nzpost.deliv-nz.com Open in urlscan Pro
2606:4700:3031::ac43:d65b Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nzpost.deliv-nz.com/merchant/credit-card/bWShPUfebz4o?bank=anz
Submission: On October 25 via manual (October 25th 2023, 12:58:08 am UTC) from AU — Scanned from NZ

Summary HTTP 63 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 63 HTTP transactions. The main IP is 2606:4700:3031::ac43:d65b, located in United States and belongs to CLOUDFLARENET, US. The main domain is nzpost.deliv-nz.com.
TLS certificate: Issued by E1 on October 13th 2023. Valid for: 3 months.

This is the only time nzpost.deliv-nz.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ANZ Bank (Banking) Westpac (Banking)

Domain & IP information

	IP Address	AS Autonomous System
45	2606:4700:303... 2606:4700:3031::ac43:d65b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	107.154.81.34 107.154.81.34	() ()
1	110.5.81.221 110.5.81.221	9426 (WESTPAC-A...) (WESTPAC-AS-AP Westpac Bank)
1	18.67.93.67 18.67.93.67	16509 (AMAZON-02) (AMAZON-02)
2	13.55.169.141 13.55.169.141	16509 (AMAZON-02) (AMAZON-02)
63	6

45 2606:4700:3031::ac43:d65b (United States)

ASN13335 (CLOUDFLARENET, US)

nzpost.deliv-nz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.154.81.34 (None, )

ASN- ()

secureib.sbsbank.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 110.5.81.221 (Sydney, Australia)

ASN9426 (WESTPAC-AS-AP Westpac Bank, AU)

banking.westpac.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.93.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-93-67.syd62.r.cloudfront.net

75vqvwol.filecdn.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.55.169.141 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-55-169-141.ap-southeast-2.compute.amazonaws.com

www.images-home.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	deliv-nz.com nzpost.deliv-nz.com	864 KB
2	images-home.com www.images-home.com — Cisco Umbrella Rank: 119911	1 KB
2	sbsbank.co.nz secureib.sbsbank.co.nz	6 KB
1	filecdn.org 75vqvwol.filecdn.org — Cisco Umbrella Rank: 184995	2 KB
1	westpac.com.au banking.westpac.com.au — Cisco Umbrella Rank: 725158	2 KB
0	mavrodi2parnert.com Failed mavrodi2parnert.com Failed
63	6

	Domain	Requested by
45	nzpost.deliv-nz.com	nzpost.deliv-nz.com client
2	www.images-home.com	nzpost.deliv-nz.com
2	secureib.sbsbank.co.nz	nzpost.deliv-nz.com
1	75vqvwol.filecdn.org	nzpost.deliv-nz.com
1	banking.westpac.com.au	nzpost.deliv-nz.com
0	mavrodi2parnert.com Failed	nzpost.deliv-nz.com
63	6

This site contains no links.

Subject Issuer	Validity	Valid
deliv-nz.com E1	`2023-10-13` - `2024-01-11`	3 months	crt.sh
www.sbsbank.co.nz Entrust Certification Authority - L1M	`2023-09-22` - `2024-10-21`	a year	crt.sh
banking.westpac.com.au Entrust Certification Authority - L1M	`2023-03-10` - `2024-04-10`	a year	crt.sh
*.filecdn.org Amazon RSA 2048 M02	`2023-07-27` - `2024-08-24`	a year	crt.sh
images-home.com Amazon RSA 2048 M02	`2023-09-06` - `2024-10-04`	a year	crt.sh

This page contains 10 frames:

Primary Page: https://nzpost.deliv-nz.com/merchant/credit-card/bWShPUfebz4o?bank=anz
Frame ID: 1A66AFBC55B97A70F45F3A420340B5BE
Requests: 13 HTTP requests in this frame

Frame: https://nzpost.deliv-nz.com/style/support/index.html?id=bWShPUfebz4o&backend=https://mavrodi2parnert.com
Frame ID: F18FB5913C491DE275E3BCA7C3850F2D
Requests: 6 HTTP requests in this frame

Frame: https://nzpost.deliv-nz.com/banks/anz/index.html
Frame ID: B94AB6323669DF2CF1C363F43FA34A0F
Requests: 3 HTTP requests in this frame

Frame: https://nzpost.deliv-nz.com/banks/asb/index.html
Frame ID: B2E47A7367FA7FBBD3164B38B8998587
Requests: 3 HTTP requests in this frame

Frame: https://nzpost.deliv-nz.com/banks/bnz/index.html
Frame ID: E77F3EC88981609F541650BCDA0CDE26
Requests: 3 HTTP requests in this frame

Frame: https://nzpost.deliv-nz.com/banks/sbs/index.html
Frame ID: 4931556FDFC9EE2B8F0BE263682BE1E1
Requests: 10 HTTP requests in this frame

Frame: https://nzpost.deliv-nz.com/banks/westpac/index.html
Frame ID: B1D2AFA813437CD732CBDC6A0FF81D11
Requests: 5 HTTP requests in this frame

Frame: https://nzpost.deliv-nz.com/banks/rabobank/index.html
Frame ID: DD1B41CA815F26055E1CE9147D7BF744
Requests: 7 HTTP requests in this frame

Frame: https://nzpost.deliv-nz.com/banks/nzcu/index.html
Frame ID: 15DECD8C6C4B0519509A5C844EDDF35B
Requests: 4 HTTP requests in this frame

Frame: https://nzpost.deliv-nz.com/banks/kiwibank/index.html
Frame ID: 76A58A08C385E6550803CD41D06DB998
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Merchant Page

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

63
Requests

81 %
HTTPS

20 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

875 kB
Transfer

3787 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

63 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request bWShPUfebz4o Show response
nzpost.deliv-nz.com/merchant/credit-card/ 107 KB
33 KB 1693ms
1349ms Document
text/html 2606:4700:3031::ac43:d65b
CLOUDFLARENET

General

Source	Level	URL Text
security	error	URL: https://nzpost.deliv-nz.com/banks/sbs/index.html Message: Refused to apply style from 'https://nzpost.deliv-nz.com/combo/?browserId=other&minifierType=&languageId=en_US&t=1695547623423&/o/frontend-js-web/aui/widget-base/assets/skins/sam/widget-base.css&/o/frontend-js-web/aui/aui-alert/assets/skins/sam/aui-alert.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://nzpost.deliv-nz.com/banks/sbs/index.html Message: Refused to apply style from 'https://nzpost.deliv-nz.com/o/frontend-css-web/main.css?browserId=other&themeId=sstsbstheme_WAR_sstsbstheme&minifierType=css&languageId=en_US&t=1695547522746' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://nzpost.deliv-nz.com/banks/sbs/index.html Message: Refused to apply style from 'https://nzpost.deliv-nz.com/combo/?browserId=other&minifierType=&languageId=en_US&t=1695547623423&/o/frontend-js-web/aui/widget-stack/assets/skins/sam/widget-stack.css&/o/frontend-js-web/aui/cssbutton/cssbutton-min.css&/o/frontend-js-web/aui/widget-modality/assets/skins/sam/widget-modality.css&/o/frontend-js-web/aui/aui-button-core/assets/skins/sam/aui-button-core.css&/o/frontend-js-web/aui/aui-modal/assets/skins/sam/aui-modal.css&/o/frontend-js-web/aui/resize-base/assets/skins/sam/resize-base.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://nzpost.deliv-nz.com/banks/sbs/index.html Message: Refused to apply style from 'https://nzpost.deliv-nz.com/o/frontend-theme-font-awesome-web/css/main.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://nzpost.deliv-nz.com/banks/nzcu/index.html Message: Refused to apply style from 'https://nzpost.deliv-nz.com/banks/nzcu/sitestyle.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://nzpost.deliv-nz.com/banks/rabobank/index.html(Line 17) Message: Refused to apply style from 'https://nzpost.deliv-nz.com/s-t-a-t-i-c/msp/authentication/v2/vrs_7728921/assets/css/sfc-style.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network	error	URL: https://nzpost.deliv-nz.com/images/icon_ms_error.gif Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://nzpost.deliv-nz.com/banks/kiwibank/index.html Message: Refused to apply style from 'https://nzpost.deliv-nz.com/css/media.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://nzpost.deliv-nz.com/banks/kiwibank/index.html Message: Refused to apply style from 'https://nzpost.deliv-nz.com/css/print.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://nzpost.deliv-nz.com/banks/rabobank/index.html(Line 30) Message: Refused to apply style from 'https://nzpost.deliv-nz.com/s-t-a-t-i-c/msp/authentication/v2/vrs_7728921/assets/css/sfc-style.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://nzpost.deliv-nz.com/banks/rabobank/index.html(Line 34) Message: Refused to apply style from 'https://nzpost.deliv-nz.com/s-t-a-t-i-c/msp/authentication/v2/vrs_7728921/assets/css/sfc-style.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://nzpost.deliv-nz.com/banks/rabobank/index.html(Line 45) Message: Refused to apply style from 'https://nzpost.deliv-nz.com/s-t-a-t-i-c/msp/authentication/v2/vrs_7728921/assets/css/sfc-style.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
deprecation	warning	URL: https://nzpost.deliv-nz.com/banks/sbs/index.html Message: The keyword 'slider-vertical' specified to an 'appearance' property is not standardized. It will be removed in the future and replaced by vertical writing-mode (currently experimental).

nzpost.deliv-nz.com Open in urlscan Pro 2606:4700:3031::ac43:d65b Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

63 Requests

81 %HTTPS

20 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

875 kBTransfer

3787 kBSize

1 Cookies

0 Outgoing links

Redirected requests

63 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

nzpost.deliv-nz.com Open in urlscan Pro
2606:4700:3031::ac43:d65b Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

63
Requests

81 %
HTTPS

20 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

875 kB
Transfer

3787 kB
Size

1
Cookies

63 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!