liquidillusion.com.au Open in urlscan Pro
27.121.64.191 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://liquidillusion.com.au/customersupport/personal.php
Submission: On June 02 via manual (June 2nd 2019, 4:51:50 pm UTC) from US

Summary HTTP 11 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 27.121.64.191, located in Australia and belongs to NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU. The main domain is liquidillusion.com.au.

This is the only time liquidillusion.com.au was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discover (Financial)

Domain & IP information

	IP Address		AS Autonomous System
6	27.121.64.191 27.121.64.191		24446 (NETREGIST...) (NETREGISTRY-AS-AP NetRegistry Pty Ltd.)
1	104.111.242.247 104.111.242.247		16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
11	3

6 27.121.64.191 (Australia)

ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU)
PTR: cp191.ezyreg.com

liquidillusion.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.242.247 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-242-247.deploy.static.akamaitechnologies.com

bank.discover.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	liquidillusion.com.au liquidillusion.com.au www.liquidillusion.com.au Failed	541 KB
1	discover.com bank.discover.com	371 KB
11	2

	Domain	Requested by
6	liquidillusion.com.au	liquidillusion.com.au
1	bank.discover.com	liquidillusion.com.au
0	www.liquidillusion.com.au Failed	liquidillusion.com.au
11	3

This site contains no links.

Subject Issuer	Validity	Valid
www.discoverbank.com DigiCert SHA2 Extended Validation Server CA	`2019-02-04` - `2019-09-03`	7 months	crt.sh

This page contains 1 frames:

Primary Page: http://liquidillusion.com.au/customersupport/personal.php
Frame ID: AF121181C217918FCEB7BFC191EF648F
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

mod_ssl (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /mod_ssl(?:\/([\d.]+))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
headers server /mod_ssl(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

11
Requests

9 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

912 kB
Transfer

1051 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

http://liquidillusion.com.au/global/fonts/MetaOffcPro-Norm.ttf HTTP 301
http://www.liquidillusion.com.au/global/fonts/MetaOffcPro-Norm.ttf

Request Chain 7

http://liquidillusion.com.au/global/fonts/MetaOffcPro-Medi.ttf HTTP 301
http://www.liquidillusion.com.au/global/fonts/MetaOffcPro-Medi.ttf

Request Chain 8

http://liquidillusion.com.au/global/fonts/MetaWebPro-Medium.woff HTTP 301
http://www.liquidillusion.com.au/global/fonts/MetaWebPro-Medium.woff

Request Chain 9

http://liquidillusion.com.au/global/fonts/MetaWebPro-Normal.woff HTTP 301
http://www.liquidillusion.com.au/global/fonts/MetaWebPro-Normal.woff

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set personal.php Show response
liquidillusion.com.au/customersupport/ 43 KB
44 KB 1026ms
696ms Document
text/html 27.121.64.191
NETREGISTRY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: http://liquidillusion.com.au/customersupport/personal.php
Protocol: HTTP/1.1
Server: 27.121.64.191 , Australia, ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU),
Reverse DNS: cp191.ezyreg.com
Software: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / PHP/5.3.29
Resource Hash: e50d9cff46a1850c16e338ba0eb123a3391a864a0ad971f5e1266f6b64b5050e

Request headers

Host: liquidillusion.com.au
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 02 Jun 2019 16:51:15 GMT
Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
X-Powered-By: PHP/5.3.29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=k1j8i0ap0dgpp83nrmivi0elo5; path=/
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

GET
H/1.1 200
OK oaoMain.css
liquidillusion.com.au/customersupport/personal_information_files/ 224 KB
224 KB 1371ms
1371ms Stylesheet
text/css 27.121.64.191
NETREGISTRY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: http://liquidillusion.com.au/customersupport/personal_information_files/oaoMain.css
Requested by: Host: liquidillusion.com.au
URL: http://liquidillusion.com.au/customersupport/personal.php
Protocol: HTTP/1.1
Server: 27.121.64.191 , Australia, ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU),
Reverse DNS: cp191.ezyreg.com
Software: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 /
Resource Hash: a01655d8e96426f2120f31f9c47795abd10ed6d70e9f2cab8ed367addfa467c1

Request headers

Referer: http://liquidillusion.com.au/customersupport/personal.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 02 Jun 2019 16:51:17 GMT
Last-Modified: Fri, 05 Apr 2019 02:36:30 GMT
Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
ETag: "1469c2-37e99-585bf5aaba780"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=100
Content-Length: 229017

GET
H/1.1 200
OK logo-Savings.png
liquidillusion.com.au/customersupport/personal_information_files/ 35 KB
35 KB 623ms
314ms Image
image/png 27.121.64.191
NETREGISTRY-AS-AP...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://liquidillusion.com.au/customersupport/personal_information_files/logo-Savings.png
Requested by: Host: liquidillusion.com.au
URL: http://liquidillusion.com.au/customersupport/personal.php
Protocol: HTTP/1.1
Server: 27.121.64.191 , Australia, ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU),
Reverse DNS: cp191.ezyreg.com
Software: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 /
Resource Hash: a3562f7fcbafce0490a0aa42a3c88d0a9d5f3f83b426ad5cd9a7a0626082e3de

Request headers

Referer: http://liquidillusion.com.au/customersupport/personal.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 02 Jun 2019 16:51:16 GMT
Last-Modified: Sat, 02 Mar 2019 21:42:14 GMT
Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
ETag: "1469bf-8b42-5832365871980"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 35650

GET
H/1.1 200
OK inputmask.js Show response
liquidillusion.com.au/customersupport/js/ 233 KB
233 KB 317ms
315ms Script
application/javascript 27.121.64.191
NETREGISTRY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: http://liquidillusion.com.au/customersupport/js/inputmask.js
Requested by: Host: liquidillusion.com.au
URL: http://liquidillusion.com.au/customersupport/personal.php
Protocol: HTTP/1.1
Server: 27.121.64.191 , Australia, ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU),
Reverse DNS: cp191.ezyreg.com
Software: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 /
Resource Hash: 3fbd071b0f09677b895196a4c1e8153b404d5942a7d426e5314fed8840a2c955

Request headers

Referer: http://liquidillusion.com.au/customersupport/personal.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 02 Jun 2019 16:51:19 GMT
Last-Modified: Sat, 17 Feb 2018 05:55:00 GMT
Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
ETag: "101b04-3a22f-5656219f15500"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 238127

GET
H/1.1 200
OK getTextCaptcha.png
liquidillusion.com.au/customersupport/personal_information_files/ 2 KB
2 KB 314ms
313ms Image
image/png 27.121.64.191
NETREGISTRY-AS-AP...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://liquidillusion.com.au/customersupport/personal_information_files/getTextCaptcha.png
Requested by: Host: liquidillusion.com.au
URL: http://liquidillusion.com.au/customersupport/personal.php
Protocol: HTTP/1.1
Server: 27.121.64.191 , Australia, ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU),
Reverse DNS: cp191.ezyreg.com
Software: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 /
Resource Hash: 6b311f95bbdc099c32ad88a54fa5222747855b2f877f08e762e7e4055425adcc

Request headers

Referer: http://liquidillusion.com.au/customersupport/personal.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 02 Jun 2019 16:51:19 GMT
Last-Modified: Sat, 02 Mar 2019 21:42:14 GMT
Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
ETag: "1469bb-76a-5832365871980"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=98
Content-Length: 1898

GET
H/1.1 200
OK memberFadicLogoBlack.png
liquidillusion.com.au/customersupport/personal_information_files/ 3 KB
3 KB 315ms
314ms Image
image/png 27.121.64.191
NETREGISTRY-AS-AP...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://liquidillusion.com.au/customersupport/personal_information_files/memberFadicLogoBlack.png
Requested by: Host: liquidillusion.com.au
URL: http://liquidillusion.com.au/customersupport/personal.php
Protocol: HTTP/1.1
Server: 27.121.64.191 , Australia, ASN24446 (NETREGISTRY-AS-AP NetRegistry Pty Ltd., AU),
Reverse DNS: cp191.ezyreg.com
Software: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 /
Resource Hash: 6da100dba1dc87b573cf36320228f968a076c2ddc3cc88b0866661b6bfc67dba

Request headers

Referer: http://liquidillusion.com.au/customersupport/personal.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 02 Jun 2019 16:51:19 GMT
Last-Modified: Sat, 02 Mar 2019 21:42:14 GMT
Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
ETag: "1469c1-b11-5832365871980"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=100
Content-Length: 2833

GET
H/1.1 200
OK common-icons.svg
bank.discover.com/newaccount/app/regular/images/ 512 KB
371 KB 598ms
510ms Image
image/svg+xml 104.111.242.247
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.discover.com/newaccount/app/regular/images/common-icons.svg

Requested by

Host: liquidillusion.com.au
URL: http://liquidillusion.com.au/customersupport/personal.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.242.247 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-242-247.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

aa74acc2fb4fdca1ad06f86ac6f073a1b1667bebd8804cf3f0d6b9f8f34a7920

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: http://liquidillusion.com.au/customersupport/personal_information_files/oaoMain.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 07 May 2019 19:21:06 GMT
Date: Sun, 02 Jun 2019 16:51:19 GMT
X-Frame-Options: DENY
Content-Type: image/svg+xml
Cache-Control: no-cache, no-store
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Expires: 0

GET

MetaOffcPro-Norm.ttf
www.liquidillusion.com.au/global/fonts/
Redirect Chain

http://liquidillusion.com.au/global/fonts/MetaOffcPro-Norm.ttf
http://www.liquidillusion.com.au/global/fonts/MetaOffcPro-Norm.ttf

0
0

GET

MetaOffcPro-Medi.ttf
www.liquidillusion.com.au/global/fonts/
Redirect Chain

http://liquidillusion.com.au/global/fonts/MetaOffcPro-Medi.ttf
http://www.liquidillusion.com.au/global/fonts/MetaOffcPro-Medi.ttf

0
0

GET

MetaWebPro-Medium.woff
www.liquidillusion.com.au/global/fonts/
Redirect Chain

http://liquidillusion.com.au/global/fonts/MetaWebPro-Medium.woff
http://www.liquidillusion.com.au/global/fonts/MetaWebPro-Medium.woff

0
0

GET

MetaWebPro-Normal.woff
www.liquidillusion.com.au/global/fonts/
Redirect Chain

http://liquidillusion.com.au/global/fonts/MetaWebPro-Normal.woff
http://www.liquidillusion.com.au/global/fonts/MetaWebPro-Normal.woff

0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.liquidillusion.com.au
URL: http://www.liquidillusion.com.au/global/fonts/MetaOffcPro-Norm.ttf

Domain: www.liquidillusion.com.au
URL: http://www.liquidillusion.com.au/global/fonts/MetaOffcPro-Medi.ttf

Domain: www.liquidillusion.com.au
URL: http://www.liquidillusion.com.au/global/fonts/MetaWebPro-Medium.woff

Domain: www.liquidillusion.com.au
URL: http://www.liquidillusion.com.au/global/fonts/MetaWebPro-Normal.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discover (Financial)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery object| jQuery111109032723885638096

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bank.discover.com
liquidillusion.com.au
www.liquidillusion.com.au
www.liquidillusion.com.au
104.111.242.247
27.121.64.191
3fbd071b0f09677b895196a4c1e8153b404d5942a7d426e5314fed8840a2c955
6b311f95bbdc099c32ad88a54fa5222747855b2f877f08e762e7e4055425adcc
6da100dba1dc87b573cf36320228f968a076c2ddc3cc88b0866661b6bfc67dba
a01655d8e96426f2120f31f9c47795abd10ed6d70e9f2cab8ed367addfa467c1
a3562f7fcbafce0490a0aa42a3c88d0a9d5f3f83b426ad5cd9a7a0626082e3de
aa74acc2fb4fdca1ad06f86ac6f073a1b1667bebd8804cf3f0d6b9f8f34a7920
e50d9cff46a1850c16e338ba0eb123a3391a864a0ad971f5e1266f6b64b5050e