![](/screenshots/77a63d4f-f7d6-403e-9813-8a5b1c66a7db.png)
www.nhstestkit.securegb-ns.com
Open in
urlscan Pro
146.0.76.95
Malicious Activity!
Public Scan
Effective URL: https://www.nhstestkit.securegb-ns.com/home.php?nvD0OLeRA7u7EmCP2n6fe989hbW34AS2U9M0Xke5d3deWc89fL8s2Zsn6zApM8ti6G9Q36u05vD
Submission: On May 05 via automatic, source certstream-suspicious — Scanned from NL
Summary
TLS certificate: Issued by R3 on May 5th 2022. Valid for: 3 months.
This is the only time www.nhstestkit.securegb-ns.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NHS UK (Healthcare)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 12 | 146.0.76.95 146.0.76.95 | 57043 (HOSTKEY-AS) (HOSTKEY-AS) | |
2 | 96.16.146.114 96.16.146.114 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
3 | 2a02:26f0:350... 2a02:26f0:3500:587::1e80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 108.138.7.31 108.138.7.31 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.66.139.68 18.66.139.68 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.66.139.28 18.66.139.28 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 13.36.218.177 13.36.218.177 | 16509 (AMAZON-02) (AMAZON-02) | |
21 | 8 |
ASN57043 (HOSTKEY-AS, NL)
PTR: hawkeye30.myhostcpl.com
www.nhstestkit.securegb-ns.com |
ASN16625 (AKAMAI-AS, US)
PTR: a96-16-146-114.deploy.static.akamaitechnologies.com
assets.nhs.uk |
ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com |
ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-31.fra56.r.cloudfront.net
static.hotjar.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-68.fra60.r.cloudfront.net
script.hotjar.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-28.fra60.r.cloudfront.net
vars.hotjar.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
nhsdigital.d3.sc.omtrdc.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
securegb-ns.com
1 redirects
www.nhstestkit.securegb-ns.com |
242 KB |
3 |
hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 920 script.hotjar.com — Cisco Umbrella Rank: 1202 vars.hotjar.com — Cisco Umbrella Rank: 1251 |
71 KB |
3 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 469 |
17 KB |
2 |
omtrdc.net
1 redirects
nhsdigital.d3.sc.omtrdc.net — Cisco Umbrella Rank: 144867 |
1 KB |
2 |
assets.nhs.uk
assets.nhs.uk — Cisco Umbrella Rank: 72950 |
35 KB |
0 |
www.nhs.uk
Failed
www.nhs.uk Failed |
|
21 | 6 |
Domain | Requested by | |
---|---|---|
12 | www.nhstestkit.securegb-ns.com |
1 redirects
www.nhstestkit.securegb-ns.com
|
3 | assets.adobedtm.com |
www.nhstestkit.securegb-ns.com
|
2 | nhsdigital.d3.sc.omtrdc.net | 1 redirects |
2 | assets.nhs.uk |
www.nhstestkit.securegb-ns.com
|
1 | vars.hotjar.com |
www.nhstestkit.securegb-ns.com
|
1 | script.hotjar.com |
www.nhstestkit.securegb-ns.com
|
1 | static.hotjar.com |
www.nhstestkit.securegb-ns.com
|
0 | www.nhs.uk Failed |
www.nhstestkit.securegb-ns.com
|
21 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
securegb-ns.com R3 |
2022-05-05 - 2022-08-03 |
3 months | crt.sh |
www.nhs.uk DigiCert SHA2 Secure Server CA |
2021-07-16 - 2022-08-07 |
a year | crt.sh |
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-09-10 - 2022-09-10 |
a year | crt.sh |
*.hotjar.com Amazon |
2021-11-25 - 2022-12-23 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.nhstestkit.securegb-ns.com/home.php?nvD0OLeRA7u7EmCP2n6fe989hbW34AS2U9M0Xke5d3deWc89fL8s2Zsn6zApM8ti6G9Q36u05vD
Frame ID: AADBB4E4318486EA39FB606CE23CF0EF
Requests: 20 HTTP requests in this frame
Frame:
https://www.nhstestkit.securegb-ns.com/index_files/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: 49988B2E37E8F1CAF80B1FFF691696E4
Requests: 1 HTTP requests in this frame
Frame:
https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: 82B6145210D329B293810E8EE6853174
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/77a63d4f-f7d6-403e-9813-8a5b1c66a7db.png)
Page Title
Rapid lateral flow coronavirus (COVID-19) tests - NHSPage URL History Show full URLs
-
https://www.nhstestkit.securegb-ns.com/
HTTP 302
https://www.nhstestkit.securegb-ns.com/home.php?nvD0OLeRA7u7EmCP2n6fe989hbW34AS2U9M0Xke5d3deWc89fL8s2Zsn6zApM8ti6G9... Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/Hotjar.png)
Detected patterns
- //static\.hotjar\.com/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.nhstestkit.securegb-ns.com/
HTTP 302
https://www.nhstestkit.securegb-ns.com/home.php?nvD0OLeRA7u7EmCP2n6fe989hbW34AS2U9M0Xke5d3deWc89fL8s2Zsn6zApM8ti6G9Q36u05vD Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 20- https://nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.4-LBWB/s01155100020574?AQB=1&ndh=1&pf=1&t=5%2F4%2F2022%2013%3A18%3A3%204%200&fid=478E888CCFD5C5E6-31E139098ABEFE50&ce=UTF-8&ns=nhsdigital&cdp=2&fpCookieDomainPeriods=3&pageName=nhs%3Aweb%3Aconditions%3Acoronavirus-covid-19%3Atesting%3Aregular-rapid-coronavirus-tests-if-you-do-not-have-symptoms&g=https%3A%2F%2Fwww.nhstestkit.securegb-ns.com%2Fhome.php%3FnvD0OLeRA7u7EmCP2n6fe989hbW34AS2U9M0Xke5d3deWc89fL8s2Zsn6zApM8ti6G9Q36u05vD&cc=GBP&ch=conditions&server=www.nhstestkit.securegb-ns.com&events=event1&c1=coronavirus-covid-19&v1=D%3DpageName&c2=testing&v2=D%3Dg&c3=regular-rapid-coronavirus-tests-if-you-do-not-have-symptoms&v3=D%3Dc4&c5=D%3Dg&c10=New&v10=D%3Dc10&c11=D%3Dmid&v12=1%3A18%20PM%7CThursday&c21=2022-05-05T13%3A18%3A03.205Z&c22=2%3A18%20PM%7CThursday&c23=552&c53=n%2Fa&c75=web&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.4-LBWB/s01155100020574?AQB=1&pccr=true&vidn=3139E745920476AD-60000920F495D4CD&ndh=1&pf=1&t=5%2F4%2F2022%2013%3A18%3A3%204%200&fid=478E888CCFD5C5E6-31E139098ABEFE50&ce=UTF-8&ns=nhsdigital&cdp=2&fpCookieDomainPeriods=3&pageName=nhs%3Aweb%3Aconditions%3Acoronavirus-covid-19%3Atesting%3Aregular-rapid-coronavirus-tests-if-you-do-not-have-symptoms&g=https%3A%2F%2Fwww.nhstestkit.securegb-ns.com%2Fhome.php%3FnvD0OLeRA7u7EmCP2n6fe989hbW34AS2U9M0Xke5d3deWc89fL8s2Zsn6zApM8ti6G9Q36u05vD&cc=GBP&ch=conditions&server=www.nhstestkit.securegb-ns.com&events=event1&c1=coronavirus-covid-19&v1=D%3DpageName&c2=testing&v2=D%3Dg&c3=regular-rapid-coronavirus-tests-if-you-do-not-have-symptoms&v3=D%3Dc4&c5=D%3Dg&c10=New&v10=D%3Dc10&c11=D%3Dmid&v12=1%3A18%20PM%7CThursday&c21=2022-05-05T13%3A18%3A03.205Z&c22=2%3A18%20PM%7CThursday&c23=552&c53=n%2Fa&c75=web&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
home.php
www.nhstestkit.securegb-ns.com/ Redirect Chain
|
51 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FrutigerLTW01-55Roman.woff2
assets.nhs.uk/fonts/ |
17 KB 17 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FrutigerLTW01-65Bold.woff2
assets.nhs.uk/fonts/ |
17 KB 17 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.d6fa8cab6d0e.css
www.nhstestkit.securegb-ns.com/index_files/ |
137 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.6b0c2c5a3207.js
www.nhstestkit.securegb-ns.com/index_files/ |
71 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookie-consent.js
www.nhstestkit.securegb-ns.com/index_files/ |
105 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
launch-ENe7f6cdd7cc05409b86547d9153429788.min.js
www.nhstestkit.securegb-ns.com/index_files/ |
331 KB 63 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotjar-681718.js
www.nhstestkit.securegb-ns.com/index_files/ |
57 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules.bb718fa7305d844e18c3.js
www.nhstestkit.securegb-ns.com/index_files/ |
236 KB 71 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement.min.js
www.nhstestkit.securegb-ns.com/index_files/ |
33 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement_Module_ActivityMap.min.js
www.nhstestkit.securegb-ns.com/index_files/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RC6896c8c0c349424b90489027862f3593-source.min.js
www.nhstestkit.securegb-ns.com/index_files/ |
14 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/ |
33 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotjar-681718.js
static.hotjar.com/c/ |
42 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
box-acca23410e696f2ca3087d947271c3d0.html
www.nhstestkit.securegb-ns.com/index_files/ Frame 4998 |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
296 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules.bb718fa7305d844e18c3.js
script.hotjar.com/ |
236 KB 62 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RC6896c8c0c349424b90489027862f3593-source.min.js
assets.adobedtm.com/f8560165ec6a/5d3b7fb65898/24297b4a2f0a/ |
14 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
www.nhs.uk/our-policies/cookies-policy/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
box-acca23410e696f2ca3087d947271c3d0.html
vars.hotjar.com/ Frame 82B6 |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s01155100020574
nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.4-LBWB/ Redirect Chain
|
43 B 296 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.nhs.uk
- URL
- https://www.nhs.uk/our-policies/cookies-policy/?policy-action=seen
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NHS UK (Healthcare)36 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| digitalData object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| hj object| _hjSettings object| NHSUK_SETTINGS function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules function| AppMeasurement_Module_ActivityMap object| core object| __core-js_shared__ function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| NHSCookieConsent object| s number| s_loadT object| s_i_nhsuk-prod7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.nhstestkit.securegb-ns.com/ | Name: PHPSESSID Value: 34e6b4b450c9669b60f6652ab3dd91a6 |
|
www.nhstestkit.securegb-ns.com/ | Name: nhsuk-cookie-consent Value: %7B%22necessary%22%3Atrue%2C%22preferences%22%3Afalse%2C%22statistics%22%3Afalse%2C%22marketing%22%3Afalse%2C%22consented%22%3Afalse%2C%22version%22%3A3%7D |
|
.nhstestkit.securegb-ns.com/ | Name: s_fid Value: 478E888CCFD5C5E6-31E139098ABEFE50 |
|
.nhstestkit.securegb-ns.com/ | Name: s_getNewRepeat Value: 1651756683204-New |
|
.nhstestkit.securegb-ns.com/ | Name: s_ppn Value: nhs%3Aweb%3Aconditions%3Acoronavirus-covid-19%3Atesting%3Aregular-rapid-coronavirus-tests-if-you-do-not-have-symptoms |
|
.nhstestkit.securegb-ns.com/ | Name: s_cc Value: true |
|
.nhsdigital.d3.sc.omtrdc.net/ | Name: s_vi Value: [CS]v1|3139E745920476AD-60000920F495D4CD[CE] |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
assets.nhs.uk
nhsdigital.d3.sc.omtrdc.net
script.hotjar.com
static.hotjar.com
vars.hotjar.com
www.nhs.uk
www.nhstestkit.securegb-ns.com
www.nhs.uk
108.138.7.31
13.36.218.177
146.0.76.95
18.66.139.28
18.66.139.68
2a02:26f0:3500:587::1e80
96.16.146.114
055e467aa53a9c0272d805bbc009ade8c74df5a8c1255271d753ac78fe179873
2b1e2e0fafe42e72cb93c8b2217a8711924d1552df545751a50c2b8eacf6de9f
2e48fe4dcacf2bf77c649d8be5b0f0de717f63a9d1fb28f23d69da6251896219
453c06b657dfde66cb3a88a952795b75884a028f7397d20c2d4c071bc58c719c
4b1b66032602ffa5d1e94641610347dcea8bb76bb34b455d9cbcf47e1e50253d
822937bdcf5a4a400f5236843f29323f9c05c102a376ab9438f0f344983d9cda
8526a09c33a014a11a744032b5116917c4257a2ec5558cff70061a6103c27fc5
886f640d4cb31c0114351f25e5eeba98b79e7ae405fcc2ca50aac6ed79ff8995
a06707ef7ed508c05e3888e979d650fddbb5de7cc7e7cdcf997abc874e2e4410
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
c94c5c375bf0d9816df714a38f88a44d73bc8dffb7f0c86c6968547257a4d6fe
cef61de709b62e3c4c6e33af08b4c37bd3c8e466d7732de39b5ede25d5fb6346
d4e77c7411d1de6efebf4278b9c98aa77dc2e5186cee271ac256138f17bef9f4
d7a61b8131c25f4f7949162fcf342c8ba52b0257756aaacf23aa948f0403c842
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e4216ddeacf53272d493b2f199290b2212c71eae31127376384d8a386ab7b214
ffdd2978993b2b7574644fd0806edd7260e5c7a0c83a5c4a2405bcb979678e8a