![](/screenshots/2cabe07a-b8ed-4714-9747-ffd006fcbdac.png)
determined-nobel.85-31-45-206.plesk.page
Open in
urlscan Pro
85.31.45.206
Malicious Activity!
Private Scan
Effective URL: https://determined-nobel.85-31-45-206.plesk.page/las/web.php
Submission: On March 25 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 6th 2023. Valid for: 3 months.
This is the only time determined-nobel.85-31-45-206.plesk.page was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Australian Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 10 | 85.31.45.206 85.31.45.206 | 211252 (AS_DELIS) (AS_DELIS) | |
8 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
plesk.page
2 redirects
determined-nobel.85-31-45-206.plesk.page |
158 KB |
8 | 1 |
Domain | Requested by | |
---|---|---|
10 | determined-nobel.85-31-45-206.plesk.page |
2 redirects
determined-nobel.85-31-45-206.plesk.page
|
8 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
determined-nobel.85-31-45-206.plesk.page R3 |
2023-03-06 - 2023-06-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://determined-nobel.85-31-45-206.plesk.page/las/web.php
Frame ID: 8BFB9EA3DAEC6D37D847932CF5AB7F26
Requests: 8 HTTP requests in this frame
Screenshot
![](/screenshots/2cabe07a-b8ed-4714-9747-ffd006fcbdac.png)
Page Title
Sign in with myGov - myGovPage URL History Show full URLs
-
http://determined-nobel.85-31-45-206.plesk.page/
HTTP 307
https://determined-nobel.85-31-45-206.plesk.page/ HTTP 302
https://determined-nobel.85-31-45-206.plesk.page/las/ HTTP 302
https://determined-nobel.85-31-45-206.plesk.page/las/web.php Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://determined-nobel.85-31-45-206.plesk.page/
HTTP 307
https://determined-nobel.85-31-45-206.plesk.page/ HTTP 302
https://determined-nobel.85-31-45-206.plesk.page/las/ HTTP 302
https://determined-nobel.85-31-45-206.plesk.page/las/web.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
web.php
determined-nobel.85-31-45-206.plesk.page/las/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
determined-nobel.85-31-45-206.plesk.page/las/files/ |
16 KB 902 B |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mgv2-application.css
determined-nobel.85-31-45-206.plesk.page/las/files/ |
123 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blugov.css
determined-nobel.85-31-45-206.plesk.page/las/files/ |
69 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
myGov-cobranded-logo-black.svg
determined-nobel.85-31-45-206.plesk.page/las/files/ |
63 KB 63 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
myGov-cobranded-logo-white.svg
determined-nobel.85-31-45-206.plesk.page/las/files/ |
63 KB 63 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blugov-left-chevron-dark.svg
determined-nobel.85-31-45-206.plesk.page/las/files/ |
256 B 428 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-blugov-info.svg
determined-nobel.85-31-45-206.plesk.page/las/files/ |
808 B 808 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Australian Government (Government)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
determined-nobel.85-31-45-206.plesk.page
85.31.45.206
00b399de3012a5f809a1fb531286f8cdb5e7671e865f0423a0ba0dfffcc8d9c5
10b11a7c97b90bcf7ad520ac94c5769d08540ce1ee3b84d487c587bf128e3388
6b029a47a7bb72e8b70cf436b83d904b8a366fd360d12b4d8917c9f59e4b7d46
954aa858b3bffb8511bc41bc88b07d2b24597c37faf522550e26c9aa3b0d220d
af454d272466fa84c77ca8028e0b8b8bcc0a193ad4401dfcddbad07dc2dabcfc
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
ca72017bbc6457c0fadb84afe2d0657e7a6d2455d8a1def279221c12ed892c3a
f332c2b3680e3d4a7c1830fa0c76be4473cf088ea055ffc332781cea8db50fdc