bnz-secure.publicvm.com Open in urlscan Pro
94.156.68.71 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bnz-secure.publicvm.com/ret/safety
Effective URL:
https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
Submission: On July 13 via api (July 13th 2024, 3:51:15 am UTC) from US — Scanned from US

Summary HTTP 15 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 94.156.68.71, located in Netherlands and belongs to LIMENET, US. The main domain is bnz-secure.publicvm.com.
TLS certificate: Issued by R10 on July 12th 2024. Valid for: 3 months.

This is the only time bnz-secure.publicvm.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNZ Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 8	94.156.68.71 94.156.68.71	394711 (LIMENET) (LIMENET)
7	23.44.111.36 23.44.111.36	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
15	3

8 94.156.68.71 (Netherlands) 1 redirects

ASN394711 (LIMENET, US)

bnz-secure.publicvm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 23.44.111.36 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-44-111-36.deploy.static.akamaitechnologies.com

www.bnz.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.bnz.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	publicvm.com 1 redirects bnz-secure.publicvm.com	13 KB
7	bnz.co.nz www.bnz.co.nz secure.bnz.co.nz	52 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 736	30 KB
15	3

	Domain	Requested by
8	bnz-secure.publicvm.com	1 redirects bnz-secure.publicvm.com
4	www.bnz.co.nz	bnz-secure.publicvm.com www.bnz.co.nz
3	secure.bnz.co.nz	bnz-secure.publicvm.com
1	code.jquery.com	bnz-secure.publicvm.com
15	4

This site contains links to these domains. Also see Links.

Domain
www.bnz.co.nz

Subject Issuer	Validity	Valid
bnz-secure.publicvm.com R10	`2024-07-12` - `2024-10-10`	3 months	crt.sh
bnz.co.nz Entrust Certification Authority - L1K	`2024-06-19` - `2024-10-04`	4 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
Frame ID: B5153542577F8B7EEEF5569412B2AC0C
Requests: 14 HTTP requests in this frame

Frame: https://secure.bnz.co.nz/pingfederate/idp/startSLO.ping?TargetResource=%2Fauth&InErrorResource=%2Fauth
Frame ID: 160B0BAD6EF61332C68DCDF6596346C8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BNZ Login

Page URL History Show full URLs

https://bnz-secure.publicvm.com/ret/safety HTTP 302
https://bnz-secure.publicvm.com/securebnz/internetbanking/safety Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

95 kB
Transfer

236 kB
Size

2
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bnz.co.nz/
Title: BNZ Logo

Search URL Search Domain Scan URL

URL: https://www.bnz.co.nz/registration/ib/app/register
Title: Register

Search URL Search Domain Scan URL

URL: https://www.bnz.co.nz/support/internet-banking/essentials/finding-your-access-number
Title: Find your Access Number

Search URL Search Domain Scan URL

URL: https://www.bnz.co.nz/iphoneapp

Search URL Search Domain Scan URL

URL: https://www.bnz.co.nz/androidapp

Search URL Search Domain Scan URL

URL: https://www.bnz.co.nz/personal-banking/everyday-banking/mobile-banking
Title: Learn more about the app

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bnz-secure.publicvm.com/ret/safety HTTP 302
https://bnz-secure.publicvm.com/securebnz/internetbanking/safety Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request safety Show response
bnz-secure.publicvm.com/securebnz/internetbanking/
Redirect Chain

https://bnz-secure.publicvm.com/ret/safety
https://bnz-secure.publicvm.com/securebnz/internetbanking/safety

68 KB
10 KB

240ms
240ms

Document
text/html

94.156.68.71
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.156.68.71 , Netherlands, ASN394711 (LIMENET, US),
Reverse DNS
Software: nginx / PHP/8.3.9 PleskLin
Resource Hash: c3ba68d1b0337836a3a60d33a5d0f89ceeabbaca3e510bc1fc77cddde2072302

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 10223
content-type: text/html; charset=UTF-8
date: Sat, 13 Jul 2024 03:51:09 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.3.9 PleskLin

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 13 Jul 2024 03:51:09 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: /securebnz/internetbanking/safety
pragma: no-cache
server: nginx
x-powered-by: PHP/8.3.9 PleskLin

GET
H2 200 serrano.css
www.bnz.co.nz/serrano/ 2 KB
789 B 1519ms
915ms Stylesheet
text/css 23.44.111.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bnz.co.nz/serrano/serrano.css

Requested by

Host: bnz-secure.publicvm.com
URL: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.111.36 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-111-36.deploy.static.akamaitechnologies.com

Software

Resource Hash

f8260d7d44cfb1f8029f9a65067d76476106c2dbf95aab7673a51198ca6b9659

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload
X-Content-Type-Options	Nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bnz-secure.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 03:51:11 GMT
content-encoding: gzip
x-content-type-options: Nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
last-modified: Sun, 07 Jul 2024 22:36:55 GMT
akamai-grn: 0.a4c82c17.1720842670.16a31483
etag: W/"668b1887-976"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: public, no-transform, max-age=300
content-length: 472
x-xss-protection: 1; mode=block
expires: Sat, 13 Jul 2024 03:56:11 GMT

GET
H2 200 app-store-badge.svg
secure.bnz.co.nz/auth/images/ 9 KB
5 KB 1741ms
1166ms Image
image/svg+xml 23.44.111.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bnz.co.nz/auth/images/app-store-badge.svg

Requested by

Host: bnz-secure.publicvm.com
URL: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.111.36 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-111-36.deploy.static.akamaitechnologies.com

Software

Resource Hash

e01c7c7073c345aff9d17d5b07981d701ca923f43d7a9bcec8f46244c35e11ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bnz-secure.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 13 Jul 2024 03:51:11 GMT
strict-transport-security: max-age=15768000
akamai-grn: 0.a4c82c17.1720842670.16a31498
server-timing: dtSInfo;desc="0", dtRpid;desc="-1346349152"
bnz-logon-request: 1
x-xss-protection: 1; mode=block
content-length: 3809
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 28 Sep 2023 07:52:30 GMT
etag: "651530be-239a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes

GET
H2 200 google-play-badge.svg
secure.bnz.co.nz/auth/images/ 7 KB
4 KB 1726ms
1171ms Image
image/svg+xml 23.44.111.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bnz.co.nz/auth/images/google-play-badge.svg

Requested by

Host: bnz-secure.publicvm.com
URL: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.111.36 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-111-36.deploy.static.akamaitechnologies.com

Software

Resource Hash

26ce8a8faef716e5a0336b1032b0ad4d8a1dcd38b540da95c0247c00d621ab29

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bnz-secure.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 13 Jul 2024 03:51:11 GMT
strict-transport-security: max-age=15768000
akamai-grn: 0.a4c82c17.1720842670.16a31497
server-timing: dtSInfo;desc="0", dtRpid;desc="-50531144"
bnz-logon-request: 1
x-xss-protection: 1; mode=block
content-length: 2731
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 28 Sep 2023 07:52:30 GMT
etag: "651530be-1b03"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes

GET
H2 200 sec-4-4.css
bnz-secure.publicvm.com/_sec/cp_challenge/ 0
182 B 223ms
223ms Stylesheet
text/html 94.156.68.71
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bnz-secure.publicvm.com/_sec/cp_challenge/sec-4-4.css
Requested by: Host: bnz-secure.publicvm.com
URL: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.156.68.71 , Netherlands, ASN394711 (LIMENET, US),
Reverse DNS
Software: nginx / PHP/8.3.9, PleskLin
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jul 2024 03:51:10 GMT
server: nginx
x-powered-by: PHP/8.3.9, PleskLin
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 211ms
68ms Script
application/javascript 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: bnz-secure.publicvm.com
URL: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://bnz-secure.publicvm.com/
Origin: https://bnz-secure.publicvm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 03:51:10 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 2247241
x-cache: HIT, HIT
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-lax-kwhp1940110-LAX
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1720842670.248914,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 584720, 62362

GET
H2 200 login.js Show response
bnz-secure.publicvm.com/js/securebnz/ 5 KB
1 KB 251ms
250ms Script
text/javascript 94.156.68.71
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bnz-secure.publicvm.com/js/securebnz/login.js?v=2
Requested by: Host: bnz-secure.publicvm.com
URL: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.156.68.71 , Netherlands, ASN394711 (LIMENET, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: dcda199398cad6b31632741313e3948a604438f4099d6f9185db073558a86424

Request headers

Referer: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 03:51:10 GMT
content-encoding: gzip
last-modified: Sat, 06 Jul 2024 16:48:04 GMT
server: nginx
etag: "14b0-61c96f194d900-gzip"
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 1152

GET
H2 200 3.6ca2a99c.chunk.js
bnz-secure.publicvm.com/auth/static/js/ 0
182 B 254ms
253ms Other
text/html 94.156.68.71
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bnz-secure.publicvm.com/auth/static/js/3.6ca2a99c.chunk.js
Requested by: Host: bnz-secure.publicvm.com
URL: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.156.68.71 , Netherlands, ASN394711 (LIMENET, US),
Reverse DNS
Software: nginx / PHP/8.3.9, PleskLin
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jul 2024 03:51:10 GMT
server: nginx
x-powered-by: PHP/8.3.9, PleskLin
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 4.bb624667.chunk.js
bnz-secure.publicvm.com/auth/static/js/ 0
182 B 237ms
237ms Other
text/html 94.156.68.71
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bnz-secure.publicvm.com/auth/static/js/4.bb624667.chunk.js
Requested by: Host: bnz-secure.publicvm.com
URL: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.156.68.71 , Netherlands, ASN394711 (LIMENET, US),
Reverse DNS
Software: nginx / PHP/8.3.9, PleskLin
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jul 2024 03:51:10 GMT
server: nginx
x-powered-by: PHP/8.3.9, PleskLin
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 5.c5c9bca4.chunk.js
bnz-secure.publicvm.com/auth/static/js/ 0
182 B 258ms
257ms Other
text/html 94.156.68.71
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bnz-secure.publicvm.com/auth/static/js/5.c5c9bca4.chunk.js
Requested by: Host: bnz-secure.publicvm.com
URL: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.156.68.71 , Netherlands, ASN394711 (LIMENET, US),
Reverse DNS
Software: nginx / PHP/8.3.9, PleskLin
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jul 2024 03:51:10 GMT
server: nginx
x-powered-by: PHP/8.3.9, PleskLin
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 startSLO.ping
secure.bnz.co.nz/pingfederate/idp/ Frame 160B 0
0 1805ms
1245ms Document
text/html 23.44.111.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bnz.co.nz/pingfederate/idp/startSLO.ping?TargetResource=%2Fauth&InErrorResource=%2Fauth

Requested by

Host: bnz-secure.publicvm.com
URL: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.111.36 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-111-36.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bnz-secure.publicvm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

akamai-grn: 0.a4c82c17.1720842670.16a31474
cache-control: no-cache, no-store
content-encoding: gzip
content-length: 1298
content-type: text/html;charset=utf-8
date: Sat, 13 Jul 2024 03:51:11 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server-timing: dtRpid;desc="275313448", dtSInfo;desc="0"
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-akamai-transformed: 9 1716 0 pmb=mTOE,4
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-oneagent-js-injection: true
x-xss-protection: 1; mode=block

GET
H2 200 SerranoWeb-Bold.woff2
www.bnz.co.nz/serrano/fonts/ 21 KB
21 KB 1363ms
965ms Font
font/woff2 23.44.111.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bnz.co.nz/serrano/fonts/SerranoWeb-Bold.woff2?v=1c25c2c065

Requested by

Host: www.bnz.co.nz
URL: https://www.bnz.co.nz/serrano/serrano.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.111.36 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-111-36.deploy.static.akamaitechnologies.com

Software

Resource Hash

00597164b7643a1a0040f59fe7167231ba550754b16f0c7df456d7490698ba11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload
X-Content-Type-Options	Nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bnz.co.nz/serrano/serrano.css
Origin: https://bnz-secure.publicvm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 03:51:12 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
x-content-type-options: Nosniff
last-modified: Sun, 07 Jul 2024 22:36:55 GMT
akamai-grn: 0.a4c82c17.1720842672.16a3181a
etag: "5234-61cafef0338b6"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,OPTIONS
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: Content-Type,x-requested-with
content-length: 21044
x-xss-protection: 1; mode=block

GET
H2 200 SerranoWeb-Regular.woff2
www.bnz.co.nz/serrano/fonts/ 19 KB
19 KB 1423ms
1026ms Font
font/woff2 23.44.111.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bnz.co.nz/serrano/fonts/SerranoWeb-Regular.woff2?v=5b6826770c

Requested by

Host: www.bnz.co.nz
URL: https://www.bnz.co.nz/serrano/serrano.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.111.36 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-111-36.deploy.static.akamaitechnologies.com

Software

Resource Hash

9e63cdc77de3df5b0b0685849e03d263716a22ccf56e4ed74807504dc227221c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload
X-Content-Type-Options	Nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bnz.co.nz/serrano/serrano.css
Origin: https://bnz-secure.publicvm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 03:51:12 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
x-content-type-options: Nosniff
last-modified: Sun, 07 Jul 2024 22:39:24 GMT
akamai-grn: 0.a4c82c17.1720842672.16a3181b
etag: "4b2c-61caff7eb34b8"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,OPTIONS
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: Content-Type,x-requested-with
content-length: 19244
x-xss-protection: 1; mode=block

GET
H2 200 favicon.ico
www.bnz.co.nz/favicons/ 18 KB
3 KB 404ms
404ms Other
image/x-icon 23.44.111.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bnz.co.nz/favicons/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.111.36 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-111-36.deploy.static.akamaitechnologies.com

Software

Resource Hash

36eee91e816e09a8c409b8f543c5c837a1a69e22fe9cd639d5875b3c5645a9e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload
X-Content-Type-Options	Nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bnz-secure.publicvm.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 03:51:13 GMT
content-encoding: gzip
x-content-type-options: Nosniff
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
last-modified: Sun, 07 Jul 2024 22:36:55 GMT
akamai-grn: 0.a4c82c17.1720842673.16a31b1f
etag: "668b1887-46ae"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/x-icon
cache-control: public, no-transform, max-age=300
accept-ranges: bytes
content-length: 2336
x-xss-protection: 1; mode=block
expires: Sat, 13 Jul 2024 03:56:13 GMT

POST
H2 200 online
bnz-secure.publicvm.com/user/ 0
0 248ms
247ms Fetch
text/html 94.156.68.71
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bnz-secure.publicvm.com/user/online
Requested by: Host: bnz-secure.publicvm.com
URL: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.156.68.71 , Netherlands, ASN394711 (LIMENET, US),
Reverse DNS
Software: nginx / PHP/8.3.9, PleskLin
Resource Hash

Request headers

Referer: https://bnz-secure.publicvm.com/securebnz/internetbanking/safety
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary8pq962P3tdLe56ja

Response headers

pragma: no-cache
date: Sat, 13 Jul 2024 03:51:14 GMT
server: nginx
x-powered-by: PHP/8.3.9, PleskLin
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNZ Bank (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bnz-secure.publicvm.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: v11mick1jodf7o7p14g76h7271
			secure.bnz.co.nz/	1969-12-31 23:59:59	Name: PF Value: z7tkoTNp3IoDsPemYYg4bN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bnz-secure.publicvm.com
code.jquery.com
secure.bnz.co.nz
www.bnz.co.nz
23.44.111.36
2a04:4e42::649
94.156.68.71
00597164b7643a1a0040f59fe7167231ba550754b16f0c7df456d7490698ba11
26ce8a8faef716e5a0336b1032b0ad4d8a1dcd38b540da95c0247c00d621ab29
36eee91e816e09a8c409b8f543c5c837a1a69e22fe9cd639d5875b3c5645a9e0
9e63cdc77de3df5b0b0685849e03d263716a22ccf56e4ed74807504dc227221c
c3ba68d1b0337836a3a60d33a5d0f89ceeabbaca3e510bc1fc77cddde2072302
dcda199398cad6b31632741313e3948a604438f4099d6f9185db073558a86424
e01c7c7073c345aff9d17d5b07981d701ca923f43d7a9bcec8f46244c35e11ef
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f8260d7d44cfb1f8029f9a65067d76476106c2dbf95aab7673a51198ca6b9659
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

bnz-secure.publicvm.com Open in urlscan Pro 94.156.68.71 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

33 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

95 kBTransfer

236 kBSize

2 Cookies

6 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

2 Cookies

Indicators

bnz-secure.publicvm.com Open in urlscan Pro
94.156.68.71 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

95 kB
Transfer

236 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!