![](/screenshots/02ab3bc9-e8df-4ae8-864d-abc7a44c76ed.png)
www.anzhelp-aus.com
Open in
urlscan Pro
104.21.7.209
Malicious Activity!
Public Scan
Summary
TLS certificate: Issued by GTS CA 1P5 on December 23rd 2022. Valid for: 3 months.
This is the only time www.anzhelp-aus.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ANZ Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 12 | 104.21.7.209 104.21.7.209 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 69.16.175.10 69.16.175.10 | 20446 (STACKPATH...) (STACKPATH-CDN) | |
12 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
anzhelp-aus.com
1 redirects
www.anzhelp-aus.com |
60 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 686 |
83 KB |
12 | 2 |
Domain | Requested by | |
---|---|---|
12 | www.anzhelp-aus.com |
1 redirects
www.anzhelp-aus.com
code.jquery.com |
1 | code.jquery.com |
www.anzhelp-aus.com
|
12 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.anzhelp-aus.com GTS CA 1P5 |
2022-12-23 - 2023-03-23 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.anzhelp-aus.com/
Frame ID: AF37181E36EDB3AF0EB5FC9745FBE7DA
Requests: 10 HTTP requests in this frame
Frame:
https://www.anzhelp-aus.com/assets/index_1.html
Frame ID: 5F996135B4017B10AB4A614E26428005
Requests: 1 HTTP requests in this frame
Frame:
https://www.anzhelp-aus.com/assets/index_2.html
Frame ID: E2E2B436D58483D9D24FF383C7FF3EDD
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/02ab3bc9-e8df-4ae8-864d-abc7a44c76ed.png)
Page Title
Login - ANZ Internet BankingPage URL History Show full URLs
-
http://www.anzhelp-aus.com/
HTTP 301
https://www.anzhelp-aus.com/ Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.anzhelp-aus.com/
HTTP 301
https://www.anzhelp-aus.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.anzhelp-aus.com/ Redirect Chain
|
53 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.js
code.jquery.com/ |
281 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
www.anzhelp-aus.com/static/ |
59 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anz-logo.1.0.0.svg
www.anzhelp-aus.com/assets/ |
38 KB 28 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ib-login-support.1.0.0.svg
www.anzhelp-aus.com/assets/ |
11 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MyriadPro-Semibold.1.0.0.woff
www.anzhelp-aus.com/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MyriadPro-Regular.1.0.0.woff
www.anzhelp-aus.com/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MyriadPro-Light.1.0.0.woff
www.anzhelp-aus.com/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_1.html
www.anzhelp-aus.com/assets/ Frame 5F99 |
325 B 482 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_2.html
www.anzhelp-aus.com/assets/ Frame E2E2 |
788 B 994 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
activity.php
www.anzhelp-aus.com/files/ |
18 B 407 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
activity.php
www.anzhelp-aus.com/files/ |
18 B 291 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ANZ Bank (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| oncontentvisibilityautostatechange function| $ function| jQuery object| bootstrap string| pathref object| dataLayer function| isNumber number| interval function| heartbeat1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.anzhelp-aus.com/ | Name: PHPSESSID Value: d975c7fea39985d27ae2c59f76adb07d |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
www.anzhelp-aus.com
104.21.7.209
69.16.175.10
0f2f421d03f0dd094f5eeea11c1b78898bb8c38cdc6a9859627617bbb4db363e
38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
6f43bbda4f62410524aa77873dbdea060a03ff4238c0816f56553e2ede92c8a3
87f7eca8ea5ec119169c3b640d361dde0a1f3c23a4e923a87f0ecada59f712d0
94f9149f1315d2a1b9f44a7fd18360f4ef65b7255fbde2d926619c00b37fcbe9
df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5
f5193a2150b61133b07acc1a7d491d06b2b142d6e55894b0f1c183fcdb493775