![](/screenshots/e5f5b33c-5fb5-4dba-b24a-722e1ad55b6d.png)
nhstestkit.securegb-ns.com
Open in
urlscan Pro
146.0.76.95
Malicious Activity!
Public Scan
Effective URL: https://nhstestkit.securegb-ns.com/home.php?PwSIacCOSZm7pvVll11kUZRx704zArU87H4cq4dkqMHEi60q1pDXHV9GWyiiS7lzBUgQ26DaKrS
Submission: On May 06 via manual from GB — Scanned from NL
Summary
TLS certificate: Issued by R3 on May 5th 2022. Valid for: 3 months.
This is the only time nhstestkit.securegb-ns.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NHS UK (Healthcare)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 13 | 146.0.76.95 146.0.76.95 | 57043 (HOSTKEY-AS) (HOSTKEY-AS) | |
2 | 88.221.60.244 88.221.60.244 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
3 | 2a02:26f0:b60... 2a02:26f0:b600:19a::1e80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 65.9.63.33 65.9.63.33 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 108.157.4.45 108.157.4.45 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 108.157.4.53 108.157.4.53 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 15.236.176.210 15.236.176.210 | 16509 (AMAZON-02) (AMAZON-02) | |
21 | 8 |
ASN57043 (HOSTKEY-AS, NL)
PTR: hawkeye30.myhostcpl.com
nhstestkit.securegb-ns.com |
ASN16625 (AKAMAI-AS, US)
PTR: a88-221-60-244.deploy.static.akamaitechnologies.com
assets.nhs.uk |
ASN16509 (AMAZON-02, US)
PTR: server-65-9-63-33.fra56.r.cloudfront.net
static.hotjar.com |
ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-45.dus51.r.cloudfront.net
script.hotjar.com |
ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-53.dus51.r.cloudfront.net
vars.hotjar.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
nhsdigital.d3.sc.omtrdc.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
securegb-ns.com
2 redirects
nhstestkit.securegb-ns.com |
242 KB |
3 |
hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 920 script.hotjar.com — Cisco Umbrella Rank: 1202 vars.hotjar.com — Cisco Umbrella Rank: 1251 |
72 KB |
3 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 469 |
17 KB |
2 |
omtrdc.net
1 redirects
nhsdigital.d3.sc.omtrdc.net — Cisco Umbrella Rank: 144867 |
1 KB |
2 |
assets.nhs.uk
assets.nhs.uk — Cisco Umbrella Rank: 72950 |
35 KB |
0 |
www.nhs.uk
Failed
www.nhs.uk Failed |
|
21 | 6 |
Domain | Requested by | |
---|---|---|
13 | nhstestkit.securegb-ns.com |
2 redirects
nhstestkit.securegb-ns.com
|
3 | assets.adobedtm.com |
nhstestkit.securegb-ns.com
|
2 | nhsdigital.d3.sc.omtrdc.net | 1 redirects |
2 | assets.nhs.uk |
nhstestkit.securegb-ns.com
|
1 | vars.hotjar.com |
nhstestkit.securegb-ns.com
|
1 | script.hotjar.com |
nhstestkit.securegb-ns.com
|
1 | static.hotjar.com |
nhstestkit.securegb-ns.com
|
0 | www.nhs.uk Failed |
nhstestkit.securegb-ns.com
|
21 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
securegb-ns.com R3 |
2022-05-05 - 2022-08-03 |
3 months | crt.sh |
www.nhs.uk DigiCert SHA2 Secure Server CA |
2021-07-16 - 2022-08-07 |
a year | crt.sh |
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-09-10 - 2022-09-10 |
a year | crt.sh |
*.hotjar.com Amazon |
2021-11-25 - 2022-12-23 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://nhstestkit.securegb-ns.com/home.php?PwSIacCOSZm7pvVll11kUZRx704zArU87H4cq4dkqMHEi60q1pDXHV9GWyiiS7lzBUgQ26DaKrS
Frame ID: 32C3BA273FF4D9F5552EA5D56EB86D56
Requests: 20 HTTP requests in this frame
Frame:
https://nhstestkit.securegb-ns.com/index_files/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: 2228344BB334C9DBC3E06292E8CC18BE
Requests: 1 HTTP requests in this frame
Frame:
https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: C9F4C78EA808B2EEDB9636E5B3AD0F3C
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/e5f5b33c-5fb5-4dba-b24a-722e1ad55b6d.png)
Page Title
Rapid lateral flow coronavirus (COVID-19) tests - NHSPage URL History Show full URLs
-
http://nhstestkit.securegb-ns.com/
HTTP 301
https://nhstestkit.securegb-ns.com/ HTTP 302
https://nhstestkit.securegb-ns.com/home.php?PwSIacCOSZm7pvVll11kUZRx704zArU87H4cq4dkqMHEi60q1pDXHV9GWyiiS7lzBUg... Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/Hotjar.png)
Detected patterns
- //static\.hotjar\.com/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://nhstestkit.securegb-ns.com/
HTTP 301
https://nhstestkit.securegb-ns.com/ HTTP 302
https://nhstestkit.securegb-ns.com/home.php?PwSIacCOSZm7pvVll11kUZRx704zArU87H4cq4dkqMHEi60q1pDXHV9GWyiiS7lzBUgQ26DaKrS Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 20- https://nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.4-LBWB/s77331367245356?AQB=1&ndh=1&pf=1&t=6%2F4%2F2022%209%3A30%3A4%205%200&fid=3D76446A303B6690-180BE8E053FFE451&ce=UTF-8&ns=nhsdigital&cdp=2&fpCookieDomainPeriods=3&pageName=nhs%3Aweb%3Aconditions%3Acoronavirus-covid-19%3Atesting%3Aregular-rapid-coronavirus-tests-if-you-do-not-have-symptoms&g=https%3A%2F%2Fnhstestkit.securegb-ns.com%2Fhome.php%3FPwSIacCOSZm7pvVll11kUZRx704zArU87H4cq4dkqMHEi60q1pDXHV9GWyiiS7lzBUgQ26DaKrS&cc=GBP&ch=conditions&server=nhstestkit.securegb-ns.com&events=event1&c1=coronavirus-covid-19&v1=D%3DpageName&c2=testing&v2=D%3Dg&c3=regular-rapid-coronavirus-tests-if-you-do-not-have-symptoms&v3=D%3Dc4&c5=D%3Dg&c10=New&v10=D%3Dc10&c11=D%3Dmid&v12=9%3A30%20AM%7CFriday&c21=2022-05-06T09%3A30%3A04.064Z&c22=10%3A30%20AM%7CFriday&c23=482&c53=n%2Fa&c75=web&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.4-LBWB/s77331367245356?AQB=1&pccr=true&vidn=313A754E4F7CFFE3-40001B4236828C66&ndh=1&pf=1&t=6%2F4%2F2022%209%3A30%3A4%205%200&fid=3D76446A303B6690-180BE8E053FFE451&ce=UTF-8&ns=nhsdigital&cdp=2&fpCookieDomainPeriods=3&pageName=nhs%3Aweb%3Aconditions%3Acoronavirus-covid-19%3Atesting%3Aregular-rapid-coronavirus-tests-if-you-do-not-have-symptoms&g=https%3A%2F%2Fnhstestkit.securegb-ns.com%2Fhome.php%3FPwSIacCOSZm7pvVll11kUZRx704zArU87H4cq4dkqMHEi60q1pDXHV9GWyiiS7lzBUgQ26DaKrS&cc=GBP&ch=conditions&server=nhstestkit.securegb-ns.com&events=event1&c1=coronavirus-covid-19&v1=D%3DpageName&c2=testing&v2=D%3Dg&c3=regular-rapid-coronavirus-tests-if-you-do-not-have-symptoms&v3=D%3Dc4&c5=D%3Dg&c10=New&v10=D%3Dc10&c11=D%3Dmid&v12=9%3A30%20AM%7CFriday&c21=2022-05-06T09%3A30%3A04.064Z&c22=10%3A30%20AM%7CFriday&c23=482&c53=n%2Fa&c75=web&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
home.php
nhstestkit.securegb-ns.com/ Redirect Chain
|
51 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FrutigerLTW01-55Roman.woff2
assets.nhs.uk/fonts/ |
17 KB 17 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FrutigerLTW01-65Bold.woff2
assets.nhs.uk/fonts/ |
17 KB 17 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.d6fa8cab6d0e.css
nhstestkit.securegb-ns.com/index_files/ |
137 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.6b0c2c5a3207.js
nhstestkit.securegb-ns.com/index_files/ |
71 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookie-consent.js
nhstestkit.securegb-ns.com/index_files/ |
105 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
launch-ENe7f6cdd7cc05409b86547d9153429788.min.js
nhstestkit.securegb-ns.com/index_files/ |
331 KB 63 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotjar-681718.js
nhstestkit.securegb-ns.com/index_files/ |
57 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules.bb718fa7305d844e18c3.js
nhstestkit.securegb-ns.com/index_files/ |
236 KB 71 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement.min.js
nhstestkit.securegb-ns.com/index_files/ |
33 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement_Module_ActivityMap.min.js
nhstestkit.securegb-ns.com/index_files/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RC6896c8c0c349424b90489027862f3593-source.min.js
nhstestkit.securegb-ns.com/index_files/ |
14 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/ |
33 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotjar-681718.js
static.hotjar.com/c/ |
50 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
box-acca23410e696f2ca3087d947271c3d0.html
nhstestkit.securegb-ns.com/index_files/ Frame 2228 |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
296 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules.bb718fa7305d844e18c3.js
script.hotjar.com/ |
236 KB 62 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RC6896c8c0c349424b90489027862f3593-source.min.js
assets.adobedtm.com/f8560165ec6a/5d3b7fb65898/24297b4a2f0a/ |
14 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
www.nhs.uk/our-policies/cookies-policy/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
box-acca23410e696f2ca3087d947271c3d0.html
vars.hotjar.com/ Frame C9F4 |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s77331367245356
nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.4-LBWB/ Redirect Chain
|
43 B 297 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.nhs.uk
- URL
- https://www.nhs.uk/our-policies/cookies-policy/?policy-action=seen
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NHS UK (Healthcare)36 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| digitalData object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| hj object| _hjSettings object| NHSUK_SETTINGS object| core object| __core-js_shared__ object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| NHSCookieConsent function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s number| s_loadT object| s_i_nhsuk-prod7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
nhstestkit.securegb-ns.com/ | Name: PHPSESSID Value: 04497760f3e4c33b14599b262b371f76 |
|
nhstestkit.securegb-ns.com/ | Name: nhsuk-cookie-consent Value: %7B%22necessary%22%3Atrue%2C%22preferences%22%3Afalse%2C%22statistics%22%3Afalse%2C%22marketing%22%3Afalse%2C%22consented%22%3Afalse%2C%22version%22%3A3%7D |
|
.nhstestkit.securegb-ns.com/ | Name: s_fid Value: 3D76446A303B6690-180BE8E053FFE451 |
|
.nhstestkit.securegb-ns.com/ | Name: s_getNewRepeat Value: 1651829404063-New |
|
.nhstestkit.securegb-ns.com/ | Name: s_ppn Value: nhs%3Aweb%3Aconditions%3Acoronavirus-covid-19%3Atesting%3Aregular-rapid-coronavirus-tests-if-you-do-not-have-symptoms |
|
.nhstestkit.securegb-ns.com/ | Name: s_cc Value: true |
|
.nhsdigital.d3.sc.omtrdc.net/ | Name: s_vi Value: [CS]v1|313A754E4F7CFFE3-40001B4236828C66[CE] |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
assets.nhs.uk
nhsdigital.d3.sc.omtrdc.net
nhstestkit.securegb-ns.com
script.hotjar.com
static.hotjar.com
vars.hotjar.com
www.nhs.uk
www.nhs.uk
108.157.4.45
108.157.4.53
146.0.76.95
15.236.176.210
2a02:26f0:b600:19a::1e80
65.9.63.33
88.221.60.244
055e467aa53a9c0272d805bbc009ade8c74df5a8c1255271d753ac78fe179873
2e48fe4dcacf2bf77c649d8be5b0f0de717f63a9d1fb28f23d69da6251896219
453c06b657dfde66cb3a88a952795b75884a028f7397d20c2d4c071bc58c719c
4b1b66032602ffa5d1e94641610347dcea8bb76bb34b455d9cbcf47e1e50253d
5542fa564ef0d5ed0a59c5b08d18a577d7c7592aae118ae9defe9edbbc33b30a
822937bdcf5a4a400f5236843f29323f9c05c102a376ab9438f0f344983d9cda
8526a09c33a014a11a744032b5116917c4257a2ec5558cff70061a6103c27fc5
886f640d4cb31c0114351f25e5eeba98b79e7ae405fcc2ca50aac6ed79ff8995
a06707ef7ed508c05e3888e979d650fddbb5de7cc7e7cdcf997abc874e2e4410
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
c94c5c375bf0d9816df714a38f88a44d73bc8dffb7f0c86c6968547257a4d6fe
d4e77c7411d1de6efebf4278b9c98aa77dc2e5186cee271ac256138f17bef9f4
d7a61b8131c25f4f7949162fcf342c8ba52b0257756aaacf23aa948f0403c842
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e4216ddeacf53272d493b2f199290b2212c71eae31127376384d8a386ab7b214
e52b76e183051a5d5bf4c926d646216fd382301dc88defd7f72733f78f14a201
ffdd2978993b2b7574644fd0806edd7260e5c7a0c83a5c4a2405bcb979678e8a