asb-mobile.co.nz
Open in
urlscan Pro
2a06:98c1:3120::c
Malicious Activity!
Public Scan
Submission: On September 14 via automatic, source openphish — Scanned from NL
Summary
TLS certificate: Issued by E1 on September 14th 2022. Valid for: 3 months.
This is the only time asb-mobile.co.nz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ASB Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
19 | 2a06:98c1:312... 2a06:98c1:3120::c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 23.36.163.246 23.36.163.246 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 188.114.97.12 188.114.97.12 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
22 | 3 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-163-246.deploy.static.akamaitechnologies.com
banner.asb.co.nz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
asb-mobile.co.nz
asb-mobile.co.nz |
177 KB |
2 |
asb.co.nz
banner.asb.co.nz |
2 KB |
1 |
crashlytics.ru
api.crashlytics.ru — Cisco Umbrella Rank: 258481 |
768 B |
22 | 3 |
Domain | Requested by | |
---|---|---|
19 | asb-mobile.co.nz |
asb-mobile.co.nz
|
2 | banner.asb.co.nz |
asb-mobile.co.nz
|
1 | api.crashlytics.ru |
asb-mobile.co.nz
|
22 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.asb.co.nz |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.asb-mobile.co.nz E1 |
2022-09-14 - 2022-12-13 |
3 months | crt.sh |
banner.asb.co.nz Entrust Certification Authority - L1M |
2022-06-27 - 2023-06-27 |
a year | crt.sh |
*.crashlytics.ru E1 |
2022-08-21 - 2022-11-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://asb-mobile.co.nz/login/main.php
Frame ID: 214E925BB9B9B0D2F7BAC3116D99E7A4
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
ASB Bank - Log inDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Modernizr (JavaScript Libraries) Expand
Detected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Underscore.js (JavaScript Libraries) Expand
Detected patterns
- underscore.*\.js(?:\?ver=([\d.]+))?
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Terms and conditions
Search URL Search Domain Scan URL
Title: About security
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Internet access terms
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
main.php
asb-mobile.co.nz/login/ |
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.min.css
asb-mobile.co.nz/login/css/ |
3 KB 613 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.min.css
asb-mobile.co.nz/login/css/ |
26 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr-2.7.1.js
asb-mobile.co.nz/login/js/ |
16 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
json2.min.js
asb-mobile.co.nz/login/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sha1.min.js
asb-mobile.co.nz/login/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.11.0.min.js
asb-mobile.co.nz/login/js/ |
94 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PopupManager.min.js
asb-mobile.co.nz/login/js/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custFontSize.min.js
asb-mobile.co.nz/login/js/ |
684 B 627 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
underscore-min.js
asb-mobile.co.nz/login/js/ |
16 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginBody.min.js
asb-mobile.co.nz/login/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p.min.js
asb-mobile.co.nz/login/js/ |
1 KB 943 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
overpass-regular.woff2
asb-mobile.co.nz/login/fonts/ |
36 KB 37 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-asb.svg
asb-mobile.co.nz/login/fonts/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-profile.svg
asb-mobile.co.nz/login/fonts/ |
534 B 799 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-lock-outline.svg
asb-mobile.co.nz/login/fonts/ |
757 B 935 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-information.svg
asb-mobile.co.nz/login/fonts/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
overpass-semibold.woff2
asb-mobile.co.nz/login/fonts/ |
34 KB 35 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
overpass-extralight.woff2
asb-mobile.co.nz/login/fonts/ |
36 KB 37 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
func.min.js
banner.asb.co.nz/Scripts/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
M
banner.asb.co.nz/marketting/ |
0 166 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
api.crashlytics.ru/tracking/ |
200 B 768 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ASB Bank (Banking)55 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| Modernizr object| html5 function| yepnope function| hex_sha1 function| b64_sha1 function| any_sha1 function| hex_hmac_sha1 function| b64_hmac_sha1 function| any_hmac_sha1 function| sha1_vm_test function| rstr_sha1 function| rstr_hmac_sha1 function| rstr2hex function| rstr2b64 function| rstr2any function| str2rstr_utf8 function| str2rstr_utf16le function| str2rstr_utf16be function| rstr2binb function| binb2rstr function| binb_sha1 function| sha1_ft function| sha1_kt function| safe_add function| bit_rol number| hexcase string| b64pad function| $ function| jQuery function| popupManagerRegisterNS object| ASB function| custFontSize function| _ object| MarketingConfig object| antiClickjack object| loginConfig function| getCookie string| warningString function| LoadMarketing object| jQuery1110032081845249396457 number| intFontSize number| currentFontSize number| c_start function| LoadFunc string| r string| t2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
asb-mobile.co.nz/login | Name: PHPPREFS Value: full |
|
asb-mobile.co.nz/ | Name: IV_JCT Value: %2Fauth |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.crashlytics.ru
asb-mobile.co.nz
banner.asb.co.nz
188.114.97.12
23.36.163.246
2a06:98c1:3120::c
173c5fde15b3f3a0b899fe30e144de9a4a7fedb4eefc8a7af26cf98f3b8d1b0a
31b96cdfe4da7c4463b68190c18c40152c0da912c826170dfe7e864e15248ad5
3bb4a337fd627cc5c005104db0045ea1cacc6647182b19e8973ad5f9a0633cbb
3d5f2d073c809f0bcc04303ae49547e910f55761a3bc3776d60ce2714ed436cd
3f20f7b5c6a167c81a08fd9f810c149dd791d9dcd8c5565f7e55a20140c70d94
4c2da955ac47d6d0b04d64169605f28e091c5c67a3f199fdb9b7d33e29389498
5238aa3fc748af50669f3eb688e7738df410d09776d6b03bc97aeb86f08e3849
5711c5306220e493196a013de21a13740e4bb0cefcc67a6444526ad9e498e5f0
5fe80957af88252e2964649ee230e7485654641aa515123e7c6ac37bdb842f3e
6b150fb294daa002ced0dfd29d281f730b60238c5d7611f2aac3b85f34fce969
733e43c33a0dcae6fdeb207fc95cb5c59abf6faef819c5253a68b9bbbf7daed5
8e178c17a519caf3dd5109ba45db5717c38d8f623a2f8b54eac0c54a27fd81f7
8ed769e9c3db90a36cfc03e8cae73eedf2a554b464d689b7b246442302ffe41e
a073f4b5de1358710e099851f696b89975c2fdbdceb462f4d806903bc203be20
a906b0d5e5bca0bf90129f7609f183c875f7040b2f304eb3ec81565fd504a9b1
b40e1f1767083ea174497b27de6f1ce029f2d48e9464d2c25191db966083e65c
c850df47993cfc37beba2646d3afbc8453f6475187be29008d43e5b753168660
daff09c2eed6877d426f90bff5e7997c1f2d8123a0a3637fa5a7b1e2ac71f305
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42d4fbb2d695ee304694d85345f1f1eaa4bce6820d242cbdd6f9a4480423361
e5dab8813afd296f20522c81ad086977bce815dd8b0d9516d3707805e447aec5
ea96c489669f0f8f60e99fa09e947d4ba62cbde2a11b905318c5d94cfbdaceef