determined-nobel.85-31-45-206.plesk.page Open in urlscan Pro
85.31.45.206 Malicious Activity! Private Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://determined-nobel.85-31-45-206.plesk.page/
Effective URL:
https://determined-nobel.85-31-45-206.plesk.page/las/web.php
Submission: On March 25 via api (March 25th 2023, 2:44:58 am UTC) from DE — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 85.31.45.206, located in United States and belongs to AS_DELIS, US. The main domain is determined-nobel.85-31-45-206.plesk.page.
TLS certificate: Issued by R3 on March 6th 2023. Valid for: 3 months.

This is the only time determined-nobel.85-31-45-206.plesk.page was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australian Government (Government)

Domain & IP information

	IP Address		AS Autonomous System
2 10	85.31.45.206 85.31.45.206		211252 (AS_DELIS) (AS_DELIS)
8	1

10 85.31.45.206 (United States) 2 redirects

ASN211252 (AS_DELIS, US)

determined-nobel.85-31-45-206.plesk.page	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	plesk.page 2 redirects determined-nobel.85-31-45-206.plesk.page	158 KB
8	1

	Domain	Requested by
10	determined-nobel.85-31-45-206.plesk.page	2 redirects determined-nobel.85-31-45-206.plesk.page
8	1

This site contains no links.

Subject Issuer	Validity	Valid
determined-nobel.85-31-45-206.plesk.page R3	`2023-03-06` - `2023-06-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://determined-nobel.85-31-45-206.plesk.page/las/web.php
Frame ID: 8BFB9EA3DAEC6D37D847932CF5AB7F26
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in with myGov - myGov

Page URL History Show full URLs

http://determined-nobel.85-31-45-206.plesk.page/ HTTP 307
https://determined-nobel.85-31-45-206.plesk.page/ HTTP 302
https://determined-nobel.85-31-45-206.plesk.page/las/ HTTP 302
https://determined-nobel.85-31-45-206.plesk.page/las/web.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

158 kB
Transfer

340 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://determined-nobel.85-31-45-206.plesk.page/ HTTP 307
https://determined-nobel.85-31-45-206.plesk.page/ HTTP 302
https://determined-nobel.85-31-45-206.plesk.page/las/ HTTP 302
https://determined-nobel.85-31-45-206.plesk.page/las/web.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request web.php Show response determined-nobel.85-31-45-206.plesk.page/las/ Redirect Chain http://determined-nobel.85-31-45-206.plesk.page/ https://determined-nobel.85-31-45-206.plesk.page/ https://determined-nobel.85-31-45-206.plesk.page/las/ https://determined-nobel.85-31-45-206.plesk.page/las/web.php	6 KB 2 KB	948ms 948ms	Document text/html	85.31.45.206 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://determined-nobel.85-31-45-206.plesk.page/las/web.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.31.45.206 , United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PHP/7.4.33 PleskLin Resource Hash `f332c2b3680e3d4a7c1830fa0c76be4473cf088ea055ffc332781cea8db50fdc` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type text/html; charset=UTF-8 date Sat, 25 Mar 2023 02:44:53 GMT server nginx x-powered-by PHP/7.4.33 PleskLin Redirect headers content-length 0 content-type text/html; charset=UTF-8 date Sat, 25 Mar 2023 02:44:52 GMT location ./web.php server nginx x-powered-by PHP/7.4.33 PleskLin
GET H2	200	css determined-nobel.85-31-45-206.plesk.page/las/files/	16 KB 902 B	58ms 57ms	Stylesheet text/plain	85.31.45.206 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://determined-nobel.85-31-45-206.plesk.page/las/files/css Requested by Host: determined-nobel.85-31-45-206.plesk.page URL: https://determined-nobel.85-31-45-206.plesk.page/las/web.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.31.45.206 , United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash `00b399de3012a5f809a1fb531286f8cdb5e7671e865f0423a0ba0dfffcc8d9c5` Request headers accept-language de-DE,de;q=0.9 Referer https://determined-nobel.85-31-45-206.plesk.page/las/web.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Sat, 25 Mar 2023 02:44:53 GMT content-encoding br last-modified Fri, 09 Dec 2022 16:32:32 GMT server nginx etag W/"63936320-3e92" x-powered-by PleskLin content-type text/plain
GET H2	200	mgv2-application.css determined-nobel.85-31-45-206.plesk.page/las/files/	123 KB 19 KB	107ms 106ms	Stylesheet text/css	85.31.45.206 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://determined-nobel.85-31-45-206.plesk.page/las/files/mgv2-application.css Requested by Host: determined-nobel.85-31-45-206.plesk.page URL: https://determined-nobel.85-31-45-206.plesk.page/las/web.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.31.45.206 , United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash `6b029a47a7bb72e8b70cf436b83d904b8a366fd360d12b4d8917c9f59e4b7d46` Request headers accept-language de-DE,de;q=0.9 Referer https://determined-nobel.85-31-45-206.plesk.page/las/web.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Sat, 25 Mar 2023 02:44:53 GMT content-encoding br last-modified Fri, 09 Dec 2022 16:32:32 GMT server nginx etag W/"63936320-1ea0b" x-powered-by PleskLin content-type text/css
GET H2	200	blugov.css determined-nobel.85-31-45-206.plesk.page/las/files/	69 KB 9 KB	107ms 107ms	Stylesheet text/css	85.31.45.206 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://determined-nobel.85-31-45-206.plesk.page/las/files/blugov.css Requested by Host: determined-nobel.85-31-45-206.plesk.page URL: https://determined-nobel.85-31-45-206.plesk.page/las/web.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.31.45.206 , United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash `ca72017bbc6457c0fadb84afe2d0657e7a6d2455d8a1def279221c12ed892c3a` Request headers accept-language de-DE,de;q=0.9 Referer https://determined-nobel.85-31-45-206.plesk.page/las/web.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Sat, 25 Mar 2023 02:44:53 GMT content-encoding br last-modified Fri, 09 Dec 2022 19:27:10 GMT server nginx etag W/"63938c0e-113c1" x-powered-by PleskLin content-type text/css
GET H2	200	myGov-cobranded-logo-black.svg determined-nobel.85-31-45-206.plesk.page/las/files/	63 KB 63 KB	135ms 134ms	Image image/svg+xml	85.31.45.206 AS_DELIS
General Check archive.org Show headers Download Go to Show image Full URL https://determined-nobel.85-31-45-206.plesk.page/las/files/myGov-cobranded-logo-black.svg Requested by Host: determined-nobel.85-31-45-206.plesk.page URL: https://determined-nobel.85-31-45-206.plesk.page/las/web.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.31.45.206 , United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash `954aa858b3bffb8511bc41bc88b07d2b24597c37faf522550e26c9aa3b0d220d` Request headers accept-language de-DE,de;q=0.9 Referer https://determined-nobel.85-31-45-206.plesk.page/las/web.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Sat, 25 Mar 2023 02:44:53 GMT last-modified Fri, 09 Dec 2022 16:32:32 GMT server nginx etag "63936320-fa8f" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 64143
GET H2	200	myGov-cobranded-logo-white.svg determined-nobel.85-31-45-206.plesk.page/las/files/	63 KB 63 KB	134ms 134ms	Image image/svg+xml	85.31.45.206 AS_DELIS
General Check archive.org Show headers Download Go to Show image Full URL https://determined-nobel.85-31-45-206.plesk.page/las/files/myGov-cobranded-logo-white.svg Requested by Host: determined-nobel.85-31-45-206.plesk.page URL: https://determined-nobel.85-31-45-206.plesk.page/las/web.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.31.45.206 , United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash `10b11a7c97b90bcf7ad520ac94c5769d08540ce1ee3b84d487c587bf128e3388` Request headers accept-language de-DE,de;q=0.9 Referer https://determined-nobel.85-31-45-206.plesk.page/las/web.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Sat, 25 Mar 2023 02:44:53 GMT last-modified Fri, 09 Dec 2022 16:32:32 GMT server nginx etag "63936320-fa8c" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 64140
GET H2	200	blugov-left-chevron-dark.svg determined-nobel.85-31-45-206.plesk.page/las/files/	256 B 428 B	76ms 76ms	Image image/svg+xml	85.31.45.206 AS_DELIS
General Check archive.org Show headers Download Go to Show image Full URL https://determined-nobel.85-31-45-206.plesk.page/las/files/blugov-left-chevron-dark.svg Requested by Host: determined-nobel.85-31-45-206.plesk.page URL: https://determined-nobel.85-31-45-206.plesk.page/las/files/blugov.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.31.45.206 , United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash `af454d272466fa84c77ca8028e0b8b8bcc0a193ad4401dfcddbad07dc2dabcfc` Request headers accept-language de-DE,de;q=0.9 Referer https://determined-nobel.85-31-45-206.plesk.page/las/files/blugov.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Sat, 25 Mar 2023 02:44:53 GMT last-modified Fri, 09 Dec 2022 19:26:48 GMT server nginx x-accel-version 0.01 etag "100-5ef6a2280ee00" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 256
GET H2	404	icon-blugov-info.svg determined-nobel.85-31-45-206.plesk.page/las/files/	808 B 808 B	76ms 76ms	Image text/html	85.31.45.206 AS_DELIS
General Check archive.org Show headers Download Go to Show image Full URL https://determined-nobel.85-31-45-206.plesk.page/las/files/icon-blugov-info.svg Requested by Host: determined-nobel.85-31-45-206.plesk.page URL: https://determined-nobel.85-31-45-206.plesk.page/las/files/blugov.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 85.31.45.206 , United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers accept-language de-DE,de;q=0.9 Referer https://determined-nobel.85-31-45-206.plesk.page/las/files/blugov.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers date Sat, 25 Mar 2023 02:44:53 GMT content-encoding br last-modified Fri, 17 Feb 2023 01:26:47 GMT server nginx etag W/"328-5f4db34ff44e3" content-type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australian Government (Government)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://determined-nobel.85-31-45-206.plesk.page/las/files/icon-blugov-info.svg Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

determined-nobel.85-31-45-206.plesk.page
85.31.45.206
00b399de3012a5f809a1fb531286f8cdb5e7671e865f0423a0ba0dfffcc8d9c5
10b11a7c97b90bcf7ad520ac94c5769d08540ce1ee3b84d487c587bf128e3388
6b029a47a7bb72e8b70cf436b83d904b8a366fd360d12b4d8917c9f59e4b7d46
954aa858b3bffb8511bc41bc88b07d2b24597c37faf522550e26c9aa3b0d220d
af454d272466fa84c77ca8028e0b8b8bcc0a193ad4401dfcddbad07dc2dabcfc
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
ca72017bbc6457c0fadb84afe2d0657e7a6d2455d8a1def279221c12ed892c3a
f332c2b3680e3d4a7c1830fa0c76be4473cf088ea055ffc332781cea8db50fdc

determined-nobel.85-31-45-206.plesk.page Open in urlscan Pro 85.31.45.206 Malicious Activity! Private Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

158 kBTransfer

340 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

determined-nobel.85-31-45-206.plesk.page Open in urlscan Pro
85.31.45.206 Malicious Activity! Private Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

158 kB
Transfer

340 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!