banking.westpac-com-au.click Open in urlscan Pro
172.67.168.121 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tinyurl.com/2yhp5ewc
Effective URL:
https://banking.westpac-com-au.click/wbc/banking/handler
Submission: On August 03 via manual (August 3rd 2023, 12:31:55 am UTC) from AU — Scanned from AU

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 172.67.168.121, located in United States and belongs to CLOUDFLARENET, US. The main domain is banking.westpac-com-au.click.
TLS certificate: Issued by GTS CA 1P5 on July 31st 2023. Valid for: 3 months.

This is the only time banking.westpac-com-au.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Westpac (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.20.138.65 104.20.138.65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	104.21.66.14 104.21.66.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 13	172.67.168.121 172.67.168.121	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	1

1 104.20.138.65 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.66.14 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

0b8b1d9ba54a3d4a7153.au-mail.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 172.67.168.121 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

banking.westpac-com-au.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	westpac-com-au.click 2 redirects banking.westpac-com-au.click	89 KB
2	au-mail.es 2 redirects 0b8b1d9ba54a3d4a7153.au-mail.es	1 KB
1	tinyurl.com 1 redirects tinyurl.com — Cisco Umbrella Rank: 16870	535 B
11	3

	Domain	Requested by
13	banking.westpac-com-au.click	2 redirects banking.westpac-com-au.click
2	0b8b1d9ba54a3d4a7153.au-mail.es	2 redirects
1	tinyurl.com	1 redirects
11	3

This site contains no links.

Subject Issuer	Validity	Valid
westpac-com-au.click GTS CA 1P5	`2023-07-31` - `2023-10-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://banking.westpac-com-au.click/wbc/banking/handler
Frame ID: C6181DDC904A24052BE80307DA85B09E
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to Westpac Online Banking

Page URL History Show full URLs

https://tinyurl.com/2yhp5ewc HTTP 301
https://0b8b1d9ba54a3d4a7153.au-mail.es/west6078/?=info@hoofbeats.org.au=?=ok HTTP 302
https://0b8b1d9ba54a3d4a7153.au-mail.es/west.php?=info@hoofbeats.org.au HTTP 302
https://banking.westpac-com-au.click/wbc/banking/au.php?=info@hoofbeats.org.au HTTP 302
https://banking.westpac-com-au.click/wbc/banking/.index.php HTTP 302
https://banking.westpac-com-au.click/wbc/banking/handler Page URL

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

88 kB
Transfer

351 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tinyurl.com/2yhp5ewc HTTP 301
https://0b8b1d9ba54a3d4a7153.au-mail.es/west6078/?=info@hoofbeats.org.au=?=ok HTTP 302
https://0b8b1d9ba54a3d4a7153.au-mail.es/west.php?=info@hoofbeats.org.au HTTP 302
https://banking.westpac-com-au.click/wbc/banking/au.php?=info@hoofbeats.org.au HTTP 302
https://banking.westpac-com-au.click/wbc/banking/.index.php HTTP 302
https://banking.westpac-com-au.click/wbc/banking/handler Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request handler Show response banking.westpac-com-au.click/wbc/banking/ Redirect Chain https://tinyurl.com/2yhp5ewc https://0b8b1d9ba54a3d4a7153.au-mail.es/west6078/?=info@hoofbeats.org.au=?=ok https://0b8b1d9ba54a3d4a7153.au-mail.es/west.php?=info@hoofbeats.org.au https://banking.westpac-com-au.click/wbc/banking/au.php?=info@hoofbeats.org.au https://banking.westpac-com-au.click/wbc/banking/.index.php https://banking.westpac-com-au.click/wbc/banking/handler	19 KB 7 KB	698ms 698ms	Document text/html	172.67.168.121 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://banking.westpac-com-au.click/wbc/banking/handler Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.168.121 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.33 PleskLin Resource Hash `6fa80b0cb238a7f4e42868f3a59406af132dcf5ca434589c2aab6d70d872edb6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 7f0a75bb9e73aafc-SYD content-encoding br content-type text/html; charset=UTF-8 date Thu, 03 Aug 2023 00:31:49 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gaE3uf%2B9uNXjeYMD7gfqmIyzo5R2lN61gPbCY5sWH4awZak9Gtjcz%2Bk0%2BmtdllKiA1bkAFrmrkPzBy%2BAkbZvZBJzCCQ6ZkdR9ZPwfrPWxt2pWGk8j1l%2B08N2DWZmt7oo5TDJdK1k6iHhquDNe%2BZh"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/7.4.33 PleskLin Redirect headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 7f0a75b5ffe7aafc-SYD content-type text/html; charset=UTF-8 date Thu, 03 Aug 2023 00:31:48 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location ./handler nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NcbHDIe%2FVj1dXdIwKG047i9Fv6TdNrVwNtUulCgAgcgJr2IR3k%2BQaZBZ3Jj2XJ78aQw0GN6PMKaRjvUQ2IXpJiqMGIWHjGpN7jx%2BDsAoDJ%2BWfkyYw22HAKSvTX43pWafJN6R4NqXA6qadA4dvC0P"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.33 PleskLin
GET H2	200	000-000-0001combined.css banking.westpac-com-au.click/wbc/banking/king_files/	154 B 422 B	122ms 121ms	Stylesheet text/css	172.67.168.121 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://banking.westpac-com-au.click/wbc/banking/king_files/000-000-0001combined.css Requested by Host: banking.westpac-com-au.click URL: https://banking.westpac-com-au.click/wbc/banking/handler Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.168.121 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `90625e6164330d2eb9e1bf01a00e54f83eb18e1b307517dc94207e366b967047` Request headers accept-language en-AU,en;q=0.9 Referer https://banking.westpac-com-au.click/wbc/banking/handler User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 03 Aug 2023 00:31:49 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2603 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 last-modified Sat, 06 Nov 2021 20:42:00 GMT x-accel-version 0.01 server cloudflare etag W/"9a-5d024ca995600-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQgaSfLw2%2FZ91rICRNTvGNqri6gNU3KBIqHKU4mtnooIQ3vjNTConmpk%2FxGXg9ogDsB5f5rcxxK0Tw0XOVDE4l832t3NM2Wz5jO%2F3G5T5bS38fk5kISNPUMmoOK4tndeF2yKz0X6nUtiLMlMum9e"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=120 cf-ray 7f0a75bffc92aafc-SYD
GET H2	200	000-0001combined.css banking.westpac-com-au.click/wbc/banking/king_files/	214 KB 39 KB	123ms 122ms	Stylesheet text/css	172.67.168.121 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://banking.westpac-com-au.click/wbc/banking/king_files/000-0001combined.css Requested by Host: banking.westpac-com-au.click URL: https://banking.westpac-com-au.click/wbc/banking/handler Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.168.121 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `c55bd0015458ced87f7b7a2f9bfc23be609d220a29e3c6d6851e253590ce3468` Request headers accept-language en-AU,en;q=0.9 Referer https://banking.westpac-com-au.click/wbc/banking/handler User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 03 Aug 2023 00:31:49 GMT content-encoding br cf-cache-status HIT last-modified Sat, 06 Nov 2021 20:42:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2603 etag W/"6186e898-3568e" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mKXtbcITFIC7fMSeNVYGidHaeyTC9%2FLuJ4kjYue4%2BtzCpeTGitNt8YMUw3U6th%2FJ4f6wL9eTsJQ6rmXgkn%2BrOu4%2B%2BgI%2B9TlwxjKt0piE71FpcPrUfxmgx41JV0ZFpKDNqFF%2Buxd%2FgB9K0qfPzxhx"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=120 cf-ray 7f0a75bffc93aafc-SYD alt-svc h3=":443"; ma=86400
GET H2	200	000-0001combined_002.css banking.westpac-com-au.click/wbc/banking/king_files/	94 KB 16 KB	108ms 108ms	Stylesheet text/css	172.67.168.121 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://banking.westpac-com-au.click/wbc/banking/king_files/000-0001combined_002.css Requested by Host: banking.westpac-com-au.click URL: https://banking.westpac-com-au.click/wbc/banking/handler Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.168.121 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `1072735c320f761ea30ae9f78b1d421172281739088a8416303cd4fbebe05270` Request headers accept-language en-AU,en;q=0.9 Referer https://banking.westpac-com-au.click/wbc/banking/handler User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 03 Aug 2023 00:31:49 GMT content-encoding br cf-cache-status HIT last-modified Sat, 06 Nov 2021 20:42:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2603 etag W/"6186e898-178df" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UDZXMsn641UOlcelph5TSapFSn4ng2QezT%2BH7Z0Y7cqPyAvDjmQXEKzFTewvAqqKgG8Aneq2VTcwN2HboxZoTeutuiVk5s3zWfKiDwYFB4q4xuTmYMhecDrApj1ZY7EYi%2BRPbaIVi1fFE42A1%2Fqj"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=120 cf-ray 7f0a75bffc95aafc-SYD alt-svc h3=":443"; ma=86400
GET H2	200	logo_white_bg.png banking.westpac-com-au.click/wbc/banking/king_files/	1 KB 1 KB	106ms 106ms	Image image/png	172.67.168.121 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://banking.westpac-com-au.click/wbc/banking/king_files/logo_white_bg.png Requested by Host: banking.westpac-com-au.click URL: https://banking.westpac-com-au.click/wbc/banking/handler Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.168.121 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `cf1c352b986e083292b5713ac5556b02832a8cf248485e627708110e62a83820` Request headers accept-language en-AU,en;q=0.9 Referer https://banking.westpac-com-au.click/wbc/banking/handler User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 03 Aug 2023 00:31:49 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2602 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 1183 last-modified Sat, 06 Nov 2021 20:42:00 GMT server cloudflare etag "6186e898-49f" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BAGnicrC80xvceMInKgTind1DuV6uKWFnTUGtsbtTW1MCNxrIzTOlsYI7MwDZwLknXEvf7hNNVuYbNWbmoIbxV8pFjywtFU6posfwNHA2Y%2Fn3cJxYw0eF3LHS63Oi%2Bm5lLUcvxirz9%2BVkYKdOQ%2FO"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=120 accept-ranges bytes cf-ray 7f0a75bffc96aafc-SYD
GET H2	200	close-slider.png banking.westpac-com-au.click/wbc/banking/king_files/	4 KB 4 KB	102ms 101ms	Image image/png	172.67.168.121 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://banking.westpac-com-au.click/wbc/banking/king_files/close-slider.png Requested by Host: banking.westpac-com-au.click URL: https://banking.westpac-com-au.click/wbc/banking/handler Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.168.121 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `94c274e4ef0b59f43ebbc89f9de1614684ae6eddce57472cff88d1182ae7295a` Request headers accept-language en-AU,en;q=0.9 Referer https://banking.westpac-com-au.click/wbc/banking/handler User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 03 Aug 2023 00:31:49 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2602 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 4230 last-modified Sat, 06 Nov 2021 20:42:00 GMT server cloudflare etag "6186e898-1086" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gKTmcg2CACzenMVxO9upkBOSNZA2ZI0h95WcmOeV9cd96kkrHZDh80d01%2FGehvNAu1lj7GqxU64h3rUKwZq4Ena336%2FVlU%2BkZVza3z1ZxkZmRwKE83jFibVZF51B0c5PCAJyGaw%2FrX8Ti4RBjVsI"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=120 accept-ranges bytes cf-ray 7f0a75bffc97aafc-SYD
GET H2	200	pixel.gif banking.westpac-com-au.click/wbc/banking/king_files/	42 B 370 B	120ms 120ms	Image image/gif	172.67.168.121 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://banking.westpac-com-au.click/wbc/banking/king_files/pixel.gif Requested by Host: banking.westpac-com-au.click URL: https://banking.westpac-com-au.click/wbc/banking/handler Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.168.121 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers accept-language en-AU,en;q=0.9 Referer https://banking.westpac-com-au.click/wbc/banking/handler User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 03 Aug 2023 00:31:49 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2602 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 42 last-modified Sat, 06 Nov 2021 20:42:00 GMT x-accel-version 0.01 server cloudflare etag "2a-5d024ca995600" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J1VODbUMlY7kvS9TEVtY5h4NkwHfHpV5vZSxkq%2B5hlQRXaL7MBb9Ak5z8YnuvBAM6u2bbCgho8kaxgd6sNMRj0Io9Xh1rFWJYyjIaneZIG%2B6luEwisEdNIvkkt2jKB%2FoHGHowWZBlWNYZn85ZlRl"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=120 accept-ranges bytes cf-ray 7f0a75bffc9aaafc-SYD
GET H2	200	StandardSignInRibbon.png.4f505a909d6a96b07fe521d44051d96801184d82.png banking.westpac-com-au.click/wbc/banking/king_files/Images/	172 B 500 B	106ms 106ms	Image image/png	172.67.168.121 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://banking.westpac-com-au.click/wbc/banking/king_files/Images/StandardSignInRibbon.png.4f505a909d6a96b07fe521d44051d96801184d82.png?preserve-inactive-time=true Requested by Host: banking.westpac-com-au.click URL: https://banking.westpac-com-au.click/wbc/banking/king_files/000-0001combined_002.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.168.121 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `06b806e1ac0dcd5c55eecef5fba60cc9a9ba999d2e85e36f5c88c2200da863e7` Request headers accept-language en-AU,en;q=0.9 Referer https://banking.westpac-com-au.click/wbc/banking/king_files/000-0001combined_002.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 03 Aug 2023 00:31:49 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2601 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 172 last-modified Sat, 06 Nov 2021 20:42:00 GMT x-accel-version 0.01 server cloudflare etag "ac-5d024ca995600" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rQgVSljvBZV3jJ%2Bi2627RwZOiskwbBntxolMc8VKUAK7uiZ%2FDM%2FggKhqE5wRJ96FSqHlhchygfuRclYbePD7a5XMXr5%2FlF4AzB9%2FGIyjvZNxf2A4iK1pTAn0mFKn7J3dFphVKXvfSOCMtEGbbBLT"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=120 accept-ranges bytes cf-ray 7f0a75c15ea5aafc-SYD
GET H2	200	padlock-icon-v2.png.600e24c5da08eebbbee193c94b5d476d9269b51a.png banking.westpac-com-au.click/wbc/banking/king_files/Images/	466 B 833 B	106ms 106ms	Image image/png	172.67.168.121 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://banking.westpac-com-au.click/wbc/banking/king_files/Images/padlock-icon-v2.png.600e24c5da08eebbbee193c94b5d476d9269b51a.png?preserve-inactive-time=true Requested by Host: banking.westpac-com-au.click URL: https://banking.westpac-com-au.click/wbc/banking/king_files/000-0001combined_002.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.168.121 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `6973b22376b0cfcb74403c7f558140ca37d89685e53fe11472ab4b470a85aa6a` Request headers accept-language en-AU,en;q=0.9 Referer https://banking.westpac-com-au.click/wbc/banking/king_files/000-0001combined_002.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 03 Aug 2023 00:31:49 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2601 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 466 last-modified Sat, 06 Nov 2021 20:42:00 GMT x-accel-version 0.01 server cloudflare etag "1d2-5d024ca995600" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BLMpkMPGTrmUYTulOmVxTEO3mV4qvTBl5VHDYC7CoBdB20VJF2OlkDCe4%2FFDiT%2BXMr5AaPsaVdlkMj4BemgRXKepTV2Ww1BQw0NFwyg4OcEEO2SkD7%2F0I8RDAHwCRT4vsh33Un7OdayvUa6FNzOQ"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=120 accept-ranges bytes cf-ray 7f0a75c15eacaafc-SYD
GET H2	200	white-chevron.png.75a6ec48e7b0b941f3fada64c3def1875b1f7591.png banking.westpac-com-au.click/wbc/banking/king_files/Images/	223 B 541 B	103ms 103ms	Image image/png	172.67.168.121 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://banking.westpac-com-au.click/wbc/banking/king_files/Images/white-chevron.png.75a6ec48e7b0b941f3fada64c3def1875b1f7591.png?preserve-inactive-time=true Requested by Host: banking.westpac-com-au.click URL: https://banking.westpac-com-au.click/wbc/banking/king_files/000-0001combined_002.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.168.121 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `fd8ff5ab6aae4e32a9798a7f13d3d913f82a749cb2039eeb94aa0c2f71456827` Request headers accept-language en-AU,en;q=0.9 Referer https://banking.westpac-com-au.click/wbc/banking/king_files/000-0001combined_002.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 03 Aug 2023 00:31:49 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2601 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 223 last-modified Sat, 06 Nov 2021 20:42:00 GMT x-accel-version 0.01 server cloudflare etag "df-5d024ca995600" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4NRS%2B5lvY0G8GsZ92VUcayvMCaf7l2K7uHMynHurhOvN4IX2M6yW8tWwPPXnyBH7zzzHY4UZeVWztiDjvFAGmaIYBMZzRbEvTI1NlVH0p0PV65YoS9AGqfqPVAYPfEEMBS1VrEdPhNJqDY3x5Ue%2B"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=120 accept-ranges bytes cf-ray 7f0a75c15eb1aafc-SYD
GET H2	200	red_arrow_icon.png.50687ff84190c3c102b0e9b867229854cb61bec9.png banking.westpac-com-au.click/wbc/banking/king_files/Images/	18 KB 18 KB	106ms 106ms	Image image/png	172.67.168.121 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://banking.westpac-com-au.click/wbc/banking/king_files/Images/red_arrow_icon.png.50687ff84190c3c102b0e9b867229854cb61bec9.png?preserve-inactive-time=true Requested by Host: banking.westpac-com-au.click URL: https://banking.westpac-com-au.click/wbc/banking/king_files/000-0001combined_002.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.168.121 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `375c21b6f1883e77283613efec7b44651124cce1a873df52659b43a8e8cdbe4e` Request headers accept-language en-AU,en;q=0.9 Referer https://banking.westpac-com-au.click/wbc/banking/king_files/000-0001combined_002.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Thu, 03 Aug 2023 00:31:49 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2601 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 17991 last-modified Sat, 06 Nov 2021 20:42:00 GMT server cloudflare etag "6186e898-4647" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nofj3DTQ09cu9zZFsOc%2B5NQus12K45tuQx4A4LwfV0bcx86KTNZQ91ixNF85fWuTMitJigENvkKAvh476eWWafi79RUOQ8xaukifASpCPJ0%2F4TqEX5eL1Swe57EvlwCHQPhkTfzMElWLpPMmuGPJ"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=120 accept-ranges bytes cf-ray 7f0a75c15eb6aafc-SYD

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Westpac (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
banking.westpac-com-au.click/wbc/banking	1970-01-20 23:19:42	Name: link_mail Value: info%40hoofbeats.org.au
0b8b1d9ba54a3d4a7153.au-mail.es/west6078	1970-01-20 23:19:42	Name: link_mail Value: info%40hoofbeats.org.au
0b8b1d9ba54a3d4a7153.au-mail.es/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7bdjqqhgtsv7betdh4c1c99pe1
0b8b1d9ba54a3d4a7153.au-mail.es/	1970-01-20 23:19:42	Name: link_mail Value: info%40hoofbeats.org.au
banking.westpac-com-au.click/	1969-12-31 23:59:59	Name: PHPSESSID Value: m44g1jgchd98o7c735top6f3sc

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0b8b1d9ba54a3d4a7153.au-mail.es
banking.westpac-com-au.click
tinyurl.com
104.20.138.65
104.21.66.14
172.67.168.121
06b806e1ac0dcd5c55eecef5fba60cc9a9ba999d2e85e36f5c88c2200da863e7
1072735c320f761ea30ae9f78b1d421172281739088a8416303cd4fbebe05270
375c21b6f1883e77283613efec7b44651124cce1a873df52659b43a8e8cdbe4e
6973b22376b0cfcb74403c7f558140ca37d89685e53fe11472ab4b470a85aa6a
6fa80b0cb238a7f4e42868f3a59406af132dcf5ca434589c2aab6d70d872edb6
90625e6164330d2eb9e1bf01a00e54f83eb18e1b307517dc94207e366b967047
94c274e4ef0b59f43ebbc89f9de1614684ae6eddce57472cff88d1182ae7295a
c55bd0015458ced87f7b7a2f9bfc23be609d220a29e3c6d6851e253590ce3468
cf1c352b986e083292b5713ac5556b02832a8cf248485e627708110e62a83820
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd8ff5ab6aae4e32a9798a7f13d3d913f82a749cb2039eeb94aa0c2f71456827

banking.westpac-com-au.click Open in urlscan Pro 172.67.168.121 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

1 IPs

2 Countries

88 kBTransfer

351 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

5 Cookies

Indicators

banking.westpac-com-au.click Open in urlscan Pro
172.67.168.121 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

88 kB
Transfer

351 kB
Size

5
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!