![](/screenshots/72a25aa1-9552-4178-9a1a-5aeee719b1d1.png)
banking.westpac-com-au.click
Open in
urlscan Pro
172.67.168.121
Malicious Activity!
Public Scan
Effective URL: https://banking.westpac-com-au.click/wbc/banking/handler
Submission: On August 03 via manual from AU — Scanned from AU
Summary
TLS certificate: Issued by GTS CA 1P5 on July 31st 2023. Valid for: 3 months.
This is the only time banking.westpac-com-au.click was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Westpac (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 104.20.138.65 104.20.138.65 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 2 | 104.21.66.14 104.21.66.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 13 | 172.67.168.121 172.67.168.121 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
westpac-com-au.click
2 redirects
banking.westpac-com-au.click |
89 KB |
2 |
au-mail.es
2 redirects
0b8b1d9ba54a3d4a7153.au-mail.es |
1 KB |
1 |
tinyurl.com
1 redirects
tinyurl.com — Cisco Umbrella Rank: 16870 |
535 B |
11 | 3 |
Domain | Requested by | |
---|---|---|
13 | banking.westpac-com-au.click |
2 redirects
banking.westpac-com-au.click
|
2 | 0b8b1d9ba54a3d4a7153.au-mail.es | 2 redirects |
1 | tinyurl.com | 1 redirects |
11 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
westpac-com-au.click GTS CA 1P5 |
2023-07-31 - 2023-10-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://banking.westpac-com-au.click/wbc/banking/handler
Frame ID: C6181DDC904A24052BE80307DA85B09E
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/72a25aa1-9552-4178-9a1a-5aeee719b1d1.png)
Page Title
Sign in to Westpac Online BankingPage URL History Show full URLs
-
https://tinyurl.com/2yhp5ewc
HTTP 301
https://0b8b1d9ba54a3d4a7153.au-mail.es/west6078/?=info@hoofbeats.org.au=?=ok HTTP 302
https://0b8b1d9ba54a3d4a7153.au-mail.es/west.php?=info@hoofbeats.org.au HTTP 302
https://banking.westpac-com-au.click/wbc/banking/au.php?=info@hoofbeats.org.au HTTP 302
https://banking.westpac-com-au.click/wbc/banking/.index.php HTTP 302
https://banking.westpac-com-au.click/wbc/banking/handler Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://tinyurl.com/2yhp5ewc
HTTP 301
https://0b8b1d9ba54a3d4a7153.au-mail.es/west6078/?=info@hoofbeats.org.au=?=ok HTTP 302
https://0b8b1d9ba54a3d4a7153.au-mail.es/west.php?=info@hoofbeats.org.au HTTP 302
https://banking.westpac-com-au.click/wbc/banking/au.php?=info@hoofbeats.org.au HTTP 302
https://banking.westpac-com-au.click/wbc/banking/.index.php HTTP 302
https://banking.westpac-com-au.click/wbc/banking/handler Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
handler
banking.westpac-com-au.click/wbc/banking/ Redirect Chain
|
19 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
000-000-0001combined.css
banking.westpac-com-au.click/wbc/banking/king_files/ |
154 B 422 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
000-0001combined.css
banking.westpac-com-au.click/wbc/banking/king_files/ |
214 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
000-0001combined_002.css
banking.westpac-com-au.click/wbc/banking/king_files/ |
94 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_white_bg.png
banking.westpac-com-au.click/wbc/banking/king_files/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
close-slider.png
banking.westpac-com-au.click/wbc/banking/king_files/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pixel.gif
banking.westpac-com-au.click/wbc/banking/king_files/ |
42 B 370 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
StandardSignInRibbon.png.4f505a909d6a96b07fe521d44051d96801184d82.png
banking.westpac-com-au.click/wbc/banking/king_files/Images/ |
172 B 500 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
padlock-icon-v2.png.600e24c5da08eebbbee193c94b5d476d9269b51a.png
banking.westpac-com-au.click/wbc/banking/king_files/Images/ |
466 B 833 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
white-chevron.png.75a6ec48e7b0b941f3fada64c3def1875b1f7591.png
banking.westpac-com-au.click/wbc/banking/king_files/Images/ |
223 B 541 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
red_arrow_icon.png.50687ff84190c3c102b0e9b867229854cb61bec9.png
banking.westpac-com-au.click/wbc/banking/king_files/Images/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Westpac (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
banking.westpac-com-au.click/wbc/banking | Name: link_mail Value: info%40hoofbeats.org.au |
|
0b8b1d9ba54a3d4a7153.au-mail.es/west6078 | Name: link_mail Value: info%40hoofbeats.org.au |
|
0b8b1d9ba54a3d4a7153.au-mail.es/ | Name: PHPSESSID Value: 7bdjqqhgtsv7betdh4c1c99pe1 |
|
0b8b1d9ba54a3d4a7153.au-mail.es/ | Name: link_mail Value: info%40hoofbeats.org.au |
|
banking.westpac-com-au.click/ | Name: PHPSESSID Value: m44g1jgchd98o7c735top6f3sc |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
0b8b1d9ba54a3d4a7153.au-mail.es
banking.westpac-com-au.click
tinyurl.com
104.20.138.65
104.21.66.14
172.67.168.121
06b806e1ac0dcd5c55eecef5fba60cc9a9ba999d2e85e36f5c88c2200da863e7
1072735c320f761ea30ae9f78b1d421172281739088a8416303cd4fbebe05270
375c21b6f1883e77283613efec7b44651124cce1a873df52659b43a8e8cdbe4e
6973b22376b0cfcb74403c7f558140ca37d89685e53fe11472ab4b470a85aa6a
6fa80b0cb238a7f4e42868f3a59406af132dcf5ca434589c2aab6d70d872edb6
90625e6164330d2eb9e1bf01a00e54f83eb18e1b307517dc94207e366b967047
94c274e4ef0b59f43ebbc89f9de1614684ae6eddce57472cff88d1182ae7295a
c55bd0015458ced87f7b7a2f9bfc23be609d220a29e3c6d6851e253590ce3468
cf1c352b986e083292b5713ac5556b02832a8cf248485e627708110e62a83820
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd8ff5ab6aae4e32a9798a7f13d3d913f82a749cb2039eeb94aa0c2f71456827