urlscan.io logo urlscan.io
SecurityTrails logo

alexize.ush3wcgbvwy3q6n8.info Open in urlscan Pro
23.95.214.179  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://alexize.ush3wcgbvwy3q6n8.info/?redirect=EN-GB
Submission: On August 31 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 23.95.214.179, located in Buffalo, United States and belongs to AS-COLOCROSSING - ColoCrossing, US. The main domain is alexize.ush3wcgbvwy3q6n8.info.
TLS certificate: Issued by RapidSSL SHA256 CA on August 11th 2017. Valid for: a year.
This is the only time alexize.ush3wcgbvwy3q6n8.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

IP Address AS Autonomous System
1 23.95.214.179 36352 (AS-COLOCR...)
7 194.187.249.92 9009 (M247)
1 2a00:1450:400... 15169 (GOOGLE)
1 2400:cb00:204... 13335 (CLOUDFLAR...)
1 2400:cb00:204... 13335 (CLOUDFLAR...)
12 6
1    23.95.214.179 (Buffalo, United States)

ASN36352 (AS-COLOCROSSING - ColoCrossing, US)
PTR: 23-95-214-179-host.colocrossing.com
alexize.ush3wcgbvwy3q6n8.info
7    194.187.249.92 (United Kingdom)

ASN9009 (M247, GB)
gov.uk.government-uid.fwfuohrvbk.online
1    2a00:1450:4001:815::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)
ajax.googleapis.com
1    2400:cb00:2048:1::6810:5814 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)
cdn.jsdelivr.net
1    2400:cb00:2048:1::6813:c366 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)
cdnjs.cloudflare.com
Domain Requested by
7 gov.uk.government-uid.fwfuohrvbk.online alexize.ush3wcgbvwy3q6n8.info
gov.uk.government-uid.fwfuohrvbk.online
1 cdnjs.cloudflare.com gov.uk.government-uid.fwfuohrvbk.online
1 cdn.jsdelivr.net gov.uk.government-uid.fwfuohrvbk.online
1 ajax.googleapis.com gov.uk.government-uid.fwfuohrvbk.online
1 alexize.ush3wcgbvwy3q6n8.info
12 5

This site contains no links.

Subject Issuer Validity Valid
*.ush3wcgbvwy3q6n8.info
RapidSSL SHA256 CA		 2017-08-11 -
2018-08-11		 a year crt.sh
gov.uk.government-uid.fwfuohrvbk.online
cPanel, Inc. Certification Authority		 2017-08-22 -
2017-11-20		 3 months crt.sh
*.googleapis.com
Google Internet Authority G2		 2017-08-15 -
2017-11-07		 3 months crt.sh
ssl363648.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2017-07-01 -
2018-01-07		 6 months crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2017-05-27 -
2017-12-03		 6 months crt.sh

This page contains 2 frames:

Frame: https://gov.uk.government-uid.fwfuohrvbk.online/?redirect=EN-GB
Frame ID: 13890.1
Requests: 2 HTTP requests in this frame

Frame: https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
Frame ID: 13903.1
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js/i

Page Statistics

12
Requests

92 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

145 kB
Transfer

247 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request 7
  • https://jqueryvalidation.org/files/dist/additional-methods.min.js
  • https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.16.0/additional-methods.min.js

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
alexize.ush3wcgbvwy3q6n8.info/ 		136 B
142 B 		Document
General
Check archive.org
Download Go to
Full URL
https://alexize.ush3wcgbvwy3q6n8.info/?redirect=EN-GB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.95.214.179 Buffalo, United States, ASN36352 (AS-COLOCROSSING - ColoCrossing, US),
Reverse DNS
23-95-214-179-host.colocrossing.com
Software
Apache /
Resource Hash
49007724a5d8dea942aacd05f926154b76683e8878fd5a61b34250e5cc7ec84c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Thu, 31 Aug 2017 19:23:18 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
/
gov.uk.government-uid.fwfuohrvbk.online/ 		0
0
/
gov.uk.government-uid.fwfuohrvbk.online/ Frame 1390 		254 B
254 B 		Document
General
Check archive.org
Download Go to
Full URL
https://gov.uk.government-uid.fwfuohrvbk.online/?redirect=EN-GB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.187.249.92 , United Kingdom, ASN9009 (M247, GB),
Reverse DNS
Software
Apache /
Resource Hash
e97f5ef17040ae027355f9f5c3a032f53d8a8ecd326cb0b611b9f54a91a65a66

Request headers

Upgrade-Insecure-Requests
1
Referer
https://alexize.ush3wcgbvwy3q6n8.info/?redirect=EN-GB
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 31 Aug 2017 19:23:18 GMT
Server
Apache
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
254
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Tax-Refund.php
gov.uk.government-uid.fwfuohrvbk.online/ Frame 1390 		14 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
Requested by
Host: gov.uk.government-uid.fwfuohrvbk.online
URL: https://gov.uk.government-uid.fwfuohrvbk.online/?redirect=EN-GB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.187.249.92 , United Kingdom, ASN9009 (M247, GB),
Reverse DNS
Software
Apache /
Resource Hash
78ed283f3c67391051c93c55053ab408e5c7ba7c1e3f6a5a6a842bfac7e6fb62

Request headers

Upgrade-Insecure-Requests
1
Referer
https://gov.uk.government-uid.fwfuohrvbk.online/?redirect=EN-GB
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 31 Aug 2017 19:23:18 GMT
Server
Apache
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
14278
Expires
Thu, 19 Nov 1981 08:52:00 GMT
main.css
gov.uk.government-uid.fwfuohrvbk.online/assets/styles/ Frame 1390 		46 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gov.uk.government-uid.fwfuohrvbk.online/assets/styles/main.css
Requested by
Host: gov.uk.government-uid.fwfuohrvbk.online
URL: https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.187.249.92 , United Kingdom, ASN9009 (M247, GB),
Reverse DNS
Software
Apache /
Resource Hash
c03dbad40c3e66746170d4b12946400d59ea23174e67aceae5430b366188a208

Request headers

Referer
https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Thu, 31 Aug 2017 19:23:18 GMT
Last-Modified
Mon, 21 Aug 2017 08:11:45 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
46794
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ Frame 1390 		91 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Requested by
Host: gov.uk.government-uid.fwfuohrvbk.online
URL: https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:815::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),
Reverse DNS
Software
sffe /
Resource Hash
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Mon, 07 Aug 2017 11:50:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2100786
status
200
alt-svc
quic=":443"; ma=2592000; v="39,38,37,35"
content-length
33593
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Aug 2018 11:50:13 GMT
jquery.payment.js
gov.uk.government-uid.fwfuohrvbk.online/assets/js/ Frame 1390 		17 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gov.uk.government-uid.fwfuohrvbk.online/assets/js/jquery.payment.js
Requested by
Host: gov.uk.government-uid.fwfuohrvbk.online
URL: https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.187.249.92 , United Kingdom, ASN9009 (M247, GB),
Reverse DNS
Software
Apache /
Resource Hash
bab17096436a05263ea9a6e4e6de5bc32c9ab520a3dbbd1cc0b868dc998aac88

Request headers

Referer
https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Thu, 31 Aug 2017 19:23:18 GMT
Last-Modified
Mon, 21 Aug 2017 08:11:45 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
17841
jquery.validate.js
cdn.jsdelivr.net/jquery.validation/1.14.0/ Frame 1390 		42 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/jquery.validation/1.14.0/jquery.validate.js
Requested by
Host: gov.uk.government-uid.fwfuohrvbk.online
URL: https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:5814 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software
cloudflare-nginx /
Resource Hash
ad5da6112553bd7511aea64dd18d23cef797432148142d766424c900dd919d0a

Request headers

Referer
https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 31 Aug 2017 19:23:19 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 14 Jan 2016 20:25:57 GMT
server
cloudflare-nginx
status
200
etag
W/"56980455-a686"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
39725d182a772750-FRA
additional-methods.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.16.0/ Frame 1390
Redirect Chain
  • https://jqueryvalidation.org/files/dist/additional-methods.min.js
  • https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.16.0/additional-methods.min.js
 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.16.0/additional-methods.min.js
Requested by
Host: gov.uk.government-uid.fwfuohrvbk.online
URL: https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6813:c366 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US),
Reverse DNS
Software
cloudflare-nginx /
Resource Hash
8b1554032d2cfbf0e858518df6460b2b4336be2cfb1f188dfd1108a3ae50b2e8

Request headers

Referer
https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

date
Thu, 31 Aug 2017 19:23:19 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 06 Dec 2016 20:17:31 GMT
server
cloudflare-nginx
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
39725d188ddc64c9-FRA
expires
Tue, 21 Aug 2018 19:23:19 GMT

Redirect headers

status
301
date
Thu, 31 Aug 2017 19:23:19 GMT
cache-control
max-age=3600
server
cloudflare-nginx
cf-ray
39725d18598a6451-FRA
location
https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.16.0/additional-methods.min.js
expires
Thu, 31 Aug 2017 20:23:19 GMT
validate.js
gov.uk.government-uid.fwfuohrvbk.online/assets/js/ Frame 1390 		12 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gov.uk.government-uid.fwfuohrvbk.online/assets/js/validate.js
Requested by
Host: gov.uk.government-uid.fwfuohrvbk.online
URL: https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.187.249.92 , United Kingdom, ASN9009 (M247, GB),
Reverse DNS
Software
Apache /
Resource Hash
14cd0d5171757bbd1d8d73208b22d4d5881dde2e870e2ad3a74ca69760973f8b

Request headers

Referer
https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Thu, 31 Aug 2017 19:23:18 GMT
Last-Modified
Mon, 21 Aug 2017 08:11:45 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
12237
logo.png
gov.uk.government-uid.fwfuohrvbk.online/assets/img/ Frame 1390 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gov.uk.government-uid.fwfuohrvbk.online/assets/img/logo.png
Requested by
Host: gov.uk.government-uid.fwfuohrvbk.online
URL: https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.187.249.92 , United Kingdom, ASN9009 (M247, GB),
Reverse DNS
Software
Apache /
Resource Hash
b072c44bfab6dbc45edf4cc19cedf2ae1ec20678d80a25ab29d1cc24063aab64

Request headers

Referer
https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Thu, 31 Aug 2017 19:23:18 GMT
Last-Modified
Mon, 21 Aug 2017 08:11:45 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
6823
help.gif
gov.uk.government-uid.fwfuohrvbk.online/assets/img/ Frame 1390 		149 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gov.uk.government-uid.fwfuohrvbk.online/assets/img/help.gif
Requested by
Host: gov.uk.government-uid.fwfuohrvbk.online
URL: https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.187.249.92 , United Kingdom, ASN9009 (M247, GB),
Reverse DNS
Software
Apache /
Resource Hash
7e58a516021e0a0951cf6eddcd621d895fe317509baa0239867d4d75a68f74e4

Request headers

Referer
https://gov.uk.government-uid.fwfuohrvbk.online/Tax-Refund.php?sslchannel=true&page=TaxRefund&sessionid=nxyyjrqhSazx8Ks8xRJnragB0InRIrQ6YoEiQ5zIg8goSJwqBgO2r4ErN1jws9DryiJoni7Dro2k7yLIPzLgEpIsq1ZTaCkJU38imfWNDY8LxT
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date
Thu, 31 Aug 2017 19:23:19 GMT
Last-Modified
Mon, 21 Aug 2017 08:11:45 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
149

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
gov.uk.government-uid.fwfuohrvbk.online
URL
https://gov.uk.government-uid.fwfuohrvbk.online/?redirect=EN-GB

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
gov.uk.government-uid.fwfuohrvbk.online/ Name: PHPSESSID
Value: n505bnu5qd925meadkcjh09en4