x56.54c.mywebsitetransfer.com
Open in
urlscan Pro
173.201.185.78
Malicious Activity!
Public Scan
Effective URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/
Submission: On August 22 via manual — Scanned from AU
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 18th 2023. Valid for: 3 months.
This is the only time x56.54c.mywebsitetransfer.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Australian Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 104.21.56.84 104.21.56.84 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 172.67.181.177 172.67.181.177 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 22 | 173.201.185.78 173.201.185.78 | 398101 (GO-DADDY-...) (GO-DADDY-COM-LLC) | |
18 | 2 |
ASN398101 (GO-DADDY-COM-LLC, US)
PTR: ip-173-201-185-78.ip.secureserver.net
x56.54c.mywebsitetransfer.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
mywebsitetransfer.com
5 redirects
x56.54c.mywebsitetransfer.com |
248 KB |
2 |
go.ly
2 redirects
go.ly |
1 KB |
18 | 2 |
Domain | Requested by | |
---|---|---|
22 | x56.54c.mywebsitetransfer.com |
5 redirects
x56.54c.mywebsitetransfer.com
|
2 | go.ly | 2 redirects |
18 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
login.my.gov.au |
beta.my.gov.au |
www.digitalidentity.gov.au |
www.mygovid.gov.au |
australia.gov.au |
Subject Issuer | Validity | Valid | |
---|---|---|---|
x56.54c.mywebsitetransfer.com cPanel, Inc. Certification Authority |
2023-08-18 - 2023-11-16 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/
Frame ID: A4E313F41A0C1F84FC445B226F3C3C1F
Requests: 15 HTTP requests in this frame
Frame:
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/saved_resource.html
Frame ID: 2781ED5E612B709909551ACA329D8713
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
Sign-in - myGovPage URL History Show full URLs
-
http://go.ly/rmgAx
HTTP 301
https://go.ly/rmgAx HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme/ HTTP 302
https://x56.54c.mywebsitetransfer.com/austrabeme/ams HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/ HTTP 302
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Page URL
Page Statistics
18 Outgoing links
These are links going to different origins than the main page.
Title: Skip to Ask a question
Search URL Search Domain Scan URL
Title: myGov Beta
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Forgot username
Search URL Search Domain Scan URL
Title: Forgot password
Search URL Search Domain Scan URL
Title: Continue with Digital Identity
Search URL Search Domain Scan URL
Title: create a myGov account
Search URL Search Domain Scan URL
Title: Digital Identity
Search URL Search Domain Scan URL
Title: myGovID
Search URL Search Domain Scan URL
Title: australia.gov.au
Search URL Search Domain Scan URL
Title: About myGov
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Copyright
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://go.ly/rmgAx
HTTP 301
https://go.ly/rmgAx HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme/ HTTP 302
https://x56.54c.mywebsitetransfer.com/austrabeme/ams HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/ HTTP 302
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Redirect Chain
|
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_ICA2Vfghjqrux_10239220408103229.js.download
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ |
243 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mgv2-application.css
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ |
122 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
austgovt-inline-white.svg
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ |
113 KB 33 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mygov-logo.svg
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dismiss-x.svg
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ |
839 B 462 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-external-link-blue.svg
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ |
742 B 502 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
austgovt-inline.svg
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ |
71 KB 26 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mgv2-vendor.js.download
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ |
148 KB 48 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mgv2-application.js.download
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ |
74 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js.download
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ |
2 KB 641 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
link-arrow.svg
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/icons/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
saved_resource.html
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ Frame 2781 |
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
va_arrowup.svg
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/icons/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vagt
x56.54c.mywebsitetransfer.com/mga/sps/apiauthsvc/policy/ |
315 B 366 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors_main.8221d08a72d89a078615.js.download
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ Frame 2781 |
2 MB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.edd90a1d2353255129c9.js.download
x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ Frame 2781 |
31 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST |
rb_6de8e2e9-6719-45b3-86be-7effcb9f6525
x56.54c.mywebsitetransfer.com/LoginServices/main/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- x56.54c.mywebsitetransfer.com
- URL
- https://x56.54c.mywebsitetransfer.com/LoginServices/main/rb_6de8e2e9-6719-45b3-86be-7effcb9f6525?type=js3&sn=v_4_srv_-2D6_sn_NG0C61LPFA81FFK5SEQ9M8EGM443OOOS&svrid=-6&flavor=post&vi=MKKABWUIAHNRDUHRKMLJGIKUTJNWWTPC-0&modifiedSince=1659407691239&rf=https%3A%2F%2Fx56.54c.mywebsitetransfer.com%2Faustrabeme%2Fams%2Ff6be32b56f28203a8a0c%2F&bp=3&app=5f15dc81410a75c1&crc=4053351979&en=gpalpirq&end=1
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Australian Government (Government)91 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| documentPictureInPicture object| dT_ object| dtrum function| $ function| moment function| cleanDefaultValues function| setMandatoryValues function| findInfoOrErrorParent function| findSuccessParent function| clearMessageType function| setErrorParent object| formHelper function| getGreetingTime function| initPinToggle function| setPinShow function| setPinHide boolean| va_isMaximised boolean| va_isOpen boolean| va_isMobile undefined| va_pushTimeout boolean| va_chatStarted string| titleBarTitle string| headingTitle function| getMobileHeader function| getDesktopHeader function| getAltText function| setAltText function| calcRightMargin function| insertDiv function| insertIframe function| determineContext function| insertIframeSrc function| setIFrameSrc function| sendGoogleAnalyltics function| addTimer function| disableBGScrolling function| enableBGScrolling function| toggleVAMobile function| addOnClickMobile function| isWindowMobile function| responsiveResize function| toggleVADesktop function| addOnClickDesktop function| addOnResize function| resizeVA function| addOnBackwardsTabbing function| loopFocusBackwardWithError function| addSkipToConversationTabListener function| addOnSkipToConversation function| addSkipToBot function| hideSkipToConversation function| skipToSkipToConversation function| skipToResizeIcon function| postMessageToIframe function| addListenerForIframe function| addDigitalAssistant function| scrollPageToBottom function| isIE function| newShowIdentityModal function| ignoreSubmit function| handleKeyboardInput function| trapFocusPrimary function| removeSelection function| trapFocusSecondary function| keyboardDismiss function| enableProgressButton function| summonSecondModal function| hideSecondaryModal function| harshHideIdentityModal function| fadeOutBackground function| newHideIdentityModal undefined| lastInteractionDate undefined| timeoutEventId function| getToken function| isValidToken function| parseToken function| checkAuthenticated function| setDAsource function| recordBotInteraction function| initiateNewConversation object| storage function| isWebView object| global function| priorityLookup function| compareDates function| getTopAlert function| getTopBroadcast function| displayBroadcast7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
x56.54c.mywebsitetransfer.com/ | Name: PHPSESSID Value: 823479f2fd869cd33c5eab7eb18784ad |
|
.mywebsitetransfer.com/ | Name: dtCookie Value: v_4_srv_-2D6_sn_NG0C61LPFA81FFK5SEQ9M8EGM443OOOS |
|
.mywebsitetransfer.com/ | Name: rxVisitor Value: 1692668676361PIPRVCAUTD3O5G5TFQTEIHQ0PMU8BV24 |
|
.mywebsitetransfer.com/ | Name: dtLatC Value: 2747 |
|
.mywebsitetransfer.com/ | Name: dtSa Value: - |
|
.mywebsitetransfer.com/ | Name: rxvt Value: 1692670477350|1692668676363 |
|
.mywebsitetransfer.com/ | Name: dtPC Value: -6$68676357_21h1vMKKABWUIAHNRDUHRKMLJGIKUTJNWWTPC-0e0 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
go.ly
x56.54c.mywebsitetransfer.com
x56.54c.mywebsitetransfer.com
104.21.56.84
172.67.181.177
173.201.185.78
0b4c8ea1d01a3a04fd23a1e4564a956964006ac5288461327caa1fedee4cc1df
0fb5ae1c24514ad48f8e743a87eee447b573a30aeb7d8ce16cebf4d5ead810b0
2bedda083bdbe6820e493159f1e3e27146b96ef6840094bd74447925e8c66e26
3398bdeeb65157116e93bdeef72d320cb5d90700b149a62f60ff1dcb2ac8f9a5
42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721
5867b8cda07f59ffb9ba08ce2f8961801afbdc974a1a9f88b839b909d1ff2cb7
91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb
a3e9863b69280adb1c01eb12d33cb2fbaeecd5423e15400caad5ff4a5e4aeac9
a5b2581b953d8504daeab4c2b2fa009544a019ac2754ce8ead7b95d0adfb896d
b1db208eccaff3c55bfc85ccd505174b6223f3ec427e38739bac3b487121b814
bfbb8c3288312fe27cba0cdd45fe392f7f8af33c3d61c78b133744c7b494c8e8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e470bb1617b294c5f4c8c456278f819d1640b90c2c15e5d237d3c0683aa32a22
e8d0781b70b1c2db3eb0ac367588de1c4e9a8d6126f1c8695a08580d83cd2683