mail.itr.zwv.mybluehost.me
Open in
urlscan Pro
173.254.106.233
Malicious Activity!
Public Scan
Effective URL: https://mail.itr.zwv.mybluehost.me/nz/KiwiApps/kiwiapps/0da4adddaf6b6472778d2b4fc31ed39a/
Submission: On August 15 via manual from AU — Scanned from US
Summary
TLS certificate: Issued by R3 on July 30th 2022. Valid for: 3 months.
This is the only time mail.itr.zwv.mybluehost.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Kiwibank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 212.227.172.252 212.227.172.252 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
2 6 | 173.254.106.233 173.254.106.233 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
22 | 184.28.190.11 184.28.190.11 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
29 | 4 |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: 212-227-172-252.elastic-ssl.ui-r.com
aust-onlinemarketing-duesseldorf.de |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box2249.bluehost.com
mail.itr.zwv.mybluehost.me |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-28-190-11.deploy.static.akamaitechnologies.com
www.ib.kiwibank.co.nz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
kiwibank.co.nz
www.ib.kiwibank.co.nz |
166 KB |
6 |
mybluehost.me
2 redirects
mail.itr.zwv.mybluehost.me |
5 KB |
1 |
aust-onlinemarketing-duesseldorf.de
aust-onlinemarketing-duesseldorf.de |
256 B |
29 | 3 |
Domain | Requested by | |
---|---|---|
22 | www.ib.kiwibank.co.nz |
mail.itr.zwv.mybluehost.me
www.ib.kiwibank.co.nz |
6 | mail.itr.zwv.mybluehost.me |
2 redirects
mail.itr.zwv.mybluehost.me
|
1 | aust-onlinemarketing-duesseldorf.de | |
29 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.kiwibank.co.nz |
www.ib.kiwibank.co.nz |
Subject Issuer | Validity | Valid | |
---|---|---|---|
aust-onlinemarketing-duesseldorf.de GeoTrust Global TLS RSA4096 SHA256 2022 CA1 |
2022-08-15 - 2023-09-07 |
a year | crt.sh |
mail.itr.zwv.mybluehost.me R3 |
2022-07-30 - 2022-10-28 |
3 months | crt.sh |
www.ib.kiwibank.co.nz DigiCert SHA2 Extended Validation Server CA |
2021-09-17 - 2022-10-18 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://mail.itr.zwv.mybluehost.me/nz/KiwiApps/kiwiapps/0da4adddaf6b6472778d2b4fc31ed39a/
Frame ID: 0C17002FDBAAAAE80846A15EAFE2CB3F
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
Login - Kiwibank Internet BankingPage URL History Show full URLs
- https://aust-onlinemarketing-duesseldorf.de/dod/ Page URL
-
https://mail.itr.zwv.mybluehost.me/nz/KiwiApps/kiwiapps/
HTTP 302
https://mail.itr.zwv.mybluehost.me/nz/KiwiApps/kiwiapps/0da4adddaf6b6472778d2b4fc31ed39a HTTP 301
https://mail.itr.zwv.mybluehost.me/nz/KiwiApps/kiwiapps/0da4adddaf6b6472778d2b4fc31ed39a/ Page URL
Detected technologies
Microsoft ASP.NET (Web Frameworks) ExpandDetected patterns
- <input[^>]+name="__VIEWSTATE
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- jquery-ui[.-]([\d.]*\d)[^/]*\.js
- jquery-ui.*\.js
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: More about internet banking
Search URL Search Domain Scan URL
Title: access number
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: KeepSafe
Search URL Search Domain Scan URL
Title: Staying safe online
Search URL Search Domain Scan URL
Title: Forward suspicious emails
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Mobile banking login
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://aust-onlinemarketing-duesseldorf.de/dod/ Page URL
-
https://mail.itr.zwv.mybluehost.me/nz/KiwiApps/kiwiapps/
HTTP 302
https://mail.itr.zwv.mybluehost.me/nz/KiwiApps/kiwiapps/0da4adddaf6b6472778d2b4fc31ed39a HTTP 301
https://mail.itr.zwv.mybluehost.me/nz/KiwiApps/kiwiapps/0da4adddaf6b6472778d2b4fc31ed39a/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
aust-onlinemarketing-duesseldorf.de/dod/ |
169 B 256 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
mail.itr.zwv.mybluehost.me/nz/KiwiApps/kiwiapps/0da4adddaf6b6472778d2b4fc31ed39a/ Redirect Chain
|
11 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
www.ib.kiwibank.co.nz/css/ |
170 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
splash.css
mail.itr.zwv.mybluehost.me/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui-1.7.2.custom.css
www.ib.kiwibank.co.nz/css/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui-mods.css
www.ib.kiwibank.co.nz/css/ |
824 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.7.1.min.js
www.ib.kiwibank.co.nz/includes/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui-1.7.2.custom.min.js
www.ib.kiwibank.co.nz/includes/ |
54 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
namespace.js
www.ib.kiwibank.co.nz/includes/ |
578 B 789 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
domain-objects.js
www.ib.kiwibank.co.nz/includes/ |
4 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
www.ib.kiwibank.co.nz/includes/ |
59 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
others.js
www.ib.kiwibank.co.nz/includes/ |
11 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
urchin.js
www.ib.kiwibank.co.nz/includes/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pinObjects.js
mail.itr.zwv.mybluehost.me/includes/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.blockui.js
www.ib.kiwibank.co.nz/includes/ |
20 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
www.ib.kiwibank.co.nz/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ScriptResource.axd
www.ib.kiwibank.co.nz/ |
100 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ScriptResource.axd
www.ib.kiwibank.co.nz/ |
39 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ScriptResource.axd
www.ib.kiwibank.co.nz/ |
102 KB 21 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WebResource.axd
www.ib.kiwibank.co.nz/ |
3 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
keepsafe_logo_login.png
www.ib.kiwibank.co.nz/images/ |
0 578 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fraudwatch-logo-266.png
www.ib.kiwibank.co.nz/images/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
print.css
mail.itr.zwv.mybluehost.me/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
geograph-medium.woff2
www.ib.kiwibank.co.nz/fonts/kiwibank/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-block-header-light.png
www.ib.kiwibank.co.nz/images/ |
313 B 811 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-padlock-sprite.png
www.ib.kiwibank.co.nz/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
button-bg-round.png
www.ib.kiwibank.co.nz/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow-blue-sm-right.gif
www.ib.kiwibank.co.nz/images/ |
49 B 546 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
geograph-regular.woff2
www.ib.kiwibank.co.nz/fonts/kiwibank/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.ib.kiwibank.co.nz
- URL
- https://www.ib.kiwibank.co.nz/fonts/kiwibank/geograph-medium.woff2
- Domain
- www.ib.kiwibank.co.nz
- URL
- https://www.ib.kiwibank.co.nz/fonts/kiwibank/geograph-regular.woff2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Kiwibank (Banking)87 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| kiwibank function| toggleDetail function| toggleElement function| hideElement function| showElement function| showHideElementById function| number_format object| AutoTabKeyCodesToIgnore function| CheckAutoTab string| allowableChars function| getAmountFromFormattedAmount function| stripCharsFromAmount function| clickOnce object| kbf string| _ugifpath object| theForm function| __doPostBack function| Sys$Enum$parse function| Sys$Enum$toString function| Sys$Component$_setProperties function| Sys$Component$_setReferences function| $create function| $addHandler function| $addHandlers function| $clearHandlers function| $removeHandler function| $get function| $find function| Type object| Sys object| _events function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY object| CommonToolkitScripts object| $common object| AjaxControlToolkit object| KbWebToolkit function| WebForm_FindFirstFocusableChild function| WebForm_AutoFocus function| WebForm_CanFocus function| WebForm_IsFocusableTag function| WebForm_IsInVisibleContainer0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aust-onlinemarketing-duesseldorf.de
mail.itr.zwv.mybluehost.me
www.ib.kiwibank.co.nz
www.ib.kiwibank.co.nz
173.254.106.233
184.28.190.11
212.227.172.252
06c6fe94f657325760596859af1a2013090c21c504395f10b0840a56c1764b9d
120e2bfd4487aced2d8136d7dc7da0aaaa7deb2983c9d4fd6f44d274a642a2bb
144524233f795d6a425b76f7ae5c0bb622b5f67e2e6ae73532ad526528ca07cf
273e238046454bd95e498cdf23cc7f1e9d94fa13ae0dd1c78d6d225bfa60a091
28a71436ac0dc932da5f3bee332164e898ac890aba1e4ed9b6b7225e711fdd9d
2bd70e0fa45160958101c6ebf7038b6fdd471c30ead9fb128b3fb5a592754df1
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
47a01d011c3f771e9e3db94a3d0b2b394cde3c98b4f64a6c835326e79bcafb3a
47f3a82c0fd4785efa18ca15b38c8db31c8a795debcf1da8e40d6e18a3a9f342
559c127da70559b08c9d74e5214736045765757c47521c98d58307296e3e4aab
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
84354f62635f16c44919659409fc6c2ff0844fbdab62fd438f2746ecfa222dd8
898aacff9ca5bbabb20cc8d95194ac050ee91b25fbc5897dd397aaea4a4755f8
914ff04c64d8d17cb1d8985a8109f463ffe2d2e040cc9315f620a7ed8d47044b
ad591ec38239bb58a29cda1630f7e924fdbcb66bde19701172077a56faa30b2a
bf7fc0392f4ba81ee527df320148bdba2c61cc8b5e71b1ea76d60ce724b2f31d
c86f525e2bd64646ee66904133b5b96fb068693940bf8967e31eb7b9b6fa9e5a
cac36e573cab432ffae4880111895805d94b922ab8c6782ecc2aecbe605e6694
e3b027a5fa3feb0cf20c75388b9e3fe3ffbb8893cb71871fc71198c3c1140c9d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e96042bef32b1c256b0d60f16ab9a451b893facc334c9188fc299a73512b6354
ee3bf2d2a5d05593b1ecafe7016f418c354811023d5827a2930e1fc61b8fc818