www.anzhelp-aus.com Open in urlscan Pro
104.21.7.209 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.anzhelp-aus.com/
Effective URL:
https://www.anzhelp-aus.com/
Submission Tags: tweet @atomspam #phishing #anzbank #anz #anzau #bank #infosec #cybersecurity #atomspam Search All
Submission: On December 24 via api (December 24th 2022, 4:13:53 am UTC) from FI — Scanned from FI

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 104.21.7.209, located in and belongs to CLOUDFLARENET, US. The main domain is www.anzhelp-aus.com.
TLS certificate: Issued by GTS CA 1P5 on December 23rd 2022. Valid for: 3 months.

This is the only time www.anzhelp-aus.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ANZ Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 12	104.21.7.209 104.21.7.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.16.175.10 69.16.175.10	20446 (STACKPATH...) (STACKPATH-CDN)
12	2

12 104.21.7.209 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.anzhelp-aus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	anzhelp-aus.com 1 redirects www.anzhelp-aus.com	60 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 686	83 KB
12	2

	Domain	Requested by
12	www.anzhelp-aus.com	1 redirects www.anzhelp-aus.com code.jquery.com
1	code.jquery.com	www.anzhelp-aus.com
12	2

This site contains no links.

Subject Issuer	Validity	Valid
*.anzhelp-aus.com GTS CA 1P5	`2022-12-23` - `2023-03-23`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.anzhelp-aus.com/
Frame ID: AF37181E36EDB3AF0EB5FC9745FBE7DA
Requests: 10 HTTP requests in this frame

Frame: https://www.anzhelp-aus.com/assets/index_1.html
Frame ID: 5F996135B4017B10AB4A614E26428005
Requests: 1 HTTP requests in this frame

Frame: https://www.anzhelp-aus.com/assets/index_2.html
Frame ID: E2E2B436D58483D9D24FF383C7FF3EDD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login - ANZ Internet Banking

Page URL History Show full URLs

http://www.anzhelp-aus.com/ HTTP 301
https://www.anzhelp-aus.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

142 kB
Transfer

443 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.anzhelp-aus.com/ HTTP 301
https://www.anzhelp-aus.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.anzhelp-aus.com/ Redirect Chain http://www.anzhelp-aus.com/ https://www.anzhelp-aus.com/	53 KB 10 KB	1350ms 898ms	Document text/html	104.21.7.209 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.anzhelp-aus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.7.209 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f5193a2150b61133b07acc1a7d491d06b2b142d6e55894b0f1c183fcdb493775` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 77e6819e2e4d77b3-KBP content-encoding br content-type text/html; charset=UTF-8 date Sat, 24 Dec 2022 04:13:47 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0uAogToBe3XkW0fwzUN7z6uQCX3miFoij4OtcAf5YbqB6miBiy2%2F2sL6q1o15WTy6UoYbfzHKtHAL%2FxyEC0BmueFv7K4cffIcKNqf2U1vsrDQaT%2F5AL89tYtmib1fW5%2BCEhwvkIw"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed Redirect headers CF-RAY 77e6819adb882de9-KBP Cache-Control max-age=3600 Connection keep-alive Date Sat, 24 Dec 2022 04:13:46 GMT Expires Sat, 24 Dec 2022 05:13:46 GMT Location https://www.anzhelp-aus.com/ NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1INDwHUWyWvl%2FCAqb9BjspUcIbkJz5omZVVDEXLu8UcjLao0gGpivkTdyaTU7Gvv9AaTzmSrSRF8fuC6VtjBXiLatn0Xi1YAvtUlijxEFmb1pwXJIt%2FbqgCdZ64bbk8gAD0nRZGL"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	jquery-3.5.1.js Show response code.jquery.com/	281 KB 83 KB	441ms 39ms	Script application/javascript	69.16.175.10 STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.1.js Requested by Host: www.anzhelp-aus.com URL: https://www.anzhelp-aus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US), Reverse DNS tlb.hwcdn.net Software nginx / Resource Hash `416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37` Request headers Referer https://www.anzhelp-aus.com/ Origin https://www.anzhelp-aus.com accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 24 Dec 2022 04:13:47 GMT content-encoding gzip x-sp-metadata HS256.CIuVmp0GEokBCiQ2MjQ4Yjk4Ni0yNGFkLTQxMDYtYmM0NS1jMzJlNDM5NjI5MWQQ+OiCoKvU+wIaBgj7+JmdBiIOMTk0LjM0LjEzNC4xNDYojKoDMAM4BEIWVExTX0FFU18xMjhfR0NNX1NIQTI1NlogM2U5YjIwNjEwMDk4YjZjOWJmZjk1Mzg1NmU1ODAxNmEaLAgBEiRhNGJjZTdlNy1jNDczLTRjZDgtOWVlZS05YjZjN2RiMDQ3YjMYlpMFIhgIAhIUY2RzMjA3LnNrMS5od2Nkbi5uZXQ=.IWULExup/yVcKgIMJQplUyAOuY/T2XOxYu9mfG7aua8= last-modified Wed, 16 Feb 2022 10:50:39 GMT server nginx etag W/"620cd6ff-4638e" vary Accept-Encoding x-hw 1671855227.dop067.sk1.t,1671855227.cds068.sk1.hn,1671855227.cds207.sk1.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 84374
GET H2	200	bootstrap.min.js Show response www.anzhelp-aus.com/static/	59 KB 16 KB	181ms 179ms	Script application/javascript	104.21.7.209 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.anzhelp-aus.com/static/bootstrap.min.js Requested by Host: www.anzhelp-aus.com URL: https://www.anzhelp-aus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.7.209 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff` Request headers accept-language fi-FI,fi;q=0.9 Referer https://www.anzhelp-aus.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 24 Dec 2022 04:13:47 GMT content-encoding br cf-cache-status MISS last-modified Sat, 24 Sep 2022 10:13:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"eb0e-632ed838-25fc5b67c4610214;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WcEbv7omtSNfxW0ZrBb8SwbWrsvhJRygHNpdk7EIVQyqUwwXgpKguXdoquTyTyW1RJCoy3soPtc5%2FGjWGgULUolgnAvIJ0OWlXgzrEBbJ92yP2VzcnQnTbCXM8Vdr%2FqDIEN3P0YL"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 77e681a3eb4277b3-KBP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Sat, 31 Dec 2022 04:13:46 GMT
GET H2	200	anz-logo.1.0.0.svg www.anzhelp-aus.com/assets/	38 KB 28 KB	176ms 175ms	Image image/svg+xml	104.21.7.209 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.anzhelp-aus.com/assets/anz-logo.1.0.0.svg Requested by Host: www.anzhelp-aus.com URL: https://www.anzhelp-aus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.7.209 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5` Request headers accept-language fi-FI,fi;q=0.9 Referer https://www.anzhelp-aus.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 24 Dec 2022 04:13:47 GMT content-encoding br cf-cache-status MISS last-modified Wed, 05 Oct 2022 13:42:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"97ce-633d89b2-18e67d5dbea05d80;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNvjJiGwDqX8KX3%2BlYRIgn%2FiGfURT986AjUrB7pcmPGlAsNSjlFDPt6S2KNuO97O7FtCQBJf3SlzH7xD0WUw0jZ83coWIZqRnz2DGs1fertRzwzJuqXRa5MZNj0OhAz7SrO3XCTe"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 77e681a51c3477b3-KBP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Sat, 31 Dec 2022 04:13:46 GMT
GET H2	200	ib-login-support.1.0.0.svg www.anzhelp-aus.com/assets/	11 KB 3 KB	105ms 104ms	Image image/svg+xml	104.21.7.209 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.anzhelp-aus.com/assets/ib-login-support.1.0.0.svg Requested by Host: www.anzhelp-aus.com URL: https://www.anzhelp-aus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.7.209 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0f2f421d03f0dd094f5eeea11c1b78898bb8c38cdc6a9859627617bbb4db363e` Request headers accept-language fi-FI,fi;q=0.9 Referer https://www.anzhelp-aus.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Sat, 24 Dec 2022 04:13:47 GMT content-encoding br cf-cache-status MISS last-modified Wed, 05 Oct 2022 13:42:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2b1d-633d89b2-c993b69a149a0908;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=skFswy9UHsO3j5f2ehG437m%2FWVMJCqnct4QDeMfaX%2F0em8pBLqbPmbsbQf%2FD%2B%2Bj%2BCW%2F1cBcg3V4g7Kol4TyprJQZhrPpc886%2BT8IQNaiEK83Tu5DWwrmsoj8J60q3PUoxG%2Bra0Gd"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed cf-ray 77e681a65d7277b3-KBP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Sat, 31 Dec 2022 04:13:46 GMT
GET H2	404	MyriadPro-Semibold.1.0.0.woff www.anzhelp-aus.com/	0 0	135ms 135ms	Font text/html	104.21.7.209 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.anzhelp-aus.com/MyriadPro-Semibold.1.0.0.woff Requested by Host: www.anzhelp-aus.com URL: https://www.anzhelp-aus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.7.209 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://www.anzhelp-aus.com/ Origin https://www.anzhelp-aus.com accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Sat, 24 Dec 2022 04:13:48 GMT content-encoding br cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=41olU2XWpoUvH1jVK3hclDH%2BpEVEelYOD%2FeEiClUeJYZ2fLZKGbKIwNLGK%2FpmagFVLVPIqzlRobEtnHRLOEVgH%2FsiPF2qOEyUjhpk1BAwtQqvVaO5EnnEppgnj4Rpe1icYl6l3bu"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed cf-ray 77e681a76ebf77b3-KBP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	404	MyriadPro-Regular.1.0.0.woff www.anzhelp-aus.com/	0 0	140ms 140ms	Font text/html	104.21.7.209 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.anzhelp-aus.com/MyriadPro-Regular.1.0.0.woff Requested by Host: www.anzhelp-aus.com URL: https://www.anzhelp-aus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.7.209 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://www.anzhelp-aus.com/ Origin https://www.anzhelp-aus.com accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Sat, 24 Dec 2022 04:13:48 GMT content-encoding br cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0jLWnnkFhkJt4OMoIFxTuY1%2F3KG6mddVLeXjVXkoVy5z2TyGCa9fGjvpS7y8ixNybNTprnUu750ubR8%2FFh8XDb9OJkneEqUewQNUkBsaU5EkkY1QLZ2hYULFRDKhR2dVxL9HJGg5"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed cf-ray 77e681a76ec077b3-KBP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	404	MyriadPro-Light.1.0.0.woff www.anzhelp-aus.com/	0 0	137ms 136ms	Font text/html	104.21.7.209 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.anzhelp-aus.com/MyriadPro-Light.1.0.0.woff Requested by Host: www.anzhelp-aus.com URL: https://www.anzhelp-aus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.7.209 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://www.anzhelp-aus.com/ Origin https://www.anzhelp-aus.com accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Sat, 24 Dec 2022 04:13:48 GMT content-encoding br cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vFJMF6YPxQRmUYYQTI%2FiprshTOmOlP%2FefL4ouNY87qthzuUaOszfWWuM5Tq%2FjmmBFSJDAMAkNiMTWTo%2BMoH5%2BoikDA3WegcCTIMRbDk%2Bt78PWO9mSGX%2BHJbeR5xdmWVxLyKEYp9I"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control private, no-cache, no-store, must-revalidate, max-age=0 x-turbo-charged-by LiteSpeed cf-ray 77e681a77ec977b3-KBP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	index_1.html Show response www.anzhelp-aus.com/assets/ Frame 5F99	325 B 482 B	100ms 100ms	Document text/html	104.21.7.209 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.anzhelp-aus.com/assets/index_1.html Requested by Host: www.anzhelp-aus.com URL: https://www.anzhelp-aus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.7.209 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6f43bbda4f62410524aa77873dbdea060a03ff4238c0816f56553e2ede92c8a3` Request headers Referer https://www.anzhelp-aus.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 77e681a77ecc77b3-KBP content-encoding br content-type text/html date Sat, 24 Dec 2022 04:13:48 GMT last-modified Wed, 05 Oct 2022 13:42:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4H3%2FjXuzdtcRU9%2FV3Z55IUHtsMZKJBg8JI92fv6B6fLbT%2BBOSVCSNvHT7%2B2fNDEiz8YE7JQ6xP%2BUNHUZO1aoKQ8sG06dAtijY%2Bcidmx5xWdOrV8D0tBqyIl%2B63kT9ZbY3JH2FZS0"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed
GET H2	200	index_2.html Show response www.anzhelp-aus.com/assets/ Frame E2E2	788 B 994 B	136ms 136ms	Document text/html	104.21.7.209 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.anzhelp-aus.com/assets/index_2.html Requested by Host: www.anzhelp-aus.com URL: https://www.anzhelp-aus.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.7.209 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `87f7eca8ea5ec119169c3b640d361dde0a1f3c23a4e923a87f0ecada59f712d0` Request headers Referer https://www.anzhelp-aus.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 77e681a77ecf77b3-KBP content-encoding br content-type text/html date Sat, 24 Dec 2022 04:13:48 GMT last-modified Wed, 05 Oct 2022 13:42:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bf%2BLSUs5ZerB0NUq0bj7mmpWMWv59NlLu%2FHlM%2FM9hWPlPBUzh6Wi56zep5zgUgRzqC74qMevEtlaKc90dsu1KWlSgcPi5rAXX8KL0dz%2Bl8W9Cgx%2F%2Fb64hyv1JBcJhlL4tB7iwIRt"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-turbo-charged-by LiteSpeed
GET H2	200	activity.php Show response www.anzhelp-aus.com/files/	18 B 407 B	103ms 103ms	XHR text/html	104.21.7.209 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.anzhelp-aus.com/files/activity.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.5.1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.7.209 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `94f9149f1315d2a1b9f44a7fd18360f4ef65b7255fbde2d926619c00b37fcbe9` Request headers Accept / Referer https://www.anzhelp-aus.com/ X-Requested-With XMLHttpRequest accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Sat, 24 Dec 2022 04:13:51 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qiC%2B%2Fkbihf56JfuvK%2Btsf2G04hyP%2B4mO5IIEEtKHeaSl51bvB60rmx%2ForrVy4xQWg5C%2FR8UFkn6wCiknj6hd8S4Z%2FR%2B3J5UCGtH4JBTyX92NIbJ9w%2FNvxLbQD%2BUF3iBxivJqn9v0"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate x-turbo-charged-by LiteSpeed cf-ray 77e681ba4ef477b3-KBP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	activity.php Show response www.anzhelp-aus.com/files/	18 B 291 B	103ms 103ms	XHR text/html	104.21.7.209 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.anzhelp-aus.com/files/activity.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.5.1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.7.209 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `94f9149f1315d2a1b9f44a7fd18360f4ef65b7255fbde2d926619c00b37fcbe9` Request headers Accept / Referer https://www.anzhelp-aus.com/ X-Requested-With XMLHttpRequest accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers pragma no-cache date Sat, 24 Dec 2022 04:13:51 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sWq6YF2vsIW78wc8Vlog5BYZwV874FcTt4DFDsaITrv1yMzeAMXw2059JLpHK%2FgwkwGto6D%2Be4QCfBxgGdNRHlsOPRGHY6ySf4Jr34s67CM6pAprgLwhA4emnFPIi6UBRlWbtdIE"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate x-turbo-charged-by LiteSpeed cf-ray 77e681ba4ef677b3-KBP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ANZ Bank (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.anzhelp-aus.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: d975c7fea39985d27ae2c59f76adb07d

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.anzhelp-aus.com/MyriadPro-Semibold.1.0.0.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.anzhelp-aus.com/MyriadPro-Regular.1.0.0.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.anzhelp-aus.com/MyriadPro-Light.1.0.0.woff Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
www.anzhelp-aus.com
104.21.7.209
69.16.175.10
0f2f421d03f0dd094f5eeea11c1b78898bb8c38cdc6a9859627617bbb4db363e
38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
6f43bbda4f62410524aa77873dbdea060a03ff4238c0816f56553e2ede92c8a3
87f7eca8ea5ec119169c3b640d361dde0a1f3c23a4e923a87f0ecada59f712d0
94f9149f1315d2a1b9f44a7fd18360f4ef65b7255fbde2d926619c00b37fcbe9
df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5
f5193a2150b61133b07acc1a7d491d06b2b142d6e55894b0f1c183fcdb493775

www.anzhelp-aus.com Open in urlscan Pro 104.21.7.209 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

142 kBTransfer

443 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

www.anzhelp-aus.com Open in urlscan Pro
104.21.7.209 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

142 kB
Transfer

443 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!