nab-secure.com.au Open in urlscan Pro
35.240.215.58  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response nab-secure.com.au/	14 KB 15 KB	1254ms 300ms	Document text/html	35.240.215.58 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://nab-secure.com.au/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.240.215.58 , Ascension Island, ASN15169 (GOOGLE, US), Reverse DNS 58.215.240.35.bc.googleusercontent.com Software Apache / Resource Hash 2a60f27d40476b430826f2c7197166fb8f83b1bad25a4555750d581ab992538f Request headers Host nab-secure.com.au Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers Date Fri, 28 Feb 2020 07:35:27 GMT Server Apache Last-Modified Tue, 25 Feb 2020 08:30:51 GMT Accept-Ranges bytes Content-Length 14678 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H2	200	track.php Show response log.hitsteps.com/	40 KB 10 KB	193ms 123ms	Script text/javascript	104.28.6.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://log.hitsteps.com/track.php?code=566e816d9108d3f077c7f0dae1dc7362 Requested by Host: nab-secure.com.au URL: https://nab-secure.com.au/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.28.6.34 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 955d6a9e85af8642d58e05f4dffcfaa945c816bb57be90647b421ac857bb72b7 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://nab-secure.com.au/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers date Fri, 28 Feb 2020 07:35:28 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC p3p CP="CAO PSA OUR" status 200 pragma no-cache last-modified Fri, 28 Feb 2020 07:35:28 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding,User-Agent content-type text/javascript;charset=UTF-8 access-control-allow-origin * cache-control max-age=3600, s-max-age=84600 cf-ray 56c0b8d29f5ace8b-LHR expires Tue, 03 Jul 2001 06:00:00 GMT
GET H2	200	mib_legacy.css ib.nab.com.au/nabib/styles/mobile/	35 KB 9 KB	471ms 28ms	Stylesheet text/css	92.123.199.229 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://ib.nab.com.au/nabib/styles/mobile/mib_legacy.css?id=1.17.5-B68 Requested by Host: nab-secure.com.au URL: https://nab-secure.com.au/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.123.199.229 , Ascension Island, ASN16625 (AKAMAI-AS, US), Reverse DNS a92-123-199-229.deploy.static.akamaitechnologies.com Software / Resource Hash 13bb6beff12bf6884b824ecca6c6954b7873ef451e9b856c0ad7a6c733b7fd89 Request headers Referer https://nab-secure.com.au/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers date Fri, 28 Feb 2020 07:35:28 GMT content-encoding gzip last-modified Fri, 24 Jan 2020 05:14:00 GMT etag "56186-8d96-59cdbd3477600" vary Accept-Encoding content-type text/css status 200 cache-control max-age=600 accept-ranges bytes content-length 9157 expires Fri, 28 Feb 2020 07:45:28 GMT
GET H2	200	login-message-iphone-web.gif www.nab.com.au/static/mobile/IB/loginBanner/	3 KB 3 KB	148ms 47ms	Image image/gif	23.45.110.59 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.nab.com.au/static/mobile/IB/loginBanner/login-message-iphone-web.gif Requested by Host: nab-secure.com.au URL: https://nab-secure.com.au/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.45.110.59 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-45-110-59.deploy.static.akamaitechnologies.com Software IBM_HTTP_Server / Resource Hash 8321046fd44e8ffe315e8d18bdaf92ec992219aa2d19ef700aab02ceba1d3f92 Request headers Referer https://nab-secure.com.au/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Fri, 28 Feb 2020 07:35:28 GMT last-modified Wed, 17 May 2017 22:19:58 GMT server IBM_HTTP_Server etag "60cd9-b38-54fbfb041bf80" content-type image/gif status 200 accept-ranges bytes content-length 2872
GET H2	200	gather.php log.hitsteps.com/	53 B 184 B	68ms 68ms	Image image/gif	104.28.6.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://log.hitsteps.com/gather.php?sid=75031&ui=pgdlgarydn&aid=64513&u=https%3A//nab-secure.com.au/&et=1&ti=NAB%20IB%20on%20your%20mobile&touchpoints=0&sh=1200&sw=1600&sc=24&wsh=1200&wsw=1600&p=&l=en-US&c=Linux%20x86_64&t=60&ja=1&fv=&MySearch=&uniqueid=&integrity=&ipname=&gdpr=2&Tag=&label=&iTag=&iPage=&utm_source=&src=&jv=0&ca=1&uidn=&hitc=&rev=&goal=&timing=1537&dm=nab-secure.com.au&v=0.9584534330180892 Requested by Host: nab-secure.com.au URL: https://nab-secure.com.au/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.28.6.34 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e367ca161f2de58c70e3e1ba24ba8d0cb114c72b63012417749c47f5fd6aa6d1 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://nab-secure.com.au/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers pragma no-cache date Fri, 28 Feb 2020 07:35:28 GMT x-content-type-options nosniff cf-cache-status DYNAMIC last-modified Fri, 28 Feb 2020 07:35:28 GMT server cloudflare access-control-allow-origin * expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary User-Agent p3p CP="CAO PSA OUR" status 200 cache-control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 cf-ray 56c0b8d368b2ce8b-LHR content-type image/gif expires Tue, 03 Jul 2001 06:00:00 GMT
GET H2	200	logo_legacy.gif ib.nab.com.au/nabib/images/mobile/	2 KB 2 KB	44ms 44ms	Image image/gif	92.123.199.229 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ib.nab.com.au/nabib/images/mobile/logo_legacy.gif Protocol H2 Security TLS 1.3, , AES_256_GCM Server 92.123.199.229 , Ascension Island, ASN16625 (AKAMAI-AS, US), Reverse DNS a92-123-199-229.deploy.static.akamaitechnologies.com Software / Resource Hash 35cf02af1fa5ce5c1dc50e92a87355f86b855c34fd7a0f56e4a8418900f542d4 Request headers Referer https://ib.nab.com.au/nabib/styles/mobile/mib_legacy.css?id=1.17.5-B68 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers date Fri, 28 Feb 2020 07:35:28 GMT last-modified Fri, 24 Jan 2020 05:14:00 GMT etag "1f570-6f7-59cdbd3477600" content-type image/gif status 200 cache-control max-age=600 accept-ranges bytes content-length 1783 expires Fri, 28 Feb 2020 07:45:28 GMT
GET H2	200	png.php Show response log.hitsteps.com/	294 B 321 B	49ms 49ms	Script text/javascript	104.28.6.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://log.hitsteps.com/png.php?idle=0&aid=64513&sid=75031&temp_uid=pgdlgarydn&lang=auto&bat=100//Adapter//00%3A00//---&aplg=not%20found Requested by Host: log.hitsteps.com URL: https://log.hitsteps.com/track.php?code=566e816d9108d3f077c7f0dae1dc7362 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.28.6.34 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 92cedc4a98d0d2f737f76314549dbcd3af502daaab543e55871793479bf2cb75 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://nab-secure.com.au/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers date Fri, 28 Feb 2020 07:35:29 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC p3p CP="CAO PSA OUR" status 200 pragma no-cache last-modified Fri, 28 Feb 2020 07:35:29 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding,User-Agent content-type text/javascript;charset=UTF-8 access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 cf-ray 56c0b8d9aa79ce8b-LHR expires Tue, 03 Jul 2001 06:00:00 GMT
GET H2	200	png.php Show response log.hitsteps.com/	294 B 312 B	52ms 52ms	Script text/javascript	104.28.6.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://log.hitsteps.com/png.php?idle=0&aid=64513&sid=75031&temp_uid=pgdlgarydn&lang=auto&bat=100//Adapter//00%3A00//---&aplg=not%20found Requested by Host: log.hitsteps.com URL: https://log.hitsteps.com/track.php?code=566e816d9108d3f077c7f0dae1dc7362 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.28.6.34 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 92cedc4a98d0d2f737f76314549dbcd3af502daaab543e55871793479bf2cb75 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://nab-secure.com.au/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers date Fri, 28 Feb 2020 07:35:34 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC p3p CP="CAO PSA OUR" status 200 pragma no-cache last-modified Fri, 28 Feb 2020 07:35:34 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding,User-Agent content-type text/javascript;charset=UTF-8 access-control-allow-origin * cache-control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 cf-ray 56c0b8f93edfce8b-LHR expires Tue, 03 Jul 2001 06:00:00 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NAB Bank (Banking)

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| _hs_getqs function| _hs_setData function| _hs_getData string| ipname_temp string| _hs_uniqueid_temp number| _hs_gdpr_diag function| _hs_checkGDPR string| _hs_bat object| _hs_sysbat string| _hs_adplug string| _hs_a_uid number| _hs_navigator_touchpoints function| _hs_readAdplugin function| _hs_readBattery function| _HSTracker number| _HS_jquery_injected number| HSTracked number| ChatDiv function| _hs_getParmFromHash undefined| _HS_body undefined| _HS_html undefined| _HS_dhh undefined| hstc undefined| hstcs undefined| htssc object| hsutube number| hsytindex object| hsutbarr object| hsplayerArray object| hitsteps number| hs_idleTime number| hs_idle number| hs_idles number| hs_timed undefined| getScript function| _hsni_addListener function| _hsni_get_href function| _hsni_get_parent function| _hsni_get_target function| _hsni_trackAlinks function| _hsni_noIdle function| _hsni_Idle function| _hsni_mnoIdle function| hs_CheckInactivity function| onYouTubePlayerReady function| onYouTubeIframeAPIReady function| _hs_elementor_video_overlay function| _hs_hash_changed number| aid number| sid string| _hs_api_code_public string| hs_lang number| hs_enable_form number| _hs_noyoutubeapi number| _hs_heatmap_allowed number| _hs_pre_compliance string| _hs_gdpr_compliance_txt string| _hs_gdpr_btn_yes string| _hs_gdpr_btn_no function| _hs_a_giveMeRandom function| _hs_a_readCookie function| _hs_a_writeCookie function| _hs_a_setVal function| _hs_a_getVal function| _hs_bt_toTime object| prm number| nochat number| _hs_youtubeapiloaded number| hs_pingcount number| _hs_gdpr object| img string| hs_rev string| hs_goal string| mysearch string| MySearch string| tag string| Tag string| label string| IPname string| ipname string| _hs_uniqueid string| _hs_integrity string| _hs_last_full_url string| uaddress string| utitle string| uref string| new_url object| battery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			nab-secure.com.au/	1969-12-31 23:59:59	Name: _HS_temp_id Value: pgdlgarydn

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ib.nab.com.au
log.hitsteps.com
nab-secure.com.au
www.nab.com.au
104.28.6.34
23.45.110.59
35.240.215.58
92.123.199.229
13bb6beff12bf6884b824ecca6c6954b7873ef451e9b856c0ad7a6c733b7fd89
2a60f27d40476b430826f2c7197166fb8f83b1bad25a4555750d581ab992538f
35cf02af1fa5ce5c1dc50e92a87355f86b855c34fd7a0f56e4a8418900f542d4
8321046fd44e8ffe315e8d18bdaf92ec992219aa2d19ef700aab02ceba1d3f92
92cedc4a98d0d2f737f76314549dbcd3af502daaab543e55871793479bf2cb75
955d6a9e85af8642d58e05f4dffcfaa945c816bb57be90647b421ac857bb72b7
e367ca161f2de58c70e3e1ba24ba8d0cb114c72b63012417749c47f5fd6aa6d1