hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com Open in urlscan Pro
99.86.4.16 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
Submission: On February 07 via automatic, source certstream-suspicious (February 7th 2024, 9:49:48 am UTC) — Scanned from DE

Summary HTTP 19 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 19 HTTP transactions. The main IP is 99.86.4.16, located in United States and belongs to AMAZON-02, US. The main domain is hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on December 18th 2023. Valid for: a year.

This is the only time hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
17	99.86.4.16 99.86.4.16	16509 (AMAZON-02) (AMAZON-02)
1	18.245.60.30 18.245.60.30	16509 (AMAZON-02) (AMAZON-02)
19	3

17 99.86.4.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-16.fra6.r.cloudfront.net

hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.60.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-30.fra60.r.cloudfront.net

www.tax.service.gov.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	nsandi.com hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com	84 KB
1	service.gov.uk www.tax.service.gov.uk — Cisco Umbrella Rank: 71503	1 KB
19	2

	Domain	Requested by
17	hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com	hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
1	www.tax.service.gov.uk	hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
19	2

This site contains links to these domains. Also see Links.

Domain
www.gov.uk
www.tax.service.gov.uk
test-www.tax.service.gov.uk
www.nationalarchives.gov.uk

Subject Issuer	Validity	Valid
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-18` - `2024-12-17`	a year	crt.sh
www.tax.service.gov.uk Amazon RSA 2048 M01	`2023-06-07` - `2024-07-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
Frame ID: A8BEDDCFFCC01E67C464FA19149D7843
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Help to Save

Detected technologies

GOV.UK Template (UI frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+govuk-template[^>"]+css
<link[^>]+govuk-template-print[^>"]+css
govuk-template\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

95 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

85 kB
Transfer

229 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gov.uk/help/cookies
Title: Find out more about cookies

Search URL Search Domain Scan URL

URL: https://www.tax.service.gov.uk/help-to-save/privacy-statement
Title: Privacy policy(opens in a new window)

Search URL Search Domain Scan URL

URL: https://test-www.tax.service.gov.uk/accessibility-statement/help-to-save
Title: Accessibility statement(opens in a new window)

Search URL Search Domain Scan URL

URL: https://www.tax.service.gov.uk/help/terms-and-conditions
Title: Terms and conditions(opens in a new window)

Search URL Search Domain Scan URL

URL: https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
Title: Open Government Licence

Search URL Search Domain Scan URL

URL: https://www.nationalarchives.gov.uk/information-management/our-services/crown-copyright.htm
Title: © Crown copyright

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/fonts.css HTTP 303
https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/cannot-process-request

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/ 9 KB
4 KB 77ms
37ms Document
text/html 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

e1ad5abc2641c00891c5e932a9f14e95a09a7c10853bda1a9b21e2a38aeaa9c2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 2798
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: same-origin
date: Wed, 07 Feb 2024 09:49:43 GMT
expires: 0
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
strict-transport-security: max-age=31536000;includeSubDomains;preload
vary: Accept-Encoding
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
x-amz-cf-id: pXiXQPEGF8F_CRgRBkyRgSLiudMzqWL01Nz_WVjdCiAo4o7Ss_zJ6A==
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 0

GET
H2 200 govuk-template.css
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/ 20 KB
5 KB 48ms
45ms Stylesheet
text/css 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/govuk-template.css

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

569a04058e74a982d2f1a7ba1319c6164195617ae0ebcb5a228303630d5e3d8e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:43 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 4141
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Wed, 27 Feb 2019 14:42:02 GMT
etag: "3035f371e316f44f070273e1a0d742a475b1ae82"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: 2bSh-uvloan4KdmuAfNSOZGiiHiY5yMfvqMZ19PHA-vXU6_Nm2t4yA==
expires: 0

GET
H2 200 govuk-elements-styles.css
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/ 44 KB
7 KB 108ms
106ms Stylesheet
text/css 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/govuk-elements-styles.css

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

5784fe5cc77da0945d873d23264e59f30ac61f878df10156dfb0f9b276924667

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:43 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 5758
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Wed, 27 Feb 2019 14:42:02 GMT
etag: "a991eda1feecb1849805c6479e68a7187fc7cb43"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: BQFLpxYQdklx76_LBgT3wQ4bkOv_MNI1T7K1FLLzsF48X3F55lXepw==
expires: 0

GET

cannot-process-request
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
Redirect Chain

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/fonts.css
https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/cannot-process-request

0
0

GET
H2 200 application.css
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/ 14 KB
4 KB 93ms
91ms Stylesheet
text/css 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/application.css

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

d16d4832a602e65213dd21e35f4b1fe6101d6d5d174e273c937b40cb1dd80c15

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:43 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 3428
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Fri, 01 Jan 2010 00:00:00 GMT
etag: "53a4134e1ac8c93d25d1d916b1cdb16eddd186b1"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: z4L1BB2LYUZk8MslFlCA-JmQKo_fqMgAkQFzgL7y5ZP_OyMF1M_0HQ==
expires: 0

GET
H2 200 design-system.css
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/ 8 KB
3 KB 46ms
44ms Stylesheet
text/css 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/design-system.css

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

17a1230f9dc32cea94c510f06a3242e89c69d14bcd23a15df35fa0b6e7952159

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:43 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 1654
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Fri, 01 Jan 2010 00:00:00 GMT
etag: "35316609bd7e5787969748b1191f0ac8eb895cf4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: rtM819XjBLcbnUd-G-cUBuRgKI5B_yCxLFxaBGOMx1cYG4qQCstkwA==
expires: 0

GET
H2 200 modernizr.js Show response
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/ 4 KB
3 KB 48ms
46ms Script
application/javascript 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/modernizr.js

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

056be184d1b59249107fd7388a430653bc1149a58a5890395e91f57eb80b6639

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:43 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 2078
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Fri, 01 Jan 2010 00:00:00 GMT
etag: "68c5383b1ef686e91ca89df2d61c6cb6d08a24f7"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: VwCQpGNEz5Es10GreLr5zL6_L5T22cENgPxmw9FjvG7SbSUuQY6R8Q==
expires: 0

GET
H2 200 classList.js Show response
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/ 9 KB
3 KB 49ms
47ms Script
application/javascript 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/classList.js

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

3250b92b406f24f953be18137c4a30b3dfe9ad74f156d7d35c17ac9e9d7de16e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:43 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 2357
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Fri, 01 Jan 2010 00:00:00 GMT
etag: "ba5de81b9775ee57dccc9385fdde87578e17fa86"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: 3BDMc-t8EwM7bp2SXvU0HlJIs27IxxxexXLSDp8xt1NngMMYuVKZqQ==
expires: 0

GET
H2 200 eventlistener-polyfill.js Show response
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/ 1 KB
2 KB 105ms
104ms Script
application/javascript 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/eventlistener-polyfill.js

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

745c9f59997ee6d6c5843b5ae5dc98b7a4c176a5ad9f5363abee50dd2d861ccd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:43 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 505
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Fri, 01 Jan 2010 00:00:00 GMT
etag: "e74e4b7726e61064aaf8b2eb324d227f717e118c"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: PfmfTPXkXme6_JcRRPfkB2NecpNTwyXYcF7l4gP7Gx8qwyCQeqT82A==
expires: 0

GET
H2 200 jquery-3.6.0.min.js Show response
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/vendor/ 87 KB
32 KB 123ms
122ms Script
application/javascript 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/vendor/jquery-3.6.0.min.js

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:43 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 31312
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Fri, 01 Jan 2010 00:00:00 GMT
etag: "086cb18cb88bfb08eec438fa05db650f6cac64e5"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: v8tqZJvMoVdbJiZsOcSfmpcTkk_EEGKJbnHFGfZ9GeF4yHfZGX1TrA==
expires: 0

GET
H2 200 details.polyfill.js Show response
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/govuk/ 8 KB
4 KB 93ms
92ms Script
application/javascript 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/govuk/details.polyfill.js

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

ec2e3ba258d63be8cad80eca0183daca8f1f32fe878c9d633a7807d8727e7125

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:43 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 2591
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Wed, 27 Feb 2019 14:42:02 GMT
etag: "67c5d7d05b4fa72d981487a37420bcc8a7308ea1"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: W1_fuh0jlE4AGs9M0K8PP3GMG_TLFcw9sM1wZ8uyAnUxPAnGQ2Xk3g==
expires: 0

GET
H2 200 application.js Show response
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/ 15 KB
5 KB 106ms
105ms Script
application/javascript 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/application.js

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

ce8a67039876d38c42dac5b7d0c0d3c797b2f680e561e5260d90fc1f549d8685

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:43 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 4001
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Fri, 01 Jan 2010 00:00:00 GMT
etag: "99c5822b3d2dc5b12c84b608652129eca582858d"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: 8r3p3vXBD4WzRvKzRAEjvJzBEazixhp0aGWSGjnooV5BqaP-c7DuPQ==
expires: 0

GET
H2 200 transparent.png
www.tax.service.gov.uk/sso/276401930/ 110 B
1 KB 152ms
78ms Image
image/png 18.245.60.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tax.service.gov.uk/sso/276401930/transparent.png

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.60.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-60-30.fra60.r.cloudfront.net

Software

CloudFront /

Resource Hash

6f064b11007507ecebb88b25c6b21a41e51189b079c5a30342c8dc8950019c0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Wed, 07 Feb 2024 09:49:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 b99111dfd026a3c99d0e66063beb0544.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
cache-directive: no-cache
x-amz-cf-pop: FRA60-P5
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 10
pragma-directive: no-cache
content-length: 110
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: CloudFront
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: no-cache
x-robots-tag: noindex, nofollow
x-amz-cf-id: A78pxYOpudD59qQC2kauge2MIrrN5_8HGHoqWQO09MTb1-KywYKL-Q==
expires: 0

GET
H2 200 gov.uk_logotype_crown_invert_trans.png
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/public/images/ 1 KB
2 KB 34ms
34ms Image
image/png 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/public/images/gov.uk_logotype_crown_invert_trans.png?0.19.2

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

203e1db49d3eff430d7dc450ce723c1002542fe1d2bce661b6d8571f14c1043c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:44 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 1080
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Wed, 27 Feb 2019 14:42:02 GMT
etag: "23d39f4f39f75c66446359b1ab415ccce6c52fed"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: s92UU_Ekt79K009HJn11_rRW8f9KzSknt_XmxegaEvWA85X3lkWPWw==
expires: 0

GET
H2 200 govuk-template.js Show response
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/ 69 B
1 KB 102ms
102ms Script
application/javascript 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/govuk-template.js

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

a7497f7ad24b896ef8a55aba1f8e3759b3955de09481e80558eb5a57078a668d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:43 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 66
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Wed, 27 Feb 2019 14:42:02 GMT
etag: "e53d4997f70d2540fda0245f5adb4877014b6d1e"
x-frame-options: DENY
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: 0G6RewRaSOgrEJLMieeq6izkSA-I_oQC083oQSGeGFfI7dkcR_7RLA==
expires: 0

GET
H2 200 govuk-template-print.css
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/ 2 KB
2 KB 37ms
37ms Stylesheet
text/css 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/govuk-template-print.css

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

e0802f373ba85750e678d0d6160e6fe2521300943b6671051f8a3ab2d5e3686f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:44 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 733
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Wed, 27 Feb 2019 14:42:02 GMT
etag: "00e626209edf1e7eae8542f69aa03ce457332fbb"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: 5hnBlHvlYjwCA2jW51VNSwHc04yIYkZJ01BKptcC3pi9uijxt5oKSQ==
expires: 0

GET
H2 200 gov.uk_logotype_crown.png
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/images/ 1 KB
2 KB 35ms
34ms Image
image/png 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/images/gov.uk_logotype_crown.png

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/govuk-template.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

ea874a79e09423d63420aff44f016fd0b92dc6dec0cc2668d63b150c8669875e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/govuk-template.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:44 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 1446
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Wed, 27 Feb 2019 14:42:02 GMT
etag: "50c170ca548dfd8684d920e7d96a0cdd21bdbd74"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: cSxtwt07j71yMjPgKFhI43e7_dxnpXs5KvwtI-DPCOJz6aFe9ltnzg==
expires: 0

GET
H2 200 open-government-licence.png
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/images/ 761 B
2 KB 40ms
40ms Image
image/png 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/images/open-government-licence.png

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/govuk-template.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/govuk-template.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:44 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 797
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Wed, 27 Feb 2019 14:42:02 GMT
etag: "e63182a1b61b72cc11d0330a39be20feb785f68b"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: B_ScZqMn0IkyvH2gbavjzDmh30M77xMu0b_gfXBfGjeAZ2jU4b1DvQ==
expires: 0

GET
H2 200 govuk-crest.png
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/images/ 4 KB
5 KB 36ms
36ms Image
image/png 99.86.4.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/images/govuk-crest.png

Requested by

Host: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/govuk-template.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-16.fra6.r.cloudfront.net

Software

Resource Hash

bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/govuk-template.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Feb 2024 09:49:44 GMT
via: 1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000;includeSubDomains;preload
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
cross-origin-resource-policy: same-origin
content-length: 3604
x-xss-protection: 0
pragma: no-cache
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Wed, 27 Feb 2019 14:42:02 GMT
etag: "ce71c47459cc2ac0b269898154b13f359394b92c"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: no-cache, no-store, must-revalidate
permissions-policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),sync-xhr=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()
accept-ranges: bytes
x-amz-cf-id: HuQyAY0Evgu7ljyz9ilGaiybhsa1JC-79U76R54vlSOrg3n9MxABOw==
expires: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/cannot-process-request

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/	1969-12-31 23:59:59	Name: d23e7ba147efe3e1ced00aa431acc60f Value: f1071edf60260a15633f65b3b73a9246

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	error	URL: https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/ Message: Refused to apply style from 'https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/cannot-process-request' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self';
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
www.tax.service.gov.uk
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
18.245.60.30
99.86.4.16
056be184d1b59249107fd7388a430653bc1149a58a5890395e91f57eb80b6639
17a1230f9dc32cea94c510f06a3242e89c69d14bcd23a15df35fa0b6e7952159
203e1db49d3eff430d7dc450ce723c1002542fe1d2bce661b6d8571f14c1043c
3250b92b406f24f953be18137c4a30b3dfe9ad74f156d7d35c17ac9e9d7de16e
569a04058e74a982d2f1a7ba1319c6164195617ae0ebcb5a228303630d5e3d8e
5784fe5cc77da0945d873d23264e59f30ac61f878df10156dfb0f9b276924667
6f064b11007507ecebb88b25c6b21a41e51189b079c5a30342c8dc8950019c0c
745c9f59997ee6d6c5843b5ae5dc98b7a4c176a5ad9f5363abee50dd2d861ccd
a7497f7ad24b896ef8a55aba1f8e3759b3955de09481e80558eb5a57078a668d
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
ce8a67039876d38c42dac5b7d0c0d3c797b2f680e561e5260d90fc1f549d8685
d16d4832a602e65213dd21e35f4b1fe6101d6d5d174e273c937b40cb1dd80c15
e0802f373ba85750e678d0d6160e6fe2521300943b6671051f8a3ab2d5e3686f
e1ad5abc2641c00891c5e932a9f14e95a09a7c10853bda1a9b21e2a38aeaa9c2
ea874a79e09423d63420aff44f016fd0b92dc6dec0cc2668d63b150c8669875e
ec2e3ba258d63be8cad80eca0183daca8f1f32fe878c9d633a7807d8727e7125
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com Open in urlscan Pro 99.86.4.16 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

95 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

85 kBTransfer

229 kBSize

1 Cookies

6 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

1 Cookies

2 Console Messages

Security Headers

Indicators

hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com Open in urlscan Pro
99.86.4.16 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

95 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

85 kB
Transfer

229 kB
Size

1
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!