x56.54c.mywebsitetransfer.com Open in urlscan Pro
173.201.185.78 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://go.ly/rmgAx
Effective URL:
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/
Submission: On August 22 via manual (August 22nd 2023, 1:44:42 am UTC) — Scanned from AU

Summary HTTP 18 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 18 HTTP transactions. The main IP is 173.201.185.78, located in United States and belongs to GO-DADDY-COM-LLC, US. The main domain is x56.54c.mywebsitetransfer.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 18th 2023. Valid for: 3 months.

This is the only time x56.54c.mywebsitetransfer.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australian Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.21.56.84 104.21.56.84	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.67.181.177 172.67.181.177	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5 22	173.201.185.78 173.201.185.78	398101 (GO-DADDY-...) (GO-DADDY-COM-LLC)
18	2

1 104.21.56.84 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

go.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.181.177 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

go.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 173.201.185.78 (United States) 5 redirects

ASN398101 (GO-DADDY-COM-LLC, US)
PTR: ip-173-201-185-78.ip.secureserver.net

x56.54c.mywebsitetransfer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	mywebsitetransfer.com 5 redirects x56.54c.mywebsitetransfer.com	248 KB
2	go.ly 2 redirects go.ly	1 KB
18	2

	Domain	Requested by
22	x56.54c.mywebsitetransfer.com	5 redirects x56.54c.mywebsitetransfer.com
2	go.ly	2 redirects
18	2

This site contains links to these domains. Also see Links.

Domain
login.my.gov.au
beta.my.gov.au
www.digitalidentity.gov.au
www.mygovid.gov.au
australia.gov.au

Subject Issuer	Validity	Valid
x56.54c.mywebsitetransfer.com cPanel, Inc. Certification Authority	`2023-08-18` - `2023-11-16`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/
Frame ID: A4E313F41A0C1F84FC445B226F3C3C1F
Requests: 15 HTTP requests in this frame

Frame: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/saved_resource.html
Frame ID: 2781ED5E612B709909551ACA329D8713
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign-in - myGov

Page URL History Show full URLs

http://go.ly/rmgAx HTTP 301
https://go.ly/rmgAx HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme/ HTTP 302
https://x56.54c.mywebsitetransfer.com/austrabeme/ams HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/ HTTP 302
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Page URL

Page Statistics

18
Requests

94 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

248 kB
Transfer

2894 kB
Size

7
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://login.my.gov.au/LoginServices/main/login?execution=e2s1
Title: Skip to Ask a question

Search URL Search Domain Scan URL

URL: https://beta.my.gov.au/?utm_source=blue&utm_medium=banner&utm_campaign=myGov&utm_id=beta&cid=mygovbeta_banner_green_unauth
Title: myGov Beta

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/mygov

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/CredentialManager/recoverUserId.jsp?Origin=&Return=/sps/auth&Login=true
Title: Forgot username

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/CredentialManager/resetPassword.jsp?Origin=&Return=/sps/auth&Login=true
Title: Forgot password

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/LoginServices/main/login?execution=e2s1&_eventId=digitalIdentity
Title: Continue with Digital Identity

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/EnrolService/register.jsp?login=true&Return=/mga/sps/auth
Title: create a myGov account

Search URL Search Domain Scan URL

URL: https://www.digitalidentity.gov.au/
Title: Digital Identity

Search URL Search Domain Scan URL

URL: https://www.mygovid.gov.au/
Title: myGovID

Search URL Search Domain Scan URL

URL: https://australia.gov.au/
Title: australia.gov.au

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/mygov/content/html/about.html
Title: About myGov

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/mygov/content/html/contact.html
Title: Contact us

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/mygov/content/html/terms.html
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/mygov/content/html/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/mygov/content/html/copyright.html
Title: Copyright

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/mygov/content/html/security.html
Title: Security

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/mygov/content/html/accessibility.html
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://login.my.gov.au/mygov/content/html/help.html
Title: Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://go.ly/rmgAx HTTP 301
https://go.ly/rmgAx HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme/ HTTP 302
https://x56.54c.mywebsitetransfer.com/austrabeme/ams HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/ HTTP 302
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c HTTP 301
https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Redirect Chain http://go.ly/rmgAx https://go.ly/rmgAx https://x56.54c.mywebsitetransfer.com/austrabeme https://x56.54c.mywebsitetransfer.com/austrabeme/ https://x56.54c.mywebsitetransfer.com/austrabeme/ams https://x56.54c.mywebsitetransfer.com/austrabeme/ams/ https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/	15 KB 4 KB	711ms 711ms	Document text/html	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / PHP/7.4.33 Resource Hash `b1db208eccaff3c55bfc85ccd505174b6223f3ec427e38739bac3b487121b814` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br content-length 4037 content-type text/html; charset=UTF-8 date Tue, 22 Aug 2023 01:44:33 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding x-powered-by PHP/7.4.33 Redirect headers content-length 282 content-type text/html; charset=iso-8859-1 date Tue, 22 Aug 2023 01:44:32 GMT location https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ server Apache
GET H2	200	ruxitagentjs_ICA2Vfghjqrux_10239220408103229.js.download Show response x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/	243 KB 87 KB	757ms 757ms	Script application/javascript	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ruxitagentjs_ICA2Vfghjqrux_10239220408103229.js.download Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `0fb5ae1c24514ad48f8e743a87eee447b573a30aeb7d8ce16cebf4d5ead810b0` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:33 GMT content-encoding br last-modified Tue, 22 Aug 2023 01:44:31 GMT server Apache etag "2fe4771-3cb60-6037922ea4fb4-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 88840
GET H2	200	mgv2-application.css x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/	122 KB 19 KB	509ms 509ms	Stylesheet text/css	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/mgv2-application.css Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `e8d0781b70b1c2db3eb0ac367588de1c4e9a8d6126f1c8695a08580d83cd2683` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:33 GMT content-encoding br last-modified Tue, 22 Aug 2023 01:44:31 GMT server Apache etag "2fe476b-1e7f4-6037922ea47e4-br" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 19461
GET H2	200	austgovt-inline-white.svg x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/	113 KB 33 KB	1686ms 1685ms	Image image/svg+xml	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/austgovt-inline-white.svg Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:36 GMT content-encoding br last-modified Tue, 22 Aug 2023 01:44:32 GMT server Apache etag "2fe4777-1c460-6037922efca17-br" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 33780
GET H2	200	mygov-logo.svg x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/	2 KB 1 KB	696ms 695ms	Image image/svg+xml	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/mygov-logo.svg Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:36 GMT content-encoding br last-modified Tue, 22 Aug 2023 01:44:31 GMT server Apache etag "2fe4774-8a1-6037922ea539c-br" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 1108
GET H2	200	dismiss-x.svg x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/	839 B 462 B	697ms 696ms	Image image/svg+xml	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/dismiss-x.svg Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `a3e9863b69280adb1c01eb12d33cb2fbaeecd5423e15400caad5ff4a5e4aeac9` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:36 GMT content-encoding br last-modified Tue, 22 Aug 2023 01:44:32 GMT server Apache etag "2fe4778-347-6037922efca17-br" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 381
GET H2	200	icon-external-link-blue.svg x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/	742 B 502 B	697ms 696ms	Image image/svg+xml	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/icon-external-link-blue.svg Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `e470bb1617b294c5f4c8c456278f819d1640b90c2c15e5d237d3c0683aa32a22` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:36 GMT content-encoding br last-modified Tue, 22 Aug 2023 01:44:31 GMT server Apache etag "2fe476f-2e6-6037922ea4bcc-br" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 444
GET H2	200	austgovt-inline.svg x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/	71 KB 26 KB	1189ms 1189ms	Image image/svg+xml	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/austgovt-inline.svg Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `bfbb8c3288312fe27cba0cdd45fe392f7f8af33c3d61c78b133744c7b494c8e8` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:36 GMT content-encoding br last-modified Tue, 22 Aug 2023 01:44:31 GMT server Apache etag "2fe4770-11a6c-6037922ea4bcc-br" vary Accept-Encoding content-type image/svg+xml accept-ranges bytes content-length 26350
GET H2	200	mgv2-vendor.js.download Show response x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/	148 KB 48 KB	2233ms 2232ms	Script application/javascript	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/mgv2-vendor.js.download Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `2bedda083bdbe6820e493159f1e3e27146b96ef6840094bd74447925e8c66e26` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:35 GMT content-encoding br last-modified Tue, 22 Aug 2023 01:44:31 GMT server Apache etag "2fe4772-251cf-6037922ea4fb4-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 49469
GET H2	200	mgv2-application.js.download Show response x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/	74 KB 16 KB	990ms 990ms	Script application/javascript	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/mgv2-application.js.download Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `0b4c8ea1d01a3a04fd23a1e4564a956964006ac5288461327caa1fedee4cc1df` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:36 GMT content-encoding br last-modified Tue, 22 Aug 2023 01:44:32 GMT server Apache etag "2fe4779-1262d-6037922efcdff-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 16018
GET H2	200	login.js.download Show response x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/	2 KB 641 B	696ms 694ms	Script application/javascript	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/login.js.download Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `3398bdeeb65157116e93bdeef72d320cb5d90700b149a62f60ff1dcb2ac8f9a5` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:36 GMT content-encoding br last-modified Tue, 22 Aug 2023 01:44:31 GMT server Apache etag "2fe4775-618-6037922ea539c-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 560
GET H2	404	link-arrow.svg x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/icons/	315 B 315 B	692ms 692ms	Image text/html	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/icons/link-arrow.svg Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/mgv2-application.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/mgv2-application.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:36 GMT server Apache content-length 315 content-type text/html; charset=iso-8859-1
GET H2	200	saved_resource.html Show response x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ Frame 2781	7 KB 2 KB	979ms 978ms	Document text/html	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/saved_resource.html Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `a5b2581b953d8504daeab4c2b2fa009544a019ac2754ce8ead7b95d0adfb896d` Request headers Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers accept-ranges bytes content-encoding br content-length 2191 content-type text/html date Tue, 22 Aug 2023 01:44:37 GMT etag "2fe476e-1d0e-6037922ea47e4-br" last-modified Tue, 22 Aug 2023 01:44:31 GMT server Apache vary Accept-Encoding
GET H2	404	va_arrowup.svg x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/icons/	315 B 315 B	977ms 977ms	Image text/html	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Show image Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/icons/va_arrowup.svg Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/mgv2-application.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/mgv2-application.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:37 GMT server Apache content-length 315 content-type text/html; charset=iso-8859-1
GET H2	404	vagt Show response x56.54c.mywebsitetransfer.com/mga/sps/apiauthsvc/policy/	315 B 366 B	718ms 718ms	XHR text/html	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://x56.54c.mywebsitetransfer.com/mga/sps/apiauthsvc/policy/vagt Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ruxitagentjs_ICA2Vfghjqrux_10239220408103229.js.download Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers x-dtpc -6$68676357_21h2vMKKABWUIAHNRDUHRKMLJGIKUTJNWWTPC-0e0 Accept application/json Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/ accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Content-Type application/json Response headers date Tue, 22 Aug 2023 01:44:37 GMT server Apache content-length 315 content-type text/html; charset=iso-8859-1
GET H2	200	vendors_main.8221d08a72d89a078615.js.download x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ Frame 2781	2 MB 0	502ms 501ms	Script application/javascript	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/vendors_main.8221d08a72d89a078615.js.download Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/saved_resource.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/saved_resource.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:38 GMT content-encoding br last-modified Tue, 22 Aug 2023 01:44:32 GMT server Apache etag "2fe4776-3d12fa-6037922efca17-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes
GET H2	200	main.edd90a1d2353255129c9.js.download Show response x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/ Frame 2781	31 KB 9 KB	254ms 254ms	Script application/javascript	173.201.185.78 GO-DADDY-COM-LLC
General Check archive.org Show headers Download Go to Full URL https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/main.edd90a1d2353255129c9.js.download Requested by Host: x56.54c.mywebsitetransfer.com URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/saved_resource.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.201.185.78 , United States, ASN398101 (GO-DADDY-COM-LLC, US), Reverse DNS ip-173-201-185-78.ip.secureserver.net Software Apache / Resource Hash `5867b8cda07f59ffb9ba08ce2f8961801afbdc974a1a9f88b839b909d1ff2cb7` Request headers accept-language en-AU,en;q=0.9 Referer https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/Sign-in%20-%20myGov_files/saved_resource.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 01:44:38 GMT content-encoding br last-modified Tue, 22 Aug 2023 01:44:31 GMT server Apache etag "2fe4773-7c73-6037922ea4fb4-br" vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 8730
POST		rb_6de8e2e9-6719-45b3-86be-7effcb9f6525 x56.54c.mywebsitetransfer.com/LoginServices/main/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: x56.54c.mywebsitetransfer.com
URL: https://x56.54c.mywebsitetransfer.com/LoginServices/main/rb_6de8e2e9-6719-45b3-86be-7effcb9f6525?type=js3&sn=v_4_srv_-2D6_sn_NG0C61LPFA81FFK5SEQ9M8EGM443OOOS&svrid=-6&flavor=post&vi=MKKABWUIAHNRDUHRKMLJGIKUTJNWWTPC-0&modifiedSince=1659407691239&rf=https%3A%2F%2Fx56.54c.mywebsitetransfer.com%2Faustrabeme%2Fams%2Ff6be32b56f28203a8a0c%2F&bp=3&app=5f15dc81410a75c1&crc=4053351979&en=gpalpirq&end=1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australian Government (Government)

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
x56.54c.mywebsitetransfer.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 823479f2fd869cd33c5eab7eb18784ad
.mywebsitetransfer.com/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_-2D6_sn_NG0C61LPFA81FFK5SEQ9M8EGM443OOOS
.mywebsitetransfer.com/	1970-01-20 23:47:08	Name: rxVisitor Value: 1692668676361PIPRVCAUTD3O5G5TFQTEIHQ0PMU8BV24
.mywebsitetransfer.com/	1969-12-31 23:59:59	Name: dtLatC Value: 2747
.mywebsitetransfer.com/	1969-12-31 23:59:59	Name: dtSa Value: -
.mywebsitetransfer.com/	1969-12-31 23:59:59	Name: rxvt Value: 1692670477350\|1692668676363
.mywebsitetransfer.com/	1969-12-31 23:59:59	Name: dtPC Value: -6$68676357_21h1vMKKABWUIAHNRDUHRKMLJGIKUTJNWWTPC-0e0

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/icons/link-arrow.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://x56.54c.mywebsitetransfer.com/mga/sps/apiauthsvc/policy/vagt Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://x56.54c.mywebsitetransfer.com/austrabeme/ams/f6be32b56f28203a8a0c/icons/va_arrowup.svg Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

go.ly
x56.54c.mywebsitetransfer.com
x56.54c.mywebsitetransfer.com
104.21.56.84
172.67.181.177
173.201.185.78
0b4c8ea1d01a3a04fd23a1e4564a956964006ac5288461327caa1fedee4cc1df
0fb5ae1c24514ad48f8e743a87eee447b573a30aeb7d8ce16cebf4d5ead810b0
2bedda083bdbe6820e493159f1e3e27146b96ef6840094bd74447925e8c66e26
3398bdeeb65157116e93bdeef72d320cb5d90700b149a62f60ff1dcb2ac8f9a5
42ded01e719714429c120fcb2076b685587196056c7e75306c7ba0da5fd91721
5867b8cda07f59ffb9ba08ce2f8961801afbdc974a1a9f88b839b909d1ff2cb7
91e0d494b2136f506c63c13ebf1ac4a220a6e53a176ee4714505cf3703d0bdbb
a3e9863b69280adb1c01eb12d33cb2fbaeecd5423e15400caad5ff4a5e4aeac9
a5b2581b953d8504daeab4c2b2fa009544a019ac2754ce8ead7b95d0adfb896d
b1db208eccaff3c55bfc85ccd505174b6223f3ec427e38739bac3b487121b814
bfbb8c3288312fe27cba0cdd45fe392f7f8af33c3d61c78b133744c7b494c8e8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e470bb1617b294c5f4c8c456278f819d1640b90c2c15e5d237d3c0683aa32a22
e8d0781b70b1c2db3eb0ac367588de1c4e9a8d6126f1c8695a08580d83cd2683

x56.54c.mywebsitetransfer.com Open in urlscan Pro 173.201.185.78 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

18 Requests

94 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

248 kBTransfer

2894 kBSize

7 Cookies

18 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

91 JavaScript Global Variables

7 Cookies

3 Console Messages

Indicators

x56.54c.mywebsitetransfer.com Open in urlscan Pro
173.201.185.78 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

94 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

248 kB
Transfer

2894 kB
Size

7
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!