westpac-authsecure.com
Open in
urlscan Pro
34.93.174.166
Malicious Activity!
Public Scan
Submission Tags: #phishing @ecarlesi Search All
Submission: On July 22 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by R3 on July 21st 2022. Valid for: 3 months.
This is the only time westpac-authsecure.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Westpac (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 34.93.174.166 34.93.174.166 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 110.5.81.221 110.5.81.221 | 9426 (WESTPAC-A...) (WESTPAC-AS-AP Westpac Bank) | |
12 | 3 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 166.174.93.34.bc.googleusercontent.com
westpac-authsecure.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
westpac-authsecure.com
westpac-authsecure.com |
32 KB |
1 |
westpac.com.au
banking.westpac.com.au — Cisco Umbrella Rank: 511022 |
29 KB |
12 | 2 |
Domain | Requested by | |
---|---|---|
9 | westpac-authsecure.com |
westpac-authsecure.com
|
1 | banking.westpac.com.au |
westpac-authsecure.com
|
12 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
westpac-authsecure.com R3 |
2022-07-21 - 2022-10-19 |
3 months | crt.sh |
banking.westpac.com.au Entrust Certification Authority - L1M |
2022-04-13 - 2023-04-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://westpac-authsecure.com/pages
Frame ID: 89ED57576B4C1A7936A75E05683249DE
Requests: 12 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
pages
westpac-authsecure.com/ |
20 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
000-000-0001combined.css.1a6232cd07874834478c928fa1f30b79eea8fe08.css
westpac-authsecure.com/front_end/front_end_files/ |
154 B 395 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
000-0001combined.css.ad465e8be579042cb5c8ec3d4ebc745fbe87f2b4.css
westpac-authsecure.com/front_end/front_end_files/ |
47 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
000-0001combined.css.b0cf37060ddf80c0f0adf1583668a8d44dfb5143.css
westpac-authsecure.com/front_end/front_end_files/ |
8 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.js
westpac-authsecure.com/js/cntdjs/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.mask.js
westpac-authsecure.com/js/cntdjs/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cntd.js
westpac-authsecure.com/js/cntdjs/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.js
westpac-authsecure.com/js/shared/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
online_status.js
westpac-authsecure.com/js/shared/ |
998 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_white_bg.png.ce5c4c19ec61b56796f0e218fc8329c558421fd8.png
westpac-authsecure.com/front_end/front_end_files/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
close-slider.png
westpac-authsecure.com/front_end/front_end_files/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
soon_browsernotsupported1024x168.jpg
banking.westpac.com.au/wbc/banking/Resources/Desktop/WBC/Assets/Images/ |
28 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- westpac-authsecure.com
- URL
- https://westpac-authsecure.com/js/cntdjs/jquery.js
- Domain
- westpac-authsecure.com
- URL
- https://westpac-authsecure.com/js/cntdjs/jquery.mask.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Westpac (Banking)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| urlroot string| uniqueid object| controller string| url1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
westpac-authsecure.com/ | Name: PHPSESSID Value: df9789406fa4c4d62e418d176c2e51d5 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
banking.westpac.com.au
westpac-authsecure.com
westpac-authsecure.com
110.5.81.221
34.93.174.166
2ba133898e9f8308a200cd09d3542ea24fd89a4931777744cd35ad367308479c
3086eb2644035c7be97e888c12dab321320f5fb6629d6167def8390204ca8cdf
4bdc871a71df801aa86926434d6fbed9744ec4757af4e9d6d40978724ea59134
5b056148977cddad1d04190e8588f71549f5fbce2c8504fd0a52699a451896ca
90625e6164330d2eb9e1bf01a00e54f83eb18e1b307517dc94207e366b967047
94c274e4ef0b59f43ebbc89f9de1614684ae6eddce57472cff88d1182ae7295a
cf1c352b986e083292b5713ac5556b02832a8cf248485e627708110e62a83820
e64e9d464beb9fe2717cd8bd8d093bb04d570f08a15c65f14533733904e12be7