my-commbank-au.netlify.app

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 3.24.66.78, located in Sydney, Australia and belongs to AMAZON-02, US. The main domain is my-commbank-au.netlify.app.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on January 15th 2024. Valid for: a year.

This is the only time my-commbank-au.netlify.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Commonwealth Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	3.24.66.78 3.24.66.78	16509 (AMAZON-02) (AMAZON-02)
5	23.204.64.114 23.204.64.114	16625 (AKAMAI-AS) (AKAMAI-AS)
7	2

2 3.24.66.78 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-24-66-78.ap-southeast-2.compute.amazonaws.com

my-commbank-au.netlify.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.204.64.114 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a23-204-64-114.deploy.static.akamaitechnologies.com

static.my.commbank.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	commbank.com.au static.my.commbank.com.au	44 KB
2	netlify.app my-commbank-au.netlify.app	3 KB
7	2

	Domain	Requested by
5	static.my.commbank.com.au	my-commbank-au.netlify.app static.my.commbank.com.au
2	my-commbank-au.netlify.app	my-commbank-au.netlify.app
7	2

This site contains links to these domains. Also see Links.

Domain
www1.my.commbank.com.au

Subject Issuer	Validity	Valid
*.netlify.app DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-15` - `2025-02-14`	a year	crt.sh
my.commbank.com.au Entrust Certification Authority - L1M	`2023-07-03` - `2024-07-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://my-commbank-au.netlify.app/
Frame ID: 871C1EE62B9B672645609C9EA3009578
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

NetBank - Log on to NetBank - Enjoy simple and secure online banking from Commonwealth Bank

Page URL History Show full URLs

http://my-commbank-au.netlify.app/ HTTP 307
https://my-commbank-au.netlify.app/ Page URL

Detected technologies

Netlify (Web Servers) Expand

Overall confidence: 100%
Detected patterns

^https?://[^/]+\.netlify\.(?:com|app)/

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

46 kB
Transfer

75 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www1.my.commbank.com.au/netbank/Registration/Mixed/SelectCard.aspx?RID=yPCdKISpLU2cOWqTN4bdnQ&SID=O9%2fG2i8yJU0%3d
Title: Register for NetBank now

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://my-commbank-au.netlify.app/ HTTP 307
https://my-commbank-au.netlify.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
my-commbank-au.netlify.app/
Redirect Chain

http://my-commbank-au.netlify.app/
https://my-commbank-au.netlify.app/

8 KB
3 KB

20ms
3ms

Document
text/html

3.24.66.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://my-commbank-au.netlify.app/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

3.24.66.78 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-24-66-78.ap-southeast-2.compute.amazonaws.com

Software

Netlify /

Resource Hash

87f4867aede5bc7d9be8f2d048427335fbf58123c7af44f0b9763b15379729d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-AU,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 17185
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-encoding: br
content-length: 2311
content-type: text/html; charset=UTF-8
date: Mon, 20 May 2024 01:28:22 GMT
etag: "0da2785e87bdcd3137408c9049508cac-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-nf-request-id: 01HY9STB8K9YKNKCH76M8FMNR6

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://my-commbank-au.netlify.app/
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
static.my.commbank.com.au/static/netbank/theme/fo/css/ 31 KB
6 KB 39ms
16ms Stylesheet
text/css 23.204.64.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://static.my.commbank.com.au/static/netbank/theme/fo/css/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css

Requested by

Host: my-commbank-au.netlify.app
URL: https://my-commbank-au.netlify.app/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.204.64.114 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-204-64-114.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

700303a27f1a898cfba0febbb9ef126ce76fad6ba65108d3b56c35ea973b73fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://my-commbank-au.netlify.app/
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-EdgeConnect-Origin-MEX-Latency: 315
Date: Mon, 20 May 2024 01:28:22 GMT
Content-Encoding: br
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Mon, 17 Jul 2023 12:52:03 GMT
Server: Akamai Resource Optimizer
X-EdgeConnect-MidMile-RTT: 136
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=31536000,must-revalidate,proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6026

GET
H2 200 style.css
my-commbank-au.netlify.app/css/ 183 B
291 B 5ms
4ms Stylesheet
text/css 3.24.66.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://my-commbank-au.netlify.app/css/style.css

Requested by

Host: my-commbank-au.netlify.app
URL: https://my-commbank-au.netlify.app/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

3.24.66.78 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-24-66-78.ap-southeast-2.compute.amazonaws.com

Software

Netlify /

Resource Hash

1491cd08073022b6808f5c2103409a29833559917cb419527f881b7990569f1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://my-commbank-au.netlify.app/
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nf-request-id: 01HY9STB8ZWE155VV08H817Q4K
date: Mon, 20 May 2024 01:28:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: Netlify
age: 17184
cache-status: "Netlify Edge"; hit
etag: "ed501abecc801283b00d076a9a110d7c-ssl"
content-type: text/css; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
content-length: 183

GET
H/1.1 200
OK cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif
static.my.commbank.com.au/static/netbank/theme/fo/images/ 5 KB
5 KB 47ms
19ms Image
image/gif 23.204.64.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.my.commbank.com.au/static/netbank/theme/fo/images/cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif

Requested by

Host: my-commbank-au.netlify.app
URL: https://my-commbank-au.netlify.app/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.204.64.114 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-204-64-114.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

4620bea7b8db9ffe1747e9c29910d7ea2ec84a7a3c7416e7a8a70e450073d820

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://my-commbank-au.netlify.app/
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-EdgeConnect-Origin-MEX-Latency: 7
Date: Mon, 20 May 2024 01:28:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 23 Nov 2021 04:34:44 GMT
X-EdgeConnect-MidMile-RTT: 0
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=31536000,must-revalidate,proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4852

GET
H/1.1 200
OK NB-Login-SmartMini.jpg
static.my.commbank.com.au/static/cmxAssets/netbank-logon/ 17 KB
17 KB 40ms
18ms Image
image/jpeg 23.204.64.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.my.commbank.com.au/static/cmxAssets/netbank-logon/NB-Login-SmartMini.jpg

Requested by

Host: my-commbank-au.netlify.app
URL: https://my-commbank-au.netlify.app/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.204.64.114 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-204-64-114.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

458967d3ac2e85cd5c2f4c53201fa95c49819e705dd9f04966fa38804569ae86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://my-commbank-au.netlify.app/
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 20 May 2024 01:28:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Wed, 08 Mar 2023 23:49:29 GMT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=31536000,must-revalidate,proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17315

GET
H/1.1 200
OK hbg.0236e4e9a193069c4e8554db8b06354c.png
static.my.commbank.com.au/static/netbank/theme/fo/images/ 254 B
626 B 16ms
15ms Image
image/png 23.204.64.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.my.commbank.com.au/static/netbank/theme/fo/images/hbg.0236e4e9a193069c4e8554db8b06354c.png

Requested by

Host: static.my.commbank.com.au
URL: https://static.my.commbank.com.au/static/netbank/theme/fo/css/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.204.64.114 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-204-64-114.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

f0755c4aa02ff90cf951d4752166ce52ea98cb85b86186f954dcc5d9d9cd02c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://static.my.commbank.com.au/static/netbank/theme/fo/css/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 20 May 2024 01:28:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 07 Jun 2022 05:02:46 GMT
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=31536000,must-revalidate,proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 254

GET
H/1.1 200
OK logonsprite2.307a0c523f35f709f390895b4720d350.png
static.my.commbank.com.au/static/netbank/theme/fo/images/ 14 KB
14 KB 16ms
14ms Image
image/png 23.204.64.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.my.commbank.com.au/static/netbank/theme/fo/images/logonsprite2.307a0c523f35f709f390895b4720d350.png

Requested by

Host: static.my.commbank.com.au
URL: https://static.my.commbank.com.au/static/netbank/theme/fo/css/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.204.64.114 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-204-64-114.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

c3787cbabd5c9acf9bfdc72c8e706754d644a14d5bd538e675c1885ccae87341

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://static.my.commbank.com.au/static/netbank/theme/fo/css/logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 20 May 2024 01:28:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 26 Oct 2021 22:26:04 GMT
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=31536000,must-revalidate,proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14207

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Commonwealth Bank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://my-commbank-au.netlify.app/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

my-commbank-au.netlify.app
static.my.commbank.com.au
23.204.64.114
3.24.66.78
1491cd08073022b6808f5c2103409a29833559917cb419527f881b7990569f1a
458967d3ac2e85cd5c2f4c53201fa95c49819e705dd9f04966fa38804569ae86
4620bea7b8db9ffe1747e9c29910d7ea2ec84a7a3c7416e7a8a70e450073d820
700303a27f1a898cfba0febbb9ef126ce76fad6ba65108d3b56c35ea973b73fb
87f4867aede5bc7d9be8f2d048427335fbf58123c7af44f0b9763b15379729d3
c3787cbabd5c9acf9bfdc72c8e706754d644a14d5bd538e675c1885ccae87341
f0755c4aa02ff90cf951d4752166ce52ea98cb85b86186f954dcc5d9d9cd02c0

my-commbank-au.netlify.app Open in urlscan Pro 3.24.66.78 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

46 kBTransfer

75 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

my-commbank-au.netlify.app Open in urlscan Pro
3.24.66.78 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

46 kB
Transfer

75 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!