tax-refund-calculation.co.uk
Open in
urlscan Pro
185.252.144.33
Malicious Activity!
Public Scan
Effective URL: https://tax-refund-calculation.co.uk/step1.php
Submission: On March 06 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 6th 2022. Valid for: 3 months.
This is the only time tax-refund-calculation.co.uk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 15 | 185.252.144.33 185.252.144.33 | 200740 (FIRST-SER...) (FIRST-SERVER-EU-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::200e | 15169 (GOOGLE) (GOOGLE) | |
9 | 2a04:4e42::144 2a04:4e42::144 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
25 | 4 |
ASN200740 (FIRST-SERVER-EU-AS, SC)
PTR: vm1517541.firstbyte.club
tax-refund-calculation.co.uk |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
tax-refund-calculation.co.uk
1 redirects
tax-refund-calculation.co.uk |
892 KB |
9 |
www.gov.uk
www.gov.uk — Cisco Umbrella Rank: 18174 |
134 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 194 |
5 KB |
1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31 |
20 KB |
25 | 4 |
Domain | Requested by | |
---|---|---|
15 | tax-refund-calculation.co.uk |
1 redirects
tax-refund-calculation.co.uk
|
9 | www.gov.uk |
tax-refund-calculation.co.uk
|
1 | cdnjs.cloudflare.com |
tax-refund-calculation.co.uk
|
1 | www.google-analytics.com |
tax-refund-calculation.co.uk
|
25 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.gov.uk |
www.nationalarchives.gov.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
tax-refund-calculation.co.uk R3 |
2022-03-06 - 2022-06-04 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-02-17 - 2022-05-12 |
3 months | crt.sh |
www.gov.uk GlobalSign RSA OV SSL CA 2018 |
2021-11-18 - 2022-12-20 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://tax-refund-calculation.co.uk/step1.php
Frame ID: 985E9635A15D27F82F224161625D3142
Requests: 25 HTTP requests in this frame
Screenshot
Page Title
HRMC - Identity Verification - GOV.UKPage URL History Show full URLs
-
https://tax-refund-calculation.co.uk/
HTTP 302
https://tax-refund-calculation.co.uk/step1.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
GOV.UK Frontend (UI frameworks) Expand
Detected patterns
- <body[^>]+govuk-template__body
- <a[^>]+govuk-link
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: GOV.UK
Search URL Search Domain Scan URL
Title: Open Government Licence v3.0
Search URL Search Domain Scan URL
Title: © Crown copyright
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://tax-refund-calculation.co.uk/
HTTP 302
https://tax-refund-calculation.co.uk/step1.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
step1.php
tax-refund-calculation.co.uk/ Redirect Chain
|
68 KB 69 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.1e1767e.min2.css
tax-refund-calculation.co.uk/css/ |
216 KB 216 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.1e1767e.min.css
tax-refund-calculation.co.uk/css/ |
68 KB 68 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.js
tax-refund-calculation.co.uk/assets/assets/files/ |
262 KB 262 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery_002.js
tax-refund-calculation.co.uk/assets/assets/files/ |
21 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery_003.js
tax-refund-calculation.co.uk/assets/assets/files/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
tax-refund-calculation.co.uk/assets/assets/files/ |
10 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Valid.js
tax-refund-calculation.co.uk/assets/assets/files/ |
35 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lux-reporter-07c3035587fe275e5daf5db7d32638fc313a5032c1555eab99f19973d53a3e9e.js
www.gov.uk/assets/static/govuk_publishing_components/vendor/lux/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lux-measurer-2953485ff03af7b9ea4c6a6170eeae0e42d13011e7ab0d7f31552c6c68b1ea08.js
www.gov.uk/assets/static/govuk_publishing_components/vendor/lux/ |
2 KB 805 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rum-loader-e1f6e34550176df772357c41481daec62093a0adc77ddaca6671f8607dd4c345.js
www.gov.uk/assets/static/govuk_publishing_components/ |
636 B 464 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-eeefd93bb4e3a40533688e62bae6a241ff74802cba07f6da687198e517c4b13e.css
tax-refund-calculation.co.uk/css/ |
193 KB 193 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-0e6f1b796b951ca0e07ce65f537ba3045e163b208c897f53b1fd4f36993385cc.css
tax-refund-calculation.co.uk/assets/government-frontend/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application-2be6729d764d43d01fa6a31482db9b11a7fa1212d9cd08d2ef74330edbba582a.js
www.gov.uk/assets/static/ |
186 KB 53 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-ab19aa02766903b3db060e5924411efd813c6bfd371860c3f8dcb9dbc8f75961.js
tax-refund-calculation.co.uk/assets/government-frontend/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
print-9c2fcb462904250f78858369ad2a644eeb16c3e0beafc9f253d3fa08b23d1314.css
www.gov.uk/assets/static/ |
56 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
print-7e5d5687b824df6b00986ff3e8a7989532e6e7a4b0e747f70338c308b60285f7.css
tax-refund-calculation.co.uk/assets/government-frontend/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light-94a07e06a1-v2-eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0.woff2
www.gov.uk/assets/static/ |
33 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bold-b542beb274-v2-06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47.woff2
www.gov.uk/assets/static/ |
31 KB 31 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nobblee_light.woff
tax-refund-calculation.co.uk/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
action-link-arrow--simple-light-404cfd5992e74d48ac785545369ce0368ef54590a692afa37b1b50035b13a0e8.svg
www.gov.uk/assets/static/govuk_publishing_components/ |
431 B 512 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
govuk-crest-bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b.png
www.gov.uk/assets/static/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nobblee_light.ttf
tax-refund-calculation.co.uk/fonts/core/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| $ function| jQuery function| parseCookie function| analyticsInit object| linkedDomains number| BANNER_VERSION string| GLOBAL_BAR_SEEN_COOKIE object| globalBarInit object| GOVUK boolean| ga-disable-UA-26179049-1 function| GOVUKFrontend object| LongTaskObserver object| LUX object| LUX_ae object| LUX_al number| LUX_t_start number| LUX_t_end object| google_tag_data function| ga object| gaplugins3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
tax-refund-calculation.co.uk/ | Name: PHPSESSID Value: c6b8ce8e75409ca74f1d937f39b696e7 |
|
tax-refund-calculation.co.uk/ | Name: cookies_policy Value: {"essential":true,"settings":false,"usage":false,"campaigns":false} |
|
tax-refund-calculation.co.uk/ | Name: lux_uid Value: 164660446481816373 |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
tax-refund-calculation.co.uk
www.google-analytics.com
www.gov.uk
185.252.144.33
2606:4700::6810:125e
2a00:1450:4001:810::200e
2a04:4e42::144
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
07c3035587fe275e5daf5db7d32638fc313a5032c1555eab99f19973d53a3e9e
190b90b1f62ad6798fca4c93adce6d0205c13b960b609af306f2d87b54885f85
2953485ff03af7b9ea4c6a6170eeae0e42d13011e7ab0d7f31552c6c68b1ea08
2be6729d764d43d01fa6a31482db9b11a7fa1212d9cd08d2ef74330edbba582a
31cb86aa3e2352bac781aae0de892f456cbc796fcf1df9375a99a661579c9efa
404cfd5992e74d48ac785545369ce0368ef54590a692afa37b1b50035b13a0e8
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020
7f2548ca77dd03dfa09b5d4b083e432e6eff5f98032394a3b0ee662d2f5a65d2
8244de8a4015fa72470e8be9b4203dd6238883d2c5f6a46263521bb5da9e2d70
9112312ac02f00f2bf43b6ee6cd30a20ab9a22e19182159e0792a8547274f8d1
9c2fcb462904250f78858369ad2a644eeb16c3e0beafc9f253d3fa08b23d1314
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
d928fa5bd4f2e53a4d747911f36c06817fba8ff26ef9125beb22cfd66bc7d4d8
e1f6e34550176df772357c41481daec62093a0adc77ddaca6671f8607dd4c345
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
f1c08150ed78a0db65c0099c8784d5efa8f193e07e803a8ea823397a94dbe5b8