fdpdev.jbahosting.com Open in urlscan Pro
52.17.38.56 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://fdpdev.jbahosting.com/
Effective URL:
https://fdpdev.jbahosting.com/Account/Login
Submission: On November 21 via api (November 21st 2024, 4:12:50 pm UTC) from US — Scanned from DE

Summary HTTP 15 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 52.17.38.56, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is fdpdev.jbahosting.com.
TLS certificate: Issued by R10 on November 21st 2024. Valid for: 3 months.

This is the only time fdpdev.jbahosting.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 15	52.17.38.56 52.17.38.56	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	3

15 52.17.38.56 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com

fdpdev.jbahosting.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	jbahosting.com 1 redirects fdpdev.jbahosting.com	419 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	6 KB
15	2

	Domain	Requested by
15	fdpdev.jbahosting.com	1 redirects fdpdev.jbahosting.com
1	cdnjs.cloudflare.com	fdpdev.jbahosting.com
15	2

This site contains links to these domains. Also see Links.

Domain
www.gov.uk

Subject Issuer	Validity	Valid
fdpdev.jbahosting.com R10	`2024-11-21` - `2025-02-19`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://fdpdev.jbahosting.com/Account/Login
Frame ID: E9FF78FD7282C74B09507B747ED0345E
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FDP | Login

Page URL History Show full URLs

https://fdpdev.jbahosting.com/ HTTP 302
https://fdpdev.jbahosting.com/Account/Login Page URL

Detected technologies

GOV.UK Elements (UI frameworks) Expand

Overall confidence: 25%
Detected patterns

<link[^>]+elements-page[^>"]+css
<div[^>]+phase-banner-beta

GOV.UK Frontend (UI frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?govuk-frontend(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
<body[^>]+govuk-template__body

GOV.UK Template (UI frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+govuk-template[^>"]+css
<link[^>]+govuk-template-print[^>"]+css
<link[^>]+govuk-template-ie6[^>"]+css
<link[^>]+govuk-template-ie7[^>"]+css
<link[^>]+govuk-template-ie8[^>"]+css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

15
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

589 kB
Transfer

890 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gov.uk/help/cookies
Title: Find out more about cookies

Search URL Search Domain Scan URL

URL: https://www.gov.uk/
Title: GOV.UK

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://fdpdev.jbahosting.com/ HTTP 302
https://fdpdev.jbahosting.com/Account/Login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request Login Show response
fdpdev.jbahosting.com/Account/
Redirect Chain

https://fdpdev.jbahosting.com/
https://fdpdev.jbahosting.com/Account/Login

12 KB
5 KB

53ms
53ms

Document
text/html

52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fdpdev.jbahosting.com/Account/Login

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-38-56.eu-west-1.compute.amazonaws.com

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

c070394a056b5b59ac1768ce69c44a269fd5f8287ad58d3f970909cf58ce24a6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: private
content-encoding: gzip
content-length: 4431
content-type: text/html; charset=utf-8
date: Thu, 21 Nov 2024 16:12:36 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-frame-options: SAMEORIGIN
x-powered-by: ASP.NET

Redirect headers

cache-control: private
content-length: 131
content-type: text/html; charset=utf-8
date: Thu, 21 Nov 2024 16:12:36 GMT
location: /Account/Login
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-powered-by: ASP.NET

GET
H2 200 govuk-template.min.css
fdpdev.jbahosting.com/gov_uk/stylesheets/ 22 KB
5 KB 52ms
39ms Stylesheet
text/css 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fdpdev.jbahosting.com/gov_uk/stylesheets/govuk-template.min.css
Requested by: Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/Account/Login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: a2360c3e3f0ed2712eddfd0fb6520805ef403f2976237adbf484d84f1bf956a6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/Account/Login

Response headers

content-encoding: gzip
etag: "27bb72de50f3d81:0"
accept-ranges: bytes
content-length: 4727
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: text/css
last-modified: Tue, 08 Nov 2022 09:02:46 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 govuk-frontend-2.9.0.min.css
fdpdev.jbahosting.com/gov_uk/ 81 KB
15 KB 92ms
79ms Stylesheet
text/css 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fdpdev.jbahosting.com/gov_uk/govuk-frontend-2.9.0.min.css
Requested by: Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/Account/Login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 7ce7c2c7cbbfa1d82a5f358bbc8d50f79e93b001a045707d35974cd44ee49ed5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/Account/Login

Response headers

content-encoding: gzip
etag: "c4c176d450f3d81:0"
accept-ranges: bytes
content-length: 15042
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: text/css
last-modified: Tue, 08 Nov 2022 09:02:29 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 fonts.css
fdpdev.jbahosting.com/gov_uk/stylesheets/ 267 KB
271 KB 97ms
84ms Stylesheet
text/css 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fdpdev.jbahosting.com/gov_uk/stylesheets/fonts.css
Requested by: Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/Account/Login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 44d56bb670d213b4e568815636ad82dc5e67b96e3273b828a5e7d436f9d3b4a6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/Account/Login

Response headers

content-encoding: gzip
etag: "6d047dd50f3d81:0"
accept-ranges: bytes
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: text/css
last-modified: Tue, 08 Nov 2022 09:02:44 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 elements-page.min.css
fdpdev.jbahosting.com/gov_uk/stylesheets/ 41 KB
8 KB 57ms
48ms Stylesheet
text/css 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fdpdev.jbahosting.com/gov_uk/stylesheets/elements-page.min.css
Requested by: Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/Account/Login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1c8ce01ffa72aff30340c90cad4e7e116d9798ad7b64cbc2b690c719f02ab881

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/Account/Login

Response headers

content-encoding: gzip
etag: "8d6526dd50f3d81:0"
accept-ranges: bytes
content-length: 8067
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: text/css
last-modified: Tue, 08 Nov 2022 09:02:44 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 jba.css
fdpdev.jbahosting.com/Content/ 23 KB
7 KB 69ms
61ms Stylesheet
text/css 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fdpdev.jbahosting.com/Content/jba.css
Requested by: Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/Account/Login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: f9c122baf5edc3a932f1d233cfc332cce491aed55a145f8b86b524d29f94da46

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/Account/Login

Response headers

content-encoding: gzip
etag: "cdb4e7d350f3d81:0"
accept-ranges: bytes
content-length: 7124
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: text/css
last-modified: Tue, 08 Nov 2022 09:02:28 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 datatables.css
fdpdev.jbahosting.com/Content/vendor/datatables/ 16 KB
3 KB 88ms
80ms Stylesheet
text/css 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fdpdev.jbahosting.com/Content/vendor/datatables/datatables.css
Requested by: Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/Account/Login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: a91a77af60067aa2a45d78bcd50812ce6c8ee663e886017ff276e4116163761f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/Account/Login

Response headers

content-encoding: gzip
etag: "4a8299e650f3d81:0"
accept-ranges: bytes
content-length: 3138
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: text/css
last-modified: Tue, 08 Nov 2022 09:02:59 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H3 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 85ms
19ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/Account/Login

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03e5f-7918"
age: 84089
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=clVt2X0eEtt7bMq9FOTYOAIHiXLLrxrBu4XBe3xbxtDDta9pF6pitho%2BT8XkF9RZG8uDwdOq7eTYpon65zGMyaIxhE7KxeyRfkTixTuvXeaWivakYqx9ID73HjQw7gWj%2BXphSjgrZ8zUVFDFF%2FmhCs4y"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 11 Nov 2025 16:12:36 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 04 May 2020 16:10:07 GMT
vary: Accept-Encoding
priority: u=0,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8e61f6584fc9d38a-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5631
server: cloudflare

GET
H2 200 gov.uk_logotype_crown_invert_trans.png
fdpdev.jbahosting.com/gov_uk/images/ 2 KB
2 KB 71ms
70ms Image
image/png 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fdpdev.jbahosting.com/gov_uk/images/gov.uk_logotype_crown_invert_trans.png
Requested by: Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/Account/Login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 78910ec0b2d46b9f4933556ba3d6863ca9bbcbefa8a4c811dce36f7026d04de8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/Account/Login

Response headers

etag: "d2e772db50f3d81:0"
accept-ranges: bytes
content-length: 2008
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: image/png
last-modified: Tue, 08 Nov 2022 09:02:41 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 modernizr Show response
fdpdev.jbahosting.com/bundles/ 11 KB
5 KB 84ms
80ms Script
text/javascript 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fdpdev.jbahosting.com/bundles/modernizr?v=OoGgFHzAxKTawEufWfct3JaS3gGGuVx4BBltdeRBESo1
Requested by: Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/Account/Login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e579d11d0683eafe34d3e1ccc08021220b277948e9738f58b9f5f94d1c19b9cf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/Account/Login

Response headers

cache-control: public
x-aspnet-version: 4.0.30319
content-encoding: gzip
expires: Fri, 21 Nov 2025 16:12:36 GMT
content-length: 5296
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 16:12:36 GMT
vary: User-Agent,Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 jquery Show response
fdpdev.jbahosting.com/bundles/ 176 KB
78 KB 118ms
114ms Script
text/javascript 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fdpdev.jbahosting.com/bundles/jquery?v=CLcGFLdP7_gETHMx9QEOHCVmyzs362w-Yk6wP8ibkj41
Requested by: Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/Account/Login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: fc06cedf1775ebf806d30a1a876c47baaedce1993f0ba71c1c7f2d81559e6019

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/Account/Login

Response headers

cache-control: public
x-aspnet-version: 4.0.30319
content-encoding: gzip
expires: Fri, 21 Nov 2025 16:12:36 GMT
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 16:12:36 GMT
vary: User-Agent,Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 gov-uk Show response
fdpdev.jbahosting.com/bundles/ 38 KB
13 KB 71ms
70ms Script
text/javascript 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fdpdev.jbahosting.com/bundles/gov-uk?v=3MdS98dTBU2mi3ity-SkS8qYLp6hJVcnL6PnM-aADpA1
Requested by: Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/Account/Login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 74020ae298c3692123e6794e3786fc6e25852447b79b3e5d521e03fd6fa1d2b1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/Account/Login

Response headers

cache-control: public
x-aspnet-version: 4.0.30319
content-encoding: gzip
expires: Fri, 21 Nov 2025 16:12:36 GMT
content-length: 13067
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: text/javascript; charset=utf-8
last-modified: Thu, 21 Nov 2024 16:12:36 GMT
vary: User-Agent,Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 govuk-template-print.min.css
fdpdev.jbahosting.com/gov_uk/stylesheets/ 2 KB
939 B 71ms
71ms Stylesheet
text/css 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fdpdev.jbahosting.com/gov_uk/stylesheets/govuk-template-print.min.css
Requested by: Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/Account/Login
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 453e620d42df27a42bc17c7aa205965646b75ad6d79b0462d931070bdd205a20

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/Account/Login

Response headers

content-encoding: gzip
etag: "c0c94fde50f3d81:0"
accept-ranges: bytes
content-length: 857
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: text/css
last-modified: Tue, 08 Nov 2022 09:02:46 GMT
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 gov.uk_logotype_crown.png
fdpdev.jbahosting.com/gov_uk/stylesheets/images/ 780 B
882 B 36ms
36ms Image
image/png 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fdpdev.jbahosting.com/gov_uk/stylesheets/images/gov.uk_logotype_crown.png
Requested by: Host: fdpdev.jbahosting.com
URL: https://fdpdev.jbahosting.com/gov_uk/stylesheets/govuk-template.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/gov_uk/stylesheets/govuk-template.min.css

Response headers

etag: "6ed47ec50f3d81:0"
accept-ranges: bytes
content-length: 780
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: image/png
last-modified: Tue, 08 Nov 2022 09:03:09 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
DATA 200
OK truncated
/ 94 KB
94 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://fdpdev.jbahosting.com
Referer

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 71 KB
71 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://fdpdev.jbahosting.com
Referer

Response headers

Content-Type: application/font-woff

GET
H2 200 favicon.ico
fdpdev.jbahosting.com/gov_uk/images/ 4 KB
5 KB 39ms
38ms Other
image/x-icon 52.17.38.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fdpdev.jbahosting.com/gov_uk/images/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.38.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-38-56.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 8d811b8c3badbc0b0e2f6e25d3660a96cc0cca7993e6f32e98785f205fc40907

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://fdpdev.jbahosting.com/Account/Login

Response headers

etag: "f56546db50f3d81:0"
accept-ranges: bytes
content-length: 4598
date: Thu, 21 Nov 2024 16:12:36 GMT
content-type: image/x-icon
last-modified: Tue, 08 Nov 2022 09:02:40 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			fdpdev.jbahosting.com/	1969-12-31 23:59:59	Name: __RequestVerificationToken Value: d_z_6z5KyTPB3j_mzvItA0GaAUCLDD0Q-O1RHcp2c1bUR6C-EU3e5__OYxaGg0iJFKtEUBJFNHTzldkC0xSnQ9IZD35lVkg8nrnzPPREKfY1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://fdpdev.jbahosting.com/Account/Login Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
fdpdev.jbahosting.com
2606:4700::6811:190e
52.17.38.56
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6
1c8ce01ffa72aff30340c90cad4e7e116d9798ad7b64cbc2b690c719f02ab881
44d56bb670d213b4e568815636ad82dc5e67b96e3273b828a5e7d436f9d3b4a6
453e620d42df27a42bc17c7aa205965646b75ad6d79b0462d931070bdd205a20
74020ae298c3692123e6794e3786fc6e25852447b79b3e5d521e03fd6fa1d2b1
78910ec0b2d46b9f4933556ba3d6863ca9bbcbefa8a4c811dce36f7026d04de8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7ce7c2c7cbbfa1d82a5f358bbc8d50f79e93b001a045707d35974cd44ee49ed5
8d811b8c3badbc0b0e2f6e25d3660a96cc0cca7993e6f32e98785f205fc40907
a2360c3e3f0ed2712eddfd0fb6520805ef403f2976237adbf484d84f1bf956a6
a91a77af60067aa2a45d78bcd50812ce6c8ee663e886017ff276e4116163761f
c070394a056b5b59ac1768ce69c44a269fd5f8287ad58d3f970909cf58ce24a6
e579d11d0683eafe34d3e1ccc08021220b277948e9738f58b9f5f94d1c19b9cf
f9c122baf5edc3a932f1d233cfc332cce491aed55a145f8b86b524d29f94da46
fc06cedf1775ebf806d30a1a876c47baaedce1993f0ba71c1c7f2d81559e6019

fdpdev.jbahosting.com Open in urlscan Pro 52.17.38.56 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

589 kBTransfer

890 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

fdpdev.jbahosting.com Open in urlscan Pro
52.17.38.56 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

589 kB
Transfer

890 kB
Size

1
Cookies

15 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!