bnz.co.nz-sso.co - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 103.208.86.122, located in New Zealand and belongs to ZAPPIE-HOST-AS Zappie Host, US. The main domain is bnz.co.nz-sso.co.

This is the only time bnz.co.nz-sso.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNZ Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
6	103.208.86.122 103.208.86.122		61138 (ZAPPIE-HO...) (ZAPPIE-HOST-AS Zappie Host)
6	1

6 103.208.86.122 (New Zealand)

ASN61138 (ZAPPIE-HOST-AS Zappie Host, US)

bnz.co.nz-sso.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	nz-sso.co bnz.co.nz-sso.co	52 KB
6	1

	Domain	Requested by
6	bnz.co.nz-sso.co	bnz.co.nz-sso.co
6	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://bnz.co.nz-sso.co/login.php?session_id=EWVrWc4d4dfrEU6TE8QTQqJ6aeGGAgrfcmH9zLmEYC5Dxbwbkn5aOPgZ3XFEd6TqsAA2mXGlzLY7Xvih
Frame ID: 6402970F771CEAE422E184ABE79C5FA1
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BNZ Login BNZ Logoinformation locked

Page URL History Show full URLs

http://bnz.co.nz-sso.co/ Page URL
http://bnz.co.nz-sso.co/login.php?session_id=EWVrWc4d4dfrEU6TE8QTQqJ6aeGGAgrfcmH9zLmEYC5Dxbwbkn5aOPg... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

6
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

52 kB
Transfer

91 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bnz.co.nz-sso.co/ Page URL
http://bnz.co.nz-sso.co/login.php?session_id=EWVrWc4d4dfrEU6TE8QTQqJ6aeGGAgrfcmH9zLmEYC5Dxbwbkn5aOPgZ3XFEd6TqsAA2mXGlzLY7Xvih Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ bnz.co.nz-sso.co/	193 B 608 B	2384ms 2097ms	Document text/html	103.208.86.122 ZAPPIE-HOST-AS Za...
General Check archive.org Show headers Download Go to Full URL http://bnz.co.nz-sso.co/ Protocol HTTP/1.1 Server 103.208.86.122 , New Zealand, ASN61138 (ZAPPIE-HOST-AS Zappie Host, US), Reverse DNS Software nginx / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server nginx Date Thu, 24 Mar 2022 04:44:38 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Content-Encoding gzip
GET H/1.1	200 OK	Primary Request login.php Show response bnz.co.nz-sso.co/	9 KB 3 KB	2934ms 2934ms	Document text/html	103.208.86.122 ZAPPIE-HOST-AS Za...
General Check archive.org Show headers Download Go to Full URL http://bnz.co.nz-sso.co/login.php?session_id=EWVrWc4d4dfrEU6TE8QTQqJ6aeGGAgrfcmH9zLmEYC5Dxbwbkn5aOPgZ3XFEd6TqsAA2mXGlzLY7Xvih Requested by Host: bnz.co.nz-sso.co URL: http://bnz.co.nz-sso.co/ Protocol HTTP/1.1 Server 103.208.86.122 , New Zealand, ASN61138 (ZAPPIE-HOST-AS Zappie Host, US), Reverse DNS Software nginx / Resource Hash `a4c30a6f0fa63860a050d9f54bb926c7c40d65a2c574b043582bd9f215557263` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://bnz.co.nz-sso.co/ Response headers Server nginx Date Thu, 24 Mar 2022 04:44:41 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Content-Encoding gzip
GET H/1.1	200 OK	serrano.css bnz.co.nz-sso.co/theme/	2 KB 834 B	271ms 270ms	Stylesheet text/css	103.208.86.122 ZAPPIE-HOST-AS Za...
General Check archive.org Show headers Download Go to Full URL http://bnz.co.nz-sso.co/theme/serrano.css Requested by Host: bnz.co.nz-sso.co URL: http://bnz.co.nz-sso.co/login.php?session_id=EWVrWc4d4dfrEU6TE8QTQqJ6aeGGAgrfcmH9zLmEYC5Dxbwbkn5aOPgZ3XFEd6TqsAA2mXGlzLY7Xvih Protocol HTTP/1.1 Server 103.208.86.122 , New Zealand, ASN61138 (ZAPPIE-HOST-AS Zappie Host, US), Reverse DNS Software nginx / Resource Hash `316896bfb9a8a05389b3261e355c7b45aa9864e666b41cbb106fc360790d9634` Request headers Accept-Language de-DE,de;q=0.9 Referer http://bnz.co.nz-sso.co/login.php?session_id=EWVrWc4d4dfrEU6TE8QTQqJ6aeGGAgrfcmH9zLmEYC5Dxbwbkn5aOPgZ3XFEd6TqsAA2mXGlzLY7Xvih User-Agent Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers Date Thu, 24 Mar 2022 04:44:41 GMT Content-Encoding gzip Last-Modified Fri, 25 Feb 2022 06:50:42 GMT Server nginx ETag W/"62187c42-8e6" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Thu, 24 Mar 2022 16:44:41 GMT
GET H/1.1	200 OK	main.css bnz.co.nz-sso.co/theme/	41 KB 7 KB	274ms 274ms	Stylesheet text/css	103.208.86.122 ZAPPIE-HOST-AS Za...
General Check archive.org Show headers Download Go to Full URL http://bnz.co.nz-sso.co/theme/main.css Requested by Host: bnz.co.nz-sso.co URL: http://bnz.co.nz-sso.co/login.php?session_id=EWVrWc4d4dfrEU6TE8QTQqJ6aeGGAgrfcmH9zLmEYC5Dxbwbkn5aOPgZ3XFEd6TqsAA2mXGlzLY7Xvih Protocol HTTP/1.1 Server 103.208.86.122 , New Zealand, ASN61138 (ZAPPIE-HOST-AS Zappie Host, US), Reverse DNS Software nginx / Resource Hash `7ef016ccd7522b478e41f2da2344077944dd238d3a52764515bd2c70108028f4` Request headers Accept-Language de-DE,de;q=0.9 Referer http://bnz.co.nz-sso.co/login.php?session_id=EWVrWc4d4dfrEU6TE8QTQqJ6aeGGAgrfcmH9zLmEYC5Dxbwbkn5aOPgZ3XFEd6TqsAA2mXGlzLY7Xvih User-Agent Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers Date Thu, 24 Mar 2022 04:44:41 GMT Content-Encoding gzip Last-Modified Fri, 25 Feb 2022 07:46:38 GMT Server nginx ETag W/"6218895e-a21e" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=43200 Transfer-Encoding chunked Connection keep-alive Expires Thu, 24 Mar 2022 16:44:41 GMT
GET H/1.1	200 OK	SerranoWeb-Bold.woff2 bnz.co.nz-sso.co/theme/	21 KB 21 KB	275ms 274ms	Font font/woff2	103.208.86.122 ZAPPIE-HOST-AS Za...
General Check archive.org Show headers Download Go to Full URL http://bnz.co.nz-sso.co/theme/SerranoWeb-Bold.woff2?v=1c25c2c065 Requested by Host: bnz.co.nz-sso.co URL: http://bnz.co.nz-sso.co/theme/serrano.css Protocol HTTP/1.1 Server 103.208.86.122 , New Zealand, ASN61138 (ZAPPIE-HOST-AS Zappie Host, US), Reverse DNS Software nginx / Resource Hash `00597164b7643a1a0040f59fe7167231ba550754b16f0c7df456d7490698ba11` Request headers Referer http://bnz.co.nz-sso.co/theme/serrano.css Origin http://bnz.co.nz-sso.co Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers Date Thu, 24 Mar 2022 04:44:42 GMT Last-Modified Fri, 25 Feb 2022 06:50:04 GMT Server nginx ETag "62187c1c-5234" Content-Type font/woff2 Connection keep-alive Accept-Ranges bytes Content-Length 21044
GET H/1.1	200 OK	SerranoWeb-Regular.woff2 bnz.co.nz-sso.co/theme/	19 KB 19 KB	272ms 272ms	Font font/woff2	103.208.86.122 ZAPPIE-HOST-AS Za...
General Check archive.org Show headers Download Go to Full URL http://bnz.co.nz-sso.co/theme/SerranoWeb-Regular.woff2?v=5b6826770c Requested by Host: bnz.co.nz-sso.co URL: http://bnz.co.nz-sso.co/theme/serrano.css Protocol HTTP/1.1 Server 103.208.86.122 , New Zealand, ASN61138 (ZAPPIE-HOST-AS Zappie Host, US), Reverse DNS Software nginx / Resource Hash `9e63cdc77de3df5b0b0685849e03d263716a22ccf56e4ed74807504dc227221c` Request headers Referer http://bnz.co.nz-sso.co/theme/serrano.css Origin http://bnz.co.nz-sso.co Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Linux; Android 11; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36 Response headers Date Thu, 24 Mar 2022 04:44:42 GMT Last-Modified Fri, 25 Feb 2022 06:49:44 GMT Server nginx ETag "62187c08-4b2c" Content-Type font/woff2 Connection keep-alive Accept-Ranges bytes Content-Length 19244

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNZ Bank (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| check

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bnz.co.nz-sso.co/	1969-12-31 23:59:59	Name: PHPSESSID Value: al4rl4drvi7u1hs1jglph4hk62

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bnz.co.nz-sso.co
103.208.86.122
00597164b7643a1a0040f59fe7167231ba550754b16f0c7df456d7490698ba11
316896bfb9a8a05389b3261e355c7b45aa9864e666b41cbb106fc360790d9634
7ef016ccd7522b478e41f2da2344077944dd238d3a52764515bd2c70108028f4
9e63cdc77de3df5b0b0685849e03d263716a22ccf56e4ed74807504dc227221c
a4c30a6f0fa63860a050d9f54bb926c7c40d65a2c574b043582bd9f215557263

bnz.co.nz-sso.co Open in urlscan Pro 103.208.86.122 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

52 kBTransfer

91 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

bnz.co.nz-sso.co Open in urlscan Pro
103.208.86.122 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

52 kB
Transfer

91 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!