Analysis Report http://test-for-coronavirus.service.gov.uk

Overview

General Information

Sample URL: http://test-for-coronavirus.service.gov.uk
Analysis ID: 348814

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

HTML title does not match URL

Classification

Phishing:

barindex
HTML title does not match URL
Source: https://www.gov.uk/browse/business HTTP Parser: Title: Browse: Business and self-employed - GOV.UK does not match URL
Source: https://www.gov.uk/browse/benefits HTTP Parser: Title: Browse: Benefits - GOV.UK does not match URL
Source: https://www.gov.uk/help/cookie-details HTTP Parser: Title: Details about cookies on GOV.UK - GOV.UK does not match URL
Source: https://www.gov.uk/coronavirus HTTP Parser: Title: Coronavirus (COVID-19): guidance and support - GOV.UK does not match URL
Source: https://www.gov.uk/browse/childcare-parenting HTTP Parser: Title: Browse: Childcare and parenting - GOV.UK does not match URL
Source: https://www.gov.uk/transition HTTP Parser: Title: Brexit - GOV.UK does not match URL
Source: https://www.gov.uk/browse/citizenship HTTP Parser: Title: Browse: Citizenship and living in the UK - GOV.UK does not match URL
Source: https://www.gov.uk/help/cookies HTTP Parser: Title: Cookies on GOV.UK does not match URL
Source: https://www.gov.uk/ HTTP Parser: Title: Welcome to GOV.UK does not match URL
Source: https://www.gov.uk/browse/births-deaths-marriages HTTP Parser: Title: Browse: Births, deaths, marriages and care - GOV.UK does not match URL
Source: https://www.gov.uk/help/cookies#content HTTP Parser: Title: Cookies on GOV.UK does not match URL
Source: https://www.gov.uk/help/cookies HTTP Parser: Title: Cookies on GOV.UK does not match URL
Source: https://www.gov.uk/browse/business HTTP Parser: Title: Browse: Business and self-employed - GOV.UK does not match URL
Source: https://www.gov.uk/browse/benefits HTTP Parser: Title: Browse: Benefits - GOV.UK does not match URL
Source: https://www.gov.uk/help/cookie-details HTTP Parser: Title: Details about cookies on GOV.UK - GOV.UK does not match URL
Source: https://www.gov.uk/coronavirus HTTP Parser: Title: Coronavirus (COVID-19): guidance and support - GOV.UK does not match URL
Source: https://www.gov.uk/browse/childcare-parenting HTTP Parser: Title: Browse: Childcare and parenting - GOV.UK does not match URL
Source: https://www.gov.uk/transition HTTP Parser: Title: Brexit - GOV.UK does not match URL
Source: https://www.gov.uk/browse/citizenship HTTP Parser: Title: Browse: Citizenship and living in the UK - GOV.UK does not match URL
Source: https://www.gov.uk/help/cookies HTTP Parser: Title: Cookies on GOV.UK does not match URL
Source: https://www.gov.uk/ HTTP Parser: Title: Welcome to GOV.UK does not match URL
Source: https://www.gov.uk/browse/births-deaths-marriages HTTP Parser: Title: Browse: Births, deaths, marriages and care - GOV.UK does not match URL
Source: https://www.gov.uk/help/cookies#content HTTP Parser: Title: Cookies on GOV.UK does not match URL
Source: https://www.gov.uk/help/cookies HTTP Parser: Title: Cookies on GOV.UK does not match URL
Source: https://www.gov.uk/browse/business HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/browse/benefits HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/help/cookie-details HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/coronavirus HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/browse/childcare-parenting HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/transition HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/browse/citizenship HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/help/cookies HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/ HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/browse/births-deaths-marriages HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/help/cookies#content HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/help/cookies HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/browse/business HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/browse/benefits HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/help/cookie-details HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/coronavirus HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/browse/childcare-parenting HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/transition HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/browse/citizenship HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/help/cookies HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/ HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/browse/births-deaths-marriages HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/help/cookies#content HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/help/cookies HTTP Parser: No <meta name="author".. found
Source: https://www.gov.uk/browse/business HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/browse/benefits HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/help/cookie-details HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/coronavirus HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/browse/childcare-parenting HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/transition HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/browse/citizenship HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/help/cookies HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/browse/births-deaths-marriages HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/help/cookies#content HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/help/cookies HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/browse/business HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/browse/benefits HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/help/cookie-details HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/coronavirus HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/browse/childcare-parenting HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/transition HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/browse/citizenship HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/help/cookies HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/ HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/browse/births-deaths-marriages HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/help/cookies#content HTTP Parser: No <meta name="copyright".. found
Source: https://www.gov.uk/help/cookies HTTP Parser: No <meta name="copyright".. found

Compliance:

barindex
Uses new MSVCR Dlls
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Uses secure TLS version for HTTPS connections
Source: unknown HTTPS traffic detected: 13.225.78.60:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.0.144:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.0.144:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.0.144:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: test-for-coronavirus.service.gov.ukConnection: Keep-Alive
Source: transition[1].htm.2.dr String found in binary or memory: <a target="_blank" rel="noopener noreferrer external" data-track-category="social media" data-track-action="facebook" class="gem-c-share-links__link " href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.gov.uk%2Ftransition"> equals www.facebook.com (Facebook)
Source: transition[1].htm.2.dr String found in binary or memory: <a target="_blank" rel="noopener noreferrer external" data-track-category="social media" data-track-action="linkedin" class="gem-c-share-links__link " href="http://www.linkedin.com/shareArticle?url=https%3A%2F%2Fwww.gov.uk%2Ftransition&amp;title=UK's%20new%20start:%20let's%20get%20going-%20GOV.UK"> equals www.linkedin.com (Linkedin)
Source: transition[1].htm.2.dr String found in binary or memory: <a target="_blank" rel="noopener noreferrer external" data-track-category="social media" data-track-action="twitter" class="gem-c-share-links__link " href="https://twitter.com/share?url=https%3A%2F%2Fwww.gov.uk%2Ftransition"> equals www.twitter.com (Twitter)
Source: coronavirus[1].htm.2.dr String found in binary or memory: <a class="covid__topic-list-link govuk-link" data-module="track-click" data-track-category="pageElementInteraction" data-track-action="CoronavirusInformation" data-track-label="https://www.youtube.com/user/Number10gov/videos" href="https://www.youtube.com/user/Number10gov/videos">Press conferences (YouTube)</a> equals www.youtube.com (Youtube)
Source: transition[1].htm.2.dr String found in binary or memory: <a href="https://www.youtube.com/watch?v=AesZZsO9mm4" class="govuk-body govuk-link" data-youtube-player-analytics="true" data-youtube-player-analytics-category="EmbeddedYoutube"> equals www.youtube.com (Youtube)
Source: msapplication.xml0.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x41841c90,0x01d6fb12</date><accdate>0x41841c90,0x01d6fb12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x41841c90,0x01d6fb12</date><accdate>0x41841c90,0x01d6fb12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x419e5667,0x01d6fb12</date><accdate>0x419e5667,0x01d6fb12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x419e5667,0x01d6fb12</date><accdate>0x419e5667,0x01d6fb12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x41a0b8a2,0x01d6fb12</date><accdate>0x41a0b8a2,0x01d6fb12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x41a0b8a2,0x01d6fb12</date><accdate>0x41a0b8a2,0x01d6fb12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknown DNS traffic detected: queries for: test-for-coronavirus.service.gov.uk
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: http://feross.org
Source: childcare-parenting[1].htm.2.dr, get-coronavirus-test[1].htm.2.dr String found in binary or memory: http://schema.org
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: http://underscorejs.org/LICENSE
Source: msapplication.xml.1.dr String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr String found in binary or memory: http://www.google.com/
Source: transition[1].htm.2.dr String found in binary or memory: http://www.linkedin.com/shareArticle?url=https%3A%2F%2Fwww.gov.uk%2Ftransition&amp;title=UK
Source: msapplication.xml2.1.dr String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr String found in binary or memory: http://www.youtube.com/
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://111.wales.nhs.uk/coronavirus(2019ncov)
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://ads-prd-gov-1-sp.test-for-coronavirus.service.gov.uk
Source: analytics[1].js.2.dr String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://api.key-worker-coronavirus-home-testing.service.gov.uk
Source: transition[1].htm.2.dr String found in binary or memory: https://api.whatsapp.com/send?text=https://www.gov.uk%2Ftransition
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://assets.adobedtm.com/launch-ENe7f6cdd7cc05409b86547d9153429788.min.js
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://auth.login.nhs.uk/authorize
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://coronavirus.data.gov.uk/
Source: B3G463H9.htm.2.dr String found in binary or memory: https://covid19.nhs.uk/
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://gov.wales/coronavirus
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://gov.wales/covid-19-alert-levels?priority-taxon=774cee22-d896-44c1-a611-e3109cce8eae
Source: cookie-details[1].htm.2.dr String found in binary or memory: https://ico.org.uk/for-the-public/online/cookies
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://key-worker-coronavirus-home-testing.service.gov.uk/
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://lodash.com/
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://lodash.com/license
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://mcmw.abilitynet.org.uk/
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://nhsdigital.eu.qualtrics.com/jfe/form/SV_0cbv0CQlMVz4RDL
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://nhsdigital.eu.qualtrics.com/jfe/form/SV_3aat0cpPDmep4pL?Q_PopulateResponse=
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://nhsdigital.eu.qualtrics.com/jfe/form/SV_9LY9JqjldpcO1cF
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://nhsdigital.eu.qualtrics.com/jfe/form/SV_9nlBZPMlvhP4wSx
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://openjsf.org/
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://organisation-number-lookup.test-for-coronavirus.service.gov.uk/
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://organisations.test-for-coronavirus.service.gov.uk
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://phw.nhs.wales/topics/immunisation-and-vaccines/covid-19-vaccination-information/?priority-ta
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://schema.org
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://sdsapi-prd-gov-1-sp.test-for-coronavirus.service.gov.uk
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://self-referral.test-for-coronavirus.service.gov.uk/antigen
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://self-referral.test-for-coronavirus.service.gov.uk/test-type
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://serapi-prd-gov-1-sp.test-for-coronavirus.service.gov.uk
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://settings.login.nhs.uk/
Source: analytics[1].js.2.dr String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chunk-vendors.33f4ad10[1].js.2.dr String found in binary or memory: https://tdsapi-prd-gov-1-sp.test-for-coronavirus.service.gov.uk
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://test-for-coronavirus.service.gov.uk/
Source: {71C4B54C-6705-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://test-for-coronavirus.service.gov.uk/Root
Source: imagestore.dat.2.dr String found in binary or memory: https://test-for-coronavirus.service.gov.uk/de7abc5226925203ac10b0a4a94af949.ico
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://test-for-coronavirus.service.gov.uk/register
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://test-for-coronavirus.service.gov.uk/register-home-test
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://test-for-coronavirus.service.gov.uk/register/validate-code?priority-taxon=774cee22-d896-44c1
Source: transition[1].htm.2.dr String found in binary or memory: https://twitter.com/share?url=https%3A%2F%2Fwww.gov.uk%2Ftransition
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.citizensadvice.org.uk/work/coronavirus-if-youre-worried-about-working?priority-taxon=774
Source: analytics[1].js.2.dr String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: analytics[1].js.2.dr String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.scot/coronavirus-covid-19/
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.scot/publications/coronavirus-covid-19-protection-levels/pages/protection-levels-by-
Source: cookies[1].htm.2.dr, cookie-details[1].htm.2.dr, core-layout-print-c5e97d0ed0feb1d1fc703ef0ed5201026330ec091e02c33fb1db277df068ede5[1].css.2.dr String found in binary or memory: https://www.gov.uk
Source: transition[1].htm.2.dr String found in binary or memory: https://www.gov.uk%2Ftransition/&amp;subject=UK
Source: B3G463H9.htm.2.dr String found in binary or memory: https://www.gov.uk/
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.uk/apply-coronavirus-test
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://www.gov.uk/apply-coronavirus-test-essential-workers
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/collections/nhs-logo-56b9384aa9a842b9de96d72c468fbbdb1d6a1455124cf382f7524
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/collections/stay-at-home-social-share-b88ff9b9ed377a3204bd07cfc8386d62db73
Source: transition[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/collections/transition-period-0159975f0ff8e8a74b9a758d6b20b731cc8d416f5cc4
Source: cookie-details[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/government-frontend/govuk_publishing_components/govuk-logo-e5962881254c9ad
Source: cookie-details[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/government-frontend/govuk_publishing_components/govuk-schema-placeholder-1
Source: cookie-details[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/government-frontend/govuk_publishing_components/govuk-schema-placeholder-4
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/apple-touch-icon-152x152-02457fcdcee8d309276305af2233d41bfb8fd055e8
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/apple-touch-icon-167x167-181e404a50c572923285fb83f0fbd78da6b4e38e3c
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/apple-touch-icon-180x180-ea1cbb1cbbeddfff275dfa6e8e46b84cd530892df7
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/apple-touch-icon-a318f305290c523aed80082456175b46c95350c0eeac93f42e
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/core-layout-5c9e91c1edfd49978562c26e27d70735f37888ac7de52549466b18d
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/core-layout-ie8-773f4cacc5b2d19e924e37800dca2a1e66acd94c661e1cd95a8
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/core-layout-print-c5e97d0ed0feb1d1fc703ef0ed5201026330ec091e02c33fb
Source: imagestore.dat.2.dr String found in binary or memory: https://www.gov.uk/assets/static/favicon-8d811b8c3badbc0b0e2f6e25d3660a96cc0cca7993e6f32e98785f205fc
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464
Source: fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts/v1-2c037cf7e1-light-1a1bd902f82aaab4185bc1995206ccdead57a5b0a
Source: fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts/v1-357fdfbcc3-tabular-bold-0cff7dfafbfd65a765046861e6967892b2
Source: fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts/v1-458f8ea81c-light-048b93884a1b51d20f2a3140541d450cb6b82c6c2
Source: fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts/v1-498ea8ffe2-tabular-light-c45387d8b19c716ac713adceddbbfaafc
Source: fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts/v1-62cc6f0a28-tabular-light-b36c2402a99df8f8195129efa8edbd6ec
Source: fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts/v1-784c21afb8-tabular-bold-d75e574d251becd00e5f90b6b4698042f9
Source: fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts/v1-851b10ccdd-tabular-light-5f44884b5bbefe279fb3529a09941c7c1
Source: fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts/v1-a2452cb66f-bold-be83c947da6c602697be56d5f04bab2074ad9e8e7f
Source: fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts/v1-b89238d840-tabular-bold-93bffa08f1c078b5d95e15683b5e77b9b3
Source: fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts/v1-f38ad40456-light-b98fe790388f58c950f2bed1ca8ad02fa168d6eff
Source: fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts/v1-f38c792ac2-bold-01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e
Source: fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css.2.dr String found in binary or memory: https://www.gov.uk/assets/static/fonts/v1-fb2676462a-bold-a49a59a7c9fc3873b9b864f9185ba79d7848db4b4e
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/global-bar-init-8937018756a61669aeb0eb79274b88cfdcb3ef4b32093b7a72b
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/gov.uk_logotype_crown-de738c3fcce8ce2a91b67e89787090dc24a5cda0275ab
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/gov.uk_logotype_crown_invert_trans-203e1db49d3eff430d7dc450ce723c10
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/govuk-template-3e3f4a131aca72f9b2e458dfd318f65420aef6ada35539243aac
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/govuk-template-ie8-e4fff1a2ce0e93e66e96db6eedae992a3859b1e608aa46bd
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/govuk-template-print-1076519521c2fffbbf75ab3b0d3b32ee2d96ac7e9778f1
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/header-footer-only-f3ca9f5744a1346a673f6e1f6e4718387458bf7290b2f8e8
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/ie-a4524544a53d57a7e259b4bb966b9c32557c98c920b77e52d09304642b68401a
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/libs/jquery/jquery-1.12.4-c731c20e2995c576b0509d3bd776f7ab64a66b953
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/opengraph-image-a1f7d89ffd0782738b1aeb0da37842d8bd0addbd724b8e58c3e
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.gov.uk/assets/static/surveys-b5737b46c55d5682514456a1bf0cea2075accf1fb9a09c790d988346bda
Source: {71C4B54C-6705-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://www.gov.uk/bro
Source: ~DFAF42DC3D297B44A5.TMP.1.dr, benefits[1].htm.2.dr String found in binary or memory: https://www.gov.uk/browse/benefits
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/benefits2Browse:
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/benefitsls
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/benefitslsf
Source: ~DFAF42DC3D297B44A5.TMP.1.dr, births-deaths-marriages[1].htm.2.dr String found in binary or memory: https://www.gov.uk/browse/births-deaths-marriages
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/births-deaths-marriagesfBrowse:
Source: ~DFAF42DC3D297B44A5.TMP.1.dr, business[1].htm.2.dr String found in binary or memory: https://www.gov.uk/browse/business
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/businessVBrowse:
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/businessths-marriages
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/businessths-marriagesf
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/childcare-parenting
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/childcare-parentingPBrowse:
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/childcare-parentingges
Source: ~DFAF42DC3D297B44A5.TMP.1.dr, citizenship[1].htm.2.dr String found in binary or memory: https://www.gov.uk/browse/citizenship
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/citizenshipbBrowse:
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/citizenshiprentingey
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/browse/citizenshiprentingl
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.uk/check-school-closure
Source: {71C4B54C-6705-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://www.gov.uk/cor
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.uk/coronavirus
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.gov.uk/coronavirus-taxon
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.uk/coronavirus-taxon/rules-and-restrictions
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.gov.uk/coronavirus-taxon/testing
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/coronaviruscontentbc0b0e2f6e25d3660a96cc0cca7993e6f32e98785f205fc40907.ico
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/coronavirusjCoronavirus
Source: {71C4B54C-6705-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://www.gov.uk/el
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/elp/cookiescontent
Source: {71C4B54C-6705-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://www.gov.uk/get
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-test
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-test#get-a-free-test-online
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-test#get-help-applying
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-test#get-tested-as-soon-as-possible-if-you-have-symptoms
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-test#getting-a-test-for-someone-else
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-test#if-you-have-no-symptoms
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-test#if-you-need-medical-advice-about-your-symptoms
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-test#if-youre-going-into-hospital
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-test#stay-at-home-if-you-have-symptoms
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-test#what-the-test-involves
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-test.uk/
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-test.uk/p
Source: {71C4B54C-6705-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://www.gov.uk/get-coronavirus-testzGet
Source: {71C4B54C-6705-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://www.gov.uk/getavirus.service.gov.uk/-coronavirus-test.uk/Root
Source: cookies[1].htm.2.dr, cookie-details[1].htm.2.dr String found in binary or memory: https://www.gov.uk/government/organisations/government-digital-service
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.uk/government/publications/coronavirus-outbreak-faqs-what-you-can-and-cant-do/corona
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.uk/government/publications/covid-19-track-coronavirus-cases
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.uk/guidance/coronavirus-covid-19-uk-transport-and-travel-advice
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.gov.uk/guidance/get-a-test-for-coronavirus-covid-19-if-you-do-not-have-symptoms
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.gov.uk/guidance/travel-advice-novel-coronavirus
Source: {71C4B54C-6705-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://www.gov.uk/hel
Source: cookie-details[1].htm.2.dr String found in binary or memory: https://www.gov.uk/help/cookie-details
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/help/cookie-detailsPDetails
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/help/cookies
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/help/cookies#content
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/help/cookies#content.uk/(()
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/help/cookiescontent
Source: ~DFAF42DC3D297B44A5.TMP.1.dr String found in binary or memory: https://www.gov.uk/help/cookiesus-test.uk/
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://www.gov.uk/report-covid19-result
Source: {71C4B54C-6705-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://www.gov.uk/tra
Source: transition[1].htm.2.dr String found in binary or memory: https://www.gov.uk/transition
Source: transition[1].htm.2.dr String found in binary or memory: https://www.gov.uk/transition-check/login
Source: {71C4B54C-6705-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://www.gov.uunknown
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.legislation.gov.uk/coronavirus
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
Source: cookies[1].htm.2.dr String found in binary or memory: https://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/uk-gov
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.nhs.uk/
Source: get-coronavirus-test[1].htm.2.dr, coronavirus[1].htm.2.dr String found in binary or memory: https://www.nhs.uk/conditions/coronavirus-covid-19/
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.nhs.uk/conditions/coronavirus-covid-19/coronavirus-vaccination/coronavirus-vaccine/?prio
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.nhs.uk/conditions/coronavirus-covid-19/self-isolation-and-treatment/when-to-self-isolate
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://www.nhs.uk/conditions/coronavirus-covid-19/testing-and-tracing/nhs-test-and-trace-if-youre-c
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.nhsinform.scot/healthy-living/immunisation/vaccines/coronavirus-covid-19-vaccine?priorit
Source: get-coronavirus-test[1].htm.2.dr String found in binary or memory: https://www.nhsinform.scot/illnesses-and-conditions/infections-and-poisoning/coronavirus-covid-19
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.nidirect.gov.uk/articles/coronavirus-covid-19-regulations-guidance-what-restrictions-mea
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.nidirect.gov.uk/campaigns/coronavirus-covid-19
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.publichealth.hscni.net/covid-19-coronavirus/northern-ireland-covid-19-vaccination-progra
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://www.royalmail.com/services-near-you
Source: cookie-details[1].htm.2.dr String found in binary or memory: https://www.smartsurvey.co.uk/
Source: cookie-details[1].htm.2.dr String found in binary or memory: https://www.smartsurvey.co.uk/how-we-use-cookies
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.wikidata.org/wiki/Q81068910
Source: coronavirus[1].htm.2.dr String found in binary or memory: https://www.youtube.com/user/Number10gov/videos
Source: transition[1].htm.2.dr String found in binary or memory: https://www.youtube.com/watch?v=AesZZsO9mm4
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://youtu.be/eYETUcSFXmw
Source: app.f6cc719e[1].js.2.dr String found in binary or memory: https://youtu.be/zCqo7MhQT6U
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown HTTPS traffic detected: 13.225.78.60:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.0.144:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.0.144:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.0.144:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: classification engine Classification label: clean0.win@3/84@3/2
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{71C4B54A-6705-11EB-90EB-ECF4BBEA1588}.dat Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DFF1BBD90A9C4D4EBC.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5188 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5188 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe Automated click: Accept
Source: C:\Program Files\internet explorer\iexplore.exe Automated click: Accept
Source: C:\Program Files\internet explorer\iexplore.exe Automated click: Accept
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 348814 URL: http://test-for-coronavirus... Startdate: 04/02/2021 Architecture: WINDOWS Score: 0 11 www.gov.uk 2->11 13 www-gov-uk.map.fastly.net 2->13 15 www-cdn.production.govuk.service.gov.uk 2->15 6 iexplore.exe 2 78 2->6         started        process3 process4 8 iexplore.exe 2 103 6->8         started        dnsIp5 17 www-gov-uk.map.fastly.net 151.101.0.144, 443, 49726, 49727 FASTLYUS United States 8->17 19 test-for-coronavirus.service.gov.uk 13.225.78.60, 443, 49722, 49723 AMAZON-02US United States 8->19 21 2 other IPs or domains 8->21
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
151.101.0.144
 unknown United States
54113 FASTLYUS false
13.225.78.60
 unknown United States
16509 AMAZON-02US false

Contacted Domains

Name IP Active
test-for-coronavirus.service.gov.uk 13.225.78.60 true
www-gov-uk.map.fastly.net 151.101.0.144 true
www.gov.uk unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://test-for-coronavirus.service.gov.uk/ false
  • Avira URL Cloud: safe
 unknown
https://www.gov.uk/browse/births-deaths-marriages false
    		unknown
    https://www.gov.uk/browse/citizenship false
      		unknown
      https://www.gov.uk/browse/business false
        		unknown
        https://www.gov.uk/browse/childcare-parenting false
          		unknown
          https://www.gov.uk/help/cookies false
            		unknown
            https://www.gov.uk/browse/benefits false
              		unknown