www-anz.net
Open in
urlscan Pro
103.143.72.61
Malicious Activity!
Public Scan
Effective URL: https://www-anz.net/login.php
Submission: On January 10 via manual from AU — Scanned from JP
Summary
TLS certificate: Issued by R3 on January 8th 2022. Valid for: 3 months.
This is the only time www-anz.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ANZ Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 13.230.39.103 13.230.39.103 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 103.143.72.61 103.143.72.61 | 138152 (YISUCLOUD...) (YISUCLOUDLTD-HK YISU CLOUD LTD) | |
1 | 2404:6800:400... 2404:6800:4004:825::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 218.12.76.150 218.12.76.150 | 4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone) | |
1 | 183.131.207.66 183.131.207.66 | 136190 (CHINATELE...) (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA) | |
9 | 4 |
ASN16509 (AMAZON-02, US)
PTR: ec2-13-230-39-103.ap-northeast-1.compute.amazonaws.com
ssur.cc |
ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)
js.users.51.la |
ASN136190 (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA, ZHEJIANG Province, P.R.China., CN)
ia.51.la |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
www-anz.net
www-anz.net |
292 KB |
2 |
51.la
js.users.51.la — Cisco Umbrella Rank: 44668 ia.51.la — Cisco Umbrella Rank: 50556 |
6 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 258 |
31 KB |
1 |
ssur.cc
1 redirects
ssur.cc |
357 B |
9 | 4 |
Domain | Requested by | |
---|---|---|
6 | www-anz.net |
www-anz.net
|
1 | ia.51.la |
www-anz.net
|
1 | js.users.51.la |
www-anz.net
|
1 | ajax.googleapis.com |
www-anz.net
|
1 | ssur.cc | 1 redirects |
9 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.anz.com.au |
www.recovery.anz.com |
register.anz.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www-anz.net R3 |
2022-01-08 - 2022-04-08 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-11-29 - 2022-02-21 |
3 months | crt.sh |
*.users.51.la GlobalSign GCC R3 DV TLS CA 2020 |
2020-08-27 - 2022-04-19 |
2 years | crt.sh |
*.51.la GlobalSign GCC R3 DV TLS CA 2020 |
2020-08-27 - 2022-05-16 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www-anz.net/login.php
Frame ID: 5F2D120130A2F20061CC7153F2E34F56
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
Login - ANZ Internet BankingPage URL History Show full URLs
-
https://ssur.cc/ANZbanking
HTTP 301
https://www-anz.net/login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Forgot login details?
Search URL Search Domain Scan URL
Title: Register
Search URL Search Domain Scan URL
Title: Security and Privacy Statement.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ssur.cc/ANZbanking
HTTP 301
https://www-anz.net/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
www-anz.net/ Redirect Chain
|
41 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ |
86 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
www-anz.net/files/js/ |
266 KB 90 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anz-logo.1.0.0.svg
www-anz.net/assets/img/ |
38 KB 38 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
21246597.js
js.users.51.la/ |
5 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MyriadPro-Semibold.1.0.0.woff
www-anz.net/assets/font/ |
52 KB 52 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MyriadPro-Regular.1.0.0.woff
www-anz.net/assets/font/ |
51 KB 52 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MyriadPro-Light.1.0.0.woff
www-anz.net/assets/font/ |
51 KB 51 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
go1
ia.51.la/ |
0 215 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ANZ Bank (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onsecuritypolicyviolation object| onslotchange function| $ function| jQuery6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ssur.cc/ | Name: PHPSESSID Value: 6ttd636a5ns0utdos3heopi86a |
|
ssur.cc/ | Name: short_ANZbanking Value: 1 |
|
www-anz.net/ | Name: PHPSESSID Value: 8pvbjspm04bpi92fp9276bp3d5 |
|
www-anz.net/ | Name: __tins__21246597 Value: %7B%22sid%22%3A%201641814175810%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201641815975810%7D |
|
www-anz.net/ | Name: __51cke__ Value: |
|
www-anz.net/ | Name: __51laig__ Value: 1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
ia.51.la
js.users.51.la
ssur.cc
www-anz.net
103.143.72.61
13.230.39.103
183.131.207.66
218.12.76.150
2404:6800:4004:825::200a
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
8cf8db434979db620a8498f26b085e2e9251fc36a17b7ed5be504dea930a85eb
9af4df3b7f044525975716b175351fa75553070734627cf3b1325332284208c5
a3080630cedf7c6bb87229c4b11d206b3adb83753ced5558c7fea114bc0fd87a
b6bf163550dd994ccb01b937f1210281ec8681bfea58b38cf92b266a3d257cfc
b6f261d8c2361534d7efc52231dc90ecf31c277a674f912ae96132bad719607c
df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855