8r180.com Open in urlscan Pro
162.241.194.56  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request step2.php Show response 8r180.com/	9 KB 3 KB	816ms 546ms	Document text/html	162.241.194.56 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://8r180.com/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.194.56 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-194-56.unifiedlayer.com Software nginx/1.19.0 / Resource Hash ea9027c9ae61414d5696f8da0bb156f37dba16f1a5d52c06bc2322db60084d2b Request headers :method GET :authority 8r180.com :scheme https :path /step2.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 03 Dec 2020 13:32:18 GMT server nginx/1.19.0 content-type text/html; charset=UTF-8 content-length 3021 vary Accept-Encoding content-encoding gzip x-server-cache false
GET H2	200	govuk-template.css 8r180.com/assets/	21 KB 6 KB	163ms 162ms	Stylesheet text/css	162.241.194.56 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://8r180.com/assets/govuk-template.css Requested by Host: 8r180.com URL: https://8r180.com/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.194.56 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-194-56.unifiedlayer.com Software nginx/1.19.0 / Resource Hash cbe346eabd5db7c2af67efa1f0ffc686ca439990992e07ccf1c267c39ece59ed Request headers Referer https://8r180.com/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 03 Dec 2020 13:32:18 GMT content-encoding gzip last-modified Wed, 11 Nov 2020 14:05:58 GMT server nginx/1.19.0 x-server-cache false vary Accept-Encoding content-type text/css accept-ranges none content-length 5872
GET H2	200	fonts.css 8r180.com/assets/	267 KB 196 KB	283ms 282ms	Stylesheet text/css	162.241.194.56 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://8r180.com/assets/fonts.css Requested by Host: 8r180.com URL: https://8r180.com/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.194.56 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-194-56.unifiedlayer.com Software nginx/1.19.0 / Resource Hash 7f45917722737f19a1239a743cd5c161fce3a21c8bc328a648d74994750eec7d Request headers Referer https://8r180.com/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 03 Dec 2020 13:32:18 GMT content-encoding gzip last-modified Wed, 01 Jul 2020 18:44:56 GMT server nginx/1.19.0 x-server-cache false vary Accept-Encoding content-type text/css accept-ranges bytes
GET H2	200	application.min.css 8r180.com/assets/	178 KB 55 KB	431ms 430ms	Stylesheet text/css	162.241.194.56 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://8r180.com/assets/application.min.css Requested by Host: 8r180.com URL: https://8r180.com/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.194.56 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-194-56.unifiedlayer.com Software nginx/1.19.0 / Resource Hash 9429d8e33aa731afdefa9fafbc886ffcc8f12b6c453b3c8af06097cd82ba8255 Request headers Referer https://8r180.com/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 03 Dec 2020 13:32:18 GMT content-encoding gzip last-modified Wed, 11 Nov 2020 13:04:28 GMT server nginx/1.19.0 x-server-cache false vary Accept-Encoding content-type text/css accept-ranges none
GET H2	200	modernizr.js Show response 8r180.com/assets/	9 KB 4 KB	187ms 187ms	Script application/javascript	162.241.194.56 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://8r180.com/assets/modernizr.js Requested by Host: 8r180.com URL: https://8r180.com/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.194.56 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-194-56.unifiedlayer.com Software nginx/1.19.0 / Resource Hash e23c69ceee504628dafaec629ef59259bf252c82d1486a155a5da0ac26e7365e Request headers Referer https://8r180.com/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 03 Dec 2020 13:32:18 GMT content-encoding gzip last-modified Wed, 01 Jul 2020 18:48:28 GMT server nginx/1.19.0 x-server-cache false vary Accept-Encoding content-type application/javascript accept-ranges none content-length 4212
GET H2	200	jquery.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/	87 KB 28 KB	18ms 18ms	Script application/javascript	2606:4700::6810:125e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js Requested by Host: 8r180.com URL: https://8r180.com/step2.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://8r180.com/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 03 Dec 2020 13:32:18 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 90371 cross-origin-resource-policy cross-origin vary Accept-Encoding content-length 27958 cf-request-id 06ca66ce310000325808b75000000001 timing-allow-origin * last-modified Mon, 04 May 2020 23:01:39 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb09ed3-15d84" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Eo1Zp2G2%2BAHSWS%2FI24QwxCPJNxcFr3e%2BtiXRa%2Fs62WVWMNCHM9C5SMm7Iew4k2JIqWIG%2FkC4yHaLYrmKJ3SGpjnh7rWMqpvw814wNo7jVpefFeKquCbxn0bKKHLjIQY2VQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes cf-ray 5fbda729ed003258-FRA expires Tue, 23 Nov 2021 13:32:18 GMT
GET H2	200	functions.js Show response 8r180.com/includes/	540 B 405 B	176ms 176ms	Script application/javascript	162.241.194.56 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://8r180.com/includes/functions.js Requested by Host: 8r180.com URL: https://8r180.com/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.194.56 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-194-56.unifiedlayer.com Software nginx/1.19.0 / Resource Hash cf7fbba69961468018ac77381689859cef220acdd2b4a54bb290f0c193c399d9 Request headers Referer https://8r180.com/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 03 Dec 2020 13:32:18 GMT content-encoding gzip last-modified Wed, 11 Nov 2020 13:37:10 GMT server nginx/1.19.0 x-server-cache false vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 327
GET H2	200	gov.uk_logotype_crown.png 8r180.com/assets/	780 B 865 B	166ms 165ms	Image image/png	162.241.194.56 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://8r180.com/assets/gov.uk_logotype_crown.png Requested by Host: 8r180.com URL: https://8r180.com/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.194.56 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-194-56.unifiedlayer.com Software nginx/1.19.0 / Resource Hash 14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6 Request headers Referer https://8r180.com/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 03 Dec 2020 13:32:19 GMT content-length 780 last-modified Wed, 11 Nov 2020 14:02:12 GMT server nginx/1.19.0 accept-ranges bytes x-server-cache false content-type image/png
GET H2	200	ogl.png 8r180.com/assets/	761 B 815 B	183ms 182ms	Image image/png	162.241.194.56 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://8r180.com/assets/ogl.png Requested by Host: 8r180.com URL: https://8r180.com/step2.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.194.56 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-194-56.unifiedlayer.com Software nginx/1.19.0 / Resource Hash c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042 Request headers Referer https://8r180.com/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 03 Dec 2020 13:32:19 GMT content-length 761 last-modified Wed, 01 Jul 2020 18:41:42 GMT server nginx/1.19.0 accept-ranges bytes x-server-cache false content-type image/png
GET DATA	200 OK	truncated /	94 KB 94 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30 Request headers Origin https://8r180.com Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type application/font-woff
GET H2	200	hmrc_crest_18px.png 8r180.com/assets/	2 KB 2 KB	195ms 195ms	Image image/png	162.241.194.56 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://8r180.com/assets/hmrc_crest_18px.png Requested by Host: 8r180.com URL: https://8r180.com/assets/application.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.194.56 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-194-56.unifiedlayer.com Software nginx/1.19.0 / Resource Hash fd7aef78532fbfb2e32fa82c6d6276fd8fac9bc3cda21d9bf51ccc75bd935148 Request headers Referer https://8r180.com/assets/application.min.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 03 Dec 2020 13:32:19 GMT content-length 1671 last-modified Wed, 01 Jul 2020 19:54:26 GMT server nginx/1.19.0 accept-ranges bytes x-server-cache false content-type image/png
GET DATA	200 OK	truncated /	71 KB 71 KB		Font application/font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba Request headers Origin https://8r180.com Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type application/font-woff
GET H2	200	govuk-crest.png 8r180.com/assets/	4 KB 4 KB	167ms 166ms	Image image/png	162.241.194.56 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://8r180.com/assets/govuk-crest.png Requested by Host: 8r180.com URL: https://8r180.com/assets/govuk-template.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.241.194.56 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-241-194-56.unifiedlayer.com Software nginx/1.19.0 / Resource Hash bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b Request headers Referer https://8r180.com/assets/govuk-template.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 03 Dec 2020 13:32:19 GMT content-length 3584 last-modified Wed, 01 Jul 2020 18:54:26 GMT server nginx/1.19.0 accept-ranges bytes x-server-cache false content-type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| html5 object| Modernizr function| $ function| jQuery function| valid_credit_card object| card object| exp object| login

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8r180.com
cdnjs.cloudflare.com
162.241.194.56
2606:4700::6810:125e
01c73d5dd84423dd2fc30aabd1de09a86b36b6de9e2e240d954c09cbb1d97aba
048b93884a1b51d20f2a3140541d450cb6b82c6c2cf69128ea1d09fdd9699f30
14b98db97bbd6cb1f33935d3e0d973fa68ca0c38fb5762b033423ceffe9e16f6
7f45917722737f19a1239a743cd5c161fce3a21c8bc328a648d74994750eec7d
9429d8e33aa731afdefa9fafbc886ffcc8f12b6c453b3c8af06097cd82ba8255
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042
cbe346eabd5db7c2af67efa1f0ffc686ca439990992e07ccf1c267c39ece59ed
cf7fbba69961468018ac77381689859cef220acdd2b4a54bb290f0c193c399d9
e23c69ceee504628dafaec629ef59259bf252c82d1486a155a5da0ac26e7365e
ea9027c9ae61414d5696f8da0bb156f37dba16f1a5d52c06bc2322db60084d2b
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fd7aef78532fbfb2e32fa82c6d6276fd8fac9bc3cda21d9bf51ccc75bd935148