nhs.testkitgb.com Open in urlscan Pro
45.137.21.46 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://nhs.testkitgb.com/nhs
Effective URL:
https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Submission: On March 14 via manual (March 14th 2022, 10:46:41 pm UTC) from GB — Scanned from NL

Summary HTTP 14 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 45.137.21.46, located in Amsterdam, Netherlands and belongs to ROOTLAYERNET, BD. The main domain is nhs.testkitgb.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 14th 2022. Valid for: 3 months.

This is the only time nhs.testkitgb.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NHS UK (Healthcare)

Domain & IP information

	IP Address	AS Autonomous System
3 11	45.137.21.46 45.137.21.46	51447 (ROOTLAYERNET) (ROOTLAYERNET)
2	104.109.59.240 104.109.59.240	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a02:26f0:6c0... 2a02:26f0:6c00:299::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
14	5

11 45.137.21.46 (Amsterdam, Netherlands) 3 redirects

ASN51447 (ROOTLAYERNET, BD)
PTR: hosted-by.rootlayer.net

nhs.testkitgb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.59.240 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-59-240.deploy.static.akamaitechnologies.com

assets.nhs.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:299::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.176.210 (Paris, France) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

nhsdigital.d3.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	testkitgb.com 3 redirects nhs.testkitgb.com	574 KB
3	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 515	17 KB
2	omtrdc.net 1 redirects nhsdigital.d3.sc.omtrdc.net — Cisco Umbrella Rank: 78839	1 KB
2	assets.nhs.uk assets.nhs.uk — Cisco Umbrella Rank: 47387	35 KB
14	4

	Domain	Requested by
11	nhs.testkitgb.com	3 redirects nhs.testkitgb.com
3	assets.adobedtm.com	nhs.testkitgb.com
2	nhsdigital.d3.sc.omtrdc.net	1 redirects
2	assets.nhs.uk	nhs.testkitgb.com
14	4

This site contains links to these domains. Also see Links.

Domain
www.nhs.uk

Subject Issuer	Validity	Valid
nhs.testkitgb.com cPanel, Inc. Certification Authority	`2022-03-14` - `2022-06-12`	3 months	crt.sh
www.nhs.uk DigiCert SHA2 Secure Server CA	`2021-07-16` - `2022-08-07`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-10` - `2022-09-10`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Frame ID: 38005B5108942C9E453E6F0103465BA6
Requests: 14 HTTP requests in this frame

Frame: https://nhs.testkitgb.com/digital%20files/box-d09a446edefba0dcce5d5143e1840e9a.html
Frame ID: 0CE320C4F0E1D955826D267F9554F649
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Order Omicron PCR test kit

Page URL History Show full URLs

https://nhs.testkitgb.com/nhs HTTP 303
https://nhs.testkitgb.com/ HTTP 302
https://nhs.testkitgb.com/index HTTP 302
https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28 Page URL

Page Statistics

14
Requests

93 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

625 kB
Transfer

654 kB
Size

6
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nhs.uk/conditions/
Title: Skip to main content

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/
Title: Home

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/live-well/
Title: Live Well

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/mental-health/
Title: Mental health

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/conditions/social-care-and-support-guide/
Title: Care and support

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/pregnancy/
Title: Pregnancy

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/nhs-services/
Title: NHS services

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/nhs-sites/
Title: NHS sites

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/nhs-app/
Title: NHS App

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/about-us/
Title: About us

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/contact-us/
Title: Contact us

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/personalisation/
Title: Profile editor

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/about-us/site-map/
Title: Site map

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/accessibility-statement/
Title: Accessibility statement

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/our-policies/
Title: Our policies

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/our-policies/cookies-policy/
Title: Cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://nhs.testkitgb.com/nhs HTTP 303
https://nhs.testkitgb.com/ HTTP 302
https://nhs.testkitgb.com/index HTTP 302
https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.3-LBWB/s77010915229357?AQB=1&ndh=1&pf=1&t=14%2F2%2F2022%2022%3A46%3A37%201%200&fid=556C51B10DB76171-29E7FD713C3E0FED&ce=UTF-8&ns=nhsdigital&cdp=2&fpCookieDomainPeriods=3&pageName=nhs%3Aweb%3Aconditions%3A-%3Aget-digital--pass&g=https%3A%2F%2Fnhs.testkitgb.com%2Findex%3Fsession%3D2DlowXqsqz%26secure%3Dtrue%26time%3D22%3A46%3A37%26hma%3Dh38y4kkj28&cc=GBP&ch=conditions&events=event1&c1=-&v1=D%3DpageName&c2=get%20digital%20%20pass&v2=D%3Dg&v3=D%3Dc4&c5=D%3Dg&c10=New&v10=D%3Dc10&c11=D%3Dmid&v12=10%3A46%20PM%7CMonday&c21=2022-03-14T22%3A46%3A37.881Z&c22=11%3A46%20PM%7CMonday&c23=448&c75=web&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
https://nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.3-LBWB/s77010915229357?AQB=1&pccr=true&vidn=3117E2E6F02AB0D4-6000029FF03FB17B&ndh=1&pf=1&t=14%2F2%2F2022%2022%3A46%3A37%201%200&fid=556C51B10DB76171-29E7FD713C3E0FED&ce=UTF-8&ns=nhsdigital&cdp=2&fpCookieDomainPeriods=3&pageName=nhs%3Aweb%3Aconditions%3A-%3Aget-digital--pass&g=https%3A%2F%2Fnhs.testkitgb.com%2Findex%3Fsession%3D2DlowXqsqz%26secure%3Dtrue%26time%3D22%3A46%3A37%26hma%3Dh38y4kkj28&cc=GBP&ch=conditions&events=event1&c1=-&v1=D%3DpageName&c2=get%20digital%20%20pass&v2=D%3Dg&v3=D%3Dc4&c5=D%3Dg&c10=New&v10=D%3Dc10&c11=D%3Dmid&v12=10%3A46%20PM%7CMonday&c21=2022-03-14T22%3A46%3A37.881Z&c22=11%3A46%20PM%7CMonday&c23=448&c75=web&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

14 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request index Show response
nhs.testkitgb.com/
Redirect Chain

https://nhs.testkitgb.com/nhs
https://nhs.testkitgb.com/
https://nhs.testkitgb.com/index
https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28

20 KB
20 KB

74ms
45ms

Document
text/html

45.137.21.46
ROOTLAYERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.137.21.46 Amsterdam, Netherlands, ASN51447 (ROOTLAYERNET, BD),
Reverse DNS: hosted-by.rootlayer.net
Software: Apache /
Resource Hash: 259a96ea527a5b0776cca3a33a84bc3804bae0e58ee3f6bff71d3f5e2a7e6c9c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9

Response headers

Date: Mon, 14 Mar 2022 22:46:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Mon, 14 Mar 2022 22:46:37 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 FrutigerLTW01-55Roman.woff2
assets.nhs.uk/fonts/ 17 KB
17 KB 94ms
22ms Font
application/octet-stream 104.109.59.240
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nhs.uk/fonts/FrutigerLTW01-55Roman.woff2
Requested by: Host: nhs.testkitgb.com
URL: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.59.240 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-59-240.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 886f640d4cb31c0114351f25e5eeba98b79e7ae405fcc2ca50aac6ed79ff8995

Request headers

Referer: https://nhs.testkitgb.com/
Origin: https://nhs.testkitgb.com
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Mon, 14 Mar 2022 22:46:37 GMT
last-modified: Tue, 09 Apr 2019 10:17:13 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: lRIDEWIJgHewKikdW/afDg==
etag: 0x8D6BCD488B0257A
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: 3c6ee1df-501e-0063-0247-ceee60000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=2628288
x-ms-version: 2009-09-19
content-length: 17284
expires: Thu, 14 Apr 2022 08:51:25 GMT

GET
H2 200 FrutigerLTW01-65Bold.woff2
assets.nhs.uk/fonts/ 17 KB
17 KB 114ms
42ms Font
application/octet-stream 104.109.59.240
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nhs.uk/fonts/FrutigerLTW01-65Bold.woff2
Requested by: Host: nhs.testkitgb.com
URL: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.59.240 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-59-240.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d7a61b8131c25f4f7949162fcf342c8ba52b0257756aaacf23aa948f0403c842

Request headers

Referer: https://nhs.testkitgb.com/
Origin: https://nhs.testkitgb.com
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Mon, 14 Mar 2022 22:46:37 GMT
last-modified: Tue, 09 Apr 2019 10:17:14 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: OPdl6/MQFVFaVJuAqOKjeg==
etag: 0x8D6BCD48962A5B8
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: e53bdec4-101e-0046-338e-5d76d3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=2628288
x-ms-version: 2009-09-19
content-length: 17216
expires: Thu, 14 Apr 2022 08:51:25 GMT

GET
H/1.1 200
OK main.9943db5d0dda.css
nhs.testkitgb.com/digital%20files/ 130 KB
130 KB 21ms
20ms Stylesheet
text/css 45.137.21.46
ROOTLAYERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhs.testkitgb.com/digital%20files/main.9943db5d0dda.css
Requested by: Host: nhs.testkitgb.com
URL: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.137.21.46 Amsterdam, Netherlands, ASN51447 (ROOTLAYERNET, BD),
Reverse DNS: hosted-by.rootlayer.net
Software: Apache /
Resource Hash: 7577c86ec2d5c38c19c2f42cd76e240135055e525b17e3c51c5a46206fca153c

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 22:46:37 GMT
Last-Modified: Sat, 23 Oct 2021 11:59:40 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 133188

GET
H/1.1 200
OK main.c47ef85716b9.js.download Show response
nhs.testkitgb.com/digital%20files/ 64 KB
64 KB 21ms
21ms Script
application/javascript 45.137.21.46
ROOTLAYERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhs.testkitgb.com/digital%20files/main.c47ef85716b9.js.download
Requested by: Host: nhs.testkitgb.com
URL: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.137.21.46 Amsterdam, Netherlands, ASN51447 (ROOTLAYERNET, BD),
Reverse DNS: hosted-by.rootlayer.net
Software: Apache /
Resource Hash: fd975b545301ecb460ea30364fb1f38e1dbe1d4892bff5337fe7e7354913bfb6

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 22:46:37 GMT
Last-Modified: Sat, 23 Oct 2021 11:59:40 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 65446

GET
H/1.1 200
OK launch-ENe7f6cdd7cc05409b86547d9153429788.min.js.download Show response
nhs.testkitgb.com/digital%20files/ 304 KB
305 KB 48ms
20ms Script
application/javascript 45.137.21.46
ROOTLAYERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhs.testkitgb.com/digital%20files/launch-ENe7f6cdd7cc05409b86547d9153429788.min.js.download
Requested by: Host: nhs.testkitgb.com
URL: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.137.21.46 Amsterdam, Netherlands, ASN51447 (ROOTLAYERNET, BD),
Reverse DNS: hosted-by.rootlayer.net
Software: Apache /
Resource Hash: a924ef64a01f2dd5d2d0eebb1c6dd0794ae43742f0f02f6597709d79d7d47c74

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 22:46:37 GMT
Last-Modified: Sat, 23 Oct 2021 11:59:40 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 311743

GET
H/1.1 200
OK AppMeasurement.min.js.download Show response
nhs.testkitgb.com/digital%20files/ 33 KB
33 KB 21ms
21ms Script
application/javascript 45.137.21.46
ROOTLAYERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhs.testkitgb.com/digital%20files/AppMeasurement.min.js.download
Requested by: Host: nhs.testkitgb.com
URL: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.137.21.46 Amsterdam, Netherlands, ASN51447 (ROOTLAYERNET, BD),
Reverse DNS: hosted-by.rootlayer.net
Software: Apache /
Resource Hash: 04d439e000eb278a036c741b3a0b3ddb4b22087ff0bbb9342a6be5dc7d1ab60a

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 22:46:37 GMT
Last-Modified: Sat, 23 Oct 2021 11:59:40 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 33522

GET
H/1.1 200
OK AppMeasurement_Module_ActivityMap.min.js.download Show response
nhs.testkitgb.com/digital%20files/ 3 KB
3 KB 21ms
21ms Script
application/javascript 45.137.21.46
ROOTLAYERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhs.testkitgb.com/digital%20files/AppMeasurement_Module_ActivityMap.min.js.download
Requested by: Host: nhs.testkitgb.com
URL: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.137.21.46 Amsterdam, Netherlands, ASN51447 (ROOTLAYERNET, BD),
Reverse DNS: hosted-by.rootlayer.net
Software: Apache /
Resource Hash: 99affd7a1c868ecf15a0789fc85e87ca23ae783e7916aee316e6282d9777369c

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 22:46:37 GMT
Last-Modified: Sat, 23 Oct 2021 11:59:40 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 3303

GET
H/1.1 200
OK RC6896c8c0c349424b90489027862f3593-source.min.js.download Show response
nhs.testkitgb.com/digital%20files/ 14 KB
14 KB 42ms
20ms Script
application/javascript 45.137.21.46
ROOTLAYERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhs.testkitgb.com/digital%20files/RC6896c8c0c349424b90489027862f3593-source.min.js.download
Requested by: Host: nhs.testkitgb.com
URL: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.137.21.46 Amsterdam, Netherlands, ASN51447 (ROOTLAYERNET, BD),
Reverse DNS: hosted-by.rootlayer.net
Software: Apache /
Resource Hash: 13cd57594443f4cfd63c0d733ade495c5c6265b3c1cf949f88a9cc07f19d6f94

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 22:46:37 GMT
Last-Modified: Sat, 23 Oct 2021 11:59:40 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 14068

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/ 33 KB
12 KB 108ms
19ms Script
application/x-javascript 2a02:26f0:6c00:299::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/AppMeasurement.min.js
Requested by: Host: nhs.testkitgb.com
URL: https://nhs.testkitgb.com/digital%20files/launch-ENe7f6cdd7cc05409b86547d9153429788.min.js.download
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:299::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 04d439e000eb278a036c741b3a0b3ddb4b22087ff0bbb9342a6be5dc7d1ab60a

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://nhs.testkitgb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 22:46:37 GMT
content-encoding: gzip
last-modified: Mon, 18 Oct 2021 21:37:16 GMT
server: AkamaiNetStorage
etag: "820eb42f3120ddf65e303b24a8285815:1634593036.305122"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://nhs.testkitgb.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12200
expires: Mon, 14 Mar 2022 23:46:37 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/ 3 KB
2 KB 111ms
22ms Script
application/x-javascript 2a02:26f0:6c00:299::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: nhs.testkitgb.com
URL: https://nhs.testkitgb.com/digital%20files/launch-ENe7f6cdd7cc05409b86547d9153429788.min.js.download
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:299::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 99affd7a1c868ecf15a0789fc85e87ca23ae783e7916aee316e6282d9777369c

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://nhs.testkitgb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 22:46:37 GMT
content-encoding: gzip
last-modified: Mon, 18 Oct 2021 21:37:16 GMT
server: AkamaiNetStorage
etag: "abbe69e5c8f385f00652c3d0c2bba347:1634593036.557115"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://nhs.testkitgb.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1594
expires: Mon, 14 Mar 2022 23:46:37 GMT

GET
H/1.1 200
OK box-d09a446edefba0dcce5d5143e1840e9a.html Show response
nhs.testkitgb.com/digital%20files/ Frame 0CE3 3 KB
3 KB 35ms
21ms Document
text/html 45.137.21.46
ROOTLAYERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://nhs.testkitgb.com/digital%20files/box-d09a446edefba0dcce5d5143e1840e9a.html
Requested by: Host: nhs.testkitgb.com
URL: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.137.21.46 Amsterdam, Netherlands, ASN51447 (ROOTLAYERNET, BD),
Reverse DNS: hosted-by.rootlayer.net
Software: Apache /
Resource Hash: eb4923307c7527a88c9e57dbd765cbd5a6180243c5705368fd1da38db1eb1708

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9
Referer: https://nhs.testkitgb.com/index?session=2DlowXqsqz&secure=true&time=22:46:37&hma=h38y4kkj28

Response headers

Date: Mon, 14 Mar 2022 22:46:37 GMT
Server: Apache
Last-Modified: Sat, 23 Oct 2021 11:59:40 GMT
Accept-Ranges: bytes
Content-Length: 2572
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html

GET
H2 200 RC6896c8c0c349424b90489027862f3593-source.min.js Show response
assets.adobedtm.com/f8560165ec6a/5d3b7fb65898/253676a2a036/ 14 KB
3 KB 115ms
36ms Script
application/x-javascript 2a02:26f0:6c00:299::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/f8560165ec6a/5d3b7fb65898/253676a2a036/RC6896c8c0c349424b90489027862f3593-source.min.js
Requested by: Host: nhs.testkitgb.com
URL: https://nhs.testkitgb.com/digital%20files/launch-ENe7f6cdd7cc05409b86547d9153429788.min.js.download
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:299::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 13cd57594443f4cfd63c0d733ade495c5c6265b3c1cf949f88a9cc07f19d6f94

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://nhs.testkitgb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 22:46:37 GMT
content-encoding: gzip
last-modified: Thu, 21 Oct 2021 10:37:50 GMT
server: AkamaiNetStorage
etag: "ea95a3b670687e950cfb082063f730f2:1634812670.462662"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://nhs.testkitgb.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 2733
expires: Mon, 14 Mar 2022 23:46:37 GMT

GET
DATA 200
OK truncated
/ 296 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453c06b657dfde66cb3a88a952795b75884a028f7397d20c2d4c071bc58c719c

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

s77010915229357
nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.3-LBWB/
Redirect Chain

https://nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.3-LBWB/s77010915229357?AQB=1&ndh=1&pf=1&t=14%2F2%2F2022%2022%3A46%3A37%201%200&fid=556C51B10DB76171-29E7FD713C3E0FED&ce=UTF-8&ns=nhsdig...
https://nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.3-LBWB/s77010915229357?AQB=1&pccr=true&vidn=3117E2E6F02AB0D4-6000029FF03FB17B&ndh=1&pf=1&t=14%2F2%2F2022%2022%3A46%3A37%201%200&fid=556...

43 B
297 B

27ms
27ms

Image
image/gif

15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.3-LBWB/s77010915229357?AQB=1&pccr=true&vidn=3117E2E6F02AB0D4-6000029FF03FB17B&ndh=1&pf=1&t=14%2F2%2F2022%2022%3A46%3A37%201%200&fid=556C51B10DB76171-29E7FD713C3E0FED&ce=UTF-8&ns=nhsdigital&cdp=2&fpCookieDomainPeriods=3&pageName=nhs%3Aweb%3Aconditions%3A-%3Aget-digital--pass&g=https%3A%2F%2Fnhs.testkitgb.com%2Findex%3Fsession%3D2DlowXqsqz%26secure%3Dtrue%26time%3D22%3A46%3A37%26hma%3Dh38y4kkj28&cc=GBP&ch=conditions&events=event1&c1=-&v1=D%3DpageName&c2=get%20digital%20%20pass&v2=D%3Dg&v3=D%3Dc4&c5=D%3Dg&c10=New&v10=D%3Dc10&c11=D%3Dmid&v12=10%3A46%20PM%7CMonday&c21=2022-03-14T22%3A46%3A37.881Z&c22=11%3A46%20PM%7CMonday&c23=448&c75=web&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Protocol

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://nhs.testkitgb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 22:46:37 GMT
x-content-type-options: nosniff
x-c: main-1629.I879dac.M0-556
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 15 Mar 2022 22:46:37 GMT
server: jag
xserver: anedge-7f6b754cd4-jf67t
etag: 3537545513100804096-4619773790010460675
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 13 Mar 2022 22:46:37 GMT

Redirect headers

date: Mon, 14 Mar 2022 22:46:37 GMT
x-content-type-options: nosniff
x-c: main-1629.I879dac.M0-556
p3p: CP="This is not a P3P policy"
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
location: https://nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.3-LBWB/s77010915229357?AQB=1&pccr=true&vidn=3117E2E6F02AB0D4-6000029FF03FB17B&ndh=1&pf=1&t=14%2F2%2F2022%2022%3A46%3A37%201%200&fid=556C51B10DB76171-29E7FD713C3E0FED&ce=UTF-8&ns=nhsdigital&cdp=2&fpCookieDomainPeriods=3&pageName=nhs%3Aweb%3Aconditions%3A-%3Aget-digital--pass&g=https%3A%2F%2Fnhs.testkitgb.com%2Findex%3Fsession%3D2DlowXqsqz%26secure%3Dtrue%26time%3D22%3A46%3A37%26hma%3Dh38y4kkj28&cc=GBP&ch=conditions&events=event1&c1=-&v1=D%3DpageName&c2=get%20digital%20%20pass&v2=D%3Dg&v3=D%3Dc4&c5=D%3Dg&c10=New&v10=D%3Dc10&c11=D%3Dmid&v12=10%3A46%20PM%7CMonday&c21=2022-03-14T22%3A46%3A37.881Z&c22=11%3A46%20PM%7CMonday&c23=448&c75=web&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
last-modified: Tue, 15 Mar 2022 22:46:37 GMT
server: jag
xserver: anedge-7f6b754cd4-l56q7
vary: Origin
content-type: text/plain;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 13 Mar 2022 22:46:37 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NHS UK (Healthcare)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
nhs.testkitgb.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: c29317a1bfcce7e633952c08be7e4971
.nhs.testkitgb.com/	1970-01-20 19:07:36	Name: s_fid Value: 556C51B10DB76171-29E7FD713C3E0FED
.nhs.testkitgb.com/	1970-01-20 02:18:09	Name: s_getNewRepeat Value: 1647297997880-New
.nhs.testkitgb.com/	1970-01-20 01:34:59	Name: s_ppn Value: nhs%3Aweb%3Aconditions%3A-%3Aget-digital--pass
.nhs.testkitgb.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.nhsdigital.d3.sc.omtrdc.net/	1970-01-20 19:06:09	Name: s_vi Value: [CS]v1\|3117E2E6F02AB0D4-6000029FF03FB17B[CE]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
assets.nhs.uk
nhs.testkitgb.com
nhsdigital.d3.sc.omtrdc.net
104.109.59.240
15.236.176.210
2a02:26f0:6c00:299::1e80
45.137.21.46
04d439e000eb278a036c741b3a0b3ddb4b22087ff0bbb9342a6be5dc7d1ab60a
13cd57594443f4cfd63c0d733ade495c5c6265b3c1cf949f88a9cc07f19d6f94
259a96ea527a5b0776cca3a33a84bc3804bae0e58ee3f6bff71d3f5e2a7e6c9c
453c06b657dfde66cb3a88a952795b75884a028f7397d20c2d4c071bc58c719c
7577c86ec2d5c38c19c2f42cd76e240135055e525b17e3c51c5a46206fca153c
886f640d4cb31c0114351f25e5eeba98b79e7ae405fcc2ca50aac6ed79ff8995
99affd7a1c868ecf15a0789fc85e87ca23ae783e7916aee316e6282d9777369c
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a924ef64a01f2dd5d2d0eebb1c6dd0794ae43742f0f02f6597709d79d7d47c74
d7a61b8131c25f4f7949162fcf342c8ba52b0257756aaacf23aa948f0403c842
eb4923307c7527a88c9e57dbd765cbd5a6180243c5705368fd1da38db1eb1708
fd975b545301ecb460ea30364fb1f38e1dbe1d4892bff5337fe7e7354913bfb6

nhs.testkitgb.com Open in urlscan Pro 45.137.21.46 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

93 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

5 IPs

3 Countries

625 kBTransfer

654 kBSize

6 Cookies

16 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

23 JavaScript Global Variables

6 Cookies

Indicators

nhs.testkitgb.com Open in urlscan Pro
45.137.21.46 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

625 kB
Transfer

654 kB
Size

6
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!