nervous-northcutt.109-206-241-140.plesk.page Open in urlscan Pro
109.206.241.140  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index Show response nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/	41 KB 5 KB	8102ms 7852ms	Document text/html	109.206.241.140 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 109.206.241.140 Ashburn, United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PHP/8.0.22 PleskLin Resource Hash 3ceb5ff6229f4fe91a20cd149c1bc81ca3382b5ef87efc8c43b2cfd7d47824a8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding br content-type text/html; charset=UTF-8 date Wed, 10 Aug 2022 00:19:28 GMT server nginx x-content-type-options nosniff x-powered-by PHP/8.0.22 PleskLin x-xss-protection 1; mode=block
GET H2	200	blue-ui.css nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/css/	598 KB 55 KB	13664ms 13663ms	Stylesheet text/css	109.206.241.140 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/css/blue-ui.css Requested by Host: nervous-northcutt.109-206-241-140.plesk.page URL: https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 109.206.241.140 Ashburn, United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash 191802808078aa50c73e5e9e034a063975e05f04c74f306b6c25f8651100117b Request headers accept-language de-DE,de;q=0.9 Referer https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 00:19:42 GMT content-encoding br etag W/"606e4104-958cb" last-modified Wed, 07 Apr 2021 23:32:20 GMT server nginx x-powered-by PleskLin content-type text/css
GET H2	200	logon.css nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/css/	130 KB 17 KB	13527ms 13526ms	Stylesheet text/css	109.206.241.140 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/css/logon.css Requested by Host: nervous-northcutt.109-206-241-140.plesk.page URL: https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 109.206.241.140 Ashburn, United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash af40034407838d312a14142c778c3ec27b74bfba266b63e2f1906339fae761a9 Request headers accept-language de-DE,de;q=0.9 Referer https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 00:19:42 GMT content-encoding br etag W/"60708bfa-2076e" last-modified Fri, 09 Apr 2021 17:16:42 GMT server nginx x-powered-by PleskLin content-type text/css
GET H2	200	PrivateWindowCheck.js Show response nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/js/	2 KB 967 B	13349ms 13348ms	Script application/javascript	109.206.241.140 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/js/PrivateWindowCheck.js Requested by Host: nervous-northcutt.109-206-241-140.plesk.page URL: https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 109.206.241.140 Ashburn, United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash 7c031e77065d4cbaf3359598b2458923a58c1bdb04875665977b0bd1c41fbf03 Request headers accept-language de-DE,de;q=0.9 Referer https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 00:19:41 GMT content-encoding br etag W/"60ac3b42-8a5" last-modified Mon, 24 May 2021 23:48:18 GMT server nginx x-powered-by PleskLin content-type application/javascript
GET H2	200	jquery.min.js Show response nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/js/	94 KB 32 KB	12784ms 12784ms	Script application/javascript	109.206.241.140 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/js/jquery.min.js Requested by Host: nervous-northcutt.109-206-241-140.plesk.page URL: https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 109.206.241.140 Ashburn, United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 Request headers accept-language de-DE,de;q=0.9 Referer https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 00:19:41 GMT content-encoding br etag W/"5e5e8284-1762a" last-modified Tue, 03 Mar 2020 16:15:00 GMT server nginx x-powered-by PleskLin content-type application/javascript
GET H2	200	wordmark-white.svg nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/img/	1 KB 2 KB	9902ms 9902ms	Image image/svg+xml	109.206.241.140 AS_DELIS
General Check archive.org Show headers Download Go to Show image Full URL https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/img/wordmark-white.svg Requested by Host: nervous-northcutt.109-206-241-140.plesk.page URL: https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/css/logon.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 109.206.241.140 Ashburn, United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0 Request headers accept-language de-DE,de;q=0.9 Referer https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/css/logon.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 00:19:52 GMT last-modified Tue, 09 Mar 2021 13:07:46 GMT server nginx x-powered-by PleskLin etag "60477322-581" content-type image/svg+xml accept-ranges bytes content-length 1409
GET H2	200	background.desktop.3.jpeg nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/img/day/	440 KB 440 KB	10154ms 10154ms	Image image/jpeg	109.206.241.140 AS_DELIS
General Check archive.org Show headers Download Go to Show image Full URL https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/img/day/background.desktop.3.jpeg Requested by Host: nervous-northcutt.109-206-241-140.plesk.page URL: https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 109.206.241.140 Ashburn, United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash 61227c65741c9b49fb0e7263ec183499d20baef2caa9bea8582845864a49010a Request headers accept-language de-DE,de;q=0.9 Referer https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 00:19:52 GMT last-modified Sat, 19 Sep 2020 01:24:44 GMT server nginx x-powered-by PleskLin etag "5f655ddc-6df09" content-type image/jpeg accept-ranges bytes content-length 450313
GET H2	200	opensans-regular.woff nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/fonts/	24 KB 24 KB	9196ms 9196ms	Font application/font-woff	109.206.241.140 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/fonts/opensans-regular.woff Requested by Host: nervous-northcutt.109-206-241-140.plesk.page URL: https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 109.206.241.140 Ashburn, United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179 Request headers Referer https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index Origin https://nervous-northcutt.109-206-241-140.plesk.page accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 00:19:51 GMT last-modified Thu, 04 Aug 2016 11:46:38 GMT server nginx x-powered-by PleskLin etag "57a32b1e-612c" content-type application/font-woff accept-ranges bytes content-length 24876
GET H2	200	opensans-bold.woff nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/fonts/	14 KB 14 KB	9358ms 9358ms	Font application/font-woff	109.206.241.140 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/fonts/opensans-bold.woff Requested by Host: nervous-northcutt.109-206-241-140.plesk.page URL: https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 109.206.241.140 Ashburn, United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash 0634f735018d63980fb935914bd910ebd51ed5ed0a03c8811607aca0c2e7c532 Request headers Referer https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index Origin https://nervous-northcutt.109-206-241-140.plesk.page accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 00:19:51 GMT last-modified Sat, 10 Nov 2018 21:38:58 GMT server nginx x-powered-by PleskLin etag "5be74ff2-38a8" content-type application/font-woff accept-ranges bytes content-length 14504
GET H2	200	dcefont.woff nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/fonts/	69 KB 69 KB	9933ms 9932ms	Font application/font-woff	109.206.241.140 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/fonts/dcefont.woff Requested by Host: nervous-northcutt.109-206-241-140.plesk.page URL: https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/css/blue-ui.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 109.206.241.140 Ashburn, United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash 6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1 Request headers Referer https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/css/blue-ui.css Origin https://nervous-northcutt.109-206-241-140.plesk.page accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 00:19:52 GMT last-modified Tue, 09 Mar 2021 13:07:46 GMT server nginx x-powered-by PleskLin etag "60477322-11298" content-type application/font-woff accept-ranges bytes content-length 70296
GET H2	200	opensans-semibold.woff nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/fonts/	25 KB 25 KB	9534ms 9533ms	Font application/font-woff	109.206.241.140 AS_DELIS
General Check archive.org Show headers Download Go to Full URL https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/fonts/opensans-semibold.woff Requested by Host: nervous-northcutt.109-206-241-140.plesk.page URL: https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index Protocol H2 Security TLS 1.3, , AES_256_GCM Server 109.206.241.140 Ashburn, United States, ASN211252 (AS_DELIS, US), Reverse DNS Software nginx / PleskLin Resource Hash d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3 Request headers Referer https://nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp/index Origin https://nervous-northcutt.109-206-241-140.plesk.page accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 00:19:51 GMT last-modified Thu, 04 Aug 2016 11:46:38 GMT server nginx x-powered-by PleskLin etag "57a32b1e-6214" content-type application/font-woff accept-ranges bytes content-length 25108

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| chrome76Detection function| isNewChrome object| PrivateWindow function| isPrivateWindow number| major string| message function| clickIE function| clickNS function| token function| remember function| floating function| floating2 function| floating3 function| $ function| jQuery

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp	1969-12-31 23:59:59	Name: back Value: 3
			nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp	1969-12-31 23:59:59	Name: time Value: Wed Aug 10 2022 00:19:42 GMT+0000 (GMT)
			nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp	1969-12-31 23:59:59	Name: sw Value: 1600
			nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp	1969-12-31 23:59:59	Name: sh Value: 1200
			nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp	1969-12-31 23:59:59	Name: cookie Value: true
			nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp	1969-12-31 23:59:59	Name: language Value: en-US
			nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp	1969-12-31 23:59:59	Name: cpu Value: undefined
			nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp	1969-12-31 23:59:59	Name: webdriver Value: false
			nervous-northcutt.109-206-241-140.plesk.page/updatedx3/login/vp	1969-12-31 23:59:59	Name: private_mode Value: false

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nervous-northcutt.109-206-241-140.plesk.page
109.206.241.140
0634f735018d63980fb935914bd910ebd51ed5ed0a03c8811607aca0c2e7c532
191802808078aa50c73e5e9e034a063975e05f04c74f306b6c25f8651100117b
3ceb5ff6229f4fe91a20cd149c1bc81ca3382b5ef87efc8c43b2cfd7d47824a8
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
61227c65741c9b49fb0e7263ec183499d20baef2caa9bea8582845864a49010a
6ea71f4189e78297e3d1834c586a10dd39826ed8361cb1268b847cef45e03cb1
7c031e77065d4cbaf3359598b2458923a58c1bdb04875665977b0bd1c41fbf03
af40034407838d312a14142c778c3ec27b74bfba266b63e2f1906339fae761a9
b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179
d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3
d3bf9c143e5e360da41736b1d4e833b5ac6b6f7093ddc91ffc538233a78488d0