Submitted URL: https://ssur.cc/ANZbanking
Effective URL: https://www-anz.net/login.php
Submission: On January 10 via manual from AU — Scanned from JP

Summary

This website contacted 4 IPs in 4 countries across 4 domains to perform 9 HTTP transactions. The main IP is 103.143.72.61, located in Hong Kong and belongs to YISUCLOUDLTD-HK YISU CLOUD LTD, HK. The main domain is www-anz.net.
TLS certificate: Issued by R3 on January 8th 2022. Valid for: 3 months.
This is the only time www-anz.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ANZ Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 13.230.39.103 16509 (AMAZON-02)
6 103.143.72.61 138152 (YISUCLOUD...)
1 2404:6800:400... 15169 (GOOGLE)
1 218.12.76.150 4837 (CHINA169-...)
1 183.131.207.66 136190 (CHINATELE...)
9 4
Apex Domain
Subdomains
Transfer
6 www-anz.net
www-anz.net
292 KB
2 51.la
js.users.51.la — Cisco Umbrella Rank: 44668
ia.51.la — Cisco Umbrella Rank: 50556
6 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 258
31 KB
1 ssur.cc
ssur.cc
357 B
9 4
Domain Requested by
6 www-anz.net www-anz.net
1 ia.51.la www-anz.net
1 js.users.51.la www-anz.net
1 ajax.googleapis.com www-anz.net
1 ssur.cc 1 redirects
9 5

This site contains links to these domains. Also see Links.

Domain
www.anz.com.au
www.recovery.anz.com
register.anz.com
Subject Issuer Validity Valid
www-anz.net
R3
2022-01-08 -
2022-04-08
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
*.users.51.la
GlobalSign GCC R3 DV TLS CA 2020
2020-08-27 -
2022-04-19
2 years crt.sh
*.51.la
GlobalSign GCC R3 DV TLS CA 2020
2020-08-27 -
2022-05-16
2 years crt.sh

This page contains 1 frames:

Primary Page: https://www-anz.net/login.php
Frame ID: 5F2D120130A2F20061CC7153F2E34F56
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

Login - ANZ Internet Banking

Page URL History Show full URLs

  1. https://ssur.cc/ANZbanking HTTP 301
    https://www-anz.net/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

20 %
IPv6

4
Domains

5
Subdomains

4
IPs

4
Countries

328 kB
Transfer

589 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ssur.cc/ANZbanking HTTP 301
    https://www-anz.net/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login.php
www-anz.net/
Redirect Chain
  • https://ssur.cc/ANZbanking
  • https://www-anz.net/login.php
41 KB
9 KB
Document
General
Full URL
https://www-anz.net/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.143.72.61 , Hong Kong, ASN138152 (YISUCLOUDLTD-HK YISU CLOUD LTD, HK),
Reverse DNS
Software
nginx /
Resource Hash
8cf8db434979db620a8498f26b085e2e9251fc36a17b7ed5be504dea930a85eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

server
nginx
date
Mon, 10 Jan 2022 11:29:04 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip

Redirect headers

server
nginx
date
Mon, 10 Jan 2022 11:29:33 GMT
content-type
text/html; charset=UTF-8
location
https://www-anz.net/login.php
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
content-encoding
gzip
vary
Accept-Encoding
strict-transport-security
max-age=31536000
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/
86 KB
31 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: www-anz.net
URL: https://www-anz.net/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:825::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www-anz.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 09 Jan 2022 08:13:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
98146
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30774
x-xss-protection
0
last-modified
Mon, 13 May 2019 14:37:17 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 09 Jan 2023 08:13:49 GMT
jquery.js
www-anz.net/files/js/
266 KB
90 KB
Script
General
Full URL
https://www-anz.net/files/js/jquery.js
Requested by
Host: www-anz.net
URL: https://www-anz.net/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.143.72.61 , Hong Kong, ASN138152 (YISUCLOUDLTD-HK YISU CLOUD LTD, HK),
Reverse DNS
Software
nginx /
Resource Hash
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www-anz.net/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 10 Jan 2022 11:29:04 GMT
content-encoding
gzip
last-modified
Sat, 12 Dec 2020 15:20:22 GMT
server
nginx
etag
W/"5fd4dfb6-42719"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
strict-transport-security
max-age=31536000
expires
Mon, 10 Jan 2022 23:29:04 GMT
anz-logo.1.0.0.svg
www-anz.net/assets/img/
38 KB
38 KB
Image
General
Full URL
https://www-anz.net/assets/img/anz-logo.1.0.0.svg
Requested by
Host: www-anz.net
URL: https://www-anz.net/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.143.72.61 , Hong Kong, ASN138152 (YISUCLOUDLTD-HK YISU CLOUD LTD, HK),
Reverse DNS
Software
nginx /
Resource Hash
df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www-anz.net/login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 10 Jan 2022 11:29:04 GMT
last-modified
Fri, 07 Jan 2022 16:17:50 GMT
server
nginx
etag
"61d867ae-97ce"
strict-transport-security
max-age=31536000
content-type
image/svg+xml
accept-ranges
bytes
content-length
38862
21246597.js
js.users.51.la/
5 KB
6 KB
Script
General
Full URL
https://js.users.51.la/21246597.js
Requested by
Host: www-anz.net
URL: https://www-anz.net/login.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
218.12.76.150 Baoding, China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software
openresty /
Resource Hash
b6f261d8c2361534d7efc52231dc90ecf31c277a674f912ae96132bad719607c

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www-anz.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

nginx-hit
1
Date
Mon, 10 Jan 2022 11:29:35 GMT
via
CHN-HEshijiazhuang-AREACUCC1-CACHE31[6],CHN-HEshijiazhuang-AREACUCC1-CACHE14[0,TCP_HIT,4],CHN-SH-GLOBAL1-CACHE118[3],CHN-SH-GLOBAL1-CACHE148[0,TCP_HIT,1]
X-CCDN-CacheTTL
86400
Age
195796
Content-Disposition
inline;filename=f.txt
Connection
keep-alive
request-id
0000017E381169D59056DDE4989E0F8C
x-reserved
amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
Content-Length
4898
id-2
32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSqFlZ/3P5xmgSZ3XCBToIAw+DwPCwGP
Last-Modified
Sat Jan 08 13:02:51 CST 2022
Server
openresty
ETag
"b186558179e2433ae29c5db1a6a5db54"
Content-Type
application/javascript;charset=UTF-8
version-id
G001117E3811667BFFFF901620591BE3
Accept-Ranges
bytes
x-hcs-proxy-type
1
MyriadPro-Semibold.1.0.0.woff
www-anz.net/assets/font/
52 KB
52 KB
Font
General
Full URL
https://www-anz.net/assets/font/MyriadPro-Semibold.1.0.0.woff
Requested by
Host: www-anz.net
URL: https://www-anz.net/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.143.72.61 , Hong Kong, ASN138152 (YISUCLOUDLTD-HK YISU CLOUD LTD, HK),
Reverse DNS
Software
nginx /
Resource Hash
b6bf163550dd994ccb01b937f1210281ec8681bfea58b38cf92b266a3d257cfc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www-anz.net/login.php
Origin
https://www-anz.net
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 10 Jan 2022 11:29:04 GMT
last-modified
Fri, 07 Jan 2022 16:17:50 GMT
server
nginx
etag
"61d867ae-ce48"
strict-transport-security
max-age=31536000
content-type
font/woff
accept-ranges
bytes
content-length
52808
MyriadPro-Regular.1.0.0.woff
www-anz.net/assets/font/
51 KB
52 KB
Font
General
Full URL
https://www-anz.net/assets/font/MyriadPro-Regular.1.0.0.woff
Requested by
Host: www-anz.net
URL: https://www-anz.net/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.143.72.61 , Hong Kong, ASN138152 (YISUCLOUDLTD-HK YISU CLOUD LTD, HK),
Reverse DNS
Software
nginx /
Resource Hash
9af4df3b7f044525975716b175351fa75553070734627cf3b1325332284208c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www-anz.net/login.php
Origin
https://www-anz.net
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 10 Jan 2022 11:29:04 GMT
last-modified
Fri, 07 Jan 2022 16:17:50 GMT
server
nginx
etag
"61d867ae-cdb0"
strict-transport-security
max-age=31536000
content-type
font/woff
accept-ranges
bytes
content-length
52656
MyriadPro-Light.1.0.0.woff
www-anz.net/assets/font/
51 KB
51 KB
Font
General
Full URL
https://www-anz.net/assets/font/MyriadPro-Light.1.0.0.woff
Requested by
Host: www-anz.net
URL: https://www-anz.net/login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.143.72.61 , Hong Kong, ASN138152 (YISUCLOUDLTD-HK YISU CLOUD LTD, HK),
Reverse DNS
Software
nginx /
Resource Hash
a3080630cedf7c6bb87229c4b11d206b3adb83753ced5558c7fea114bc0fd87a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www-anz.net/login.php
Origin
https://www-anz.net
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 10 Jan 2022 11:29:04 GMT
last-modified
Fri, 07 Jan 2022 16:17:50 GMT
server
nginx
etag
"61d867ae-cbac"
strict-transport-security
max-age=31536000
content-type
font/woff
accept-ranges
bytes
content-length
52140
go1
ia.51.la/
0
215 B
Image
General
Full URL
https://ia.51.la/go1?id=21246597&rt=1641814175810&rl=1600*1200&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=&ing=1&ekc=&sid=1641814175810&tt=Login%2520-%2520ANZ%2520Internet%2520Banking&kw=&cu=https%253A%252F%252Fwww-anz.net%252Flogin.php&pu=
Requested by
Host: www-anz.net
URL: https://www-anz.net/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
183.131.207.66 , China, ASN136190 (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA, ZHEJIANG Province, P.R.China., CN),
Reverse DNS
Software
CloudWAF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www-anz.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Mon, 10 Jan 2022 11:29:37 GMT
Server
CloudWAF
Connection
keep-alive
Content-Length
0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ANZ Bank (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onsecuritypolicyviolation object| onslotchange function| $ function| jQuery

6 Cookies

Domain/Path Name / Value
ssur.cc/ Name: PHPSESSID
Value: 6ttd636a5ns0utdos3heopi86a
ssur.cc/ Name: short_ANZbanking
Value: 1
www-anz.net/ Name: PHPSESSID
Value: 8pvbjspm04bpi92fp9276bp3d5
www-anz.net/ Name: __tins__21246597
Value: %7B%22sid%22%3A%201641814175810%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201641815975810%7D
www-anz.net/ Name: __51cke__
Value:
www-anz.net/ Name: __51laig__
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000