www.perform-and-respond-online.live Open in urlscan Pro
195.58.48.86  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://www.perform-and-respond-online.live/3ar2f2/6341e03a39s Page URL
2. https://www.perform-and-respond-online.live/ab1/6341e03a39s Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	6341e03a39s Show response www.perform-and-respond-online.live/3ar2f2/	1019 B 921 B	1547ms 431ms	Document text/html	195.58.48.86 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://www.perform-and-respond-online.live/3ar2f2/6341e03a39s Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.58.48.86 , Czech Republic, ASN51659 (ASBAXET, RU), Reverse DNS mingxia.cc Software Apache/2.4.18 (Ubuntu) / Resource Hash ed36018a006abe8668b372443fb8e783c832e0456784e97c5bfe765d8e416168 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Encoding gzip Content-Length 501 Content-Type text/html; charset=UTF-8 Date Sat, 08 Oct 2022 22:16:09 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache/2.4.18 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	Primary Request 6341e03a39s Show response www.perform-and-respond-online.live/ab1/	28 KB 6 KB	434ms 434ms	Document text/html	195.58.48.86 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://www.perform-and-respond-online.live/ab1/6341e03a39s Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.58.48.86 , Czech Republic, ASN51659 (ASBAXET, RU), Reverse DNS mingxia.cc Software Apache/2.4.18 (Ubuntu) / Resource Hash e633d2eb71315a261d00babdfb745c77037fc21c1f50464d0e586c213f75a456 Request headers Referer https://www.perform-and-respond-online.live/3ar2f2/6341e03a39s Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Encoding gzip Content-Length 5600 Content-Type text/html; charset=UTF-8 Date Sat, 08 Oct 2022 22:16:11 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=99 Pragma no-cache Server Apache/2.4.18 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	login.js Show response www.perform-and-respond-online.live/js/bnz/	3 KB 1 KB	425ms 425ms	Script application/javascript	195.58.48.86 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://www.perform-and-respond-online.live/js/bnz/login.js Requested by Host: www.perform-and-respond-online.live URL: https://www.perform-and-respond-online.live/ab1/6341e03a39s Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.58.48.86 , Czech Republic, ASN51659 (ASBAXET, RU), Reverse DNS mingxia.cc Software Apache/2.4.18 (Ubuntu) / Resource Hash b83567f8f1c919c2bcd5e3b030aa437cffce0c34572fc9e715033c83abe66e98 Request headers accept-language en-AU,en;q=0.9 Referer https://www.perform-and-respond-online.live/ab1/6341e03a39s User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers Date Sat, 08 Oct 2022 22:16:11 GMT Content-Encoding gzip Last-Modified Sat, 01 Oct 2022 15:59:46 GMT Server Apache/2.4.18 (Ubuntu) ETag "b8a-5e9fb330b6080-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 731
GET		SerranoWeb-Bold.woff2 secure.bnz.co.nz/auth/fonts/	0 0
GET		SerranoWeb-Regular.woff2 secure.bnz.co.nz/auth/fonts/	0 0
GET		SerranoWeb-Regular.woff secure.bnz.co.nz/auth/fonts/	0 0
GET		SerranoWeb-Bold.woff secure.bnz.co.nz/auth/fonts/	0 0
GET H2	200	SerranoWeb-Regular.woff2 www.bnz.co.nz/serrano/fonts/	19 KB 19 KB	988ms 370ms	Font application/font-woff2	23.52.171.210
General Check archive.org Show headers Download Go to Full URL https://www.bnz.co.nz/serrano/fonts/SerranoWeb-Regular.woff2?v=5b6826770c Requested by Host: www.perform-and-respond-online.live URL: https://www.perform-and-respond-online.live/ab1/6341e03a39s Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.52.171.210 -, , ASN (), Reverse DNS Software / Resource Hash 9e63cdc77de3df5b0b0685849e03d263716a22ccf56e4ed74807504dc227221c Security Headers Name Value Strict-Transport-Security max-age=15768000 ; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1 Request headers Referer https://www.perform-and-respond-online.live/ Origin https://www.perform-and-respond-online.live accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Sat, 08 Oct 2022 22:16:14 GMT strict-transport-security max-age=15768000 ; includeSubDomains x-content-type-options nosniff referrer-policy strict-origin-when-cross-origin last-modified Sun, 10 Jul 2022 20:58:37 GMT akamai-grn , 0.ceab3417.1665267374.1d96c206 etag "4b2c" x-frame-options sameorigin content-type application/font-woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-length 19244 x-xss-protection 1 expires Wed, 23 Aug 2023 04:13:19 GMT
POST H/1.1	200 OK	online www.perform-and-respond-online.live/user/	0 0	430ms 429ms	Fetch text/html	195.58.48.86 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://www.perform-and-respond-online.live/user/online Requested by Host: www.perform-and-respond-online.live URL: https://www.perform-and-respond-online.live/ab1/6341e03a39s Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.58.48.86 , Czech Republic, ASN51659 (ASBAXET, RU), Reverse DNS mingxia.cc Software Apache/2.4.18 (Ubuntu) / Resource Hash Request headers Referer https://www.perform-and-respond-online.live/ab1/6341e03a39s accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundaryndzfEMwhpSK9dofb Response headers Pragma no-cache Date Sat, 08 Oct 2022 22:16:14 GMT Server Apache/2.4.18 (Ubuntu) Content-Type text/html; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 0 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	SerranoWeb-Bold.woff2 www.bnz.co.nz/serrano/fonts/	21 KB 21 KB	684ms 303ms	Font application/font-woff2	23.52.171.210
General Check archive.org Show headers Download Go to Full URL https://www.bnz.co.nz/serrano/fonts/SerranoWeb-Bold.woff2?v=1c25c2c065 Requested by Host: www.perform-and-respond-online.live URL: https://www.perform-and-respond-online.live/ab1/6341e03a39s Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.52.171.210 -, , ASN (), Reverse DNS Software / Resource Hash 00597164b7643a1a0040f59fe7167231ba550754b16f0c7df456d7490698ba11 Security Headers Name Value Strict-Transport-Security max-age=15768000 ; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options sameorigin X-Xss-Protection 1 Request headers Referer https://www.perform-and-respond-online.live/ Origin https://www.perform-and-respond-online.live accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Sat, 08 Oct 2022 22:16:14 GMT strict-transport-security max-age=15768000 ; includeSubDomains x-content-type-options nosniff referrer-policy strict-origin-when-cross-origin last-modified Sun, 10 Jul 2022 20:58:37 GMT akamai-grn , 0.ceab3417.1665267374.1d96c1fe etag "5234" x-frame-options sameorigin content-type application/font-woff2 access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-length 21044 x-xss-protection 1 expires Wed, 23 Aug 2023 04:13:19 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

secure.bnz.co.nz

URL

https://secure.bnz.co.nz/auth/fonts/SerranoWeb-Bold.woff2?v=1c25c2c065

Domain

secure.bnz.co.nz

URL

https://secure.bnz.co.nz/auth/fonts/SerranoWeb-Regular.woff2?v=5b6826770c

Domain

secure.bnz.co.nz

URL

https://secure.bnz.co.nz/auth/fonts/SerranoWeb-Regular.woff?v=f376ea958d

Domain

secure.bnz.co.nz

URL

https://secure.bnz.co.nz/auth/fonts/SerranoWeb-Bold.woff?v=76b2d97853

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNZ Bank (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.perform-and-respond-online.live/	1969-12-31 23:59:59	Name: PHPSESSID Value: 1tr2i5gt3hdipp4e2ntj7rcet7

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.perform-and-respond-online.live/ab1/6341e03a39s Message: Access to font at 'https://secure.bnz.co.nz/auth/fonts/SerranoWeb-Regular.woff2?v=5b6826770c' from origin 'https://www.perform-and-respond-online.live' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://secure.bnz.co.nz/auth/fonts/SerranoWeb-Regular.woff2?v=5b6826770c Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.perform-and-respond-online.live/ab1/6341e03a39s Message: Access to font at 'https://secure.bnz.co.nz/auth/fonts/SerranoWeb-Bold.woff2?v=1c25c2c065' from origin 'https://www.perform-and-respond-online.live' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://secure.bnz.co.nz/auth/fonts/SerranoWeb-Bold.woff2?v=1c25c2c065 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.perform-and-respond-online.live/ab1/6341e03a39s Message: Access to font at 'https://secure.bnz.co.nz/auth/fonts/SerranoWeb-Regular.woff?v=f376ea958d' from origin 'https://www.perform-and-respond-online.live' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://secure.bnz.co.nz/auth/fonts/SerranoWeb-Regular.woff?v=f376ea958d Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.perform-and-respond-online.live/ab1/6341e03a39s Message: Access to font at 'https://secure.bnz.co.nz/auth/fonts/SerranoWeb-Bold.woff?v=76b2d97853' from origin 'https://www.perform-and-respond-online.live' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://secure.bnz.co.nz/auth/fonts/SerranoWeb-Bold.woff?v=76b2d97853 Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secure.bnz.co.nz
www.bnz.co.nz
www.perform-and-respond-online.live
secure.bnz.co.nz
195.58.48.86
23.52.171.210
00597164b7643a1a0040f59fe7167231ba550754b16f0c7df456d7490698ba11
9e63cdc77de3df5b0b0685849e03d263716a22ccf56e4ed74807504dc227221c
b83567f8f1c919c2bcd5e3b030aa437cffce0c34572fc9e715033c83abe66e98
e633d2eb71315a261d00babdfb745c77037fc21c1f50464d0e586c213f75a456
ed36018a006abe8668b372443fb8e783c832e0456784e97c5bfe765d8e416168