hmrc-refund-form-forgiving-hedgehog.cfapps.io Open in urlscan Pro
35.171.212.252  Malicious Activity! Public Scan

URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Submission Tags: @ipnigh
Submission: On June 24 via api from GB

Summary

This website contacted 11 IPs in 5 countries across 9 domains to perform 21 HTTP transactions. The main IP is 35.171.212.252, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is hmrc-refund-form-forgiving-hedgehog.cfapps.io.
TLS certificate: Issued by Amazon on February 2nd 2019. Valid for: a year.
This is the only time hmrc-refund-form-forgiving-hedgehog.cfapps.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

IP Address AS Autonomous System
2 35.171.212.252 14618 (AMAZON-AES)
6 23.43.121.202 20940 (AKAMAI-ASN1)
4 51.15.123.120 12876 (AS12876)
1 185.225.208.133 13213 (UK2NET-AS)
3 2a00:1450:400... 15169 (GOOGLE)
1 167.114.209.61 16276 (OVH)
1 67.202.94.86 32748 (STEADFAST)
1 104.16.87.26 13335 (CLOUDFLAR...)
1 208.100.17.186 32748 (STEADFAST)
1 208.100.17.184 32748 (STEADFAST)
21 11
Domain Requested by
5 www.tax.service.gov.uk hmrc-refund-form-forgiving-hedgehog.cfapps.io
4 s15.postimg.cc hmrc-refund-form-forgiving-hedgehog.cfapps.io
3 www.google-analytics.com www.tax.service.gov.uk
hmrc-refund-form-forgiving-hedgehog.cfapps.io
2 hmrc-refund-form-forgiving-hedgehog.cfapps.io hmrc-refund-form-forgiving-hedgehog.cfapps.io
1 de.tynt.com cdn.tynt.com
1 ic.tynt.com hmrc-refund-form-forgiving-hedgehog.cfapps.io
1 cdn.tynt.com waust.at
1 whos.amung.us waust.at
1 t.dtscout.com waust.at
1 waust.at hmrc-refund-form-forgiving-hedgehog.cfapps.io
1 online.hmrc.gov.uk hmrc-refund-form-forgiving-hedgehog.cfapps.io
21 11

This site contains links to these domains. Also see Links.

Domain
whos.amung.us
Subject Issuer Validity Valid
*.cfapps.io
Amazon
2019-02-02 -
2020-03-02
a year crt.sh
online.hmrc.gov.uk
DigiCert SHA2 Extended Validation Server CA
2019-06-06 -
2021-04-16
2 years crt.sh
postimg.cc
Let's Encrypt Authority X3
2019-05-09 -
2019-08-07
3 months crt.sh
whos.amung.us
GeoTrust EV RSA CA 2018
2018-03-09 -
2020-05-25
2 years crt.sh
*.google-analytics.com
Google Internet Authority G3
2019-06-11 -
2019-09-03
3 months crt.sh
*.dtscout.com
RapidSSL RSA CA 2018
2018-10-10 -
2019-11-04
a year crt.sh
*.tynt.com
COMODO RSA Domain Validation Secure Server CA
2014-10-14 -
2019-10-13
5 years crt.sh

This page contains 1 frames:

Primary Page: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Frame ID: 16DB6BD1CB5FAD007D50BE2653072EFF
Requests: 22 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

21
Requests

100 %
HTTPS

10 %
IPv6

9
Domains

11
Subdomains

11
IPs

5
Countries

79 kB
Transfer

212 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
18 KB
4 KB
Document
General
Full URL
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.212.252 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-171-212-252.compute-1.amazonaws.com
Software
Apache /
Resource Hash
db7e2f875f89b6c559509c6f11336c0b7bd7b973f2963a68347b29c53e1e7431

Request headers

Host
hmrc-refund-form-forgiving-hedgehog.cfapps.io
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Accept-Ranges
bytes
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 24 Jun 2019 04:09:02 GMT
Etag
"4972-58bfd7268a280-gzip"
Last-Modified
Sun, 23 Jun 2019 13:12:26 GMT
Server
Apache
Vary
Accept-Encoding
X-Vcap-Request-Id
aea5c1d4-a5a0-4cd4-46f8-927dbd68638a
Content-Length
4254
Connection
keep-alive
frameworkFunctions.js
www.tax.service.gov.uk/js/
54 KB
12 KB
Script
General
Full URL
https://www.tax.service.gov.uk/js/frameworkFunctions.js
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.121.202 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-121-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7dafd4ed1fe5934c3786d588877b50f3b890c2c4f65b2c34aab4f6fe0972ba76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 19 Jun 2019 14:48:12 GMT
ETag
"5d0a4b2c-d7fb"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=3304
Date
Mon, 24 Jun 2019 04:09:02 GMT
Connection
keep-alive
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Vary
Accept-Encoding
Content-Length
11392
X-XSS-Protection
1; mode=block
hmrc.css
www.tax.service.gov.uk/style/ck/
43 KB
12 KB
Stylesheet
General
Full URL
https://www.tax.service.gov.uk/style/ck/hmrc.css
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.121.202 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-121-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5e493265d330415a5d892bcaffffe41d8433911446d10c454b1a186e0c637173
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 19 Jun 2019 14:48:12 GMT
ETag
"5d0a4b2c-ac5f"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=925
Date
Mon, 24 Jun 2019 04:09:02 GMT
Connection
keep-alive
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Vary
Accept-Encoding
Content-Length
11715
X-XSS-Protection
1; mode=block
digitalLogo.png
www.tax.service.gov.uk/images/
7 KB
7 KB
Image
General
Full URL
https://www.tax.service.gov.uk/images/digitalLogo.png
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.121.202 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-121-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b072c44bfab6dbc45edf4cc19cedf2ae1ec20678d80a25ab29d1cc24063aab64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;
X-Content-Type-Options
nosniff
Last-Modified
Wed, 19 Jun 2019 14:48:12 GMT
ETag
"5d0a4b2c-1aa7"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=191
Date
Mon, 24 Jun 2019 04:09:02 GMT
Connection
keep-alive
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Content-Length
6823
X-XSS-Protection
1; mode=block
digitalLogo-print.png
hmrc-refund-form-forgiving-hedgehog.cfapps.io/images/
226 B
226 B
Image
General
Full URL
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/images/digitalLogo-print.png
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.212.252 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-35-171-212-252.compute-1.amazonaws.com
Software
Apache /
Resource Hash
d6830bd7093b80c7009c6fd10ddaa7125b3a465b4df1c74a7d02e5f19906a6dd

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Vcap-Request-Id
cf00a599-2812-48e8-5c8c-10c55216bdf0
Date
Mon, 24 Jun 2019 04:09:02 GMT
Server
Apache
Connection
keep-alive
Content-Length
226
Content-Type
text/html; charset=iso-8859-1
validate.js
www.tax.service.gov.uk/js/short-form/
6 KB
2 KB
Script
General
Full URL
https://www.tax.service.gov.uk/js/short-form/validate.js
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.121.202 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-121-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6b40d4417bf69380cec0ed412a4566447356b54e3fdd82038ad3ae0a8fb5d379
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 19 Jun 2019 14:48:12 GMT
ETag
"5d0a4b2c-169c"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=1015
Date
Mon, 24 Jun 2019 04:09:02 GMT
Connection
keep-alive
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Vary
Accept-Encoding
Content-Length
1359
X-XSS-Protection
1; mode=block
arrowRightGreen.gif
online.hmrc.gov.uk/images/
53 B
341 B
Image
General
Full URL
https://online.hmrc.gov.uk/images/arrowRightGreen.gif
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.121.202 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-121-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bb5ce57e8192193c99e787cbc6967e0a7719a2cd667e2ecb5ed594a68e00338d

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 24 Jun 2019 04:09:02 GMT
Last-Modified
Thu, 31 May 2018 11:04:33 GMT
ETag
"28165-35-56d7e6ea27240"
Content-Type
image/gif
Cache-Control
max-age=3600, post-check=3600, pre-check=43200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
53
logo_cc_Visa.gif
s15.postimg.cc/a0fc8phu3/
347 B
590 B
Image
General
Full URL
https://s15.postimg.cc/a0fc8phu3/logo_cc_Visa.gif
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.15.123.120 , France, ASN12876 (AS12876, FR),
Reverse DNS
120-123-15-51.rev.cloud.scaleway.com
Software
nginx /
Resource Hash
f86e5a589b655e339f9105a1f73c1feb97e184be0eb43dc683d158a937b0b669

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 04:06:05 GMT
last-modified
Sat, 18 Aug 2018 10:43:22 GMT
server
nginx
access-control-allow-origin
*
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
status
200
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
347
expires
Thu, 31 Dec 2037 23:55:55 GMT
logo_cc_MC.gif
s15.postimg.cc/6420cqca3/
894 B
1 KB
Image
General
Full URL
https://s15.postimg.cc/6420cqca3/logo_cc_MC.gif
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.15.123.120 , France, ASN12876 (AS12876, FR),
Reverse DNS
120-123-15-51.rev.cloud.scaleway.com
Software
nginx /
Resource Hash
9c2b8be7a09a43662503b1f9862c4f1f790179f2a3d1de44355efce4b22114e9

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 04:06:05 GMT
last-modified
Sat, 18 Aug 2018 10:43:22 GMT
server
nginx
access-control-allow-origin
*
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
status
200
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
894
expires
Thu, 31 Dec 2037 23:55:55 GMT
maestro_115x72.png
s15.postimg.cc/4qadhnaij/
3 KB
3 KB
Image
General
Full URL
https://s15.postimg.cc/4qadhnaij/maestro_115x72.png
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.15.123.120 , France, ASN12876 (AS12876, FR),
Reverse DNS
120-123-15-51.rev.cloud.scaleway.com
Software
nginx /
Resource Hash
628e531d4f7db17500d95db7ef7e9bf4c8573a9acdb23d32e2b3123ba2aefa0a

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 04:06:05 GMT
last-modified
Sat, 18 Aug 2018 10:48:46 GMT
server
nginx
access-control-allow-origin
*
access-control-allow-methods
GET, OPTIONS
content-type
image/png
status
200
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
3064
expires
Thu, 31 Dec 2037 23:55:55 GMT
pin-card-multicard.png
s15.postimg.cc/gs5rbsrgr/
3 KB
3 KB
Image
General
Full URL
https://s15.postimg.cc/gs5rbsrgr/pin-card-multicard.png
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.15.123.120 , France, ASN12876 (AS12876, FR),
Reverse DNS
120-123-15-51.rev.cloud.scaleway.com
Software
nginx /
Resource Hash
7a6c89b5ce3b61042803566542264997fe5ea4cc4a9e7437b488e1c4b928f913

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 04:06:05 GMT
last-modified
Sat, 18 Aug 2018 10:48:46 GMT
server
nginx
access-control-allow-origin
*
access-control-allow-methods
GET, OPTIONS
content-type
image/png
status
200
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
2951
expires
Thu, 31 Dec 2037 23:55:55 GMT
d.js
waust.at/
13 KB
7 KB
Script
General
Full URL
https://waust.at/d.js
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.225.208.133 , Germany, ASN13213 (UK2NET-AS, GB),
Reverse DNS
Software
/
Resource Hash
1d5befe8d12c77118b010f0079a340181e809be1b0bc6952756ab812dec98df2

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 04:09:02 GMT
content-encoding
gzip
last-modified
Thu, 13 Jun 2019 21:07:07 GMT
access-control-allow-origin
*
etag
W/"5d02bafb-3286"
content-type
application/x-javascript
status
200
cache-control
max-age=86400, private
expires
Tue, 25 Jun 2019 04:09:02 GMT
analytics.js
www.google-analytics.com/
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.tax.service.gov.uk
URL: https://www.tax.service.gov.uk/js/frameworkFunctions.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 21 May 2019 23:53:44 GMT
server
Golfe2
age
4915
date
Mon, 24 Jun 2019 02:47:07 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
17595
expires
Mon, 24 Jun 2019 04:47:07 GMT
print.css
www.tax.service.gov.uk/style/ck/
851 B
920 B
Stylesheet
General
Full URL
https://www.tax.service.gov.uk/style/ck/print.css
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.121.202 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-121-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3356a61c0f4d13127a0d3f08b24895018780f9bc0448819b0f9ba28f18b173b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 19 Jun 2019 14:48:12 GMT
ETag
"5d0a4b2c-353"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=1705
Date
Mon, 24 Jun 2019 04:09:02 GMT
Connection
keep-alive
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Vary
Accept-Encoding
Content-Length
455
X-XSS-Protection
1; mode=block
collect
www.google-analytics.com/r/
35 B
111 B
Image
General
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j76&a=1714720386&t=pageview&_s=1&dl=https%3A%2F%2Fhmrc-refund-form-forgiving-hedgehog.cfapps.io%2Fhmrc-auth%2F&ul=en-us&de=windows-1252&dt=HMRC%3A%20Structured%20Email&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1383812447&gjid=1231358714&cid=844830522.1561349343&tid=UA-43414424-1&_gid=367556728.1561349343&_r=1&z=903402322
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 24 Jun 2019 04:09:02 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
t.dtscout.com/i/
17 B
379 B
Script
General
Full URL
https://t.dtscout.com/i/?l=https%3A%2F%2Fhmrc-refund-form-forgiving-hedgehog.cfapps.io%2Fhmrc-auth%2F&j=
Requested by
Host: waust.at
URL: https://waust.at/d.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.114.209.61 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns515688.ip-167-114-209.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
37c5cbe8ad795a530c7ad3e2a3574a4f9038c3fc10fc48ca4c1c74ed9ffdc6a4

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 24 Jun 2019 04:09:02 GMT
Server
nginx/1.10.3 (Ubuntu)
X-Z
I
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
no-cache
Connection
close
Expires
Mon, 24 Jun 2019 04:09:01 GMT
/
whos.amung.us/pingjs/
28 B
144 B
Script
General
Full URL
https://whos.amung.us/pingjs/?k=u1yub7c0a2&t=HMRC%3A%20Structured%20Email&c=d&y=&a=0&r=1894
Requested by
Host: waust.at
URL: https://waust.at/d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.202.94.86 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS
amung.us
Software
/
Resource Hash
dfe2050772fa3c827fa75657b2fcd77e16fc6133542493a5ff9c570ce68d2a16

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Mon, 24 Jun 2019 04:09:02 GMT
content-encoding
gzip
content-type
text/javascript;charset=UTF-8
tc.js
cdn.tynt.com/
16 KB
7 KB
Script
General
Full URL
https://cdn.tynt.com/tc.js
Requested by
Host: waust.at
URL: https://waust.at/d.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.16.87.26 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
44c824e0d4b5e2720f5ed2bd62f210987281bcabc8acdb6fc316d9de87235808

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 04:09:03 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 20 Jun 2019 20:29:51 GMT
server
cloudflare
etag
W/"5d0becbf-41d1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=259200
cf-ray
4ebbd8125a25c79d-AMS
expires
Thu, 27 Jun 2019 04:09:03 GMT
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
p
ic.tynt.com/b/
35 B
508 B
Image
General
Full URL
https://ic.tynt.com/b/p?id=w!u1yub7c0a2&lm=0&ts=1561349343110&dn=TC&iso=0&t=HMRC%3A%20Structured%20Email&cu=https%3A%2F%2Fhmrc-refund-form-forgiving-hedgehog.cfapps.io%2Fhmrc-auth%2Findex.php
Requested by
Host: hmrc-refund-form-forgiving-hedgehog.cfapps.io
URL: https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.186 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS
ip186.208-100-17.static.steadfastdns.net
Software
nginx/1.14.0 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 24 Jun 2019 04:09:03 GMT
last-modified
Fri, 16 Apr 2010 15:38:20 GMT
server
nginx/1.14.0
accept-language
bytes
etag
"4bc8846c-23"
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID", CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
status
200
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
content-type
image/gif
content-length
35
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
v2
de.tynt.com/deb/
4 B
199 B
Script
General
Full URL
https://de.tynt.com/deb/v2?id=w!u1yub7c0a2&dn=TC&cc=1&r=
Requested by
Host: cdn.tynt.com
URL: https://cdn.tynt.com/tc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.184 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US),
Reverse DNS
ip184.208-100-17.static.steadfastdns.net
Software
/
Resource Hash
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Mon, 24 Jun 2019 04:09:03 GMT
cache-control
max-age=86400
expires
Tue, 25 Jun 2019 04:09:03 GMT
p3p
CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
content-length
4
content-type
application/javascript
collect
www.google-analytics.com/
35 B
109 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j76&a=1714720386&t=timing&_s=2&dl=https%3A%2F%2Fhmrc-refund-form-forgiving-hedgehog.cfapps.io%2Fhmrc-auth%2F&ul=en-us&de=windows-1252&dt=HMRC%3A%20Structured%20Email&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1644&pdt=3&dns=29&rrt=0&srt=104&tcp=292&dit=522&clt=522&_gst=510&_gbt=537&_u=IEBAAEAB~&jid=&gjid=&cid=844830522.1561349343&tid=UA-43414424-1&_gid=367556728.1561349343&z=785463504
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://hmrc-refund-form-forgiving-hedgehog.cfapps.io/hmrc-auth/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Jun 2019 02:36:20 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
869563
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| Framework object| htmlElement string| GoogleAnalyticsObject function| ga function| validateForm function| callValidateMethods function| checkboxValidation function| emailValidation function| textValidation function| dobValidation function| dateValidation function| displayError function| displayErrorsHeader function| clearError function| displayMandatoryError function| displayValidationRuleError function| trim function| isMandatory function| validateMandatory function| validate_address function| validate_amount function| validate_descriptiveText function| validate_name function| validate_nino1 function| validate_nino2 function| validate_number function| validate_postcode function| validate_taxOfficeNumber function| validate_taxOfficeReference function| validate_telephoneNumber function| validate_text1 function| validate_text2 function| validate_text3 function| validate_text4 function| validate_text5 function| validate_text6 function| validate_text7 function| validate_title function| validate_userId function| validate_utr function| validate_emailAddress function| validate_dateOfBirth function| validate_date function| validate_checkbox1 function| validate_npsValidText string| mandatoryMessage string| errorsOccurred function| validate function| showBackWarning object| _wau object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady object| _dts object| x string| x1 string| x2 object| Tynt object| _33Across function| __cmp

3 Cookies

Domain/Path Name / Value
.cfapps.io/ Name: _gat
Value: 1
.cfapps.io/ Name: _gid
Value: GA1.2.367556728.1561349343
.cfapps.io/ Name: _ga
Value: GA1.2.844830522.1561349343

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.tynt.com
de.tynt.com
hmrc-refund-form-forgiving-hedgehog.cfapps.io
ic.tynt.com
online.hmrc.gov.uk
s15.postimg.cc
t.dtscout.com
waust.at
whos.amung.us
www.google-analytics.com
www.tax.service.gov.uk
104.16.87.26
167.114.209.61
185.225.208.133
208.100.17.184
208.100.17.186
23.43.121.202
2a00:1450:4001:818::200e
35.171.212.252
51.15.123.120
67.202.94.86
1d5befe8d12c77118b010f0079a340181e809be1b0bc6952756ab812dec98df2
3356a61c0f4d13127a0d3f08b24895018780f9bc0448819b0f9ba28f18b173b7
37c5cbe8ad795a530c7ad3e2a3574a4f9038c3fc10fc48ca4c1c74ed9ffdc6a4
44c824e0d4b5e2720f5ed2bd62f210987281bcabc8acdb6fc316d9de87235808
5e493265d330415a5d892bcaffffe41d8433911446d10c454b1a186e0c637173
628e531d4f7db17500d95db7ef7e9bf4c8573a9acdb23d32e2b3123ba2aefa0a
6b40d4417bf69380cec0ed412a4566447356b54e3fdd82038ad3ae0a8fb5d379
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
7a6c89b5ce3b61042803566542264997fe5ea4cc4a9e7437b488e1c4b928f913
7dafd4ed1fe5934c3786d588877b50f3b890c2c4f65b2c34aab4f6fe0972ba76
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
9c2b8be7a09a43662503b1f9862c4f1f790179f2a3d1de44355efce4b22114e9
b072c44bfab6dbc45edf4cc19cedf2ae1ec20678d80a25ab29d1cc24063aab64
bb5ce57e8192193c99e787cbc6967e0a7719a2cd667e2ecb5ed594a68e00338d
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d6830bd7093b80c7009c6fd10ddaa7125b3a465b4df1c74a7d02e5f19906a6dd
db7e2f875f89b6c559509c6f11336c0b7bd7b973f2963a68347b29c53e1e7431
dfe2050772fa3c827fa75657b2fcd77e16fc6133542493a5ff9c570ce68d2a16
f86e5a589b655e339f9105a1f73c1feb97e184be0eb43dc683d158a937b0b669