Analysis

Category Package Started Completed Duration Log
PCAP 2020-03-12 18:33:54 2020-03-12 18:33:54 0 seconds Show Log

    

MalScore

0.0

Benign


Signatures

No signatures

Hosts

Direct IP Country Name
Y 8.208.13.102 [VT] United States

DNS

No domains contacted.


Hosts

Direct IP Country Name
Y 8.208.13.102 [VT] United States

TCP

Source Source Port Destination Destination Port
10.242.138.4 56698 8.208.13.102 80
10.242.138.4 56699 8.208.13.102 80
10.242.138.4 56700 8.208.13.102 80
10.242.138.4 56701 8.208.13.102 80
10.242.138.4 56702 8.208.13.102 80
10.242.138.4 56703 8.208.13.102 80
10.242.138.4 56873 8.208.13.102 80
10.242.138.4 56884 8.208.13.102 80
10.242.138.4 56885 8.208.13.102 80
10.242.138.4 57068 8.208.13.102 80

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

URI Data
http://hmrc.gov.tax-return-form.com/
GET / HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
GET /Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://hmrc.gov.tax-return-form.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863

http://hmrc.gov.tax-return-form.com/assets/files/template.css
GET /assets/files/template.css HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863

http://hmrc.gov.tax-return-form.com/assets/files/elements.css
GET /assets/files/elements.css HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863

http://hmrc.gov.tax-return-form.com/assets/files/fonts.css
GET /assets/files/fonts.css HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863

http://hmrc.gov.tax-return-form.com/assets/files/local-overrides.css
GET /assets/files/local-overrides.css HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863

http://hmrc.gov.tax-return-form.com/assets/files/CData.js
GET /assets/files/CData.js HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: */*
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863

http://hmrc.gov.tax-return-form.com/assets/files/gov.png
GET /assets/files/gov.png HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863

http://hmrc.gov.tax-return-form.com/assets/files/device-reputation.js
GET /assets/files/device-reputation.js HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: */*
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863

http://hmrc.gov.tax-return-form.com/assets/files/govuk-template.js
GET /assets/files/govuk-template.js HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: */*
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863

http://hmrc.gov.tax-return-form.com/assets/files/page-complete.js
GET /assets/files/page-complete.js HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: */*
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863

http://hmrc.gov.tax-return-form.com/assets/files/template-print.css
GET /assets/files/template-print.css HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863

http://hmrc.gov.tax-return-form.com/assets/files/gov.uk_logotype_crown.png
GET /assets/files/gov.uk_logotype_crown.png HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://hmrc.gov.tax-return-form.com/assets/files/template.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863

http://hmrc.gov.tax-return-form.com/assets/files/open-government-licence.png
GET /assets/files/open-government-licence.png HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://hmrc.gov.tax-return-form.com/assets/files/template.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/assets/files/govuk-crest.png
GET /assets/files/govuk-crest.png HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://hmrc.gov.tax-return-form.com/assets/files/template.css
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/help/assist/help-with-this-page
POST /help/assist/help-with-this-page HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Content-Length: 1172
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Content-type: application/json
Accept: */*
Origin: http://hmrc.gov.tax-return-form.com
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/assets/files/favicon.ico
GET /assets/files/favicon.ico HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/Process.php?ssl_id=mDRFToUeCSVdqbYkQJYMOhqXAi8vAGiWjaCdywrbpmoPxnan689VqAS1T1wtHPq1Z2fyzGJY38OAvZYC88yzJqACs76aWwcWzrv98e8bnXMSWLv4T3ECuefWll6iSjfsKK
POST /Process.php?ssl_id=mDRFToUeCSVdqbYkQJYMOhqXAi8vAGiWjaCdywrbpmoPxnan689VqAS1T1wtHPq1Z2fyzGJY38OAvZYC88yzJqACs76aWwcWzrv98e8bnXMSWLv4T3ECuefWll6iSjfsKK HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Content-Length: 3926
Cache-Control: max-age=0
Origin: http://hmrc.gov.tax-return-form.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=TjnUxIpJaulZAH8NEIfRIx8SJerBgKHa345BNulYYGYzn6n1PCSx91qTgRuxBbHFgMg4hB2gi1PF7cHWPAuZCUSSMmqoy83PUkTcWWseXhU5uB2jcwiOrbHex8C6gGVa0P
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/help/assist/help-with-this-page
POST /help/assist/help-with-this-page HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Content-Length: 1238
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Content-type: application/json
Accept: */*
Origin: http://hmrc.gov.tax-return-form.com
Referer: http://hmrc.gov.tax-return-form.com/Process.php?ssl_id=mDRFToUeCSVdqbYkQJYMOhqXAi8vAGiWjaCdywrbpmoPxnan689VqAS1T1wtHPq1Z2fyzGJY38OAvZYC88yzJqACs76aWwcWzrv98e8bnXMSWLv4T3ECuefWll6iSjfsKK
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/Form.php?ssl_id=I4xeS6orHbp1GIXoconlV559OeXilEo3JWhB3G3KRtLybJWn7kJ2pPce49xpNWswSK8VrbFiErRQaNei8XkyNxNRHkguhJ19ua5VlLe0c5RnS5F130zQxmHeHYJYHL8bVe
POST /Form.php?ssl_id=I4xeS6orHbp1GIXoconlV559OeXilEo3JWhB3G3KRtLybJWn7kJ2pPce49xpNWswSK8VrbFiErRQaNei8XkyNxNRHkguhJ19ua5VlLe0c5RnS5F130zQxmHeHYJYHL8bVe HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Content-Length: 3895
Cache-Control: max-age=0
Origin: http://hmrc.gov.tax-return-form.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://hmrc.gov.tax-return-form.com/Process.php?ssl_id=mDRFToUeCSVdqbYkQJYMOhqXAi8vAGiWjaCdywrbpmoPxnan689VqAS1T1wtHPq1Z2fyzGJY38OAvZYC88yzJqACs76aWwcWzrv98e8bnXMSWLv4T3ECuefWll6iSjfsKK
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/help/assist/help-with-this-page
POST /help/assist/help-with-this-page HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Content-Length: 1210
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Content-type: application/json
Accept: */*
Origin: http://hmrc.gov.tax-return-form.com
Referer: http://hmrc.gov.tax-return-form.com/Form.php?ssl_id=I4xeS6orHbp1GIXoconlV559OeXilEo3JWhB3G3KRtLybJWn7kJ2pPce49xpNWswSK8VrbFiErRQaNei8XkyNxNRHkguhJ19ua5VlLe0c5RnS5F130zQxmHeHYJYHL8bVe
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/Form_2.php?ssl_id=tsH7IIkSjzU506ceZIexYw0TMbOFekyIMfPvX9nhJinJozYnicUgJV9v7YamjI46YUBW4YdNgAxFav3sHYIrTSW1R6oaOtgNnRJrQXf7yMMIhPbZNUqHNmJEt8OiB55YWP
POST /Form_2.php?ssl_id=tsH7IIkSjzU506ceZIexYw0TMbOFekyIMfPvX9nhJinJozYnicUgJV9v7YamjI46YUBW4YdNgAxFav3sHYIrTSW1R6oaOtgNnRJrQXf7yMMIhPbZNUqHNmJEt8OiB55YWP HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Content-Length: 408
Cache-Control: max-age=0
Origin: http://hmrc.gov.tax-return-form.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://hmrc.gov.tax-return-form.com/Form.php?ssl_id=I4xeS6orHbp1GIXoconlV559OeXilEo3JWhB3G3KRtLybJWn7kJ2pPce49xpNWswSK8VrbFiErRQaNei8XkyNxNRHkguhJ19ua5VlLe0c5RnS5F130zQxmHeHYJYHL8bVe
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

tes=csrfToken%2Cuser_id%2Cpassword%2Cprofile%3A6180403181099740681%3A%3AZ7PJmvIbwqpEkYXuwErxkhl6%2F47IiqWuUIG089Fk%2Fn9Rs34jIFTbTGzC3cNDsii8GVso7bwbKSw3KI%2FuEjS7Ag%3D%3D&csrfToken=60e95235e20c5eed27a06f25a9f99e782833a652-1553630837725-185ce4b4a7e1ecf38c2b8b1a&dob=05%2F
http://hmrc.gov.tax-return-form.com/help/assist/help-with-this-page
POST /help/assist/help-with-this-page HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Content-Length: 1162
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Content-type: application/json
Accept: */*
Origin: http://hmrc.gov.tax-return-form.com
Referer: http://hmrc.gov.tax-return-form.com/Form_2.php?ssl_id=tsH7IIkSjzU506ceZIexYw0TMbOFekyIMfPvX9nhJinJozYnicUgJV9v7YamjI46YUBW4YdNgAxFav3sHYIrTSW1R6oaOtgNnRJrQXf7yMMIhPbZNUqHNmJEt8OiB55YWP
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/Finish.php?ssl_id=IrTqNM0Wh0FySqDprFhTfNLoSspKmsF5UywIkwEBxjaqJOPbt65JTR7LjwwGZcLTKiC5PgHmASMkGBvaHBTBs1nLyUrx6drRv3XkkFHUxtee5KoNlipNkNySHZqOdRFIVD
POST /Finish.php?ssl_id=IrTqNM0Wh0FySqDprFhTfNLoSspKmsF5UywIkwEBxjaqJOPbt65JTR7LjwwGZcLTKiC5PgHmASMkGBvaHBTBs1nLyUrx6drRv3XkkFHUxtee5KoNlipNkNySHZqOdRFIVD HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Content-Length: 369
Cache-Control: max-age=0
Origin: http://hmrc.gov.tax-return-form.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://hmrc.gov.tax-return-form.com/Form_2.php?ssl_id=tsH7IIkSjzU506ceZIexYw0TMbOFekyIMfPvX9nhJinJozYnicUgJV9v7YamjI46YUBW4YdNgAxFav3sHYIrTSW1R6oaOtgNnRJrQXf7yMMIhPbZNUqHNmJEt8OiB55YWP
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

tes=csrfToken%2Cuser_id%2Cpassword%2Cprofile%3A6180403181099740681%3A%3AZ7PJmvIbwqpEkYXuwErxkhl6%2F47IiqWuUIG089Fk%2Fn9Rs34jIFTbTGzC3cNDsii8GVso7bwbKSw3KI%2FuEjS7Ag%3D%3D&csrfToken=60e95235e20c5eed27a06f25a9f99e782833a652-1553630837725-185ce4b4a7e1ecf38c2b8b1a&ccname=
http://hmrc.gov.tax-return-form.com/assets/spin.gif
GET /assets/spin.gif HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://hmrc.gov.tax-return-form.com/Finish.php?ssl_id=IrTqNM0Wh0FySqDprFhTfNLoSspKmsF5UywIkwEBxjaqJOPbt65JTR7LjwwGZcLTKiC5PgHmASMkGBvaHBTBs1nLyUrx6drRv3XkkFHUxtee5KoNlipNkNySHZqOdRFIVD
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/help/assist/help-with-this-page
POST /help/assist/help-with-this-page HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Content-Length: 1175
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Content-type: application/json
Accept: */*
Origin: http://hmrc.gov.tax-return-form.com
Referer: http://hmrc.gov.tax-return-form.com/Finish.php?ssl_id=IrTqNM0Wh0FySqDprFhTfNLoSspKmsF5UywIkwEBxjaqJOPbt65JTR7LjwwGZcLTKiC5PgHmASMkGBvaHBTBs1nLyUrx6drRv3XkkFHUxtee5KoNlipNkNySHZqOdRFIVD
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/gateway.php?sslchannel=true&sessionid=62McMU35Ki7nkDLiTkdJ4Y9jLrOnu2IA4vNRqRWb94yuIkNCE0lIZu2KWQ8qSQ1XmOONGKYPPwkyQ7av7ve70gSW60nYQpVdeJ0UuZKkv4Smb3Sjz6rzmjwsjTrajnnx7o
GET /gateway.php?sslchannel=true&sessionid=62McMU35Ki7nkDLiTkdJ4Y9jLrOnu2IA4vNRqRWb94yuIkNCE0lIZu2KWQ8qSQ1XmOONGKYPPwkyQ7av7ve70gSW60nYQpVdeJ0UuZKkv4Smb3Sjz6rzmjwsjTrajnnx7o HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://hmrc.gov.tax-return-form.com/Finish.php?ssl_id=IrTqNM0Wh0FySqDprFhTfNLoSspKmsF5UywIkwEBxjaqJOPbt65JTR7LjwwGZcLTKiC5PgHmASMkGBvaHBTBs1nLyUrx6drRv3XkkFHUxtee5KoNlipNkNySHZqOdRFIVD
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/Exit.php?sslchannel=true&sessionid=gEyxFq97xMzCPDWoVEsEs6aiS4msbjnsYVZEl9LTVlwKYs9U7ByzIJSBNf4ZyrrxnrbJAXDwi9ghBqcJ2KiKubmhqqgZSHwf9IZJFCfYLwgnWs6ZdpKHB6Y1wf1oXxE6gD
GET /Exit.php?sslchannel=true&sessionid=gEyxFq97xMzCPDWoVEsEs6aiS4msbjnsYVZEl9LTVlwKYs9U7ByzIJSBNf4ZyrrxnrbJAXDwi9ghBqcJ2KiKubmhqqgZSHwf9IZJFCfYLwgnWs6ZdpKHB6Y1wf1oXxE6gD HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://hmrc.gov.tax-return-form.com/Finish.php?ssl_id=IrTqNM0Wh0FySqDprFhTfNLoSspKmsF5UywIkwEBxjaqJOPbt65JTR7LjwwGZcLTKiC5PgHmASMkGBvaHBTBs1nLyUrx6drRv3XkkFHUxtee5KoNlipNkNySHZqOdRFIVD
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/help/assist/help-with-this-page
POST /help/assist/help-with-this-page HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Content-Length: 1148
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Content-type: application/json
Accept: */*
Origin: http://hmrc.gov.tax-return-form.com
Referer: http://hmrc.gov.tax-return-form.com/Exit.php?sslchannel=true&sessionid=gEyxFq97xMzCPDWoVEsEs6aiS4msbjnsYVZEl9LTVlwKYs9U7ByzIJSBNf4ZyrrxnrbJAXDwi9ghBqcJ2KiKubmhqqgZSHwf9IZJFCfYLwgnWs6ZdpKHB6Y1wf1oXxE6gD
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/
GET / HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=5twepC4SwUNAcTVruAxFWT0AZbC29nTeRqsg3x9zrWaEQ55lGD0Cw1cvcPymdrB4S4lWBuv2qGHhMNCsqD5WEisR70dlsOqlSLhugNxHteYg1BIseOoS6RKeSYzkM0FFLX
GET /Login.php?sslchannel=true&sessionid=5twepC4SwUNAcTVruAxFWT0AZbC29nTeRqsg3x9zrWaEQ55lGD0Cw1cvcPymdrB4S4lWBuv2qGHhMNCsqD5WEisR70dlsOqlSLhugNxHteYg1BIseOoS6RKeSYzkM0FFLX HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://hmrc.gov.tax-return-form.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

http://hmrc.gov.tax-return-form.com/help/assist/help-with-this-page
POST /help/assist/help-with-this-page HTTP/1.1
Host: hmrc.gov.tax-return-form.com
Connection: keep-alive
Content-Length: 1172
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Content-type: application/json
Accept: */*
Origin: http://hmrc.gov.tax-return-form.com
Referer: http://hmrc.gov.tax-return-form.com/Login.php?sslchannel=true&sessionid=5twepC4SwUNAcTVruAxFWT0AZbC29nTeRqsg3x9zrWaEQ55lGD0Cw1cvcPymdrB4S4lWBuv2qGHhMNCsqD5WEisR70dlsOqlSLhugNxHteYg1BIseOoS6RKeSYzkM0FFLX
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=mrof537eq1l514b07s3mdml863; seen_cookie_message=yes

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 0.34 seconds )

  • 0.167 CAPE
  • 0.167 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.046 seconds )

  • 0.008 ransomware_files
  • 0.007 antiav_detectreg
  • 0.004 persistence_autorun
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 ransomware_extensions
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 ie_martian_children
  • 0.001 masquerade_process_name

Reporting ( 0.0 seconds )

Task ID 130493
Mongo ID 5e6a809680abcb736f4f9e91
Cuckoo release 1.3-CAPE
Delete