goldmasterplan.info Open in urlscan Pro
85.202.169.64 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://l.linklyhq.com/l/1Kxem
Effective URL:
https://goldmasterplan.info/pages
Submission Tags: #phishing @jcybersec_ Search All
Submission: On June 29 via api (June 29th 2022, 10:43:07 am UTC) from FI — Scanned from NL

Summary HTTP 13 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 85.202.169.64, located in Netherlands and belongs to AS_DELIS, US. The main domain is goldmasterplan.info.
TLS certificate: Issued by R3 on June 26th 2022. Valid for: 3 months.

This is the only time goldmasterplan.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNZ Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	85.202.169.64 85.202.169.64	211252 (AS_DELIS) (AS_DELIS)
3	95.101.77.220 95.101.77.220	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
13	2

1 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

l.linklyhq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 85.202.169.64 (Netherlands)

ASN211252 (AS_DELIS, US)

goldmasterplan.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 95.101.77.220 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-77-220.deploy.static.akamaitechnologies.com

secure.bnz.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	goldmasterplan.info goldmasterplan.info	184 KB
3	bnz.co.nz secure.bnz.co.nz	94 KB
1	linklyhq.com 1 redirects l.linklyhq.com — Cisco Umbrella Rank: 632188	764 B
13	3

	Domain	Requested by
10	goldmasterplan.info	goldmasterplan.info
3	secure.bnz.co.nz	goldmasterplan.info
1	l.linklyhq.com	1 redirects
13	3

This site contains links to these domains. Also see Links.

Domain
www.bnz.co.nz
secure.bnz.co.nz
wealthnet.bnz.co.nz

Subject Issuer	Validity	Valid
goldmasterplan.info R3	`2022-06-26` - `2022-09-24`	3 months	crt.sh
bnz.co.nz Entrust Certification Authority - L1K	`2021-11-07` - `2022-11-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://goldmasterplan.info/pages
Frame ID: E1E4B65B9F541AE5347370CA820A910C
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BNZ LoginBNZ Logo

Page URL History Show full URLs

https://l.linklyhq.com/l/1Kxem HTTP 302
https://goldmasterplan.info/pages Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

278 kB
Transfer

182 kB
Size

4
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bnz.co.nz/
Title: BNZ Logo

Search URL Search Domain Scan URL

URL: https://secure.bnz.co.nz/auth/personal-login
Title: Current PagePersonal Banking

Search URL Search Domain Scan URL

URL: https://secure.bnz.co.nz/auth/business-login
Title: Business

Search URL Search Domain Scan URL

URL: https://www.bnz.co.nz/cfs/app/login
Title: Client Fund Service

Search URL Search Domain Scan URL

URL: https://wealthnet.bnz.co.nz/
Title: WealthNet

Search URL Search Domain Scan URL

URL: https://www.bnz.co.nz/registration/ib/app/register
Title: Register

Search URL Search Domain Scan URL

URL: https://secure.bnz.co.nz/rp

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://l.linklyhq.com/l/1Kxem HTTP 302
https://goldmasterplan.info/pages Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request pages Show response
goldmasterplan.info/
Redirect Chain

https://l.linklyhq.com/l/1Kxem
https://goldmasterplan.info/pages

56 KB
56 KB

182ms
137ms

Document
text/html

85.202.169.64
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://goldmasterplan.info/pages
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.202.169.64 , Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: Apache /
Resource Hash: d0cdcf864f01b7bffced3055b382fb4d9e44b96487b993de2db925f64ee0b526

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 29 Jun 2022 10:43:02 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 722e0f10a8dd0b88-AMS
content-type: text/html; charset=utf-8
date: Wed, 29 Jun 2022 10:43:02 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://goldmasterplan.info/pages
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yD%2FL68UQ3y6Kt6M0soah5K5hsqBuu43I%2FsV3tec1RZXFH%2Bq9Lxb2dHijbCH%2FfgkM0O7vwl3mDOAnrqg4ZoO3VhwoWQml9kymdkDEAY4VEm8HzlIhUAFf5re5k8cq3fcSmKS%2Fn8dXRfP4I4UboA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-request-id: 48f2c6dcb730f6eee47d89433dce520e

GET
H/1.1 200
OK main20190328.css
goldmasterplan.info/front_end/front_end_files/ 10 KB
11 KB 55ms
23ms Stylesheet
text/css 85.202.169.64
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://goldmasterplan.info/front_end/front_end_files/main20190328.css
Requested by: Host: goldmasterplan.info
URL: https://goldmasterplan.info/pages
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.202.169.64 , Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: Apache /
Resource Hash: ba954874c3730d6120ab6deb5b0cb16a40e58e553187d9654815aad4940f3257

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://goldmasterplan.info/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 29 Jun 2022 10:43:02 GMT
Last-Modified: Mon, 23 May 2022 23:11:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 10645

GET
H/1.1 404
Not Found ruxitagentjs_ICA27Vfqrux_10239220408103229.js.download
goldmasterplan.info/files_files/ 0
0 156ms
118ms Script
text/html 85.202.169.64
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://goldmasterplan.info/files_files/ruxitagentjs_ICA27Vfqrux_10239220408103229.js.download
Requested by: Host: goldmasterplan.info
URL: https://goldmasterplan.info/pages
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.202.169.64 , Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://goldmasterplan.info/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Jun 2022 10:43:02 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 404
Not Found serrano.css
goldmasterplan.info/files_files/ 0
0 177ms
141ms Stylesheet
text/html 85.202.169.64
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://goldmasterplan.info/files_files/serrano.css
Requested by: Host: goldmasterplan.info
URL: https://goldmasterplan.info/pages
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.202.169.64 , Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://goldmasterplan.info/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Jun 2022 10:43:02 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK jquery.js Show response
goldmasterplan.info/js/cntdjs/ 87 KB
88 KB 37ms
25ms Script
application/javascript 85.202.169.64
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://goldmasterplan.info/js/cntdjs/jquery.js
Requested by: Host: goldmasterplan.info
URL: https://goldmasterplan.info/pages
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.202.169.64 , Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: Apache /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://goldmasterplan.info/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 29 Jun 2022 10:43:02 GMT
Last-Modified: Thu, 31 Mar 2022 21:34:59 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 89501

GET
H/1.1 200
OK jquery.mask.js Show response
goldmasterplan.info/js/cntdjs/ 23 KB
23 KB 42ms
18ms Script
application/javascript 85.202.169.64
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://goldmasterplan.info/js/cntdjs/jquery.mask.js
Requested by: Host: goldmasterplan.info
URL: https://goldmasterplan.info/pages
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.202.169.64 , Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: Apache /
Resource Hash: a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://goldmasterplan.info/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 29 Jun 2022 10:43:02 GMT
Last-Modified: Thu, 31 Mar 2022 21:34:59 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 23176

GET
H/1.1 200
OK cntd.js Show response
goldmasterplan.info/js/cntdjs/ 3 KB
3 KB 62ms
19ms Script
application/javascript 85.202.169.64
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://goldmasterplan.info/js/cntdjs/cntd.js
Requested by: Host: goldmasterplan.info
URL: https://goldmasterplan.info/pages
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.202.169.64 , Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: Apache /
Resource Hash: 5b056148977cddad1d04190e8588f71549f5fbce2c8504fd0a52699a451896ca

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://goldmasterplan.info/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 29 Jun 2022 10:43:02 GMT
Last-Modified: Wed, 11 May 2022 21:34:03 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 2751

GET
H/1.1 200
OK loading.js Show response
goldmasterplan.info/js/shared/ 2 KB
2 KB 65ms
20ms Script
application/javascript 85.202.169.64
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://goldmasterplan.info/js/shared/loading.js
Requested by: Host: goldmasterplan.info
URL: https://goldmasterplan.info/pages
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.202.169.64 , Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: Apache /
Resource Hash: 4bdc871a71df801aa86926434d6fbed9744ec4757af4e9d6d40978724ea59134

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://goldmasterplan.info/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 29 Jun 2022 10:43:02 GMT
Last-Modified: Wed, 11 May 2022 22:15:50 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1973

GET
H/1.1 200
OK online_status.js Show response
goldmasterplan.info/js/shared/ 998 B
1 KB 65ms
20ms Script
application/javascript 85.202.169.64
AS_DELIS

General

Check archive.org

Show headers Download Go to

Full URL: https://goldmasterplan.info/js/shared/online_status.js
Requested by: Host: goldmasterplan.info
URL: https://goldmasterplan.info/pages
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.202.169.64 , Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: Apache /
Resource Hash: e64e9d464beb9fe2717cd8bd8d093bb04d570f08a15c65f14533733904e12be7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://goldmasterplan.info/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 29 Jun 2022 10:43:02 GMT
Last-Modified: Mon, 09 May 2022 22:15:02 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 998

GET
H/1.1 200
OK close.gif
goldmasterplan.info/front_end/front_end_files/ 116 B
357 B 19ms
18ms Image
image/gif 85.202.169.64
AS_DELIS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://goldmasterplan.info/front_end/front_end_files/close.gif
Requested by: Host: goldmasterplan.info
URL: https://goldmasterplan.info/pages
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 85.202.169.64 , Netherlands, ASN211252 (AS_DELIS, US),
Reverse DNS
Software: Apache /
Resource Hash: 249f4a3ce40c55acb70cbc985c178bb03a2bdf442d73c98469fcec4a6e776e70

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://goldmasterplan.info/pages
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Wed, 29 Jun 2022 10:43:02 GMT
Last-Modified: Mon, 23 May 2022 23:07:33 GMT
Server: Apache
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 116

GET
H2 200 3.6ca2a99c.chunk.js
secure.bnz.co.nz/auth/static/js/ 0
90 KB 797ms
705ms Other
application/javascript 95.101.77.220
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bnz.co.nz/auth/static/js/3.6ca2a99c.chunk.js

Requested by

Host: goldmasterplan.info
URL: https://goldmasterplan.info/pages

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.77.220 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-77-220.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://goldmasterplan.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
content-encoding: gzip
x-content-type-options: nosniff
akamai-grn: , , , 0.d84d655f.1656499382.34898f3
server-timing: dtRpid;desc="-110389786"
bnz-logon-request: 1
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 30 Nov 2021 13:33:46 GMT
x-frame-options: SAMEORIGIN
date: Wed, 29 Jun 2022 10:43:03 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/javascript
cache-control: max-age=73858
etag: "61a6283a-4faf7"
accept-ranges: bytes
expires: Thu, 30 Jun 2022 07:14:01 GMT

GET
H2 200 4.bb624667.chunk.js
secure.bnz.co.nz/auth/static/js/ 0
1 KB 767ms
675ms Other
application/javascript 95.101.77.220
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bnz.co.nz/auth/static/js/4.bb624667.chunk.js

Requested by

Host: goldmasterplan.info
URL: https://goldmasterplan.info/pages

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.77.220 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-77-220.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://goldmasterplan.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
x-content-type-options: nosniff
akamai-grn: , , 0.d84d655f.1656499382.3489982
server-timing: dtRpid;desc="-2064596871"
content-length: 281
x-xss-protection: 1; mode=block
bnz-logon-request: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 30 Nov 2021 13:33:46 GMT
x-frame-options: SAMEORIGIN
date: Wed, 29 Jun 2022 10:43:03 GMT
strict-transport-security: max-age=15768000
content-type: application/javascript
cache-control: max-age=43929
etag: "61a6283a-119"
accept-ranges: bytes
expires: Wed, 29 Jun 2022 22:55:12 GMT

GET
H2 200 5.c5c9bca4.chunk.js
secure.bnz.co.nz/auth/static/js/ 0
3 KB 753ms
661ms Other
application/javascript 95.101.77.220
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bnz.co.nz/auth/static/js/5.c5c9bca4.chunk.js

Requested by

Host: goldmasterplan.info
URL: https://goldmasterplan.info/pages

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.77.220 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-77-220.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://goldmasterplan.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
content-encoding: gzip
x-content-type-options: nosniff
akamai-grn: , , 0.d84d655f.1656499382.348994a
server-timing: dtRpid;desc="-1111427459"
content-length: 1913
x-xss-protection: 1; mode=block
bnz-logon-request: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 30 Nov 2021 13:33:46 GMT
x-frame-options: SAMEORIGIN
date: Wed, 29 Jun 2022 10:43:03 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/javascript
cache-control: max-age=73428
etag: "61a6283a-11e0"
accept-ranges: bytes
expires: Thu, 30 Jun 2022 07:06:51 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNZ Bank (Banking)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
l.linklyhq.com/	1970-01-20 04:51:31	Name: X2NzX2xpbmtfaWQ6MTk3NzIyMjA Value: ODMwNjg0MDM
l.linklyhq.com/	1969-12-31 23:59:59	Name: _cs_link_id Value: MTk3NzIyMjA
goldmasterplan.info/	1969-12-31 23:59:59	Name: PHPSESSID Value: e9a697f38aa130d42d9d919b57d8217a
secure.bnz.co.nz/	1969-12-31 23:59:59	Name: akaalb_securebnz Value: ~op=5001_1:5001_1_secure\|~rv=77~m=5001_1_secure:0\|~os=e64e92e1a60532fb866e4d51fb0b4f28~id=2cb8038143d92806808345f2c60c9cc7

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://goldmasterplan.info/files_files/ruxitagentjs_ICA27Vfqrux_10239220408103229.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://goldmasterplan.info/files_files/serrano.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

goldmasterplan.info
l.linklyhq.com
secure.bnz.co.nz
2a06:98c1:3121::3
85.202.169.64
95.101.77.220
249f4a3ce40c55acb70cbc985c178bb03a2bdf442d73c98469fcec4a6e776e70
4bdc871a71df801aa86926434d6fbed9744ec4757af4e9d6d40978724ea59134
5b056148977cddad1d04190e8588f71549f5fbce2c8504fd0a52699a451896ca
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
ba954874c3730d6120ab6deb5b0cb16a40e58e553187d9654815aad4940f3257
d0cdcf864f01b7bffced3055b382fb4d9e44b96487b993de2db925f64ee0b526
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e64e9d464beb9fe2717cd8bd8d093bb04d570f08a15c65f14533733904e12be7
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

goldmasterplan.info Open in urlscan Pro 85.202.169.64 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

278 kBTransfer

182 kBSize

4 Cookies

7 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

4 Cookies

2 Console Messages

Indicators

goldmasterplan.info Open in urlscan Pro
85.202.169.64 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

278 kB
Transfer

182 kB
Size

4
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!