hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com
Open in
urlscan Pro
188.114.96.3
Malicious Activity!
Public Scan
Submission: On July 11 via automatic, source openphish — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on May 30th 2024. Valid for: 3 months.
This is the only time hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 2 |
ASN13335 (CLOUDFLARENET, US)
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
smartaromas.com
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com |
270 KB |
10 | 1 |
Domain | Requested by | |
---|---|---|
10 | hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com |
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com
|
10 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
smartaromas.com GTS CA 1P5 |
2024-05-30 - 2024-08-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL
Frame ID: 0C301DEA7E5752B5C631FF1F6E0674BC
Requests: 12 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
applyClaim.php
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/ |
18 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
design.css
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fonts.css
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/ |
267 KB 196 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.css
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/ |
299 KB 52 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
digits.css
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/ |
17 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gov.uk_logotype_crown.png
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/ |
780 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
open-government-licence_2x.png
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/ |
504 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
print.css
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
govuk-crest.png
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
71 KB 71 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
94 KB 94 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/ |
331 B 744 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| noBack function| clickIE function| clickNS function| disableCtrlKeyCombination0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com
188.114.96.3
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
0de53223f4c23219f03db81fddca10bf03ab165eb263281583ed1e5191d656cd
14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6
1826dfb2fd5005be02402463c457c13ed6e240616472703a5d0f83ed62bcaaa1
2dcbca9026a39b5e4cc536b2f842bd173148b018c7ce369a5930558f4de0e23b
3b3a723d1c8b4931f482c94d55f5017823cfd20eb0e85d5453a23406a2d70be2
3c2e405d08b7f0a55ca63a98bdb7ba3c796a003efc93dcd45d06319e47130fe4
5bb990686d6668df3f9d5208b10fa83d2f5d55820b442be13542a3dfbd3e361a
9af8ef8b67bafcfa556f79a50bf882966f451aff4cf1f7b9b2f2c5c7f783c7d8
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c4e1d9166e4ecfac275702fb87992aa599224036bf8b8845f9d0b89d72c5f70e