hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au Open in urlscan Pro
172.67.138.92 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47
Submission: On July 25 via automatic, source openphish (July 25th 2024, 2:02:54 am UTC) — Scanned from AU

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 172.67.138.92, located in United States and belongs to CLOUDFLARENET, US. The main domain is hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au.
TLS certificate: Issued by WE1 on June 16th 2024. Valid for: 3 months.

This is the only time hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address		AS Autonomous System
11	172.67.138.92 172.67.138.92		13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2

11 172.67.138.92 (United States)

ASN13335 (CLOUDFLARENET, US)

hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	seftonmedical.com.au hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au	268 KB
11	1

	Domain	Requested by
11	hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au	hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au
11	1

This site contains no links.

Subject Issuer	Validity	Valid
seftonmedical.com.au WE1	`2024-06-16` - `2024-09-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47
Frame ID: F713FAD8E64E7BFBAC901AF630E8BDB2
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Personal - Apply

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

433 kB
Transfer

802 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request dataPersonal.php Show response hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/	43 KB 6 KB	673ms 636ms	Document text/html	172.67.138.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.138.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `02d96be37d15323b5a783359e1a80a9ea4316f7e6eae2423d44649ca164e5e06` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8a8891ca3dcb5721-SYD content-encoding br content-type text/html; charset=UTF-8 date Thu, 25 Jul 2024 02:02:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4P9%2FYnvZnFF9jCMgrd6metd28nSed1s93kiyRG73FNqVtVmL%2Fv7Er%2BHHv0TYy2S2qUE0%2FKq6AXf%2FnRgWel6YPaJRowvIHg9FA5eDtlxrIyYxLCcmK7v06QwBaeuzZysnlSNyKqRbvFzum9984SU5Dqj5oMCT9LC0IPz9zAb%2Bzjau5nfOBMoeX2fYo691tLWkgYTxyWdKJ6OfE2LAHHx3"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	design.css hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/	20 KB 5 KB	623ms 620ms	Stylesheet text/css	172.67.138.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/design.css Requested by Host: hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au URL: https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.138.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1826dfb2fd5005be02402463c457c13ed6e240616472703a5d0f83ed62bcaaa1` Request headers Referer https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 25 Jul 2024 02:02:45 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "5022-5c468ed187840-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PswzLalNKt2lOu8dKxD%2Bk3RvcbKnKKiOMDRIONcnS0Yj0l8f1JUMyNLlDWfMGvQJoFGoTivFs0r5Yztl5eSiz97XskeL4h3j7h%2FsZLNFyxt8IpAQQe5HCXPpi66UYg%2BvW%2FPpk0d1%2BP%2B4vBGhf12VBmjuWTs6LXgAlfM0gKNAlPsan%2FAPYXEbBe8vexVZABccDlPSSy5Na3kPn2OiTbRi"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 8a8891ce4cdd5721-SYD alt-svc h3=":443"; ma=86400 content-length 4363
GET H2	200	fonts.css hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/	267 KB 196 KB	1505ms 1504ms	Stylesheet text/css	172.67.138.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/fonts.css Requested by Host: hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au URL: https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.138.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3b3a723d1c8b4931f482c94d55f5017823cfd20eb0e85d5453a23406a2d70be2` Request headers Referer https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 25 Jul 2024 02:02:46 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "42be9-5c468ed187840-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=apKPGwTGU4Y8hqY%2BpxEOY7R0nIHFRmhVF9Vuw78YLtiGT5qy5xKD83OjL9WId9CvzOsnSYLqMS1hcr8OxQ6MyaWcxutU6Y3fvudIzsVBRiE1o4zpFVeeH1YqD0K127LPFE7NU4X18OUeqqCxKxg%2Ft0UIbxpohqR1ej9xLbUYgKVUTE62xqlsK1pExbVIa4pw0YA%2BI4T4zWsY0qomxvlq"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8a8891ce4ce05721-SYD alt-svc h3=":443"; ma=86400
GET H2	200	jquery.css hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/	299 KB 52 KB	955ms 954ms	Stylesheet text/css	172.67.138.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/jquery.css Requested by Host: hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au URL: https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.138.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0de53223f4c23219f03db81fddca10bf03ab165eb263281583ed1e5191d656cd` Request headers Referer https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 25 Jul 2024 02:02:45 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "4ab41-5c468ed187840-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2X1yhe%2F5PmcjxkzPEDwMWFsH0eV%2B%2Bc%2BGAkIr53bSw0PNnE1vEdxatR5Fu4Ew8cpajK96HhAcjwYY6PDJYkS4js6qsihEAsxp%2FVspHEng3Y2i0BejmTOUfdY8WwNMjVds8ZvWBjU5FWj9mc8pGu4A09ByZyNJdBB0ObNIr4qW%2BPzyLNrg9siGc6eSOeL4SF6KqlkA54Hun4uqf4iegq5C"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8a8891ce4ce25721-SYD alt-svc h3=":443"; ma=86400
GET H2	404	local.css hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/	0 0	649ms 648ms	Stylesheet text/html	172.67.138.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/local.css Requested by Host: hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au URL: https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.138.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 25 Jul 2024 02:02:45 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fepHHlP2Rio%2F6JSuuQ49l0Rlns94SMWlob1wEcqH7c%2BFoCy5vfRCe16yXg%2FR111IdJ1kSBarBGn0UN9OZdqDts%2BclhU4q0F8ZwrobYGup5V7YgkcEg50wotqHB6efGXHT6CCpx8kci778Slh9cJg9LP%2F5ml5Ya0gjeOdlT30Tr%2BZf35Ug9Bf53uYCrhzRc1mFUIcS10PPYuiyQOAAqIa"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 8a8891ce4ce35721-SYD alt-svc h3=":443"; ma=86400
GET H2	200	gov.uk_logotype_crown.png hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/	780 B 1 KB	619ms 618ms	Image image/png	172.67.138.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/gov.uk_logotype_crown.png Requested by Host: hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au URL: https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.138.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6` Request headers Referer https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 25 Jul 2024 02:02:45 GMT cf-cache-status REVALIDATED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "30c-5c468ed187840" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LIpzEi5EtOK9u7pwarTwY7b7r7m1PxnaLi8Ud5GqnbV3x7Od5hqrqz70bgngo3t34cpHyjDNk9NUJjjIs1cawgFhAMMJe3qByOqo5RqocxV6CIZd8n0CLtBHLKSXgU8wlayi%2FizSqp%2BkPwJbrZgLf7rgTLHLY4aHerG7KBjtxaIwU8ntsFxvWsjEc%2FNqm%2Fr5vpOeGjczb%2FsBIOB9rOzS"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8a8891ce4ce45721-SYD alt-svc h3=":443"; ma=86400 content-length 780
GET H2	200	open-government-licence_2x.png hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/	504 B 865 B	640ms 639ms	Image image/png	172.67.138.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/open-government-licence_2x.png Requested by Host: hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au URL: https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.138.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2dcbca9026a39b5e4cc536b2f842bd173148b018c7ce369a5930558f4de0e23b` Request headers Referer https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 25 Jul 2024 02:02:45 GMT cf-cache-status REVALIDATED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "1f8-5c468ed187840" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o7GssvddVKmpc64FwnRQnR3323ne9ZveYYVMwNWIaWMY3MS2Lcs2VkvS9Z35mx1GH9HFQxRmuOYbegBAXS%2Br%2FCSDosQJuh%2Bjk4J8OoECd1ToaEP2PDK9X3xgQ8DsW3JfEkN3hHZInvWZPV%2FGMsdiwrjLDw0pog2%2FMLiawb8q%2B9cu8BVj%2FZDg6l%2FadYRrFsYchEhulMNbIJAKiE4%2B3IOt"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8a8891ce4ce55721-SYD alt-svc h3=":443"; ma=86400 content-length 504
GET H3	200	print.css hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/	1 KB 1 KB	617ms 616ms	Stylesheet text/css	172.67.138.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/print.css Requested by Host: hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au URL: https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.138.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5bb990686d6668df3f9d5208b10fa83d2f5d55820b442be13542a3dfbd3e361a` Request headers Referer https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 25 Jul 2024 02:02:46 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "5f8-5c468ed187840-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O%2FmAb8zk5ciZPkx7dX8FOcPxp2yU%2B%2F2%2FcCH%2FD3TFNO2fL36TdVEDbMI9py3m0qRGMzU2tu3WwJvxonleM9kbCIVqfn8A6klweYne807pCzUNdH5N%2BHL9VPrGCvVBqNUVP35hLzeLgkFT6dYnNSlMR5oZlybXcTkN5ISh6ArFnkFtE3w0gLHJEY8TQ%2FHbxGkl10ujCsioaI7Nq9cLplEH"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 accept-ranges bytes cf-ray 8a8891d22be9a97a-SYD alt-svc h3=":443"; ma=86400 content-length 675
GET H3	200	hmrc_crest_18px.png hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/	2 KB 2 KB	637ms 636ms	Image image/png	172.67.138.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/hmrc_crest_18px.png Requested by Host: hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au URL: https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/jquery.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.138.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c208f82493fb15f9261ba474cf6615ddc22e51984177095c4d12d2ad39647ca9` Request headers Referer https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/jquery.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 25 Jul 2024 02:02:51 GMT cf-cache-status REVALIDATED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "665-5c468ed187840" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fKzv7Bv2QDx8aoXltYUwcJZD6rVIseU25dk2RZWDQ35UdfqaXqw061nVMxgQfioz2v94QpdRks142h5yiLG29elrDVowO07uGRC%2B3v7eFiAIngQdW83pU4VBpzHuj3EmH6mDn1FnleHLtLTE0SRZ1yeAOtRXSNPLE6c13xT9wRGRV8G2xDT5z1d7lyLVpE%2BGieAvaE4iGwhiwBZAJnhE"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8a8891f16a8da97a-SYD alt-svc h3=":443"; ma=86400 content-length 1637
GET DATA	200 OK	truncated /	94 KB 94 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30` Request headers Referer Origin https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff
GET H3	200	govuk-crest.png hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/	4 KB 4 KB	637ms 636ms	Image image/png	172.67.138.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/govuk-crest.png Requested by Host: hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au URL: https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/design.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.138.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b` Request headers Referer https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/etc/design.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 25 Jul 2024 02:02:51 GMT cf-cache-status REVALIDATED last-modified Thu, 10 Jun 2021 12:56:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "e00-5c468ed187840" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X8V4YCdbfvUoGaqgGoCrb9CW1g7oqrhnCOLWcGpT5m%2FTQQOv2Al8mjNO1a1Q%2FVgwPs0%2BYtkA30HsLgtQA2woHNVbIqIyGEtf8fzLfjFUzwQ%2FpiYDDhU72sWcc%2FnL5EmmH8eBRKmUA%2BbsA4gwkwYFS3oMxCedszj78%2BH2OHQrkQgwWb%2BohkN8qtrJ47j40qVwasPNNgcXBeM9BSsKXB3a"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8a8891f16a9ba97a-SYD alt-svc h3=":443"; ma=86400 content-length 3584
GET DATA	200 OK	truncated /	71 KB 71 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba` Request headers Referer Origin https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type application/font-woff
GET H3	404	favicon.ico hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/	338 B 758 B	1401ms 1401ms	Other text/html	172.67.138.92 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.138.92 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5ad439c1ad39e9661cba815c8892367de7838fdd145ef8e460ad67b9afd9c39d` Request headers Referer https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/dataPersonal.php?userMetaData=666b4fac4da47 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 25 Jul 2024 02:02:52 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4oX6cQaXvTvrmdk7G36KEICqpV1%2B9JUHI7yhyGLy8EmbVDO6HZlygv7lvHudFk7zcwd1LdGpJR%2FjJQYevZNnCFguhWZX9dH83fy0TiEyYcA7AIERIzvZm8cEZbQz9t1alh1NkBgbFJS%2FotbZCJHwgRD0BlrtQbJ2pIv8FydssWm6APWnbAx7Aek713l%2F146hwifjbnViLWfxZAupglRc"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 8a8891f5685ea97a-SYD alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| noBack function| clickIE function| clickNS function| disableCtrlKeyCombination

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/service_tax-gg-check-hm_income-individual/local.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au
172.67.138.92
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
02d96be37d15323b5a783359e1a80a9ea4316f7e6eae2423d44649ca164e5e06
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
0de53223f4c23219f03db81fddca10bf03ab165eb263281583ed1e5191d656cd
14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6
1826dfb2fd5005be02402463c457c13ed6e240616472703a5d0f83ed62bcaaa1
2dcbca9026a39b5e4cc536b2f842bd173148b018c7ce369a5930558f4de0e23b
3b3a723d1c8b4931f482c94d55f5017823cfd20eb0e85d5453a23406a2d70be2
5ad439c1ad39e9661cba815c8892367de7838fdd145ef8e460ad67b9afd9c39d
5bb990686d6668df3f9d5208b10fa83d2f5d55820b442be13542a3dfbd3e361a
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c208f82493fb15f9261ba474cf6615ddc22e51984177095c4d12d2ad39647ca9

hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au Open in urlscan Pro 172.67.138.92 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

433 kBTransfer

802 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

hm-revenue-customs_income-taxes_enquiries-6657b07f8478f.seftonmedical.com.au Open in urlscan Pro
172.67.138.92 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

433 kB
Transfer

802 kB
Size

0
Cookies

11 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!