co.uk
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
18.156.26.130
2607:f8b0:4004:c08::5f
2607:f8b0:4004:c09::61
2607:f8b0:4004:c09::65
2607:f8b0:4004:c0b::9b
2607:f8b0:4004:c1b::5e
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
10f568950e3e99ea5d5ef4ab7d0c08bc2c9b1cf62e7a5d767e2227ecce2a1343
118b17a5c8752bb05843e47c7175ca28b2ae6598cb672d1ff8128581334a8010
3797b52b6841f7f9ff3b749dde37e768c622bd2fcd0b32c0dd94409652f85e25
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3dbafa5eadeabb1a5e30a447d2dcf43c272466febd9ad7c2204b90e5d4e8b308
51829c6361406bbe6bbc441e575d760fb1ee39891a7729878b7d3304d4c1399c
627f1e0ebd79c4e01024265d14af515961a8533e04d98a0f4f86e1d66e20d83f
648d18f8adcfba7d26b20c51328a2d13dcabb8465d673073cefe45735c80bda3
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
9a82fb23e9cc8f9737aad0494a658d2819c7ad0c1fdf4a58b95757c42eb5d680
b0d060f4ccedabbac85abb7a5ae4021d534958cd35a746efbbb0e31005e73919
c92bed5c8d3b84e7e86daf005b0ceead29de4229cfc0e2492a19cabd0ec2270c
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec180d2bc1f49cde05d2dd6db4270f5cba1b7011a4b351c3c796bed587ef55b6
f3950399539e973776f35e7de8bbbdfce97c3abc04f7540e5a1b00e99c60d299