login.anzsheild.com Open in urlscan Pro
166.0.94.62  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response login.anzsheild.com/	47 KB 9 KB	583ms 274ms	Document text/html	166.0.94.62 -Reserved AS-
General Check archive.org Show headers Download Go to Full URL https://login.anzsheild.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 166.0.94.62 , United States, ASN14956 (-Reserved AS-, US), Reverse DNS Software nginx / Resource Hash 81f23c9620d09a388070006cd32d7533504231a4e009fa11200cd7396825e106 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 date Thu, 08 Jun 2023 19:05:09 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx strict-transport-security max-age=31536000 vary Accept-Encoding
GET H2	200	jquery.js Show response login.anzsheild.com/files/	87 KB 34 KB	141ms 140ms	Script application/javascript	166.0.94.62 -Reserved AS-
General Check archive.org Show headers Download Go to Full URL https://login.anzsheild.com/files/jquery.js Requested by Host: login.anzsheild.com URL: https://login.anzsheild.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 166.0.94.62 , United States, ASN14956 (-Reserved AS-, US), Reverse DNS Software nginx / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://login.anzsheild.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 19:05:09 GMT strict-transport-security max-age=31536000 content-encoding gzip last-modified Wed, 07 Jun 2023 23:52:09 GMT server nginx etag W/"64811829-15d9d" vary Accept-Encoding content-type application/javascript cache-control max-age=43200 expires Fri, 09 Jun 2023 07:05:09 GMT
GET H2	200	anz-logo.1.0.0.svg login.anzsheild.com/files/	38 KB 38 KB	279ms 278ms	Image image/svg+xml	166.0.94.62 -Reserved AS-
General Check archive.org Show headers Download Go to Show image Full URL https://login.anzsheild.com/files/anz-logo.1.0.0.svg Requested by Host: login.anzsheild.com URL: https://login.anzsheild.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 166.0.94.62 , United States, ASN14956 (-Reserved AS-, US), Reverse DNS Software nginx / Resource Hash df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://login.anzsheild.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 19:05:09 GMT strict-transport-security max-age=31536000 last-modified Wed, 07 Jun 2023 23:51:54 GMT server nginx etag "6481181a-97ce" content-type image/svg+xml accept-ranges bytes content-length 38862
GET H2	200	ib-login-support.1.0.0.svg login.anzsheild.com/files/	11 KB 11 KB	138ms 138ms	Image image/svg+xml	166.0.94.62 -Reserved AS-
General Check archive.org Show headers Download Go to Show image Full URL https://login.anzsheild.com/files/ib-login-support.1.0.0.svg Requested by Host: login.anzsheild.com URL: https://login.anzsheild.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 166.0.94.62 , United States, ASN14956 (-Reserved AS-, US), Reverse DNS Software nginx / Resource Hash 0f2f421d03f0dd094f5eeea11c1b78898bb8c38cdc6a9859627617bbb4db363e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://login.anzsheild.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 19:05:09 GMT strict-transport-security max-age=31536000 last-modified Wed, 07 Jun 2023 23:52:02 GMT server nginx etag "64811822-2b1d" content-type image/svg+xml accept-ranges bytes content-length 11037
GET H2	404	anz-logo.1.0.0.svg login.anzsheild.com/assets/img/	548 B 548 B	140ms 138ms	Image text/html	166.0.94.62 -Reserved AS-
General Check archive.org Show headers Download Go to Show image Full URL https://login.anzsheild.com/assets/img/anz-logo.1.0.0.svg Requested by Host: login.anzsheild.com URL: https://login.anzsheild.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 166.0.94.62 , United States, ASN14956 (-Reserved AS-, US), Reverse DNS Software nginx / Resource Hash d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090 Request headers accept-language de-DE,de;q=0.9 Referer https://login.anzsheild.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 19:05:09 GMT server nginx content-length 548 content-type text/html
GET H2	200	MyriadPro-Semibold.1.0.0.woff login.anzsheild.com/files/	52 KB 52 KB	139ms 138ms	Font font/woff	166.0.94.62 -Reserved AS-
General Check archive.org Show headers Download Go to Full URL https://login.anzsheild.com/files/MyriadPro-Semibold.1.0.0.woff Requested by Host: login.anzsheild.com URL: https://login.anzsheild.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 166.0.94.62 , United States, ASN14956 (-Reserved AS-, US), Reverse DNS Software nginx / Resource Hash b6bf163550dd994ccb01b937f1210281ec8681bfea58b38cf92b266a3d257cfc Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://login.anzsheild.com/ Origin https://login.anzsheild.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 19:05:09 GMT strict-transport-security max-age=31536000 last-modified Wed, 07 Jun 2023 23:52:51 GMT server nginx etag "64811853-ce48" content-type font/woff accept-ranges bytes content-length 52808
GET H2	200	MyriadPro-Regular.1.0.0.woff login.anzsheild.com/files/	51 KB 52 KB	232ms 231ms	Font font/woff	166.0.94.62 -Reserved AS-
General Check archive.org Show headers Download Go to Full URL https://login.anzsheild.com/files/MyriadPro-Regular.1.0.0.woff Requested by Host: login.anzsheild.com URL: https://login.anzsheild.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 166.0.94.62 , United States, ASN14956 (-Reserved AS-, US), Reverse DNS Software nginx / Resource Hash 9af4df3b7f044525975716b175351fa75553070734627cf3b1325332284208c5 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://login.anzsheild.com/ Origin https://login.anzsheild.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Thu, 08 Jun 2023 19:05:09 GMT strict-transport-security max-age=31536000 last-modified Wed, 07 Jun 2023 23:52:46 GMT server nginx etag "6481184e-cdb0" content-type font/woff accept-ranges bytes content-length 52656

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ANZ Bank (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			login.anzsheild.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: hvok4pb4cbdi4206fiops0sfsc

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://login.anzsheild.com/assets/img/anz-logo.1.0.0.svg Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.anzsheild.com
166.0.94.62
0f2f421d03f0dd094f5eeea11c1b78898bb8c38cdc6a9859627617bbb4db363e
81f23c9620d09a388070006cd32d7533504231a4e009fa11200cd7396825e106
9af4df3b7f044525975716b175351fa75553070734627cf3b1325332284208c5
b6bf163550dd994ccb01b937f1210281ec8681bfea58b38cf92b266a3d257cfc
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e