gov.uk.government.hm-revenue.customs.services.amexliput.fi
Open in
urlscan Pro
62.73.58.178
Malicious Activity!
Public Scan
Effective URL: http://gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=jdwW7M01xrIjUePG5nmzZnfXvvLXCNWW0sS8f...
Submission: On January 27 via automatic, source openphish
Summary
This is the only time gov.uk.government.hm-revenue.customs.services.amexliput.fi was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 62.73.58.178 62.73.58.178 | 1759 (TSF-IP-CO...) (TSF-IP-CORE http://www.teliasonera.com) | |
1 | 2a00:1450:400... 2a00:1450:4001:81d::200a | () () | |
2 | 185.172.148.132 185.172.148.132 | 44239 (KEYCDN Ke...) (KEYCDN KeyCDN) | |
1 | 2400:cb00:204... 2400:cb00:2048:1::6813:c166 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare) | |
1 | 2400:cb00:204... 2400:cb00:2048:1::6813:c466 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare) | |
17 | 5 |
ASN1759 (TSF-IP-CORE http://www.teliasonera.com, looking-glass lg.sonera.net, FI)
PTR: cpanel7.int2000.net
gov.uk.government.hm-revenue.customs.services.amexliput.fi |
ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)
cdnjs.cloudflare.com |
ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)
cdnjs.cloudflare.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
amexliput.fi
gov.uk.government.hm-revenue.customs.services.amexliput.fi |
121 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com |
10 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net |
27 KB |
1 |
googleapis.com
ajax.googleapis.com |
8 KB |
17 | 4 |
Domain | Requested by | |
---|---|---|
12 | gov.uk.government.hm-revenue.customs.services.amexliput.fi |
gov.uk.government.hm-revenue.customs.services.amexliput.fi
|
2 | cdnjs.cloudflare.com |
gov.uk.government.hm-revenue.customs.services.amexliput.fi
|
2 | cdn.jsdelivr.net |
gov.uk.government.hm-revenue.customs.services.amexliput.fi
|
1 | ajax.googleapis.com |
gov.uk.government.hm-revenue.customs.services.amexliput.fi
|
17 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.googleapis.com Google Internet Authority G2 |
2017-01-18 - 2017-04-12 |
3 months | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2016-12-19 - 2017-06-25 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=jdwW7M01xrIjUePG5nmzZnfXvvLXCNWW0sS8fSaMkT6e7WUdkgMjE1gax27aP46QwYYLR9yb2FqaCknWBafgcwqKyyUoC0e8ZdURmt3o9tyLOW
Frame ID: 20892.1
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/ Page URL
- http://gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=jdwW7M01xrIjUePG5... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/ Page URL
- http://gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=jdwW7M01xrIjUePG5nmzZnfXvvLXCNWW0sS8fSaMkT6e7WUdkgMjE1gax27aP46QwYYLR9yb2FqaCknWBafgcwqKyyUoC0e8ZdURmt3o9tyLOW Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request 5- http://jqueryvalidation.org/files/dist/additional-methods.min.js
- https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/additional-methods.min.js
- http://jqueryvalidation.org/files/dist/additional-methods.min.js
- https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/additional-methods.min.js
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/ |
254 B 260 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Tax-Refund.php
gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/ |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/assets/styles/ |
46 KB 46 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ |
20 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.payment.js
gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/assets/js/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.js
cdn.jsdelivr.net/jquery.validation/1.14.0/ |
42 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
additional-methods.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ Redirect Chain
|
17 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
validate.js
gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/assets/js/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/assets/img/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
help.gif
gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/assets/img/ |
149 B 149 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.payment.js
gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/assets/js/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.js
cdn.jsdelivr.net/jquery.validation/1.14.0/ |
42 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
additional-methods.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/ Redirect Chain
|
17 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
validate.js
gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/assets/js/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/assets/img/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
help.gif
gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/assets/img/ |
149 B 149 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
gov.uk.government.hm-revenue.customs.services.amexliput.fi/HM/assets/img/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
gov.uk.government.hm-revenue.customs.services.amexliput.fi
185.172.148.132
2400:cb00:2048:1::6813:c166
2400:cb00:2048:1::6813:c466
2a00:1450:4001:81d::200a
62.73.58.178
0205a8927ed5b5cb7e50ebeaf1bed63129ec5a53a645a8984acf5fff1833c1cf
47cc4087c6609c58918c1a5d08949d68208d6ea18139ab5db0baf3d5ee5cc190
58522612931e55b5e99b95216ae6544ee0c25a9b8aaaeab002cb97e11b59ea67
7e58a516021e0a0951cf6eddcd621d895fe317509baa0239867d4d75a68f74e4
887a6c755ff697b0d8a05a162af5e8a599599f963525d6d00c68c9ca3b25ca5d
adbad93e18acbb9cde6960de9a06458be02071d7f96faab9dc62456e4f8fd17c
b072c44bfab6dbc45edf4cc19cedf2ae1ec20678d80a25ab29d1cc24063aab64
c03dbad40c3e66746170d4b12946400d59ea23174e67aceae5430b366188a208
ce9ec00035d70430e12b06581172259b209ab5a98ae3b7ea2ea1dfdfae839d23
d7b71523f464ee47653c7ef3a44f6832909c4058e249127da41f56cb8584e52f