hmrc-co-uk.jebs.com.au
Open in
urlscan Pro
203.28.49.241
Malicious Activity!
Public Scan
Submission: On August 25 via manual from US — Scanned from AU
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 9th 2022. Valid for: 3 months.
This is the only time hmrc-co-uk.jebs.com.au was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 203.28.49.241 203.28.49.241 | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
8 | 1 |
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: web205.vodien.com.au
hmrc-co-uk.jebs.com.au |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
jebs.com.au
hmrc-co-uk.jebs.com.au |
34 KB |
8 | 1 |
Domain | Requested by | |
---|---|---|
8 | hmrc-co-uk.jebs.com.au |
hmrc-co-uk.jebs.com.au
|
8 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.hmrc.gov.uk |
online.hmrc.gov.uk |
customs.hmrc.gov.uk |
search.hmrc.gov.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
hmrc-co-uk.jebs.com.au cPanel, Inc. Certification Authority |
2022-07-09 - 2022-10-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://hmrc-co-uk.jebs.com.au/uk/step2.php
Frame ID: D5D4966A3198FE4F924FC985206FAB86
Requests: 8 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
Title: What's New
Search URL Search Domain Scan URL
Title: Frequently Asked Questions
Search URL Search Domain Scan URL
Title: Complaints Procedure
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Sitemap
Search URL Search Domain Scan URL
Title: Search
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
step2.php
hmrc-co-uk.jebs.com.au/uk/ |
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nou.js
hmrc-co-uk.jebs.com.au/uk/ |
12 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aha.css
hmrc-co-uk.jebs.com.au/uk/a/ |
43 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r.css
hmrc-co-uk.jebs.com.au/uk/a/ |
3 KB 827 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
digitalLogo.png
hmrc-co-uk.jebs.com.au/uk/a/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
digitalLogo-print.png
hmrc-co-uk.jebs.com.au/uk/a/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a.css
hmrc-co-uk.jebs.com.au/uk/a/ |
851 B 518 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
processArrow.gif
hmrc-co-uk.jebs.com.au/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| Validator function| set_addnl_vfunction function| clear_all_validations function| form_submit_handler function| add_validation function| ValidationDesc function| vdesc_validate function| ValidationSet function| add_validationdesc function| vset_validate function| validateEmailv2 function| mod10 function| V2validateData object| frmvalidator0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hmrc-co-uk.jebs.com.au
203.28.49.241
0cca8e3229f9e7d6f463ae4339a87dc393694106fbf1cc65e0bbc0ae9ba5d9a1
262eaf7275ebb93f5f694f63f8675d258612f25a3a50f1ecc91ded16afbe8db1
3356a61c0f4d13127a0d3f08b24895018780f9bc0448819b0f9ba28f18b173b7
4e6142a730d137e01c89e8a5468116f3ff027d047c3bc5f30ba791562a06e1c9
a78b429e90973dbf3ce404b8f0d025eadf470cf4e1ef0f8e8b22d830791aeb6f
b072c44bfab6dbc45edf4cc19cedf2ae1ec20678d80a25ab29d1cc24063aab64
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dc58b2fd87fbd8525449b5ca9ec8abbb0378d4de7921b67fae244f01c83cac11