hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysN...
Submission: On July 11 via automatic, source openphish (July 11th 2024, 3:20:14 am UTC) — Scanned from NL

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com.
TLS certificate: Issued by GTS CA 1P5 on May 30th 2024. Valid for: 3 months.

This is the only time hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address		AS Autonomous System
10	188.114.96.3 188.114.96.3		13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2

10 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	smartaromas.com hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com	270 KB
10	1

	Domain	Requested by
10	hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com	hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com
10	1

This site contains no links.

Subject Issuer	Validity	Valid
smartaromas.com GTS CA 1P5	`2024-05-30` - `2024-08-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL
Frame ID: 0C301DEA7E5752B5C631FF1F6E0674BC
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Apply

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

435 kB
Transfer

792 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request applyClaim.php Show response hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/	18 KB 5 KB	120ms 77ms	Document text/html	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3c2e405d08b7f0a55ca63a98bdb7ba3c796a003efc93dcd45d06319e47130fe4` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8a15a7efb9cd4d49-FRA content-encoding br content-type text/html; charset=UTF-8 date Thu, 11 Jul 2024 03:20:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pYHwZ9kZyn%2F78pmWH3Yfc37wZyFJvqkA23pWqHFCkGh9VKsj8EbQb3%2F%2FISTZcPX024iQORjjClzafOnnE74Vr%2FuGl1G1UIR%2Fjpz1QFRpj7sAZ%2FORuCNAxtKFr8HxQ%2F%2FQkmhBkkOqwCnQSczcmWw%2BhmeeJ5GWfj%2BOr7D%2FGipE5TyA5G3RT%2FM%2FOq9Ok8s5KrX2ZrzHBKGimAU%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	design.css hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/	20 KB 5 KB	75ms 75ms	Stylesheet text/css	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/design.css Requested by Host: hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com URL: https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1826dfb2fd5005be02402463c457c13ed6e240616472703a5d0f83ed62bcaaa1` Request headers Referer https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 03:20:09 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "5022-5c468ed187840-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XN9LzmoXTRZCWoHKQ9DdH%2FxPLN8ya76i1OmeRB8Bt%2B%2By8mkIgSbmh0OY9NYeV%2B80Zp4a7YsMolt4a9TdOEaM%2BrQiud1FKB7xEBZ7Dx9v81%2FJSG99qLf%2Bxllx5ttUGcfO%2B984K9JM9%2FcAUQd3Criu1qTdaa%2BrqihosgjpjWA4fp3jVM%2BMHhSeXiy%2Bl7d%2Fz8CV6bsAGqG%2FOVo%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 8a15a7f03a344d49-FRA alt-svc h3=":443"; ma=86400 content-length 4363
GET H3	200	fonts.css hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/	267 KB 196 KB	96ms 95ms	Stylesheet text/css	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/fonts.css Requested by Host: hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com URL: https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3b3a723d1c8b4931f482c94d55f5017823cfd20eb0e85d5453a23406a2d70be2` Request headers Referer https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 03:20:09 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "42be9-5c468ed187840-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=495ZxtHSRv1YuNSNZ6Y02GNUL5mGxx1UVaWZJEZ7oxdE6OtjjYBE1lNxY4eTLR2x58%2FeVBudaHWvChO8XQTNz0OQxwMlLseKSDBNLHkQxoZrXDCWXsd9yHWrpy27Sk4%2BDTlaDlPNIa1KlkTFg6BfZwNQ4NDxtwqUNll3mOGFcixPFe7JSok%2FtH%2BRYxjUkqBtoOzWYbUeROk%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8a15a7f03a354d49-FRA alt-svc h3=":443"; ma=86400
GET H3	200	jquery.css hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/	299 KB 52 KB	117ms 116ms	Stylesheet text/css	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/jquery.css Requested by Host: hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com URL: https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0de53223f4c23219f03db81fddca10bf03ab165eb263281583ed1e5191d656cd` Request headers Referer https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 03:20:09 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "4ab41-5c468ed187840-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gLF9CTWf1OJ7SLeJKwzO8cna5l4eoAsDaGl6Z12N9Ez8%2BA8n01vP%2FDpF8%2BwuqRgTpoCtBxTkAggkVQa%2BN%2BaWjMOq4lP3hiPjrCrHChjsOpms%2F3O2W4gKE5o76klJcV67Hs%2F1YN6I2eOP1myBf%2B9lWsueDDqyRla7PZzi6POUC%2BhXp6tu5KzzrmAy4u4tZvwoT6qiSKW27J0%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8a15a7f03a374d49-FRA alt-svc h3=":443"; ma=86400
GET H3	200	digits.css hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/	17 KB 4 KB	76ms 75ms	Stylesheet text/css	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/digits.css Requested by Host: hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com URL: https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c4e1d9166e4ecfac275702fb87992aa599224036bf8b8845f9d0b89d72c5f70e` Request headers Referer https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 03:20:09 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Thu, 10 Jun 2021 13:03:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "4225-5c46904946ec0-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SmyjzR4mv%2Fj7TmTAufFXUFJj9sM%2BScoftsWogBEb0mJPjqEFsO05w9H4mYu7jJmzLqSyw9VximZVELrRZWLXCvQCA3R9wY%2F%2FZBMRrM9n9CxeQqafDTGkUO8TGKdvPsVnEwkcgbwJAR63uaIQXW0PCE32VjCEfYm0YclzEy8y%2FiD7z6OwwRVg4BZdCK%2F3cx1l71m241a17F4%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 8a15a7f03a384d49-FRA alt-svc h3=":443"; ma=86400 content-length 3906
GET H3	200	gov.uk_logotype_crown.png hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/	780 B 1 KB	74ms 74ms	Image image/png	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/gov.uk_logotype_crown.png Requested by Host: hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com URL: https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6` Request headers Referer https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 03:20:09 GMT cf-cache-status REVALIDATED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "30c-5c468ed187840" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XOXRRuC5J8DBou2UKnD7fbOnEZQe5iDSq3ftkK51bZbik682oA6ZsZDWMtRhHbzgOt6e0JhsWOJmLHk3xg4CC0iGFARTv2wQPhjGT2xv2hZazPF5s%2FCGY9wq3CgnoRHtJ1drGwhuuo4tyueS5RXkdZwW3aFCVdClY0S%2BcK31Bv5Pq6DCksVwCgtF%2FJORNSgiGFjJ%2B78g76o%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8a15a7f03a394d49-FRA alt-svc h3=":443"; ma=86400 content-length 780
GET H3	200	open-government-licence_2x.png hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/	504 B 1 KB	80ms 80ms	Image image/png	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/open-government-licence_2x.png Requested by Host: hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com URL: https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2dcbca9026a39b5e4cc536b2f842bd173148b018c7ce369a5930558f4de0e23b` Request headers Referer https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 03:20:09 GMT cf-cache-status REVALIDATED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "1f8-5c468ed187840" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ESxHPMJDqiWV4ECyKb137cjPAyVEfGMw4QcOjjUbS2aEyDC%2Fgc08Sb7YrpIvnlvCsw0%2FLGBESkoQdZUT7eB2NFiy4s%2Fi5WFqS%2B6dHa0Q%2Fim53sYzB16Yk01DWlXUxdH5zVlv4kWjRURBK2i3UWsf01pNrFZ3mEjVGnA%2F%2B75mIdlYqfHS3yUYTpNXZMxi6ShrytQawxS8gq8%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8a15a7f03a3b4d49-FRA alt-svc h3=":443"; ma=86400 content-length 504
GET H3	200	print.css hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/	1 KB 1 KB	100ms 100ms	Stylesheet text/css	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/print.css Requested by Host: hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com URL: https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5bb990686d6668df3f9d5208b10fa83d2f5d55820b442be13542a3dfbd3e361a` Request headers Referer https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 03:20:09 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "5f8-5c468ed187840-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6c%2B5Aa5%2ForqyIMJ0929m60PmbF9cy3alA2pAq73hs0ByEnpZ76k627Pa%2F5eB%2F1Y%2B0BuiiJ8QQXSTT4F4GFNAjL4iOZAsJtwi9lWIomGw9GvprgzCyLBnYCAzg%2Ba8%2Bqi9ZHqzAnCO1vy%2FAd83E5XDsSEehscJwbegB1GCoGEFwiBPix9lPBDZ1V4gJeGLgLipoyydHKNuzUw%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 8a15a7f08a774d49-FRA alt-svc h3=":443"; ma=86400 content-length 675
GET H3	200	govuk-crest.png hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/	4 KB 4 KB	50ms 50ms	Image image/png	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/govuk-crest.png Requested by Host: hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com URL: https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/design.css Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b` Request headers Referer https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/etc/design.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 03:20:09 GMT cf-cache-status REVALIDATED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "e00-5c468ed187840" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XWPLA%2FWe5BjkQnwzRiD1nJNgUxpmboMDc%2Fs04mun0kznvYNJzMJwLOXw6t6ER1phr%2B7oqxjTD3KrrDQ55Vbsw0SuS6cr%2FPYWtnokdHulF%2BeRh4B2T5sND3iR2VPF77DblBMfF5OjoO%2BIobjDRCfZKJYiBCTvq%2FLm3yeFgfUw13rep4kgM2XIGM7hFiJRzfZ15Dr7%2B2jxlR0%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8a15a7f14ae14d49-FRA alt-svc h3=":443"; ma=86400 content-length 3584
GET DATA	200 OK	truncated /	71 KB 71 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba` Request headers Referer Origin https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	94 KB 94 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30` Request headers Referer Origin https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff
GET H3	404	favicon.ico hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/	331 B 744 B	51ms 51ms	Other text/html	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9af8ef8b67bafcfa556f79a50bf882966f451aff4cf1f7b9b2f2c5c7f783c7d8` Request headers Referer https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/income-individual_service_tax-gg-check-hm/applyClaim.php?userMetaData=MmAzBwTRELbbgZ&clmID=OCysNDBsHfyaNRaDUsusYSsLlosSFQKOivqyZQRDpjL User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 03:20:09 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gGo85m28PJaBrJdn1xytVRp4ojIObbkJsMbYCFg9IlRfGxha8JsyjafNsqDxM1V4vsy1YQu2V3oo7TbW%2BeX8BHMLMPF%2FVyL8DZR%2Fyuue2pUgLnyIdKN%2FDwcRiFWbbWm9QuA3lt0LgNHKNgpJHTfM5oU3HG0fJTmzFGmZuImoUmTTZFX5GQXmMPknORB0zTwBy93mmGk8dGs%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 8a15a7f19b114d49-FRA alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| noBack function| clickIE function| clickNS function| disableCtrlKeyCombination

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com
188.114.96.3
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
0de53223f4c23219f03db81fddca10bf03ab165eb263281583ed1e5191d656cd
14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6
1826dfb2fd5005be02402463c457c13ed6e240616472703a5d0f83ed62bcaaa1
2dcbca9026a39b5e4cc536b2f842bd173148b018c7ce369a5930558f4de0e23b
3b3a723d1c8b4931f482c94d55f5017823cfd20eb0e85d5453a23406a2d70be2
3c2e405d08b7f0a55ca63a98bdb7ba3c796a003efc93dcd45d06319e47130fe4
5bb990686d6668df3f9d5208b10fa83d2f5d55820b442be13542a3dfbd3e361a
9af8ef8b67bafcfa556f79a50bf882966f451aff4cf1f7b9b2f2c5c7f783c7d8
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c4e1d9166e4ecfac275702fb87992aa599224036bf8b8845f9d0b89d72c5f70e

hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com Open in urlscan Pro 188.114.96.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

435 kBTransfer

792 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

hm-revenue-customs_income_tax-enquiries-668e4b066566c.smartaromas.com Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

435 kB
Transfer

792 kB
Size

0
Cookies

10 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!