hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com Open in urlscan Pro
2606:4700:3032::ac43:aa56 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97
Submission: On October 20 via api (October 20th 2024, 3:11:06 am UTC) from BY — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3032::ac43:aa56, located in United States and belongs to CLOUDFLARENET, US. The main domain is hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com.
TLS certificate: Issued by WE1 on September 30th 2024. Valid for: 3 months.

This is the only time hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
8	2606:4700:303... 2606:4700:3032::ac43:aa56	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.67.170.86 172.67.170.86	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	3

8 2606:4700:3032::ac43:aa56 (United States)

ASN13335 (CLOUDFLARENET, US)

hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.170.86 (United States)

ASN13335 (CLOUDFLARENET, US)

hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	amazingpeoplepictures.com hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com	271 KB
11	1

	Domain	Requested by
11	hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com	hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com
11	1

This site contains no links.

Subject Issuer	Validity	Valid
amazingpeoplepictures.com WE1	`2024-09-30` - `2024-12-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97
Frame ID: F303BB8393A7022A44DDAF485BBBF23F
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Personal - Apply

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

3
IPs

1
Countries

435 kB
Transfer

802 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request dataPersonal.php Show response hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/	43 KB 7 KB	161ms 69ms	Document text/html	2606:4700:3032::ac43:aa56 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:aa56 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `803ff8c54e8f3b46026f4738a1c45930396fc82b5e1c727a846764fc402cd902` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8d55d175ed322c00-FRA content-encoding zstd content-type text/html; charset=UTF-8 date Sun, 20 Oct 2024 03:11:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MN%2BeAs%2FNd4HTAc5OqXPi6zMmrcW3ZanZGI1clpqxDUXvarkXla5%2FwOQDLzYuMZm5fuENZ7MJiaPN%2BcEVVPvl8NtNUeUzf5HE34F8G0Q2uCw1A%2Flq2LP2OQuI91f8g%2FCODsxTJc9a6FuOXt0TLNUOLeOpupkXtbcE2aAJfa4JmotzOSKKqLgefI0%2FaUo%2FkX%2FWaMBoNiP3jO%2F3Gxcc4yOLn9aJx0e68rQ4jAcfPcW1"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=TCP&rtt=24160&sent=8&recv=13&lost=0&retrans=0&sent_bytes=4022&recv_bytes=2457&delivery_rate=155727&cwnd=254&unsent_bytes=0&cid=47c711264bb94f87&ts=95&x=0" vary Accept-Encoding
GET H2	200	design.css hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/	20 KB 5 KB	68ms 63ms	Stylesheet text/css	2606:4700:3032::ac43:aa56 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/design.css Requested by Host: hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com URL: https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:aa56 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1826dfb2fd5005be02402463c457c13ed6e240616472703a5d0f83ed62bcaaa1` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Response headers content-encoding gzip cf-cache-status MISS etag "5022-5c468ed187840-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZZLC7qs5ZOeQLtsFnV9BnDzn3%2Fo8QBQpFiGPq19E05i2tIZa6aGm28j5SfuNnmnPmqwhltN%2B4yBZ5cYfNdDBwvgPrru9uIYk%2FEnW%2FtwmD0ghzHrQ54%2F%2Ba8qkJiLEqYW9b3nxrjuy8tZJEbINaB8opNJOdD0kcXr29seOdsi82NQHpYYF9lVwTjVbXp7cfhdf6eQdjjCJP0A1X%2FFgqc4zm6qtrX4mqdats%2FleATAF"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=23723&sent=22&recv=31&lost=0&retrans=0&sent_bytes=11375&recv_bytes=3252&delivery_rate=596550&cwnd=257&unsent_bytes=0&cid=47c711264bb94f87&ts=177&x=0" date Sun, 20 Oct 2024 03:11:02 GMT content-type text/css last-modified Thu, 10 Jun 2021 12:56:57 GMT vary Accept-Encoding cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d55d1767d692c00-FRA accept-ranges bytes content-length 4363 server cloudflare
GET H2	200	fonts.css hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/	267 KB 196 KB	90ms 87ms	Stylesheet text/css	2606:4700:3032::ac43:aa56 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/fonts.css Requested by Host: hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com URL: https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:aa56 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3b3a723d1c8b4931f482c94d55f5017823cfd20eb0e85d5453a23406a2d70be2` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag "42be9-5c468ed187840-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lv%2FJ8b8NKmqcvI1z79tbQ2gi%2FaOqBuqZ%2FosaskY7DZt%2BIrZbj%2BEfd7XRkoMqdVjkchfI7wuAN3PvbgsLZyD%2FHED1hyMcBuNCkPuYFFxYbJxWDjyM97f0cFL%2Foa3tZq2N1ss1IM%2F3ep5sL62Pts9Yk7g2UG3Yqo4zgchQiII5wRBwTFdvEZz5y7NEnxAZPBND1FD91E44sO0nmg5N0NpuyAUYze7CLhAHZjMsh6pW"}],"group":"cf-nel","max_age":604800} cf-ray 8d55d1767d6b2c00-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=23840&sent=39&recv=33&lost=0&retrans=0&sent_bytes=19740&recv_bytes=3252&delivery_rate=596550&cwnd=257&unsent_bytes=0&cid=47c711264bb94f87&ts=202&x=0" date Sun, 20 Oct 2024 03:11:02 GMT content-type text/css last-modified Thu, 10 Jun 2021 12:56:57 GMT vary Accept-Encoding server cloudflare
GET H2	200	jquery.css hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/	299 KB 52 KB	109ms 106ms	Stylesheet text/css	2606:4700:3032::ac43:aa56 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/jquery.css Requested by Host: hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com URL: https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:aa56 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0de53223f4c23219f03db81fddca10bf03ab165eb263281583ed1e5191d656cd` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag "4ab41-5c468ed187840-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TPzv6IftLLJ0EQMthmD3d%2F3Zm2raMw9RiKAWx7%2FIp5WX4XffcHltn3%2BRSajfYDfHwCnhDX%2BKLjak4Su3mdVSxZkSGT5rbvDmQD%2FUO3wDGKOBgPeRZA3s4GGKkVHl3VrzJTbE17XoGpt1tkyQUXSHIhit76PS1%2B3cEwTJ25mL7kSuMhJE6V%2F15P%2FXR47NhMKWNxNb4q%2F3vKwZy%2Bm8FQP%2BUh32yAqsBwzrCGbjdaSE"}],"group":"cf-nel","max_age":604800} cf-ray 8d55d1767d6d2c00-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=23969&sent=88&recv=37&lost=0&retrans=0&sent_bytes=67869&recv_bytes=3346&delivery_rate=624635&cwnd=257&unsent_bytes=0&cid=47c711264bb94f87&ts=221&x=0" date Sun, 20 Oct 2024 03:11:02 GMT content-type text/css last-modified Thu, 10 Jun 2021 12:56:57 GMT vary Accept-Encoding server cloudflare
GET H2	404	local.css hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/	0 0	73ms 71ms	Stylesheet text/html	2606:4700:3032::ac43:aa56 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/local.css Requested by Host: hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com URL: https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:aa56 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status MISS report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49gLcvARcRLGKk4Q9%2FjMrkuM74cvb3pHlBC7fMw1LRnNCDw8neq8xb7U4PXqDBRAQLFNJG9A4BWTVd%2F8iP66gZFfCJby1%2Fb5GnFfVZt8ux9SbhEb3zhkH7mGnQ83heBU6ZdKNXbt5XjKz0UY%2F5FwFcMjy5mnGtMgRsyOwxhuHdPtqqZFlAR6Ka%2FpHgyXT9rzgA383ZauNJKa6pAtDnxKuvK4WflWRV2I631hRA1h"}],"group":"cf-nel","max_age":604800} cf-ray 8d55d1767d6e2c00-FRA alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=23723&sent=30&recv=31&lost=0&retrans=0&sent_bytes=16439&recv_bytes=3252&delivery_rate=596550&cwnd=257&unsent_bytes=0&cid=47c711264bb94f87&ts=186&x=0" date Sun, 20 Oct 2024 03:11:02 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding server cloudflare
GET H2	200	gov.uk_logotype_crown.png hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/	780 B 1 KB	74ms 72ms	Image image/png	2606:4700:3032::ac43:aa56 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/gov.uk_logotype_crown.png Requested by Host: hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com URL: https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:aa56 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status MISS etag "30c-5c468ed187840" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nngAcdHfspvIlMRihUc2NlNcJGRIE28E3YmTY2hvg5sOMr7AExMQYHsLqwcvjIsdbrL6UgGLw6MkhAW%2B1MSYBrnf7VyN1AN6bRLW6oWkVCCHl2BcjzXsdA5O%2BBUOzBCuCk54Hc9tKv4jK0hWXSdQseugu%2BaGPDOLaDH7KfFJbnsPPI3YXX72du2cPNPUWxe3hTM%2Bin771KeJuqgM1In05WjcAjXKFcOaCZtMBOs0"}],"group":"cf-nel","max_age":604800} cf-ray 8d55d1767d6f2c00-FRA accept-ranges bytes alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=23723&sent=33&recv=31&lost=0&retrans=0&sent_bytes=17293&recv_bytes=3252&delivery_rate=596550&cwnd=257&unsent_bytes=0&cid=47c711264bb94f87&ts=187&x=0" content-length 780 date Sun, 20 Oct 2024 03:11:02 GMT content-type image/png last-modified Thu, 10 Jun 2021 12:56:57 GMT vary Accept-Encoding server cloudflare
GET H2	200	open-government-licence_2x.png hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/	504 B 1023 B	75ms 74ms	Image image/png	2606:4700:3032::ac43:aa56 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/open-government-licence_2x.png Requested by Host: hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com URL: https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:aa56 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2dcbca9026a39b5e4cc536b2f842bd173148b018c7ce369a5930558f4de0e23b` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status MISS etag "1f8-5c468ed187840" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCUTpbr2mw6%2BbIwqzjvk44PwR4nMggSA9grPZ27J7uRPQWOTcVKI1%2BLnhXNKbyQlKkPrIryQLqRjM9FFYQG0OgDdCokLGcVqHZbyqO9YtJ0swzhA0KHUak3j443Wxg19mkQS8kO4YttWJlxtE7%2Fs7XHk0D05i351FwcmXb5fVE6P7%2FdZ3gGySvLe8SF2hNYYirNI4aIJEWdGNzjvafpO7A8RKt%2B8RctZQhZQr61P"}],"group":"cf-nel","max_age":604800} cf-ray 8d55d1767d702c00-FRA accept-ranges bytes alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=23723&sent=36&recv=31&lost=0&retrans=0&sent_bytes=18651&recv_bytes=3252&delivery_rate=596550&cwnd=257&unsent_bytes=0&cid=47c711264bb94f87&ts=188&x=0" content-length 504 date Sun, 20 Oct 2024 03:11:02 GMT content-type image/png last-modified Thu, 10 Jun 2021 12:56:57 GMT vary Accept-Encoding server cloudflare
GET H2	200	print.css hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/	1 KB 1 KB	65ms 65ms	Stylesheet text/css	2606:4700:3032::ac43:aa56 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/print.css Requested by Host: hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com URL: https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:aa56 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5bb990686d6668df3f9d5208b10fa83d2f5d55820b442be13542a3dfbd3e361a` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Response headers content-encoding gzip cf-cache-status MISS etag "5f8-5c468ed187840-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OR8Zhtl6xjPzA%2Bb6KCxq2BigOmmKsoAzbI961hH2dc3n6np%2B1BiGqno8LJDCGpVqd3BNcGUlEbCl%2B3pSJRJGGdbvGbB8ERnBZfF%2BgV8qHTfEqK1xL8CQMiYxMCMao2EC1xzGXqjODvwiGAKs%2BSAMVC6BI5tY4%2FJ%2FKFwQ4zE48WLGh410KUeno35XQPrgBVlxOlPBgXCzu42n5eEJBuvUSyTznPLEb2sGUXsWWAou"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=23942&sent=175&recv=55&lost=0&retrans=0&sent_bytes=174903&recv_bytes=3346&delivery_rate=2884319&cwnd=257&unsent_bytes=12223&cid=47c711264bb94f87&ts=246&x=0" date Sun, 20 Oct 2024 03:11:02 GMT content-type text/css last-modified Thu, 10 Jun 2021 12:56:57 GMT vary Accept-Encoding cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d55d176dd952c00-FRA accept-ranges bytes content-length 675 server cloudflare
GET H3	200	hmrc_crest_18px.png hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/	2 KB 2 KB	354ms 354ms	Image image/png	172.67.170.86 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/hmrc_crest_18px.png Requested by Host: hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com URL: https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/jquery.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.170.86 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c208f82493fb15f9261ba474cf6615ddc22e51984177095c4d12d2ad39647ca9` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/jquery.css Response headers cf-cache-status MISS etag "665-5c468ed187840" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BB4JshYK0L2c3mkzaBCliG2dSnngzFiLTDz8%2FbhHUJH%2FFwVUnNbP7Cm3eDXBL4cbpO3iwZ3OWzq3UWrHcHieijm%2FmaiMKwKxQHOP3WHQp76kUGSKwq%2BjI1pD6I41jxAMKOn8wKM99OrCGQ1TiUzMm5hSay7WYMXrDIqKLOAREx7vZWPBhGyWZUx4rHwiW9UT3Em63ben5FbBiqkHWnsBohzX"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=130320&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4268&recv_bytes=5060&delivery_rate=4419&cwnd=12000&unsent_bytes=0&cid=b3b542f385149133&ts=400&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 20 Oct 2024 03:11:02 GMT content-type image/png last-modified Thu, 10 Jun 2021 12:56:57 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d55d177ed002931-ORD accept-ranges bytes content-length 1637 server cloudflare
GET DATA	200 OK	truncated /	94 KB 94 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com Referer Response headers Content-Type application/font-woff
GET H3	200	govuk-crest.png hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/	4 KB 4 KB	353ms 353ms	Image image/png	172.67.170.86 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/govuk-crest.png Requested by Host: hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com URL: https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/design.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.170.86 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/etc/design.css Response headers cf-cache-status MISS etag "e00-5c468ed187840" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1pCwbRlgKagiXBrC57vT0k64e8lnAsR0MOEM%2Bw8CW%2BT32ZjJf67lXueuQOPaWG6ZbTPfwyrbhOAApQSiH7svKuCOwB7I1Zc1sAJ2uHama1FGJVJZeZeGSgk%2F7g634s0%2FKLHFOlOBW6gA7%2BU%2FrnfG%2BBC3jAvA4JKj7dAynE1XdkFS1TnVDcUvRY6%2BUG64j7snZzlrjs2B65DnqiwkZzbnsHjg"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=130320&sent=16&recv=10&lost=0&retrans=0&sent_bytes=6735&recv_bytes=5060&delivery_rate=4419&cwnd=12000&unsent_bytes=0&cid=b3b542f385149133&ts=406&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 20 Oct 2024 03:11:02 GMT content-type image/png last-modified Thu, 10 Jun 2021 12:56:57 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8d55d177ed052931-ORD accept-ranges bytes content-length 3584 server cloudflare
GET DATA	200 OK	truncated /	71 KB 71 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com Referer Response headers Content-Type application/font-woff
GET H3	404	favicon.ico hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/	341 B 990 B	562ms 562ms	Other text/html	172.67.170.86 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.170.86 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `974b2761df29bc81942838de5f97e86b990cde2080377480ad38abad7fe35ba1` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=665cde7adda97 Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status MISS report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ba4VIay8J737RTSCcJT6Mnon6GjGCHbExH6YVaYWWtTYDL7cPU9uku9PR8CzMwtta%2B7FgwF17lU9iQ%2Blj1VvQGfGK88xjfhQyoQYUEXv2J%2BWBzvJNecJJ0TiwYr7d3xzQQIeKsIDN7UARR%2Fh0tpdp1wSlgoqdpEkjtRQTT4XreOWVfdTVKtrMPPqrGxihzsHKHY6%2BckSC4pR8GKn%2BYEv7k1k"}],"group":"cf-nel","max_age":604800} cf-ray 8d55d17a2fbf2931-ORD alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=132683&sent=21&recv=15&lost=0&retrans=0&sent_bytes=11163&recv_bytes=5733&delivery_rate=44290&cwnd=12000&unsent_bytes=0&cid=b3b542f385149133&ts=968&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 20 Oct 2024 03:11:03 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding server cloudflare priority u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| noBack function| clickIE function| clickNS function| disableCtrlKeyCombination

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/service_tax-gg-check-hm_income-individual/local.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com
172.67.170.86
2606:4700:3032::ac43:aa56
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
0de53223f4c23219f03db81fddca10bf03ab165eb263281583ed1e5191d656cd
14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6
1826dfb2fd5005be02402463c457c13ed6e240616472703a5d0f83ed62bcaaa1
2dcbca9026a39b5e4cc536b2f842bd173148b018c7ce369a5930558f4de0e23b
3b3a723d1c8b4931f482c94d55f5017823cfd20eb0e85d5453a23406a2d70be2
5bb990686d6668df3f9d5208b10fa83d2f5d55820b442be13542a3dfbd3e361a
803ff8c54e8f3b46026f4738a1c45930396fc82b5e1c727a846764fc402cd902
974b2761df29bc81942838de5f97e86b990cde2080377480ad38abad7fe35ba1
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c208f82493fb15f9261ba474cf6615ddc22e51984177095c4d12d2ad39647ca9

hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com Open in urlscan Pro 2606:4700:3032::ac43:aa56 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

50 %IPv6

1 Domains

1 Subdomains

3 IPs

1 Countries

435 kBTransfer

802 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

hm-revenue-customs_income_tax-enquiries-665ca18d473d4.amazingpeoplepictures.com Open in urlscan Pro
2606:4700:3032::ac43:aa56 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

3
IPs

1
Countries

435 kB
Transfer

802 kB
Size

0
Cookies

11 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!