safaa.eworlddxn.com Open in urlscan Pro
69.167.160.14 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://safaa.eworlddxn.com/Kl/BNZ/
Effective URL:
https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
Submission: On June 20 via manual (June 20th 2021, 11:52:30 pm UTC) from NZ

Summary HTTP 14 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 69.167.160.14, located in United States and belongs to LIQUIDWEB, US. The main domain is safaa.eworlddxn.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 19th 2021. Valid for: 3 months.

This is the only time safaa.eworlddxn.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNZ Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3 14	69.167.160.14 69.167.160.14	32244 (LIQUIDWEB) (LIQUIDWEB)
3	45.60.33.164 45.60.33.164	19551 (INCAPSULA) (INCAPSULA)
14	2

14 69.167.160.14 (United States) 3 redirects

ASN32244 (LIQUIDWEB, US)
PTR: host.hosting-universal.com

safaa.eworlddxn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.60.33.164 (United States)

ASN19551 (INCAPSULA, US)

secure.bnz.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	eworlddxn.com 3 redirects safaa.eworlddxn.com	358 KB
3	bnz.co.nz secure.bnz.co.nz	192 KB
14	2

	Domain	Requested by
14	safaa.eworlddxn.com	3 redirects safaa.eworlddxn.com
3	secure.bnz.co.nz	safaa.eworlddxn.com
14	2

This site contains links to these domains. Also see Links.

Domain
www.bnz.co.nz
secure.bnz.co.nz
wealthnet.bnz.co.nz

Subject Issuer	Validity	Valid
safaa.eworlddxn.com cPanel, Inc. Certification Authority	`2021-06-19` - `2021-09-17`	3 months	crt.sh
secure.bnz.co.nz Entrust Certification Authority - L1K	`2021-05-19` - `2022-06-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
Frame ID: 143D0B7856A52FA0BE503508575A6030
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://safaa.eworlddxn.com/Kl/BNZ/ HTTP 302
https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114 HTTP 301
https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/ HTTP 302
https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57 Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Ruxit (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /ruxitagentjs/i

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

550 kB
Transfer

1173 kB
Size

6
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bnz.co.nz/
Title: BNZ Logo

Search URL Search Domain Scan URL

URL: https://secure.bnz.co.nz/auth/personal-login
Title: Current PagePersonal Banking

Search URL Search Domain Scan URL

URL: https://secure.bnz.co.nz/auth/business-login
Title: Business

Search URL Search Domain Scan URL

URL: https://www.bnz.co.nz/cfs/app/login
Title: Client Fund Service

Search URL Search Domain Scan URL

URL: https://wealthnet.bnz.co.nz/
Title: WealthNet

Search URL Search Domain Scan URL

URL: https://www.bnz.co.nz/registration/ib/app/register
Title: Register

Search URL Search Domain Scan URL

URL: https://secure.bnz.co.nz/rp
Title: Forgot your password?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://safaa.eworlddxn.com/Kl/BNZ/ HTTP 302
https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114 HTTP 301
https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/ HTTP 302
https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request log.html Show response
safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/
Redirect Chain

https://safaa.eworlddxn.com/Kl/BNZ/
https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114
https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/
https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57

53 KB
10 KB

127ms
127ms

Document
text/html

69.167.160.14
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.160.14 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.hosting-universal.com
Software: Apache /
Resource Hash: ef367e60fa406a2de68e8f129474334c97aaf0e940935ca3078fcafda5664732

Request headers

:method: GET
:authority: safaa.eworlddxn.com
:scheme: https
:path: /Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PHPSESSID=f9ccprjvkhv2hf8k99l05b7dv1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 23:51:57 GMT
server: Apache
last-modified: Sun, 20 Jun 2021 23:51:57 GMT
accept-ranges: bytes
cache-control: max-age=600
expires: Mon, 21 Jun 2021 00:01:57 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 10148
content-type: text/html

Redirect headers

date: Sun, 20 Jun 2021 23:51:57 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=f9ccprjvkhv2hf8k99l05b7dv1; path=/
location: ./log.html?cron=a6ba339e3bee508474e43ed2222e0d57
vary: User-Agent
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 ruxitagentjs_ICA27SVfqrux_10175190917092722.js Show response
safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/ 140 KB
53 KB 247ms
245ms Script
application/javascript 69.167.160.14
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/ruxitagentjs_ICA27SVfqrux_10175190917092722.js
Requested by: Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.160.14 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.hosting-universal.com
Software: Apache /
Resource Hash: 4b8ed2e90e4122b5a4d52de17309801e05b83b6016985595e9f17c201eec3264

Request headers

:path: /Kl/BNZ/82.102.18.114/bnz_files/ruxitagentjs_ICA27SVfqrux_10175190917092722.js
pragma: no-cache
cookie: PHPSESSID=f9ccprjvkhv2hf8k99l05b7dv1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: safaa.eworlddxn.com
referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 23:51:57 GMT
content-encoding: gzip
last-modified: Sun, 20 Jun 2021 23:51:57 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Tue, 20 Jul 2021 23:51:57 GMT

GET
H2 200 serrano.css
safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/ 2 KB
548 B 125ms
124ms Stylesheet
text/css 69.167.160.14
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
Requested by: Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.160.14 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.hosting-universal.com
Software: Apache /
Resource Hash: f8260d7d44cfb1f8029f9a65067d76476106c2dbf95aab7673a51198ca6b9659

Request headers

:path: /Kl/BNZ/82.102.18.114/bnz_files/serrano.css
pragma: no-cache
cookie: PHPSESSID=f9ccprjvkhv2hf8k99l05b7dv1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: safaa.eworlddxn.com
referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 23:51:57 GMT
content-encoding: gzip
last-modified: Sun, 20 Jun 2021 23:51:57 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 472
expires: Tue, 20 Jul 2021 23:51:57 GMT

GET
H2 200 2.js Show response
safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/ 857 KB
257 KB 135ms
134ms Script
application/javascript 69.167.160.14
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/2.js
Requested by: Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.160.14 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.hosting-universal.com
Software: Apache /
Resource Hash: ed798605f9ed880deb636cbbf8cdadb7f8e2113b9c66d615d33f762a73d79456

Request headers

:path: /Kl/BNZ/82.102.18.114/bnz_files/2.js
pragma: no-cache
cookie: PHPSESSID=f9ccprjvkhv2hf8k99l05b7dv1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: safaa.eworlddxn.com
referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 23:51:57 GMT
content-encoding: gzip
last-modified: Sun, 20 Jun 2021 23:51:57 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
expires: Tue, 20 Jul 2021 23:51:57 GMT

GET
H2 200 main.js Show response
safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/ 55 KB
17 KB 129ms
128ms Script
application/javascript 69.167.160.14
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/main.js
Requested by: Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.160.14 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.hosting-universal.com
Software: Apache /
Resource Hash: c4239fa8a0fefab645b2d3337af1cee6d312cd9c1665d8cc412cf7765cdb4ab3

Request headers

:path: /Kl/BNZ/82.102.18.114/bnz_files/main.js
pragma: no-cache
cookie: PHPSESSID=f9ccprjvkhv2hf8k99l05b7dv1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: safaa.eworlddxn.com
referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 23:51:57 GMT
content-encoding: gzip
last-modified: Sun, 20 Jun 2021 23:51:57 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 16869
expires: Tue, 20 Jul 2021 23:51:57 GMT

GET
H2 200 3.490f4688.chunk.js
secure.bnz.co.nz/auth/static/js/ 0
189 KB 692ms
27ms Other
application/javascript 45.60.33.164
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bnz.co.nz/auth/static/js/3.490f4688.chunk.js

Requested by

Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.164 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://safaa.eworlddxn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 23:51:58 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 11:17:40 GMT
x-cdn: Imperva
etag: W/"609a67d4-a1350"
strict-transport-security: max-age=31536000
content-type: application/javascript
x-iinfo: 4-46755800-0 0CNN RT(1624233118737 0) q(0 -1 -1 5) r(0 -1)
cache-control: max-age=47694, public
content-length: 192911
expires: Mon, 21 Jun 2021 13:06:52 GMT

GET
H2 200 4.1e6481a9.chunk.js
secure.bnz.co.nz/auth/static/js/ 0
533 B 733ms
68ms Other
application/javascript 45.60.33.164
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bnz.co.nz/auth/static/js/4.1e6481a9.chunk.js

Requested by

Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.164 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://safaa.eworlddxn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 23:51:58 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 11:17:40 GMT
x-cdn: Imperva
etag: W/"609a67d4-197"
strict-transport-security: max-age=31536000
content-type: application/javascript
x-iinfo: 4-46755801-0 0CNN RT(1624233118737 0) q(0 -1 -1 7) r(0 -1)
cache-control: max-age=47693, public
content-length: 152
expires: Mon, 21 Jun 2021 13:06:51 GMT

GET
H2 200 5.cd08177e.chunk.js
secure.bnz.co.nz/auth/static/js/ 0
2 KB 733ms
68ms Other
application/javascript 45.60.33.164
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bnz.co.nz/auth/static/js/5.cd08177e.chunk.js

Requested by

Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.164 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://safaa.eworlddxn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 23:51:58 GMT
content-encoding: gzip
last-modified: Tue, 11 May 2021 11:17:40 GMT
x-cdn: Imperva
etag: W/"609a67d4-11e0"
strict-transport-security: max-age=31536000
content-type: application/javascript
x-iinfo: 4-46755802-0 0CNN RT(1624233118737 0) q(0 -1 -1 8) r(0 -1)
cache-control: max-age=47694, public
content-length: 1874
expires: Mon, 21 Jun 2021 13:06:52 GMT

GET
H2 404 SerranoWeb-Bold.woff2
safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/fonts/ 0
0 232ms
231ms Font
text/html 69.167.160.14
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/fonts/SerranoWeb-Bold.woff2?v=1c25c2c065
Requested by: Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.160.14 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.hosting-universal.com
Software: Apache /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://safaa.eworlddxn.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: PHPSESSID=f9ccprjvkhv2hf8k99l05b7dv1; dtCookie=-16$KIK9HIQL3U42BPCDIVSRQ15GORL2I308; rxVisitor=1624233118191NU7CF429ETGF6IVHFQ1K2IOO6L1HLHGV; dtSa=-; rxvt=1624234918196|1624233118192; dtPC=-16$33118187_150h1vSXRNSSUVCFFLITNOVWSTSANOOSVETHCLe1
:path: /Kl/BNZ/82.102.18.114/bnz_files/fonts/SerranoWeb-Bold.woff2?v=1c25c2c065
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: safaa.eworlddxn.com
referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://safaa.eworlddxn.com
Referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 23:51:58 GMT
cache-control: no-cache, private
server: Apache
content-encoding: gzip
content-length: 10127
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8

GET
H2 404 SerranoWeb-Regular.woff2
safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/fonts/ 0
0 250ms
249ms Font
text/html 69.167.160.14
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/fonts/SerranoWeb-Regular.woff2?v=5b6826770c
Requested by: Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.160.14 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.hosting-universal.com
Software: Apache /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://safaa.eworlddxn.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: PHPSESSID=f9ccprjvkhv2hf8k99l05b7dv1; dtCookie=-16$KIK9HIQL3U42BPCDIVSRQ15GORL2I308; rxVisitor=1624233118191NU7CF429ETGF6IVHFQ1K2IOO6L1HLHGV; dtSa=-; rxvt=1624234918196|1624233118192; dtPC=-16$33118187_150h1vSXRNSSUVCFFLITNOVWSTSANOOSVETHCLe1
:path: /Kl/BNZ/82.102.18.114/bnz_files/fonts/SerranoWeb-Regular.woff2?v=5b6826770c
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: safaa.eworlddxn.com
referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://safaa.eworlddxn.com
Referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 23:51:58 GMT
cache-control: no-cache, private
server: Apache
content-encoding: gzip
content-length: 10127
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8

GET
H2 404 SerranoWeb-Bold.woff
safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/fonts/ 0
0 233ms
233ms Font
text/html 69.167.160.14
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/fonts/SerranoWeb-Bold.woff?v=76b2d97853
Requested by: Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.160.14 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.hosting-universal.com
Software: Apache /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://safaa.eworlddxn.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: PHPSESSID=f9ccprjvkhv2hf8k99l05b7dv1; dtCookie=-16$KIK9HIQL3U42BPCDIVSRQ15GORL2I308; rxVisitor=1624233118191NU7CF429ETGF6IVHFQ1K2IOO6L1HLHGV; dtSa=-; dtPC=-16$33118187_150h1vSXRNSSUVCFFLITNOVWSTSANOOSVETHCLe1; rxvt=1624234918253|1624233118192
:path: /Kl/BNZ/82.102.18.114/bnz_files/fonts/SerranoWeb-Bold.woff?v=76b2d97853
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: safaa.eworlddxn.com
referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://safaa.eworlddxn.com
Referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 23:51:58 GMT
cache-control: no-cache, private
server: Apache
content-encoding: gzip
content-length: 10127
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8

GET
H2 404 SerranoWeb-Regular.woff
safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/fonts/ 0
0 253ms
253ms Font
text/html 69.167.160.14
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/fonts/SerranoWeb-Regular.woff?v=f376ea958d
Requested by: Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.160.14 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.hosting-universal.com
Software: Apache /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://safaa.eworlddxn.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: PHPSESSID=f9ccprjvkhv2hf8k99l05b7dv1; dtCookie=-16$KIK9HIQL3U42BPCDIVSRQ15GORL2I308; rxVisitor=1624233118191NU7CF429ETGF6IVHFQ1K2IOO6L1HLHGV; dtSa=-; dtPC=-16$33118187_150h1vSXRNSSUVCFFLITNOVWSTSANOOSVETHCLe1; rxvt=1624234918253|1624233118192
:path: /Kl/BNZ/82.102.18.114/bnz_files/fonts/SerranoWeb-Regular.woff?v=f376ea958d
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: safaa.eworlddxn.com
referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://safaa.eworlddxn.com
Referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/serrano.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 23:51:58 GMT
cache-control: no-cache, private
server: Apache
content-encoding: gzip
content-length: 10127
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8

POST
H2 404 rb_skl01780 Show response
safaa.eworlddxn.com/auth/ 32 KB
10 KB 238ms
238ms XHR
text/html 69.167.160.14
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://safaa.eworlddxn.com/auth/rb_skl01780?type=js&session=-16%24KIK9HIQL3U42BPCDIVSRQ15GORL2I308&svrid=-16&flavor=post&referer=https%3A%2F%2Fsafaa.eworlddxn.com%2FKl%2FBNZ%2F82.102.18.114%2Flog.html%3Fcron%3Da6ba339e3bee508474e43ed2222e0d57&visitID=SXRNSSUVCFFLITNOVWSTSANOOSVETHCL&modifiedSince=1622795112738&app=7930ceb9590cf713
Requested by: Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/ruxitagentjs_ICA27SVfqrux_10175190917092722.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.160.14 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.hosting-universal.com
Software: Apache /
Resource Hash: 2de6f8ce9afddbefffd6b4d9462cfdbb037e9efb589a597ac8727d8804681b34

Request headers

sec-fetch-mode: cors
origin: https://safaa.eworlddxn.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: PHPSESSID=f9ccprjvkhv2hf8k99l05b7dv1; dtCookie=-16$KIK9HIQL3U42BPCDIVSRQ15GORL2I308; rxVisitor=1624233118191NU7CF429ETGF6IVHFQ1K2IOO6L1HLHGV; dtSa=-; dtPC=-16$33118187_150h1vSXRNSSUVCFFLITNOVWSTSANOOSVETHCLe1; rxvt=1624234920216|1624233118192
content-length: 1230
:path: /auth/rb_skl01780?type=js&session=-16%24KIK9HIQL3U42BPCDIVSRQ15GORL2I308&svrid=-16&flavor=post&referer=https%3A%2F%2Fsafaa.eworlddxn.com%2FKl%2FBNZ%2F82.102.18.114%2Flog.html%3Fcron%3Da6ba339e3bee508474e43ed2222e0d57&visitID=SXRNSSUVCFFLITNOVWSTSANOOSVETHCL&modifiedSince=1622795112738&app=7930ceb9590cf713
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
cache-control: no-cache
:authority: safaa.eworlddxn.com
referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 20 Jun 2021 23:52:00 GMT
cache-control: no-cache, private
server: Apache
content-encoding: gzip
content-length: 10127
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8

POST
H2 404 rb_skl01780 Show response
safaa.eworlddxn.com/auth/ 32 KB
10 KB 265ms
265ms XHR
text/html 69.167.160.14
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://safaa.eworlddxn.com/auth/rb_skl01780?type=js&session=-16%24KIK9HIQL3U42BPCDIVSRQ15GORL2I308&svrid=-16&flavor=post&referer=https%3A%2F%2Fsafaa.eworlddxn.com%2FKl%2FBNZ%2F82.102.18.114%2Flog.html%3Fcron%3Da6ba339e3bee508474e43ed2222e0d57&visitID=SXRNSSUVCFFLITNOVWSTSANOOSVETHCL&modifiedSince=1622795112738&app=7930ceb9590cf713
Requested by: Host: safaa.eworlddxn.com
URL: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/bnz_files/ruxitagentjs_ICA27SVfqrux_10175190917092722.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.167.160.14 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.hosting-universal.com
Software: Apache /
Resource Hash: 2de6f8ce9afddbefffd6b4d9462cfdbb037e9efb589a597ac8727d8804681b34

Request headers

sec-fetch-mode: cors
origin: https://safaa.eworlddxn.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: PHPSESSID=f9ccprjvkhv2hf8k99l05b7dv1; dtCookie=-16$KIK9HIQL3U42BPCDIVSRQ15GORL2I308; rxVisitor=1624233118191NU7CF429ETGF6IVHFQ1K2IOO6L1HLHGV; dtSa=-; dtPC=-16$33118187_150h-vSXRNSSUVCFFLITNOVWSTSANOOSVETHCLe1; rxvt=1624234924227|1624233118192
content-length: 2020
:path: /auth/rb_skl01780?type=js&session=-16%24KIK9HIQL3U42BPCDIVSRQ15GORL2I308&svrid=-16&flavor=post&referer=https%3A%2F%2Fsafaa.eworlddxn.com%2FKl%2FBNZ%2F82.102.18.114%2Flog.html%3Fcron%3Da6ba339e3bee508474e43ed2222e0d57&visitID=SXRNSSUVCFFLITNOVWSTSANOOSVETHCL&modifiedSince=1622795112738&app=7930ceb9590cf713
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
cache-control: no-cache
:authority: safaa.eworlddxn.com
referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://safaa.eworlddxn.com/Kl/BNZ/82.102.18.114/log.html?cron=a6ba339e3bee508474e43ed2222e0d57
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 20 Jun 2021 23:52:04 GMT
cache-control: no-cache, private
server: Apache
content-encoding: gzip
content-length: 10127
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNZ Bank (Banking)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
safaa.eworlddxn.com/	1969-12-31 23:59:59	Name: dtPC Value: -16$33118187_150h1vSXRNSSUVCFFLITNOVWSTSANOOSVETHCLe1
safaa.eworlddxn.com/	1969-12-31 23:59:59	Name: rxvt Value: 1624234918723\|1624233118192
safaa.eworlddxn.com/	1969-12-31 23:59:59	Name: dtSa Value: -
safaa.eworlddxn.com/	1969-12-31 23:59:59	Name: rxVisitor Value: 1624233118191NU7CF429ETGF6IVHFQ1K2IOO6L1HLHGV
safaa.eworlddxn.com/	1969-12-31 23:59:59	Name: dtCookie Value: -16$KIK9HIQL3U42BPCDIVSRQ15GORL2I308
safaa.eworlddxn.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: f9ccprjvkhv2hf8k99l05b7dv1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

safaa.eworlddxn.com
secure.bnz.co.nz
45.60.33.164
69.167.160.14
2de6f8ce9afddbefffd6b4d9462cfdbb037e9efb589a597ac8727d8804681b34
4b8ed2e90e4122b5a4d52de17309801e05b83b6016985595e9f17c201eec3264
c4239fa8a0fefab645b2d3337af1cee6d312cd9c1665d8cc412cf7765cdb4ab3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed798605f9ed880deb636cbbf8cdadb7f8e2113b9c66d615d33f762a73d79456
ef367e60fa406a2de68e8f129474334c97aaf0e940935ca3078fcafda5664732
f8260d7d44cfb1f8029f9a65067d76476106c2dbf95aab7673a51198ca6b9659

safaa.eworlddxn.com Open in urlscan Pro 69.167.160.14 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

550 kBTransfer

1173 kBSize

6 Cookies

7 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

6 Cookies

Indicators

safaa.eworlddxn.com Open in urlscan Pro
69.167.160.14 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

550 kB
Transfer

1173 kB
Size

6
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!