45.9.168.109
Open in
urlscan Pro
45.9.168.109
Malicious Activity!
Public Scan
Effective URL: http://45.9.168.109/westpac/index1.php
Submission: On August 17 via manual from RO — Scanned from DE
Summary
This is the only time 45.9.168.109 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nexi (Banking) Westpac (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 20 | 45.9.168.109 45.9.168.109 | 211619 (MAXKO) (MAXKO) | |
1 | 185.198.118.126 185.198.118.126 | 35051 (NEXI-AS) (NEXI-AS) | |
1 | 110.5.81.221 110.5.81.221 | 9426 (WESTPAC-A...) (WESTPAC-AS-AP Westpac Bank) | |
1 | 185.198.118.43 185.198.118.43 | 35051 (NEXI-AS) (NEXI-AS) | |
2 | 202.7.41.228 202.7.41.228 | 4830 (AS-WESTPA...) (AS-WESTPACNZ-AP Westpactrust) | |
37 | 6 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
westpac.co.nz
bank.westpac.co.nz Failed |
13 KB |
2 |
nexi.it
www.nexi.it — Cisco Umbrella Rank: 898291 business.nexi.it |
7 KB |
1 |
westpac.com.au
banking.westpac.com.au — Cisco Umbrella Rank: 460719 |
2 KB |
37 | 3 |
Domain | Requested by | |
---|---|---|
2 | bank.westpac.co.nz |
45.9.168.109
|
1 | business.nexi.it |
45.9.168.109
|
1 | banking.westpac.com.au |
45.9.168.109
|
1 | www.nexi.it |
45.9.168.109
|
37 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.nexi.it GlobalSign RSA OV SSL CA 2018 |
2022-07-05 - 2023-08-06 |
a year | crt.sh |
banking.westpac.com.au Entrust Certification Authority - L1M |
2022-04-13 - 2023-04-13 |
a year | crt.sh |
business.nexi.it GlobalSign RSA OV SSL CA 2018 |
2022-05-30 - 2023-07-01 |
a year | crt.sh |
bank.westpac.co.nz Entrust Certification Authority - L1M |
2022-03-16 - 2023-04-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://45.9.168.109/westpac/index1.php
Frame ID: 7AF83464DE66C53128D30908C488B573
Requests: 37 HTTP requests in this frame
Screenshot
Page Title
Westpac OneĀ® - Online BankingPage URL History Show full URLs
-
http://45.9.168.109/westpac/
HTTP 302
http://45.9.168.109/westpac/index1.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://45.9.168.109/westpac/
HTTP 302
http://45.9.168.109/westpac/index1.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
37 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index1.php
45.9.168.109/westpac/ Redirect Chain
|
33 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.css
45.9.168.109/westpac/index_files/ |
275 B 532 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.f7f52137a28f445d9986.css
45.9.168.109/westpac/index_files/ |
20 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.53084dd392914e25de4f.css
45.9.168.109/westpac/index_files/ |
1 B 280 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.0788bdac6057c9cfea7d.css
45.9.168.109/westpac/index_files/ |
1 MB 149 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
45.9.168.109/westpac/index_files/ |
47 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
45.9.168.109/westpac/cntdjs/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mask.js
45.9.168.109/westpac/cntdjs/ |
23 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cntd.js
45.9.168.109/westpac/cntdjs/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo--dark.svg
www.nexi.it/content/dam/nexi/img/logo/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_white_bg.png.ce5c4c19ec61b56796f0e218fc8329c558421fd8.png
banking.westpac.com.au/wbc/banking/Themes/Default/Desktop/WBC/Core/Images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
phone-rotate.gif
45.9.168.109/westpac/index_files/ |
18 KB 18 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
phone-rotate@2.gif
45.9.168.109/westpac/index_files/ |
40 KB 41 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base.css
45.9.168.109/westpac/index_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
theme.css
45.9.168.109/westpac/index_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sprite.f35ac.svg
bank.westpac.co.nz/wone/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sprite.f35ac.svg
bank.westpac.co.nz/wone/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sprite.f35ac.svg
bank.westpac.co.nz/wone/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
sprite.f35ac.svg
bank.westpac.co.nz/wone/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Bold.ttf
bank.westpac.co.nz/wone/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Regular.ttf
bank.westpac.co.nz/wone/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
national-2-web-medium.woff2
bank.westpac.co.nz/wone/node_modules/@westpac/components-web/dist/esm/assets/fonts/national/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
national-2-web-regular-italic.woff2
bank.westpac.co.nz/wone/node_modules/@westpac/components-web/dist/esm/assets/fonts/national/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
national-2-web-regular.woff2
bank.westpac.co.nz/wone/node_modules/@westpac/components-web/dist/esm/assets/fonts/national/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NexiLogoBlue.svg
business.nexi.it/cas/themes/icbpi/images/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
online-guardian-guarantee.svg
bank.westpac.co.nz/images/security/ |
18 KB 8 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ssl-entrust.png
bank.westpac.co.nz/images/security/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
national-2-web-medium.woff
bank.westpac.co.nz/wone/node_modules/@westpac/components-web/dist/esm/assets/fonts/national/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
national-2-web-regular.woff
bank.westpac.co.nz/wone/node_modules/@westpac/components-web/dist/esm/assets/fonts/national/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
national-2-web-regular-italic.woff
bank.westpac.co.nz/wone/node_modules/@westpac/components-web/dist/esm/assets/fonts/national/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SourceSansPro-Bold.ttf
45.9.168.109/westpac/index_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SourceSansPro-Regular.ttf
45.9.168.109/westpac/index_files/ |
262 KB 262 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
national-2-web-medium.woff2
45.9.168.109/westpac/index_files/ |
32 KB 32 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
national-2-web-regular.woff2
45.9.168.109/westpac/index_files/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
national-2-web-regular-italic.woff2
45.9.168.109/westpac/index_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Italic.ttf
bank.westpac.co.nz/wone/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SourceSansPro-Italic.ttf
45.9.168.109/westpac/index_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/images/sprite.f35ac.svg
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/images/sprite.f35ac.svg
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/images/sprite.f35ac.svg
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/images/sprite.f35ac.svg
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/fonts/SourceSansPro-Bold.ttf
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/fonts/SourceSansPro-Regular.ttf
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/node_modules/@westpac/components-web/dist/esm/assets/fonts/national/national-2-web-medium.woff2
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/node_modules/@westpac/components-web/dist/esm/assets/fonts/national/national-2-web-regular-italic.woff2
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/node_modules/@westpac/components-web/dist/esm/assets/fonts/national/national-2-web-regular.woff2
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/node_modules/@westpac/components-web/dist/esm/assets/fonts/national/national-2-web-medium.woff
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/node_modules/@westpac/components-web/dist/esm/assets/fonts/national/national-2-web-regular.woff
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/node_modules/@westpac/components-web/dist/esm/assets/fonts/national/national-2-web-regular-italic.woff
- Domain
- bank.westpac.co.nz
- URL
- https://bank.westpac.co.nz/wone/fonts/SourceSansPro-Italic.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nexi (Banking) Westpac (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| $ function| jQuery object| controller string| url1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
45.9.168.109/ | Name: PHPSESSID Value: mivtq9ok1oauv5nns47s3icl5l |
27 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bank.westpac.co.nz
banking.westpac.com.au
business.nexi.it
www.nexi.it
bank.westpac.co.nz
110.5.81.221
185.198.118.126
185.198.118.43
202.7.41.228
45.9.168.109
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
0662948e18bfefa0ad7a432d7c68e1ca5cb86df231f785931e84c519360bae04
08ef93a94050a0163b4f527a389e2391cbbd513844e239e96cbc752ce7b108b4
099c8a9a4c3795739754be1f82022a41db3a6f035d811a4168ac9f654d94695f
1bf71bfcdca3d5a631316535350da96f02cf11957362019c87b15898a09721d4
23e22334f525b2759e87148b6f29191ac1ebb8d411456a70496e6734f5a5c7dc
34efa6b825e55ddb3678ccf4370187ee65e85724851e821cec0f31d07bcfd0e0
41b845c09c573e9a0941b055e38eaa411a44b2068763e0d11e12d5cb1326e6b2
4d0a006b40d857b4ac68aeb5ddef50b7dd29abddd4ee9b5e7108d4a9ce4e0102
5369dc4f0b41a153ff04319dc335fdd308ccc468878fb18760a9dcc2cdac03b8
65ed35fd0b6fef076e7a0af5b7bb5ddab00e6d2ab6c82e88d4182cb55b9ad4cc
790272db4f81bd54720506a836a513fb2ef6520b5227ce392be7c1dac52f4621
7cb16eaa505542e5bdcda6c3e764e241fbb4e35e07bf21a820cc19fac1bb3864
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
ba6f9cec5b7703aa912c81886e901804decc82685cc2c6ed1a1d7d66469e0147
cc84eadbd134138804b1e470aaf40d8f801539386400b56b58cebd0d27e3bdb0
cf1c352b986e083292b5713ac5556b02832a8cf248485e627708110e62a83820
fb3a6e43bc13dd8ba3d4cb557202ace068d523d832d6a0312efa3282ede43df8
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e