anz-secure.support Open in urlscan Pro
54.81.150.92 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://anz-secure.support/inetbank/inetbank/recover/recover.html
Submission: On June 23 via automatic, source openphish (June 23rd 2022, 1:29:22 pm UTC) — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 54.81.150.92, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is anz-secure.support.
TLS certificate: Issued by R3 on June 23rd 2022. Valid for: 3 months.

This is the only time anz-secure.support was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ANZ Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	54.81.150.92 54.81.150.92	14618 (AMAZON-AES) (AMAZON-AES)
1	202.2.56.161 202.2.56.161	9564 (ANZ-BANK-...) (ANZ-BANK-AP Australia and New Zealand Banking Group Limited)
8	2

7 54.81.150.92 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-81-150-92.compute-1.amazonaws.com

anz-secure.support	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 202.2.56.161 (Australia)

ASN9564 (ANZ-BANK-AP Australia and New Zealand Banking Group Limited, AU)

www.recovery.anz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	anz-secure.support anz-secure.support	183 KB
1	anz.com www.recovery.anz.com	38 KB
8	2

	Domain	Requested by
7	anz-secure.support	anz-secure.support
1	www.recovery.anz.com	anz-secure.support
8	2

This site contains no links.

Subject Issuer	Validity	Valid
anz-secure.support R3	`2022-06-23` - `2022-09-21`	3 months	crt.sh
recovery.anz.com DigiCert Global CA G2	`2022-01-04` - `2023-01-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://anz-secure.support/inetbank/inetbank/recover/recover.html
Frame ID: 2DF073BC86BB939EC03587F78B5C82ED
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Credential Recovery

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

222 kB
Transfer

343 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request recover.html Show response
anz-secure.support/inetbank/inetbank/recover/ 10 KB
2 KB 800ms
111ms Document
text/html 54.81.150.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://anz-secure.support/inetbank/inetbank/recover/recover.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.81.150.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-81-150-92.compute-1.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 1d69daac7236e42447058ef56c3cb9bb986a7b4f7c054b742518194882c258e4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-type: text/html
date: Thu, 23 Jun 2022 13:29:16 GMT
etag: W/"607b8a04-2812"
last-modified: Sun, 18 Apr 2021 01:23:16 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 style.css
anz-secure.support/inetbank/inetbank/recover/ 136 KB
21 KB 220ms
219ms Stylesheet
text/css 54.81.150.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://anz-secure.support/inetbank/inetbank/recover/style.css
Requested by: Host: anz-secure.support
URL: https://anz-secure.support/inetbank/inetbank/recover/recover.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.81.150.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-81-150-92.compute-1.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 04ea9cb5a717696bfdb18c656ce4f2efeaff19d7bfb3d06a538f9276ba756f34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://anz-secure.support/inetbank/inetbank/recover/recover.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:29:16 GMT
content-encoding: br
etag: W/"607b8a04-22026"
last-modified: Sun, 18 Apr 2021 01:23:16 GMT
server: nginx
x-powered-by: PleskLin
content-type: text/css

GET
H/1.1 200
OK logo-anz.svg
www.recovery.anz.com/recover/assets/ 38 KB
38 KB 2400ms
367ms Image
image/svg+xml 202.2.56.161
ANZ-BANK-AP Austr...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.recovery.anz.com/recover/assets/logo-anz.svg

Requested by

Host: anz-secure.support
URL: https://anz-secure.support/inetbank/inetbank/recover/recover.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

202.2.56.161 , Australia, ASN9564 (ANZ-BANK-AP Australia and New Zealand Banking Group Limited, AU),

Reverse DNS

Software

Resource Hash

df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5

Security Headers

Name	Value
Content-Security-Policy	default-src=self
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://anz-secure.support/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Jun 2022 13:29:18 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Sun, 24 Oct 2021 04:08:44 GMT
ETag: "266a-97ce-5cf11667b8e55"
X-Frame-Options: DENY
Content-Type: image/svg+xml
Cache-Control: no-cache,no-store,max-age=0
Content-Security-Policy: default-src=self
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=100
Content-Length: 38862
X-XSS-Protection: 1; mode=block

GET
H2 200 card-icon-large-screen.svg
anz-secure.support/inetbank/inetbank/recover/assets/ 3 KB
3 KB 226ms
225ms Image
image/svg+xml 54.81.150.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anz-secure.support/inetbank/inetbank/recover/assets/card-icon-large-screen.svg
Requested by: Host: anz-secure.support
URL: https://anz-secure.support/inetbank/inetbank/recover/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.81.150.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-81-150-92.compute-1.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 8557637090eebf59a0454d5b99aae258ffe108a9cf7d11f329e5982d5658585f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://anz-secure.support/inetbank/inetbank/recover/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:29:16 GMT
last-modified: Sun, 18 Apr 2021 01:23:16 GMT
server: nginx
x-powered-by: PleskLin
etag: "607b8a04-b17"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2839

GET
H2 200 phone-icon-large-screen.svg
anz-secure.support/inetbank/inetbank/recover/assets/ 3 KB
3 KB 113ms
113ms Image
image/svg+xml 54.81.150.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anz-secure.support/inetbank/inetbank/recover/assets/phone-icon-large-screen.svg
Requested by: Host: anz-secure.support
URL: https://anz-secure.support/inetbank/inetbank/recover/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.81.150.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-81-150-92.compute-1.amazonaws.com
Software: nginx / PleskLin
Resource Hash: ac26495e9592c85af76981f022d1ac53f2039042c894248525983ab7a472300b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://anz-secure.support/inetbank/inetbank/recover/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:29:16 GMT
last-modified: Sun, 18 Apr 2021 01:23:16 GMT
server: nginx
x-powered-by: PleskLin
etag: "607b8a04-b30"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 2864

GET
H2 200 19d63e6239c69c0f44839bda2b14f3a3.woff
anz-secure.support/inetbank/inetbank/recover/ 51 KB
52 KB 223ms
223ms Font
font/woff 54.81.150.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://anz-secure.support/inetbank/inetbank/recover/19d63e6239c69c0f44839bda2b14f3a3.woff
Requested by: Host: anz-secure.support
URL: https://anz-secure.support/inetbank/inetbank/recover/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.81.150.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-81-150-92.compute-1.amazonaws.com
Software: nginx / PleskLin
Resource Hash: 9af4df3b7f044525975716b175351fa75553070734627cf3b1325332284208c5

Request headers

Referer: https://anz-secure.support/inetbank/inetbank/recover/style.css
Origin: https://anz-secure.support
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:29:16 GMT
last-modified: Sun, 18 Apr 2021 01:23:16 GMT
server: nginx
x-powered-by: PleskLin
etag: "607b8a04-cdb0"
content-type: font/woff
accept-ranges: bytes
content-length: 52656

GET
H2 200 b8d3788f91c669a1925bd89496e7f5c0.woff
anz-secure.support/inetbank/inetbank/recover/ 51 KB
51 KB 112ms
111ms Font
font/woff 54.81.150.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://anz-secure.support/inetbank/inetbank/recover/b8d3788f91c669a1925bd89496e7f5c0.woff
Requested by: Host: anz-secure.support
URL: https://anz-secure.support/inetbank/inetbank/recover/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.81.150.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-81-150-92.compute-1.amazonaws.com
Software: nginx / PleskLin
Resource Hash: a3080630cedf7c6bb87229c4b11d206b3adb83753ced5558c7fea114bc0fd87a

Request headers

Referer: https://anz-secure.support/inetbank/inetbank/recover/style.css
Origin: https://anz-secure.support
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:29:16 GMT
last-modified: Sun, 18 Apr 2021 01:23:16 GMT
server: nginx
x-powered-by: PleskLin
etag: "607b8a04-cbac"
content-type: font/woff
accept-ranges: bytes
content-length: 52140

GET
H2 200 b1b91c2bf9ce25b5a07df78739428781.woff
anz-secure.support/inetbank/inetbank/recover/ 52 KB
52 KB 320ms
320ms Font
font/woff 54.81.150.92
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://anz-secure.support/inetbank/inetbank/recover/b1b91c2bf9ce25b5a07df78739428781.woff
Requested by: Host: anz-secure.support
URL: https://anz-secure.support/inetbank/inetbank/recover/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 54.81.150.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-81-150-92.compute-1.amazonaws.com
Software: nginx / PleskLin
Resource Hash: b6bf163550dd994ccb01b937f1210281ec8681bfea58b38cf92b266a3d257cfc

Request headers

Referer: https://anz-secure.support/inetbank/inetbank/recover/style.css
Origin: https://anz-secure.support
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Thu, 23 Jun 2022 13:29:16 GMT
last-modified: Sun, 18 Apr 2021 01:23:16 GMT
server: nginx
x-powered-by: PleskLin
etag: "607b8a04-ce48"
content-type: font/woff
accept-ranges: bytes
content-length: 52808

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ANZ Bank (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

anz-secure.support
www.recovery.anz.com
202.2.56.161
54.81.150.92
04ea9cb5a717696bfdb18c656ce4f2efeaff19d7bfb3d06a538f9276ba756f34
1d69daac7236e42447058ef56c3cb9bb986a7b4f7c054b742518194882c258e4
8557637090eebf59a0454d5b99aae258ffe108a9cf7d11f329e5982d5658585f
9af4df3b7f044525975716b175351fa75553070734627cf3b1325332284208c5
a3080630cedf7c6bb87229c4b11d206b3adb83753ced5558c7fea114bc0fd87a
ac26495e9592c85af76981f022d1ac53f2039042c894248525983ab7a472300b
b6bf163550dd994ccb01b937f1210281ec8681bfea58b38cf92b266a3d257cfc
df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5

anz-secure.support Open in urlscan Pro 54.81.150.92 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

222 kBTransfer

343 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

anz-secure.support Open in urlscan Pro
54.81.150.92 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

222 kB
Transfer

343 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!