hmrc-co-uk.jebs.com.au Open in urlscan Pro
203.28.49.241  Malicious Activity! Public Scan

6 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request step2.php Show response hmrc-co-uk.jebs.com.au/uk/	6 KB 2 KB	428ms 217ms	Document text/html	203.28.49.241 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://hmrc-co-uk.jebs.com.au/uk/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 203.28.49.241 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS web205.vodien.com.au Software Apache / Resource Hash 4e6142a730d137e01c89e8a5468116f3ff027d047c3bc5f30ba791562a06e1c9 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers content-encoding gzip content-length 2303 content-type text/html; charset=UTF-8 date Thu, 25 Aug 2022 20:12:14 GMT server Apache vary Accept-Encoding
GET H2	200	nou.js Show response hmrc-co-uk.jebs.com.au/uk/	12 KB 3 KB	103ms 102ms	Script application/javascript	203.28.49.241 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://hmrc-co-uk.jebs.com.au/uk/nou.js Requested by Host: hmrc-co-uk.jebs.com.au URL: https://hmrc-co-uk.jebs.com.au/uk/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 203.28.49.241 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS web205.vodien.com.au Software Apache / Resource Hash 0cca8e3229f9e7d6f463ae4339a87dc393694106fbf1cc65e0bbc0ae9ba5d9a1 Request headers accept-language en-AU,en;q=0.9 Referer https://hmrc-co-uk.jebs.com.au/uk/step2.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Thu, 25 Aug 2022 20:12:14 GMT content-encoding gzip last-modified Thu, 18 Oct 2018 13:26:45 GMT server Apache vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 2889
GET H2	200	aha.css hmrc-co-uk.jebs.com.au/uk/a/	43 KB 14 KB	202ms 201ms	Stylesheet text/css	203.28.49.241 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://hmrc-co-uk.jebs.com.au/uk/a/aha.css Requested by Host: hmrc-co-uk.jebs.com.au URL: https://hmrc-co-uk.jebs.com.au/uk/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 203.28.49.241 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS web205.vodien.com.au Software Apache / Resource Hash dc58b2fd87fbd8525449b5ca9ec8abbb0378d4de7921b67fae244f01c83cac11 Request headers accept-language en-AU,en;q=0.9 Referer https://hmrc-co-uk.jebs.com.au/uk/step2.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Thu, 25 Aug 2022 20:12:14 GMT content-encoding gzip last-modified Thu, 18 Oct 2018 13:26:33 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges bytes content-length 14489
GET H2	200	r.css hmrc-co-uk.jebs.com.au/uk/a/	3 KB 827 B	103ms 102ms	Stylesheet text/css	203.28.49.241 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://hmrc-co-uk.jebs.com.au/uk/a/r.css Requested by Host: hmrc-co-uk.jebs.com.au URL: https://hmrc-co-uk.jebs.com.au/uk/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 203.28.49.241 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS web205.vodien.com.au Software Apache / Resource Hash 262eaf7275ebb93f5f694f63f8675d258612f25a3a50f1ecc91ded16afbe8db1 Request headers accept-language en-AU,en;q=0.9 Referer https://hmrc-co-uk.jebs.com.au/uk/step2.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Thu, 25 Aug 2022 20:12:14 GMT content-encoding gzip last-modified Thu, 18 Oct 2018 13:26:36 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges bytes content-length 765
GET H2	200	digitalLogo.png hmrc-co-uk.jebs.com.au/uk/a/	7 KB 7 KB	101ms 101ms	Image image/png	203.28.49.241 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Show image Full URL https://hmrc-co-uk.jebs.com.au/uk/a/digitalLogo.png Requested by Host: hmrc-co-uk.jebs.com.au URL: https://hmrc-co-uk.jebs.com.au/uk/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 203.28.49.241 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS web205.vodien.com.au Software Apache / Resource Hash b072c44bfab6dbc45edf4cc19cedf2ae1ec20678d80a25ab29d1cc24063aab64 Request headers accept-language en-AU,en;q=0.9 Referer https://hmrc-co-uk.jebs.com.au/uk/step2.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Thu, 25 Aug 2022 20:12:14 GMT last-modified Thu, 18 Oct 2018 13:26:40 GMT server Apache accept-ranges bytes content-length 6823 content-type image/png
GET H2	200	digitalLogo-print.png hmrc-co-uk.jebs.com.au/uk/a/	6 KB 6 KB	102ms 101ms	Image image/png	203.28.49.241 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Show image Full URL https://hmrc-co-uk.jebs.com.au/uk/a/digitalLogo-print.png Requested by Host: hmrc-co-uk.jebs.com.au URL: https://hmrc-co-uk.jebs.com.au/uk/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 203.28.49.241 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS web205.vodien.com.au Software Apache / Resource Hash a78b429e90973dbf3ce404b8f0d025eadf470cf4e1ef0f8e8b22d830791aeb6f Request headers accept-language en-AU,en;q=0.9 Referer https://hmrc-co-uk.jebs.com.au/uk/step2.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Thu, 25 Aug 2022 20:12:14 GMT last-modified Thu, 18 Oct 2018 13:26:34 GMT server Apache accept-ranges bytes content-length 6027 content-type image/png
GET H2	200	a.css hmrc-co-uk.jebs.com.au/uk/a/	851 B 518 B	102ms 102ms	Stylesheet text/css	203.28.49.241 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Full URL https://hmrc-co-uk.jebs.com.au/uk/a/a.css Requested by Host: hmrc-co-uk.jebs.com.au URL: https://hmrc-co-uk.jebs.com.au/uk/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 203.28.49.241 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS web205.vodien.com.au Software Apache / Resource Hash 3356a61c0f4d13127a0d3f08b24895018780f9bc0448819b0f9ba28f18b173b7 Request headers accept-language en-AU,en;q=0.9 Referer https://hmrc-co-uk.jebs.com.au/uk/step2.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Thu, 25 Aug 2022 20:12:14 GMT content-encoding gzip last-modified Thu, 18 Oct 2018 13:26:32 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges bytes content-length 463
GET H2	404	processArrow.gif hmrc-co-uk.jebs.com.au/images/	315 B 315 B	101ms 98ms	Image text/html	203.28.49.241 DREAMSCAPE-AS-AP ...
General Check archive.org Show headers Download Go to Show image Full URL https://hmrc-co-uk.jebs.com.au/images/processArrow.gif Requested by Host: hmrc-co-uk.jebs.com.au URL: https://hmrc-co-uk.jebs.com.au/uk/a/aha.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 203.28.49.241 , Australia, ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU), Reverse DNS web205.vodien.com.au Software Apache / Resource Hash d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Request headers accept-language en-AU,en;q=0.9 Referer https://hmrc-co-uk.jebs.com.au/uk/a/aha.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36 Response headers date Thu, 25 Aug 2022 20:12:14 GMT server Apache content-length 315 content-type text/html; charset=iso-8859-1

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| Validator function| set_addnl_vfunction function| clear_all_validations function| form_submit_handler function| add_validation function| ValidationDesc function| vdesc_validate function| ValidationSet function| add_validationdesc function| vset_validate function| validateEmailv2 function| mod10 function| V2validateData object| frmvalidator

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://hmrc-co-uk.jebs.com.au/images/processArrow.gif Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hmrc-co-uk.jebs.com.au
203.28.49.241
0cca8e3229f9e7d6f463ae4339a87dc393694106fbf1cc65e0bbc0ae9ba5d9a1
262eaf7275ebb93f5f694f63f8675d258612f25a3a50f1ecc91ded16afbe8db1
3356a61c0f4d13127a0d3f08b24895018780f9bc0448819b0f9ba28f18b173b7
4e6142a730d137e01c89e8a5468116f3ff027d047c3bc5f30ba791562a06e1c9
a78b429e90973dbf3ce404b8f0d025eadf470cf4e1ef0f8e8b22d830791aeb6f
b072c44bfab6dbc45edf4cc19cedf2ae1ec20678d80a25ab29d1cc24063aab64
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dc58b2fd87fbd8525449b5ca9ec8abbb0378d4de7921b67fae244f01c83cac11