![](/screenshots/ad17ab2c-8220-4fa6-bbc4-15964fd22daa.png)
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
Open in
urlscan Pro
99.86.4.16
Malicious Activity!
Public Scan
Submission: On February 07 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on December 18th 2023. Valid for: a year.
This is the only time hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
17 | 99.86.4.16 99.86.4.16 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.245.60.30 18.245.60.30 | 16509 (AMAZON-02) (AMAZON-02) | |
19 | 3 |
ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-16.fra6.r.cloudfront.net
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-30.fra60.r.cloudfront.net
www.tax.service.gov.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
nsandi.com
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com |
84 KB |
1 |
service.gov.uk
www.tax.service.gov.uk — Cisco Umbrella Rank: 71503 |
1 KB |
19 | 2 |
Domain | Requested by | |
---|---|---|
17 | hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com |
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
|
1 | www.tax.service.gov.uk |
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
|
19 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.gov.uk |
www.tax.service.gov.uk |
test-www.tax.service.gov.uk |
www.nationalarchives.gov.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-12-18 - 2024-12-17 |
a year | crt.sh |
www.tax.service.gov.uk Amazon RSA 2048 M01 |
2023-06-07 - 2024-07-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/
Frame ID: A8BEDDCFFCC01E67C464FA19149D7843
Requests: 19 HTTP requests in this frame
Screenshot
![](/screenshots/ad17ab2c-8220-4fa6-bbc4-15964fd22daa.png)
Page Title
Help to SaveDetected technologies
![](/vendor/wappa/icons/govuk.png)
Detected patterns
- <link[^>]+govuk-template[^>"]+css
- <link[^>]+govuk-template-print[^>"]+css
- govuk-template\.js
Detected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Find out more about cookies
Search URL Search Domain Scan URL
Title: Privacy policy(opens in a new window)
Search URL Search Domain Scan URL
Title: Accessibility statement(opens in a new window)
Search URL Search Domain Scan URL
Title: Terms and conditions(opens in a new window)
Search URL Search Domain Scan URL
Title: Open Government Licence
Search URL Search Domain Scan URL
Title: © Crown copyright
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/fonts.css HTTP 303
- https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/cannot-process-request
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/ |
9 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-template.css
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-elements-styles.css
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/ |
44 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
cannot-process-request
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application.css
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/ |
14 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
design-system.css
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/ |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr.js
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/ |
4 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
classList.js
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eventlistener-polyfill.js
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/vendor/ |
87 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
details.polyfill.js
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/govuk/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application.js
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/ |
15 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
transparent.png
www.tax.service.gov.uk/sso/276401930/ |
110 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gov.uk_logotype_crown_invert_trans.png
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/public/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-template.js
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/javascripts/ |
69 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-template-print.css
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gov.uk_logotype_crown.png
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-government-licence.png
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/images/ |
761 B 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-crest.png
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/assets/stylesheets/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
- URL
- https://hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/cannot-process-request
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| f object| Modernizr function| $ function| jQuery object| GOVUK function| ShowHideContent function| isEmailAddressValid function| isNumber function| isCurrency undefined| downStrokeField function| autojump function| autojump_keyDown function| autojump_keyUp function| secure_message_click function| Tabs function| nodeListForEach1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com/ | Name: d23e7ba147efe3e1ced00aa431acc60f Value: f1071edf60260a15633f65b3b73a9246 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'none'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' *.gov.uk; style-src 'self' 'unsafe-inline'; font-src 'self' data:; manifest-src 'self'; |
Strict-Transport-Security | max-age=31536000;includeSubDomains;preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
www.tax.service.gov.uk
hts-nft-account.b2b-hts-web.ocp.amos-managed.nsandi.com
18.245.60.30
99.86.4.16
056be184d1b59249107fd7388a430653bc1149a58a5890395e91f57eb80b6639
17a1230f9dc32cea94c510f06a3242e89c69d14bcd23a15df35fa0b6e7952159
203e1db49d3eff430d7dc450ce723c1002542fe1d2bce661b6d8571f14c1043c
3250b92b406f24f953be18137c4a30b3dfe9ad74f156d7d35c17ac9e9d7de16e
569a04058e74a982d2f1a7ba1319c6164195617ae0ebcb5a228303630d5e3d8e
5784fe5cc77da0945d873d23264e59f30ac61f878df10156dfb0f9b276924667
6f064b11007507ecebb88b25c6b21a41e51189b079c5a30342c8dc8950019c0c
745c9f59997ee6d6c5843b5ae5dc98b7a4c176a5ad9f5363abee50dd2d861ccd
a7497f7ad24b896ef8a55aba1f8e3759b3955de09481e80558eb5a57078a668d
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
ce8a67039876d38c42dac5b7d0c0d3c797b2f680e561e5260d90fc1f549d8685
d16d4832a602e65213dd21e35f4b1fe6101d6d5d174e273c937b40cb1dd80c15
e0802f373ba85750e678d0d6160e6fe2521300943b6671051f8a3ab2d5e3686f
e1ad5abc2641c00891c5e932a9f14e95a09a7c10853bda1a9b21e2a38aeaa9c2
ea874a79e09423d63420aff44f016fd0b92dc6dec0cc2668d63b150c8669875e
ec2e3ba258d63be8cad80eca0183daca8f1f32fe878c9d633a7807d8727e7125
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e