urlscan.io logo urlscan.io
SecurityTrails logo

hmrc-rebate-2809.net Open in urlscan Pro
146.0.74.220  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://hmrc-rebate-2809.net/
Effective URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d0...
Submission: On September 28 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 146.0.74.220, located in Netherlands and belongs to HOSTKEY-AS, NL. The main domain is hmrc-rebate-2809.net.
This is the only time hmrc-rebate-2809.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

IP Address AS Autonomous System
1 17 146.0.74.220 57043 (HOSTKEY-AS)
16 2
Apex Domain
Subdomains		 Transfer
17 hmrc-rebate-2809.net
hmrc-rebate-2809.net
251 KB
16 1
Domain Requested by
17 hmrc-rebate-2809.net 1 redirects hmrc-rebate-2809.net
16 1

This site contains links to these domains. Also see Links.

Domain
www.gov.uk
docs.google.com
www.nationalarchives.gov.uk
Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Frame ID: CEB3182E8D52F0B52B217ADA130134C3
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://hmrc-rebate-2809.net/ HTTP 302
    http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Page Statistics

16
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

415 kB
Transfer

610 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hmrc-rebate-2809.net/ HTTP 302
    http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request start.php
hmrc-rebate-2809.net/
Redirect Chain
  • http://hmrc-rebate-2809.net/
  • http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
836b92a9771beffeeaf32ec020bbca0891d310d61af8fae8a2ccf3fddabf5b22

Request headers

Host
hmrc-rebate-2809.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
PHPSESSID=0a1065b0987bf1f6ec1a3c0293a06c33
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Connection
Keep-Alive
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Content-Encoding
gzip
Vary
Accept-Encoding
Date
Mon, 28 Sep 2020 14:20:56 GMT
Server
LiteSpeed

Redirect headers

Connection
Keep-Alive
Set-Cookie
PHPSESSID=0a1065b0987bf1f6ec1a3c0293a06c33; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-cache, no-store, must-revalidate, max-age=0
Pragma
no-cache
Location
start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Content-Type
text/html; charset=UTF-8
Content-Length
0
Date
Mon, 28 Sep 2020 14:20:56 GMT
Server
LiteSpeed
template.css
hmrc-rebate-2809.net/assets/stylesheets/ 		17 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://hmrc-rebate-2809.net/assets/stylesheets/template.css
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
02c56da3c821229cf1436ec89c787946d97d2f16bc15f46795fec8a6763bb1bc

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 May 2020 22:54:20 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
2777
Expires
Mon, 05 Oct 2020 14:20:56 GMT
elements.css
hmrc-rebate-2809.net/assets/stylesheets/ 		47 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://hmrc-rebate-2809.net/assets/stylesheets/elements.css
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
d2c08e94ca89a43ea8bb69ca349f2aaace8dd0f14600b7a23eb8c4a9c885d1dd

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 May 2020 22:54:20 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
5509
Expires
Mon, 05 Oct 2020 14:20:56 GMT
fonts.css
hmrc-rebate-2809.net/assets/stylesheets/ 		267 KB
195 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://hmrc-rebate-2809.net/assets/stylesheets/fonts.css
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
1d14fc4c0c7cc78df76b51917bfdf959925c7b55cc03a5f07f5c9a25476cc4dd

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 May 2020 22:54:20 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
198968
Expires
Mon, 05 Oct 2020 14:20:56 GMT
local-overrides.css
hmrc-rebate-2809.net/assets/stylesheets/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://hmrc-rebate-2809.net/assets/stylesheets/local-overrides.css?v=1.54.0
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
12a42e13b48d985a7f1fab5dfbfdd2421f744d33b105cff4de2ac5b4221adf8f

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 May 2020 22:54:18 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
1956
Expires
Mon, 05 Oct 2020 14:20:56 GMT
page-start.js
hmrc-rebate-2809.net/assets/javascripts/ 		2 KB
992 B 		Script
General
Check archive.org
Download Go to
Full URL
http://hmrc-rebate-2809.net/assets/javascripts/page-start.js?v=1.54.0
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
ecd6382e495f59e1bb1c0998cfacb4db0503aea9556f033afd5e90b84c621825

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 May 2020 22:54:16 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
640
Expires
Mon, 05 Oct 2020 14:20:56 GMT
crown.png
hmrc-rebate-2809.net/assets/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://hmrc-rebate-2809.net/assets/images/crown.png
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
5a8be1ccd43ad93a35dae2bd3912e2b8895f9e3630c355a516172a2e66ba24ea

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:57 GMT
Last-Modified
Mon, 18 May 2020 22:54:14 GMT
Server
LiteSpeed
Content-Type
image/png
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
1609
Expires
Mon, 05 Oct 2020 14:20:57 GMT
CData.js
hmrc-rebate-2809.net/assets/javascripts/ 		34 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://hmrc-rebate-2809.net/assets/javascripts/CData.js
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
c815c9ad36a36f8cc12ba3d72e574d31c8ad3e2fc8d049c8eb0c2109eb1f403f

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 May 2020 22:54:18 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
10412
Expires
Mon, 05 Oct 2020 14:20:56 GMT
device-reputation.js
hmrc-rebate-2809.net/assets/javascripts/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://hmrc-rebate-2809.net/assets/javascripts/device-reputation.js
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
b6d5e4b332e8bc133fcd351bf5859e0911862f946320042d39ad9cf47be7f2f9

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 May 2020 22:54:18 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
4735
Expires
Mon, 05 Oct 2020 14:20:56 GMT
govuk-template.js
hmrc-rebate-2809.net/assets/javascripts/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://hmrc-rebate-2809.net/assets/javascripts/govuk-template.js
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
ba5fb9662934e933e27491a4b4c711069268bfa07a546d7f7f9f99d9f98a14b7

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:57 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 May 2020 22:54:16 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
1018
Expires
Mon, 05 Oct 2020 14:20:57 GMT
page-complete.js
hmrc-rebate-2809.net/assets/javascripts/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://hmrc-rebate-2809.net/assets/javascripts/page-complete.js?v=1.54.0
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
08b225bf08b817c636a4f602554bb500f8876e749e4bd365cceb0e3892ad7588

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:56 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 May 2020 22:54:18 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
6475
Expires
Mon, 05 Oct 2020 14:20:56 GMT
template-print.css
hmrc-rebate-2809.net/assets/stylesheets/ 		2 KB
918 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://hmrc-rebate-2809.net/assets/stylesheets/template-print.css
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
d1058f1005201a1be03fb892e889f0e97d5fdbb2e0e1f773721b7803dbf9e944

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:57 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 May 2020 22:54:18 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
580
Expires
Mon, 05 Oct 2020 14:20:57 GMT
gov.uk_logotype_crown.png
hmrc-rebate-2809.net/assets/stylesheets/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://hmrc-rebate-2809.net/assets/stylesheets/images/gov.uk_logotype_crown.png
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/assets/stylesheets/template.css
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
79ce4e2bbf25c4a4d91458d191d6ef268b4592169ae6586ba52242f412670b5d

Request headers

Referer
http://hmrc-rebate-2809.net/assets/stylesheets/template.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 28 Sep 2020 14:20:57 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Server
LiteSpeed
Connection
Keep-Alive
Content-Length
1237
Content-Type
text/html
truncated
/ 		71 KB
71 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba

Request headers

Origin
http://hmrc-rebate-2809.net
Referer
http://hmrc-rebate-2809.net/assets/stylesheets/fonts.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		94 KB
94 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30

Request headers

Origin
http://hmrc-rebate-2809.net
Referer
http://hmrc-rebate-2809.net/assets/stylesheets/fonts.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
application/font-woff
open-government-licence.png
hmrc-rebate-2809.net/assets/images/ 		761 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://hmrc-rebate-2809.net/assets/images/open-government-licence.png
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:57 GMT
Last-Modified
Mon, 18 May 2020 22:54:14 GMT
Server
LiteSpeed
Content-Type
image/png
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
761
Expires
Mon, 05 Oct 2020 14:20:57 GMT
govuk-crest-2x.png
hmrc-rebate-2809.net/assets/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://hmrc-rebate-2809.net/assets/images/govuk-crest-2x.png
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
c6548884b516041752fc4156a50f084ca387b1e37e4f4668cd109058d924b197

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Sep 2020 14:20:57 GMT
Last-Modified
Mon, 18 May 2020 22:54:14 GMT
Server
LiteSpeed
Content-Type
image/png
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
8884
Expires
Mon, 05 Oct 2020 14:20:57 GMT
help-with-this-page
hmrc-rebate-2809.net/help/assist/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://hmrc-rebate-2809.net/help/assist/help-with-this-page
Requested by
Host: hmrc-rebate-2809.net
URL: http://hmrc-rebate-2809.net/assets/javascripts/page-complete.js?v=1.54.0
Protocol
HTTP/1.1
Server
146.0.74.220 , Netherlands, ASN57043 (HOSTKEY-AS, NL),
Reverse DNS
Software
LiteSpeed /
Resource Hash
79ce4e2bbf25c4a4d91458d191d6ef268b4592169ae6586ba52242f412670b5d

Request headers

Referer
http://hmrc-rebate-2809.net/start.php?id=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8&session=97317ec3d05c55e092541355f6d4cef897317ec3d05c55e092541355f6d4cef8
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/json

Response headers

Pragma
no-cache
Date
Mon, 28 Sep 2020 14:20:57 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Server
LiteSpeed
Connection
close
Content-Length
1237
Content-Type
text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| forEach function| validateName function| validatePost function| Fingerprint2 function| Basdf function| onDeviceProfile object| GOVUK

1 Cookies

Domain/Path Name / Value
hmrc-rebate-2809.net/ Name: seen_cookie_message
Value: yes