nhs.testkitspcr.com
Open in
urlscan Pro
87.251.79.145
Malicious Activity!
Public Scan
URL:
https://nhs.testkitspcr.com/index?session=VGFaUYi0g9&secure=true&time=11:06:45&hma=h38y4kkj28
Submission: On March 29 via automatic, source phishtank — Scanned from DE
Submission: On March 29 via automatic, source phishtank — Scanned from DE
Summary
This website contacted 5 IPs
in 3 countries
across 4 domains to perform 14 HTTP transactions.
The main IP is 87.251.79.145, located in
Russian Federation and
belongs to SANNIKOV, RU.
The main domain is nhs.testkitspcr.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 28th 2022. Valid for: 3 months.
This is the only time nhs.testkitspcr.com was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 28th 2022. Valid for: 3 months.
This is the only time nhs.testkitspcr.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NHS UK (Healthcare)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 8 | 87.251.79.145 87.251.79.145 | 57416 (SANNIKOV) (SANNIKOV) | |
| 2 | 88.221.60.244 88.221.60.244 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 3 | 2a02:26f0:6c0... 2a02:26f0:6c00:2b0::1e80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 2 | 15.188.95.229 15.188.95.229 | 16509 (AMAZON-02) (AMAZON-02) | |
| 14 | 5 |
2
88.221.60.244
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a88-221-60-244.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a88-221-60-244.deploy.static.akamaitechnologies.com
| assets.nhs.uk |
3
2a02:26f0:6c00:2b0::1e80
(Frankfurt am Main, Germany)
ASN20940 (AKAMAI-ASN1, NL)
ASN20940 (AKAMAI-ASN1, NL)
| assets.adobedtm.com |
2
15.188.95.229
(Paris, France)
ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
| nhsdigital.d3.sc.omtrdc.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 8 |
testkitspcr.com
nhs.testkitspcr.com |
573 KB |
| 3 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 501 |
17 KB |
| 2 |
omtrdc.net
1 redirects
nhsdigital.d3.sc.omtrdc.net — Cisco Umbrella Rank: 88954 |
1 KB |
| 2 |
assets.nhs.uk
assets.nhs.uk — Cisco Umbrella Rank: 60846 |
35 KB |
| 14 | 4 |
| Domain | Requested by | |
|---|---|---|
| 8 | nhs.testkitspcr.com |
nhs.testkitspcr.com
|
| 3 | assets.adobedtm.com |
nhs.testkitspcr.com
|
| 2 | nhsdigital.d3.sc.omtrdc.net | 1 redirects |
| 2 | assets.nhs.uk |
nhs.testkitspcr.com
|
| 14 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.nhs.uk |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| nhs.testkitspcr.com cPanel, Inc. Certification Authority |
2022-03-28 - 2022-06-26 |
3 months | crt.sh |
| www.nhs.uk DigiCert SHA2 Secure Server CA |
2021-07-16 - 2022-08-07 |
a year | crt.sh |
| assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-09-10 - 2022-09-10 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://nhs.testkitspcr.com/index?session=VGFaUYi0g9&secure=true&time=11:06:45&hma=h38y4kkj28
Frame ID: 0CB3E7446844078BF20127FF5F82D0CE
Requests: 14 HTTP requests in this frame
Frame:
https://nhs.testkitspcr.com/digital%20files/box-d09a446edefba0dcce5d5143e1840e9a.html
Frame ID: 125B2213A32D6FD9EB3ED481DBC04C55
Requests: 1 HTTP requests in this frame
16 Outgoing links
These are links going to different origins than the main page.
URL: https://www.nhs.uk/conditions/
Title: Skip to main content
Title: Skip to main content
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/
Title: Home
Title: Home
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/live-well/
Title: Live Well
Title: Live Well
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/mental-health/
Title: Mental health
Title: Mental health
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/conditions/social-care-and-support-guide/
Title: Care and support
Title: Care and support
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/pregnancy/
Title: Pregnancy
Title: Pregnancy
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/nhs-services/
Title: NHS services
Title: NHS services
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/nhs-sites/
Title: NHS sites
Title: NHS sites
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/nhs-app/
Title: NHS App
Title: NHS App
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/about-us/
Title: About us
Title: About us
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/contact-us/
Title: Contact us
Title: Contact us
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/personalisation/
Title: Profile editor
Title: Profile editor
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/about-us/site-map/
Title: Site map
Title: Site map
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/accessibility-statement/
Title: Accessibility statement
Title: Accessibility statement
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/our-policies/
Title: Our policies
Title: Our policies
Search URL Search Domain Scan URL
URL: https://www.nhs.uk/our-policies/cookies-policy/
Title: Cookies
Title: Cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.3-LBWB/s34586552337794?AQB=1&ndh=1&pf=1&t=29%2F2%2F2022%2011%3A6%3A32%202%200&fid=77203FA7461ADE8A-3BEB3DEE739A71FB&ce=UTF-8&ns=nhsdigital&cdp=2&fpCookieDomainPeriods=3&pageName=nhs%3Aweb%3Aconditions%3A-%3Aget-digital--pass&g=https%3A%2F%2Fnhs.testkitspcr.com%2Findex%3Fsession%3DVGFaUYi0g9%26secure%3Dtrue%26time%3D11%3A06%3A45%26hma%3Dh38y4kkj28&cc=GBP&ch=conditions&events=event1&c1=-&v1=D%3DpageName&c2=get%20digital%20%20pass&v2=D%3Dg&v3=D%3Dc4&c5=D%3Dg&c10=New&v10=D%3Dc10&c11=D%3Dmid&v12=11%3A06%20AM%7CTuesday&c21=2022-03-29T11%3A06%3A32.230Z&c22=12%3A06%20PM%7CTuesday&c23=1888&c75=web&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.3-LBWB/s34586552337794?AQB=1&pccr=true&vidn=3121741C3077F3C9-4000142070A46B31&ndh=1&pf=1&t=29%2F2%2F2022%2011%3A6%3A32%202%200&fid=77203FA7461ADE8A-3BEB3DEE739A71FB&ce=UTF-8&ns=nhsdigital&cdp=2&fpCookieDomainPeriods=3&pageName=nhs%3Aweb%3Aconditions%3A-%3Aget-digital--pass&g=https%3A%2F%2Fnhs.testkitspcr.com%2Findex%3Fsession%3DVGFaUYi0g9%26secure%3Dtrue%26time%3D11%3A06%3A45%26hma%3Dh38y4kkj28&cc=GBP&ch=conditions&events=event1&c1=-&v1=D%3DpageName&c2=get%20digital%20%20pass&v2=D%3Dg&v3=D%3Dc4&c5=D%3Dg&c10=New&v10=D%3Dc10&c11=D%3Dmid&v12=11%3A06%20AM%7CTuesday&c21=2022-03-29T11%3A06%3A32.230Z&c22=12%3A06%20PM%7CTuesday&c23=1888&c75=web&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
14 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
index
nhs.testkitspcr.com/ |
20 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
FrutigerLTW01-55Roman.woff2
assets.nhs.uk/fonts/ |
17 KB 17 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
FrutigerLTW01-65Bold.woff2
assets.nhs.uk/fonts/ |
17 KB 17 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.9943db5d0dda.css
nhs.testkitspcr.com/digital%20files/ |
130 KB 130 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.c47ef85716b9.js.download
nhs.testkitspcr.com/digital%20files/ |
64 KB 64 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
launch-ENe7f6cdd7cc05409b86547d9153429788.min.js.download
nhs.testkitspcr.com/digital%20files/ |
304 KB 305 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
AppMeasurement.min.js.download
nhs.testkitspcr.com/digital%20files/ |
33 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
AppMeasurement_Module_ActivityMap.min.js.download
nhs.testkitspcr.com/digital%20files/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
RC6896c8c0c349424b90489027862f3593-source.min.js.download
nhs.testkitspcr.com/digital%20files/ |
14 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/ |
33 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
box-d09a446edefba0dcce5d5143e1840e9a.html
nhs.testkitspcr.com/digital%20files/ Frame 125B |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
296 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
RC6896c8c0c349424b90489027862f3593-source.min.js
assets.adobedtm.com/f8560165ec6a/5d3b7fb65898/253676a2a036/ |
14 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
s34586552337794
nhsdigital.d3.sc.omtrdc.net/b/ss/nhsuk-prod/1/JS-2.22.3-LBWB/ Redirect Chain
|
43 B 297 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NHS UK (Healthcare)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| structuredClone object| oncontextlost object| oncontextrestored object| digitalData object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| NHSUK_SETTINGS function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq function| AppMeasurement_Module_ActivityMap object| core object| __core-js_shared__ object| s number| s_loadT object| s_i_nhsuk-prod6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| nhs.testkitspcr.com/ | Name: PHPSESSID Value: 6fe27d23d1d6d637c237fe3bdfffa351 |
|
| .nhs.testkitspcr.com/ | Name: s_fid Value: 77203FA7461ADE8A-3BEB3DEE739A71FB |
|
| .nhs.testkitspcr.com/ | Name: s_getNewRepeat Value: 1648551992230-New |
|
| .nhs.testkitspcr.com/ | Name: s_ppn Value: nhs%3Aweb%3Aconditions%3A-%3Aget-digital--pass |
|
| .nhs.testkitspcr.com/ | Name: s_cc Value: true |
|
| .nhsdigital.d3.sc.omtrdc.net/ | Name: s_vi Value: [CS]v1|3121741C3077F3C9-4000142070A46B31[CE] |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
assets.nhs.uk
nhs.testkitspcr.com
nhsdigital.d3.sc.omtrdc.net
15.188.95.229
2a02:26f0:6c00:2b0::1e80
87.251.79.145
88.221.60.244
04d439e000eb278a036c741b3a0b3ddb4b22087ff0bbb9342a6be5dc7d1ab60a
13cd57594443f4cfd63c0d733ade495c5c6265b3c1cf949f88a9cc07f19d6f94
453c06b657dfde66cb3a88a952795b75884a028f7397d20c2d4c071bc58c719c
7577c86ec2d5c38c19c2f42cd76e240135055e525b17e3c51c5a46206fca153c
7edbd28270879f88d109acd68b074fb9643be55a6a1e87b3e665a505598ec6f8
886f640d4cb31c0114351f25e5eeba98b79e7ae405fcc2ca50aac6ed79ff8995
99affd7a1c868ecf15a0789fc85e87ca23ae783e7916aee316e6282d9777369c
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a924ef64a01f2dd5d2d0eebb1c6dd0794ae43742f0f02f6597709d79d7d47c74
d7a61b8131c25f4f7949162fcf342c8ba52b0257756aaacf23aa948f0403c842
eb4923307c7527a88c9e57dbd765cbd5a6180243c5705368fd1da38db1eb1708
fd975b545301ecb460ea30364fb1f38e1dbe1d4892bff5337fe7e7354913bfb6