www.gov.uk.claim-tax-refund.gredfa.me Open in urlscan Pro
198.46.189.191 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.gov.uk.claim-tax-refund.gredfa.me/
Effective URL:
https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true
Submission Tags: @andsyn1 phishing malicious Search All
Submission: On October 15 via api (October 15th 2020, 1:55:00 pm UTC) from NL

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 17 HTTP transactions. The main IP is 198.46.189.191, located in Buffalo, United States and belongs to AS-COLOCROSSING, US. The main domain is www.gov.uk.claim-tax-refund.gredfa.me.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 15th 2020. Valid for: 3 months.

This is the only time www.gov.uk.claim-tax-refund.gredfa.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address		AS Autonomous System
1 18	198.46.189.191 198.46.189.191		36352 (AS-COLOCR...) (AS-COLOCROSSING)
17	2

18 198.46.189.191 (Buffalo, United States) 1 redirects

ASN36352 (AS-COLOCROSSING, US)
PTR: 198-46-189-191-host.colocrossing.com

www.gov.uk.claim-tax-refund.gredfa.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	gredfa.me 1 redirects www.gov.uk.claim-tax-refund.gredfa.me	1 MB
17	1

	Domain	Requested by
18	www.gov.uk.claim-tax-refund.gredfa.me	1 redirects www.gov.uk.claim-tax-refund.gredfa.me
17	1

This site contains no links.

Subject Issuer	Validity	Valid
www.gov.uk.claim-tax-refund.gredfa.me Let's Encrypt Authority X3	`2020-10-15` - `2021-01-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true
Frame ID: A3ED9C119B9205B0E7EEA0911DEFA158
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.gov.uk.claim-tax-refund.gredfa.me/ HTTP 302
https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1353 kB
Transfer

1347 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.gov.uk.claim-tax-refund.gredfa.me/ HTTP 302
https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request start.php Show response www.gov.uk.claim-tax-refund.gredfa.me/ Redirect Chain https://www.gov.uk.claim-tax-refund.gredfa.me/ https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true	8 KB 8 KB	254ms 254ms	Document text/html	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `b04554f686c5f22b0d0dff8798808187ec6394bcc55069ee58adf916ceee82fc` Request headers Host www.gov.uk.claim-tax-refund.gredfa.me Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Cookie PHPSESSID=7d436d675ecab5a2dc825c798c2785ec Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Server nginx/1.17.4 Date Thu, 15 Oct 2020 13:54:40 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Redirect headers Server nginx/1.17.4 Date Thu, 15 Oct 2020 13:54:39 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie PHPSESSID=7d436d675ecab5a2dc825c798c2785ec; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Location start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true
GET H/1.1	200 OK	govuk-template.css www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	20 KB 20 KB	507ms 503ms	Stylesheet text/css	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/govuk-template.css Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `82712ce80c62d137829312ab172980700c0aec9b0aea5dfbeb3b4f57610c4376` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:40 GMT Last-Modified Sat, 21 Sep 2019 16:07:56 GMT Server nginx/1.17.4 ETag "5d864adc-5017" Content-Type text/css Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 20503 Expires Thu, 22 Oct 2020 13:54:40 GMT
GET H/1.1	200 OK	govuk-template-ie6.css www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	18 KB 19 KB	601ms 403ms	Stylesheet text/css	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/govuk-template-ie6.css Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `f64a460dab32f16d73c40a27e61ba0233b9ffc758359316407ee2fe84780086e` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:40 GMT Last-Modified Sat, 21 Sep 2019 16:07:56 GMT Server nginx/1.17.4 ETag "5d864adc-49de" Content-Type text/css Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 18910 Expires Thu, 22 Oct 2020 13:54:40 GMT
GET H/1.1	200 OK	govuk-template-ie7.css www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	18 KB 19 KB	925ms 417ms	Stylesheet text/css	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/govuk-template-ie7.css Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `6766756c566845f4d195bb6c50eeefb3ab46aaacb6019b7c38164b1554c6c3db` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:40 GMT Last-Modified Sat, 21 Sep 2019 16:07:56 GMT Server nginx/1.17.4 ETag "5d864adc-496f" Content-Type text/css Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 18799 Expires Thu, 22 Oct 2020 13:54:40 GMT
GET H/1.1	200 OK	govuk-template-ie8.css www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	18 KB 18 KB	933ms 331ms	Stylesheet text/css	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/govuk-template-ie8.css Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `cd88a381c35c97460dd041aab98dbf7687a3f2e8d4476cbe88a5cff4513c6b08` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:40 GMT Last-Modified Sat, 21 Sep 2019 16:07:56 GMT Server nginx/1.17.4 ETag "5d864adc-466b" Content-Type text/css Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 18027 Expires Thu, 22 Oct 2020 13:54:40 GMT
GET H/1.1	200 OK	fonts.css www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	267 KB 267 KB	1511ms 502ms	Stylesheet text/css	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/fonts.css Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `6813a04aa7ebe09726eda5fdd9c4abf1c5f151335adf0ad90474a5fe316e87ed` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:41 GMT Last-Modified Tue, 17 Oct 2017 05:25:48 GMT Server nginx/1.17.4 ETag "59e5945c-42be1" Content-Type text/css Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 273377 Expires Thu, 22 Oct 2020 13:54:41 GMT
GET H/1.1	200 OK	ie.js Show response www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	23 KB 24 KB	2126ms 347ms	Script application/javascript	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/ie.js Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `23d3b70bcc62da30c9f2e11a244e73b1a94eead3a69a93d9f479ecb014e3a331` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:42 GMT Last-Modified Sat, 21 Sep 2019 16:07:56 GMT Server nginx/1.17.4 ETag "5d864adc-5d3f" Content-Type application/javascript Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 23871 Expires Thu, 22 Oct 2020 13:54:42 GMT
GET H/1.1	200 OK	application-ie7.min.css www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	172 KB 172 KB	1347ms 334ms	Stylesheet text/css	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/application-ie7.min.css Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `3fe3195bc843b9dac4b917e5199fd06670c40f90f53568db8bb636c1ef4d6041` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:41 GMT Last-Modified Sat, 21 Sep 2019 16:07:56 GMT Server nginx/1.17.4 ETag "5d864adc-2b028" Content-Type text/css Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 176168 Expires Thu, 22 Oct 2020 13:54:41 GMT
GET H/1.1	200 OK	application-ie.min.css www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	169 KB 170 KB	1603ms 409ms	Stylesheet text/css	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/application-ie.min.css Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `d03a05e6255c25533bb78bf84592b5e90253ba7f407bfefc785752da9b5e49ff` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:41 GMT Last-Modified Sat, 21 Sep 2019 16:07:56 GMT Server nginx/1.17.4 ETag "5d864adc-2a4c8" Content-Type text/css Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 173256 Expires Thu, 22 Oct 2020 13:54:41 GMT
GET H/1.1	200 OK	application.min.css www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	176 KB 177 KB	1943ms 343ms	Stylesheet text/css	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/application.min.css Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `2f2e0346c0437b3f08513181b88286c70770d7630a7d2e2e6aa3a893b627c7d9` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:41 GMT Last-Modified Sat, 21 Sep 2019 16:07:56 GMT Server nginx/1.17.4 ETag "5d864adc-2c159" Content-Type text/css Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 180569 Expires Thu, 22 Oct 2020 13:54:41 GMT
GET H/1.1	200 OK	gov.uk_logotype_crown.png www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	780 B 1 KB	252ms 252ms	Image image/png	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/gov.uk_logotype_crown.png Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:43 GMT Last-Modified Tue, 17 Oct 2017 05:25:48 GMT Server nginx/1.17.4 ETag "59e5945c-30c" Content-Type image/png Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 780 Expires Thu, 22 Oct 2020 13:54:43 GMT
GET H/1.1	200 OK	open-government-licence_2x.png www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	504 B 890 B	266ms 265ms	Image image/png	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/open-government-licence_2x.png Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `2dcbca9026a39b5e4cc536b2f842bd173148b018c7ce369a5930558f4de0e23b` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:43 GMT Last-Modified Tue, 17 Oct 2017 05:25:48 GMT Server nginx/1.17.4 ETag "59e5945c-1f8" Content-Type image/png Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 504 Expires Thu, 22 Oct 2020 13:54:43 GMT
GET H/1.1	200 OK	application.min.js Show response www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	287 KB 288 KB	323ms 322ms	Script application/javascript	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/application.min.js Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `607a0042d1a81c2b3317fa5e149934a39d3d83cc21a917a41950f0ca1d881fd5` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:42 GMT Last-Modified Sat, 21 Sep 2019 16:07:56 GMT Server nginx/1.17.4 ETag "5d864adc-47d72" Content-Type application/javascript Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 294258 Expires Thu, 22 Oct 2020 13:54:42 GMT
GET H/1.1	200 OK	govuk-template-print.css www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	1 KB 2 KB	267ms 266ms	Stylesheet text/css	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/govuk-template-print.css Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `5bb990686d6668df3f9d5208b10fa83d2f5d55820b442be13542a3dfbd3e361a` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:43 GMT Last-Modified Tue, 17 Oct 2017 05:25:48 GMT Server nginx/1.17.4 ETag "59e5945c-5f8" Content-Type text/css Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 1528 Expires Thu, 22 Oct 2020 13:54:43 GMT
GET H/1.1	404 Not Found	webfont-debug.js www.gov.uk.claim-tax-refund.gredfa.me/template/assets/javascripts/vendor/goog/	0 0	269ms 268ms	Script text/html	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/template/assets/javascripts/vendor/goog/webfont-debug.js Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/start.php?&sessionid=5a110c362421feff0eeb7f9b9398ff6b&securessl=true User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 15 Oct 2020 13:54:43 GMT Server nginx/1.17.4 Connection keep-alive Content-Length 548 Content-Type text/html
GET H/1.1	200 OK	hmrc_crest_18px.png www.gov.uk.claim-tax-refund.gredfa.me/step1_files/	2 KB 2 KB	251ms 251ms	Image image/png	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/hmrc_crest_18px.png Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/application.min.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `c208f82493fb15f9261ba474cf6615ddc22e51984177095c4d12d2ad39647ca9` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/application.min.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 15 Oct 2020 13:54:44 GMT Last-Modified Tue, 17 Oct 2017 05:43:18 GMT Server nginx/1.17.4 ETag "59e59876-665" Content-Type image/png Cache-Control max-age=604800, private, must-revalidate, proxy-revalidate Connection keep-alive Accept-Ranges bytes Content-Length 1637 Expires Thu, 22 Oct 2020 13:54:44 GMT
GET H/1.1	404 Not Found	govuk-crest.png www.gov.uk.claim-tax-refund.gredfa.me/step1_files/images/	548 B 548 B	252ms 252ms	Image text/html	198.46.189.191 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/images/govuk-crest.png Requested by Host: www.gov.uk.claim-tax-refund.gredfa.me URL: https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/govuk-template-ie8.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 198.46.189.191 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 198-46-189-191-host.colocrossing.com Software nginx/1.17.4 / Resource Hash `d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090` Request headers Referer https://www.gov.uk.claim-tax-refund.gredfa.me/step1_files/govuk-template-ie8.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 15 Oct 2020 13:54:44 GMT Server nginx/1.17.4 Connection keep-alive Content-Length 548 Content-Type text/html
GET DATA	200 OK	truncated /	94 KB 94 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30` Request headers Origin https://www.gov.uk.claim-tax-refund.gredfa.me Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type application/font-woff
GET DATA	200 OK	truncated /	71 KB 71 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba` Request headers Origin https://www.gov.uk.claim-tax-refund.gredfa.me Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.gov.uk.claim-tax-refund.gredfa.me
198.46.189.191
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6
23d3b70bcc62da30c9f2e11a244e73b1a94eead3a69a93d9f479ecb014e3a331
2dcbca9026a39b5e4cc536b2f842bd173148b018c7ce369a5930558f4de0e23b
2f2e0346c0437b3f08513181b88286c70770d7630a7d2e2e6aa3a893b627c7d9
3fe3195bc843b9dac4b917e5199fd06670c40f90f53568db8bb636c1ef4d6041
5bb990686d6668df3f9d5208b10fa83d2f5d55820b442be13542a3dfbd3e361a
607a0042d1a81c2b3317fa5e149934a39d3d83cc21a917a41950f0ca1d881fd5
6766756c566845f4d195bb6c50eeefb3ab46aaacb6019b7c38164b1554c6c3db
6813a04aa7ebe09726eda5fdd9c4abf1c5f151335adf0ad90474a5fe316e87ed
82712ce80c62d137829312ab172980700c0aec9b0aea5dfbeb3b4f57610c4376
b04554f686c5f22b0d0dff8798808187ec6394bcc55069ee58adf916ceee82fc
c208f82493fb15f9261ba474cf6615ddc22e51984177095c4d12d2ad39647ca9
cd88a381c35c97460dd041aab98dbf7687a3f2e8d4476cbe88a5cff4513c6b08
d03a05e6255c25533bb78bf84592b5e90253ba7f407bfefc785752da9b5e49ff
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
f64a460dab32f16d73c40a27e61ba0233b9ffc758359316407ee2fe84780086e

www.gov.uk.claim-tax-refund.gredfa.me Open in urlscan Pro 198.46.189.191 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

1353 kBTransfer

1347 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

www.gov.uk.claim-tax-refund.gredfa.me Open in urlscan Pro
198.46.189.191 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1353 kB
Transfer

1347 kB
Size

0
Cookies

17 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!