taxrebate-hmrfund.com
Open in
urlscan Pro
162.0.209.245
Malicious Activity!
Public Scan
Effective URL: https://taxrebate-hmrfund.com/refund/index?code=2
Submission: On January 14 via automatic, source openphish
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 13th 2021. Valid for: a year.
This is the only time taxrebate-hmrfund.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 14 | 162.0.209.245 162.0.209.245 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
12 | 2 |
ASN22612 (NAMECHEAP-NET, US)
PTR: business100-3.web-hosting.com
taxrebate-hmrfund.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
taxrebate-hmrfund.com
2 redirects
taxrebate-hmrfund.com |
309 KB |
12 | 1 |
Domain | Requested by | |
---|---|---|
14 | taxrebate-hmrfund.com |
2 redirects
taxrebate-hmrfund.com
|
12 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
taxrebate-hmrfund.com Sectigo RSA Domain Validation Secure Server CA |
2021-01-13 - 2022-01-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://taxrebate-hmrfund.com/refund/index?code=2
Frame ID: EA58C68747B3F4FE3F785D7D2055ADAC
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://taxrebate-hmrfund.com/
HTTP 301
https://taxrebate-hmrfund.com/ HTTP 302
https://taxrebate-hmrfund.com/refund/index?code=2 Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://taxrebate-hmrfund.com/
HTTP 301
https://taxrebate-hmrfund.com/ HTTP 302
https://taxrebate-hmrfund.com/refund/index?code=2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index
taxrebate-hmrfund.com/refund/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
taxrebate-hmrfund.com/refund/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
claimStyle.css
taxrebate-hmrfund.com/refund/css/ |
273 KB 197 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crownLogo.png
taxrebate-hmrfund.com/refund/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
searchIco.png
taxrebate-hmrfund.com/refund/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
taxrebate-hmrfund.com/refund/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
taxrebate-hmrfund.com/refund/js/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
taxrebate-hmrfund.com/refund/js/ |
36 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
person-info-icon.png
taxrebate-hmrfund.com/refund/images/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
card-nino-icon.png
taxrebate-hmrfund.com/refund/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
time-clock-icon.png
taxrebate-hmrfund.com/refund/images/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OGL.png
taxrebate-hmrfund.com/refund/images/ |
761 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
71 KB 71 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
94 KB 94 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| jQuery1124084479422939717091 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
taxrebate-hmrfund.com/ | Name: PHPSESSID Value: 9e431217014b57e59f42b4f171beb9d6 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
taxrebate-hmrfund.com
162.0.209.245
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64
3ae5d8b5a2806b811378107313b19f0b05baae4b2bbe85e19e9cd223391a0fe3
4dc7835849eb7b5fd99ecd3ff86261a286450e8360e311869e8186706a06d90d
501e0eb4d1813e4c5b542c2d6ed5b452a5d2baa20bc8228d8b503bd2d3f5d44b
555f9031391f2dc41d47dbcfbaaa63d00c6db6e401936df1d02d2132c0573af7
5fc03b4511dc554ccec764a7a41bc99d12d7c6e2590104a9a0a44e30afd711de
9e36a152415688f4b1d05fec718708194f4803445971eacecf56cdd1be701cbc
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
ea874a79e09423d63420aff44f016fd0b92dc6dec0cc2668d63b150c8669875e
fed3d77d919b3c2aa640181173162da30fb9b4f1485893f5ce36f30970295582
ff32a36746871d79c8eec74510cddb788f4f952a44e1891e9a297184d48f929e