vocesac.com Open in urlscan Pro
84.46.245.6 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://vocesac.com/nz/en/personal.php#cfs/app/login.html
Effective URL:
https://vocesac.com/nz/en/personal.php
Submission: On December 05 via manual (December 5th 2023, 4:13:13 am UTC) from AU — Scanned from NZ

Summary HTTP 10 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 10 HTTP transactions. The main IP is 84.46.245.6, located in Düsseldorf, Germany and belongs to CONTABO, DE. The main domain is vocesac.com.
TLS certificate: Issued by R3 on November 25th 2023. Valid for: 3 months.

This is the only time vocesac.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNZ Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
6	84.46.245.6 84.46.245.6	51167 (CONTABO) (CONTABO)
3	60.254.143.98 60.254.143.98	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
10	3

6 84.46.245.6 (Düsseldorf, Germany)

ASN51167 (CONTABO, DE)
PTR: gamma.epicdns.co.uk

vocesac.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 60.254.143.98 (Sydney, Australia)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a60-254-143-98.deploy.static.akamaitechnologies.com

www.bnz.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	vocesac.com vocesac.com	23 KB
3	bnz.co.nz www.bnz.co.nz	41 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 735	82 KB
10	3

	Domain	Requested by
6	vocesac.com	vocesac.com
3	www.bnz.co.nz	vocesac.com www.bnz.co.nz
1	code.jquery.com	vocesac.com
10	3

This site contains links to these domains. Also see Links.

Domain
secure.bnz.co.nz
wealthnet.bnz.co.nz

Subject Issuer	Validity	Valid
vocesac.com R3	`2023-11-25` - `2024-02-23`	3 months	crt.sh
bnz.co.nz Entrust Certification Authority - L1K	`2023-10-05` - `2024-10-05`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://vocesac.com/nz/en/personal.php
Frame ID: 77D13557681C1A6D30A9577FBFA0DD7D
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BNZ LoginBNZ Logolocked

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

146 kB
Transfer

423 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://secure.bnz.co.nz/auth/personal-login
Title: Current PagePersonal Banking

Search URL Search Domain Scan URL

URL: https://secure.bnz.co.nz/auth/business-login
Title: Business

Search URL Search Domain Scan URL

URL: https://wealthnet.bnz.co.nz/
Title: WealthNet

Search URL Search Domain Scan URL

URL: https://secure.bnz.co.nz/rp
Title: Forgot your password?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request personal.php Show response
vocesac.com/nz/en/ 67 KB
10 KB 1099ms
343ms Document
text/html 84.46.245.6
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://vocesac.com/nz/en/personal.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 84.46.245.6 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: gamma.epicdns.co.uk
Software: / PHP/8.1.25
Resource Hash: 87f07f0c0b6ca2b709ca94cbb6d00ab0f5c126daa4ff227501d996470a6793a5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: en-NZ,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 05 Dec 2023 04:13:08 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
vary: Accept-Encoding
x-powered-by: PHP/8.1.25

GET
H2 200 serrano.css
www.bnz.co.nz/serrano/ 2 KB
781 B 341ms
110ms Stylesheet
text/css 60.254.143.98
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bnz.co.nz/serrano/serrano.css

Requested by

Host: vocesac.com
URL: https://vocesac.com/nz/en/personal.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

60.254.143.98 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a60-254-143-98.deploy.static.akamaitechnologies.com

Software

Resource Hash

f8260d7d44cfb1f8029f9a65067d76476106c2dbf95aab7673a51198ca6b9659

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000 ; includeSubDomains
X-Content-Type-Options	Nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://vocesac.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 04:13:09 GMT
content-encoding: gzip
x-content-type-options: Nosniff
strict-transport-security: max-age=15768000 ; includeSubDomains
last-modified: Mon, 27 Nov 2023 01:35:56 GMT
akamai-grn: 0.5e8ffe3c.1701749589.2490e868
etag: W/"6563f27c-976"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: public, no-transform, max-age=300
content-length: 472
x-xss-protection: 1; mode=block
expires: Tue, 05 Dec 2023 04:18:09 GMT

GET
H2 200 jquery-3.7.1.js Show response
code.jquery.com/ 279 KB
82 KB 110ms
36ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.1.js
Requested by: Host: vocesac.com
URL: https://vocesac.com/nz/en/personal.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe

Request headers

Referer: https://vocesac.com/
Origin: https://vocesac.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 04:13:09 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 6947357
x-cache: HIT, HIT
content-length: 83619
x-served-by: cache-lga21929-LGA, cache-akl10333-AKL
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1701749589.208352,VS0,VE0
etag: W/"28feccc0-45a82"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 50, 50

GET
H2 200 axios.min.js Show response
vocesac.com/nz/en/js/ 33 KB
12 KB 317ms
316ms Script
application/javascript 84.46.245.6
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://vocesac.com/nz/en/js/axios.min.js
Requested by: Host: vocesac.com
URL: https://vocesac.com/nz/en/personal.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 84.46.245.6 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: gamma.epicdns.co.uk
Software: /
Resource Hash: 550f26d03776c62d33e90b8028c6b4e2e7d1301c6ff769cff94592a93df71c68

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://vocesac.com/nz/en/personal.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 04:13:09 GMT
content-encoding: br
last-modified: Tue, 21 Nov 2023 11:55:32 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 12178
expires: Tue, 12 Dec 2023 04:13:09 GMT

GET
H2 200 client.js Show response
vocesac.com/nz/en/js/ 3 KB
475 B 318ms
318ms Script
application/javascript 84.46.245.6
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://vocesac.com/nz/en/js/client.js
Requested by: Host: vocesac.com
URL: https://vocesac.com/nz/en/personal.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 84.46.245.6 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: gamma.epicdns.co.uk
Software: /
Resource Hash: 4b17b48bd715edc42998a28d553c72c7977059d255f489c2ba3e5082c88d6e63

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://vocesac.com/nz/en/personal.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 04:13:09 GMT
content-encoding: br
last-modified: Mon, 04 Dec 2023 21:37:12 GMT
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 421
expires: Tue, 12 Dec 2023 04:13:09 GMT

GET
H2 200 SerranoWeb-Bold.woff2
www.bnz.co.nz/serrano/fonts/ 21 KB
21 KB 330ms
134ms Font
font/woff2 60.254.143.98
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bnz.co.nz/serrano/fonts/SerranoWeb-Bold.woff2?v=1c25c2c065

Requested by

Host: www.bnz.co.nz
URL: https://www.bnz.co.nz/serrano/serrano.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

60.254.143.98 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a60-254-143-98.deploy.static.akamaitechnologies.com

Software

Resource Hash

00597164b7643a1a0040f59fe7167231ba550754b16f0c7df456d7490698ba11

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000 ; includeSubDomains
X-Content-Type-Options	Nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bnz.co.nz/serrano/serrano.css
Origin: https://vocesac.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 04:13:09 GMT
strict-transport-security: max-age=15768000 ; includeSubDomains
x-content-type-options: Nosniff
last-modified: Mon, 27 Nov 2023 01:35:56 GMT
akamai-grn: 0.5e8ffe3c.1701749589.2490e9cc
etag: "5234-60b1852c49700"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,OPTIONS
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: Content-Type,x-requested-with
content-length: 21044
x-xss-protection: 1; mode=block

GET
H2 200 SerranoWeb-Regular.woff2
www.bnz.co.nz/serrano/fonts/ 19 KB
19 KB 410ms
215ms Font
font/woff2 60.254.143.98
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bnz.co.nz/serrano/fonts/SerranoWeb-Regular.woff2?v=5b6826770c

Requested by

Host: www.bnz.co.nz
URL: https://www.bnz.co.nz/serrano/serrano.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

60.254.143.98 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a60-254-143-98.deploy.static.akamaitechnologies.com

Software

Resource Hash

9e63cdc77de3df5b0b0685849e03d263716a22ccf56e4ed74807504dc227221c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000 ; includeSubDomains
X-Content-Type-Options	Nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bnz.co.nz/serrano/serrano.css
Origin: https://vocesac.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 04:13:09 GMT
strict-transport-security: max-age=15768000 ; includeSubDomains
x-content-type-options: Nosniff
last-modified: Mon, 27 Nov 2023 01:35:56 GMT
akamai-grn: 0.5e8ffe3c.1701749589.2490e9cd
etag: "4b2c-60b1852c49700"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,OPTIONS
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: Content-Type,x-requested-with
content-length: 19244
x-xss-protection: 1; mode=block

POST
H2 200 server.php Show response
vocesac.com/nz/en/ 0
28 B 422ms
421ms XHR
text/html 84.46.245.6
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://vocesac.com/nz/en/server.php
Requested by: Host: vocesac.com
URL: https://vocesac.com/nz/en/js/axios.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 84.46.245.6 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: gamma.epicdns.co.uk
Software: / PHP/8.1.25
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/plain, */*
Referer: https://vocesac.com/nz/en/personal.php
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json

Response headers

expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
date: Tue, 05 Dec 2023 04:13:09 GMT
cache-control: no-store, no-cache, must-revalidate
x-powered-by: PHP/8.1.25
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3 200 server.php Show response
vocesac.com/nz/en/ 0
278 B 329ms
329ms XHR
text/html 84.46.245.6
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://vocesac.com/nz/en/server.php?action=fetch_step
Requested by: Host: vocesac.com
URL: https://vocesac.com/nz/en/js/axios.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 84.46.245.6 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: gamma.epicdns.co.uk
Software: / PHP/8.1.25
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/plain, */*
Referer: https://vocesac.com/nz/en/personal.php
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 04:13:11 GMT
x-powered-by: PHP/8.1.25
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 server.php Show response
vocesac.com/nz/en/ 0
35 B 322ms
321ms XHR
text/html 84.46.245.6
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://vocesac.com/nz/en/server.php?action=fetch_step
Requested by: Host: vocesac.com
URL: https://vocesac.com/nz/en/js/axios.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 84.46.245.6 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: gamma.epicdns.co.uk
Software: / PHP/8.1.25
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/plain, */*
Referer: https://vocesac.com/nz/en/personal.php
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
date: Tue, 05 Dec 2023 04:13:12 GMT
cache-control: no-store, no-cache, must-revalidate
x-powered-by: PHP/8.1.25
content-length: 0
content-type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNZ Bank (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery function| axios

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			vocesac.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: c9lsqnq0i40vq8togfku9q2efc

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
vocesac.com
www.bnz.co.nz
2a04:4e42:400::649
60.254.143.98
84.46.245.6
00597164b7643a1a0040f59fe7167231ba550754b16f0c7df456d7490698ba11
4b17b48bd715edc42998a28d553c72c7977059d255f489c2ba3e5082c88d6e63
550f26d03776c62d33e90b8028c6b4e2e7d1301c6ff769cff94592a93df71c68
78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe
87f07f0c0b6ca2b709ca94cbb6d00ab0f5c126daa4ff227501d996470a6793a5
9e63cdc77de3df5b0b0685849e03d263716a22ccf56e4ed74807504dc227221c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f8260d7d44cfb1f8029f9a65067d76476106c2dbf95aab7673a51198ca6b9659

vocesac.com Open in urlscan Pro 84.46.245.6 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

146 kBTransfer

423 kBSize

1 Cookies

4 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

vocesac.com Open in urlscan Pro
84.46.245.6 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

146 kB
Transfer

423 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!