nztagovect-nz.xyz Open in urlscan Pro
23.160.193.97  Malicious Activity! Public Scan

URL: https://nztagovect-nz.xyz/
Submission: On May 17 via automatic, source openphish — Scanned from NZ

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 23.160.193.97, located in United States and belongs to NETINF-TRANSIT-AS, US. The main domain is nztagovect-nz.xyz.
TLS certificate: Issued by R3 on May 16th 2023. Valid for: 3 months.
This is the only time nztagovect-nz.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

IP Address AS Autonomous System
14 23.160.193.97 397270 (NETINF-TR...)
1 13.35.17.50 16509 (AMAZON-02)
15 3
Apex Domain
Subdomains
Transfer
14 nztagovect-nz.xyz
nztagovect-nz.xyz
289 KB
1 ssl-images-amazon.com
images-cn.ssl-images-amazon.com — Cisco Umbrella Rank: 440177
28 KB
15 2
Domain Requested by
14 nztagovect-nz.xyz nztagovect-nz.xyz
1 images-cn.ssl-images-amazon.com nztagovect-nz.xyz
15 2

This site contains no links.

Subject Issuer Validity Valid
amazonzasfsda.top
R3
2023-05-16 -
2023-08-14
3 months crt.sh
images-cn.ssl-images-amazon.com
Amazon RSA 2048 M01
2023-02-23 -
2023-12-12
10 months crt.sh

This page contains 1 frames:

Primary Page: https://nztagovect-nz.xyz/
Frame ID: AD29667073AD5B44A8AA76A6EF705784
Requests: 17 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

7 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

316 kB
Transfer

857 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
nztagovect-nz.xyz/
36 KB
9 KB
Document
General
Full URL
https://nztagovect-nz.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
cffa3f02914eb7159952192c00a3bb99f910f33bd215bb061bf84b0b4ab67c90

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

content-encoding
gzip
content-length
9302
content-type
text/html; charset=utf-8
date
Wed, 17 May 2023 02:07:34 GMT
server
Apache
vary
Accept-Encoding
jquery-3.5.1.js
nztagovect-nz.xyz/js/
87 KB
30 KB
Script
General
Full URL
https://nztagovect-nz.xyz/js/jquery-3.5.1.js
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 17 May 2023 02:07:35 GMT
content-encoding
gzip
last-modified
Mon, 15 May 2023 04:40:12 GMT
server
Apache
etag
"15d84-5fbb40cdc4300-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
30913
jquery.mask.js
nztagovect-nz.xyz/js/
20 KB
5 KB
Script
General
Full URL
https://nztagovect-nz.xyz/js/jquery.mask.js
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
d207d7942aa5bd788378f92aae9fd3aae7ec1245776f16b6680bc1e312db3f51

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 17 May 2023 02:07:35 GMT
content-encoding
gzip
last-modified
Mon, 15 May 2023 04:40:12 GMT
server
Apache
etag
"51f1-5fbb40cdc4300-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
5436
jquery.validate.min.js
nztagovect-nz.xyz/js/
34 KB
8 KB
Script
General
Full URL
https://nztagovect-nz.xyz/js/jquery.validate.min.js
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
fde03dc107f1cfd899199f6bc9410e18fb317a3017e2431c884e05cf45c76205

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 17 May 2023 02:07:35 GMT
content-encoding
gzip
last-modified
Mon, 15 May 2023 04:40:12 GMT
server
Apache
etag
"868f-5fbb40cdc4300-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
8041
layer.js
nztagovect-nz.xyz/js/la/
22 KB
8 KB
Script
General
Full URL
https://nztagovect-nz.xyz/js/la/layer.js
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
a97e4941ceb1a7df7bcf5e9631b8d9e8f7b47d7ccb59b5ed3968380465e0e824

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 17 May 2023 02:07:35 GMT
content-encoding
gzip
last-modified
Mon, 15 May 2023 04:40:12 GMT
server
Apache
etag
"58d2-5fbb40cdc4300-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
7868
chunk-vendors.8822e685.js
nztagovect-nz.xyz/js/
202 KB
73 KB
Script
General
Full URL
https://nztagovect-nz.xyz/js/chunk-vendors.8822e685.js
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
66c5f74a1a2495983dc893d21a35876fcd42005650c5c3190ccceba491997c9e

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 17 May 2023 02:07:36 GMT
content-encoding
gzip
last-modified
Mon, 15 May 2023 04:40:12 GMT
server
Apache
etag
"32624-5fbb40cdc4300-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
app.f076fe3a.js
nztagovect-nz.xyz/js/
7 KB
3 KB
Script
General
Full URL
https://nztagovect-nz.xyz/js/app.f076fe3a.js
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
381390d097e3204dd614055627af55d529014c7dc25491a7af114f68aeac889c

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 17 May 2023 02:07:36 GMT
content-encoding
gzip
last-modified
Mon, 15 May 2023 04:40:12 GMT
server
Apache
etag
"1acc-5fbb40cdc4300-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
3051
app.14b691ba.css
nztagovect-nz.xyz/css/
230 B
276 B
Stylesheet
General
Full URL
https://nztagovect-nz.xyz/css/app.14b691ba.css
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
8e09b2662d710cf8a1752c1a1615d4110b9946c128900f6a5f9c2e1316da4416

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 17 May 2023 02:07:35 GMT
content-encoding
gzip
last-modified
Mon, 15 May 2023 04:40:12 GMT
server
Apache
etag
"e6-5fbb40cdc4300-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
165
layer.css
nztagovect-nz.xyz/js/la/theme/default/
14 KB
3 KB
Stylesheet
General
Full URL
https://nztagovect-nz.xyz/js/la/theme/default/layer.css?v=3.5.1
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/js/la/layer.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 17 May 2023 02:07:36 GMT
content-encoding
gzip
last-modified
Mon, 15 May 2023 04:40:12 GMT
server
Apache
etag
"37bf-5fbb40cdc4300-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
2789
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
83171ce6831197c0f77fd1ab8b4795a6064b60f0376341672e2e989a5b2cef19

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
846f676a751142fccaed31408d0ba2be2769208c71987a41a374b2855c90d71d

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/png
api.php
nztagovect-nz.xyz/api/
10 B
78 B
XHR
General
Full URL
https://nztagovect-nz.xyz/api/api.php
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/js/chunk-vendors.8822e685.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
33c1c92944a084e89ac8cbfe15da3c741575cbddd50a0301b946fb6da8441a93

Request headers

Accept
application/json, text/plain, */*
Referer
https://nztagovect-nz.xyz/
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 17 May 2023 02:07:37 GMT
content-encoding
gzip
server
Apache
content-length
30
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
895.5d1e95b2.css
nztagovect-nz.xyz/css/
323 KB
76 KB
Stylesheet
General
Full URL
https://nztagovect-nz.xyz/css/895.5d1e95b2.css
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/js/app.f076fe3a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
6a4e49d2ecacb05d5cc6ae728fe8431c3a982b0ff43e6208a977d7b0b61cd4bd

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 17 May 2023 02:07:37 GMT
content-encoding
gzip
last-modified
Mon, 15 May 2023 04:40:12 GMT
server
Apache
etag
"50a5f-5fbb40cdc4300-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
895.059b9a04.js
nztagovect-nz.xyz/js/
12 KB
4 KB
Script
General
Full URL
https://nztagovect-nz.xyz/js/895.059b9a04.js
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/js/app.f076fe3a.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
9aed1d0cad13f27bc401115f921abd1d92c0570dc2ce966ae1aea576ebcfed34

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 17 May 2023 02:07:37 GMT
content-encoding
gzip
last-modified
Mon, 15 May 2023 04:40:12 GMT
server
Apache
etag
"2e0f-5fbb40cdc4300-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
4197
new-nav-sprite-global-1x_blueheaven-account._CB658093862_.f48c5c9f.png
nztagovect-nz.xyz/img/
10 KB
10 KB
Image
General
Full URL
https://nztagovect-nz.xyz/img/new-nav-sprite-global-1x_blueheaven-account._CB658093862_.f48c5c9f.png
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
ccd2b4d3291236165abff9fb9aa683bf00eb4fe676e49532f7db78500cfcbe08

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 17 May 2023 02:07:37 GMT
last-modified
Mon, 15 May 2023 04:40:12 GMT
server
Apache
accept-ranges
bytes
etag
"28f2-5fbb40cdc4300"
content-length
10482
content-type
image/png
mPGmT0r6IeTyIee.png
images-cn.ssl-images-amazon.com/images/S/sash/
27 KB
28 KB
Image
General
Full URL
https://images-cn.ssl-images-amazon.com/images/S/sash/mPGmT0r6IeTyIee.png
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/css/895.5d1e95b2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.17.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-17-50.sin5.r.cloudfront.net
Software
Server /
Resource Hash
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 02:22:16 GMT
via
1.1 4ac3d01dc034ade34c90e81091421c76.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN5-C1
age
4319121
edge-cache-tag
x-cache-629,/images/S/sash/mPGmT0r6IeTyIee
x-cache
Hit from cloudfront
x-nginx-cache-status
HIT
content-length
27972
surrogate-key
x-cache-629 /images/S/sash/mPGmT0r6IeTyIee
last-modified
Tue, 17 Nov 2020 23:31:33 GMT
server
Server
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=630720000,public
x-amz-ir-id
135f8856-57e3-4552-972d-bcf2a44d8e12
accept-ranges
bytes
timing-allow-origin
https://www.amazon.in, https://www.amazon.com
x-amz-cf-id
K0tEiRHZa9pnK9mZ4nyQezVqU6vHU0PEdu31cTjXmQpuXf_SuqXRvg==
expires
Mon, 09 Mar 2043 17:10:08 GMT
fe2UeLQmJ11kKHN.61985c38.png
nztagovect-nz.xyz/img/
58 KB
58 KB
Image
General
Full URL
https://nztagovect-nz.xyz/img/fe2UeLQmJ11kKHN.61985c38.png
Requested by
Host: nztagovect-nz.xyz
URL: https://nztagovect-nz.xyz/css/895.5d1e95b2.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.160.193.97 , United States, ASN397270 (NETINF-TRANSIT-AS, US),
Reverse DNS
unknown.ip-xfer.net
Software
Apache /
Resource Hash
2ce18237ee8094ab137b910ce33aa1cdd7904c1dad5f238734ad5e307c5be08b

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://nztagovect-nz.xyz/css/895.5d1e95b2.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Wed, 17 May 2023 02:07:37 GMT
last-modified
Mon, 15 May 2023 04:40:12 GMT
server
Apache
accept-ranges
bytes
etag
"e762-5fbb40cdc4300"
content-length
59234
content-type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery object| layer object| webpackChunkamazontb function| _ boolean| __VUE__

2 Cookies

Domain/Path Name / Value
nztagovect-nz.xyz/ Name: PHPSESSID
Value: f055dbd271d621c6458be4bfb0a28adb
nztagovect-nz.xyz/ Name: thinkphp_show_page_trace
Value: 0|0