urlscan.io logo urlscan.io
SecurityTrails logo

www.au-anz-com.cyou Open in urlscan Pro
103.146.14.103  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.au-anz-com.cyou/
Effective URL: https://www.au-anz-com.cyou/Loading.php
Submission Tags: krdtest
Submission: On February 18 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 9 HTTP transactions. The main IP is 103.146.14.103, located in Hong Kong and belongs to YISUCLOUDLTD-HK YISU CLOUD LTD, HK. The main domain is www.au-anz-com.cyou.
TLS certificate: Issued by R3 on February 12th 2022. Valid for: 3 months.
This is the only time www.au-anz-com.cyou was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ANZ Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
6 103.146.14.103 138152 (YISUCLOUD...)
1 2404:6800:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 198.145.13.11 2044 (DF-PTL01)
9 4
Apex Domain
Subdomains		 Transfer
6 au-anz-com.cyou
www.au-anz-com.cyou
191 KB
2 getclicky.com
static.getclicky.com — Cisco Umbrella Rank: 10319
in.getclicky.com — Cisco Umbrella Rank: 8729
6 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 250
31 KB
9 3
Domain Requested by
6 www.au-anz-com.cyou www.au-anz-com.cyou
1 in.getclicky.com static.getclicky.com
1 static.getclicky.com www.au-anz-com.cyou
1 ajax.googleapis.com www.au-anz-com.cyou
9 4

This site contains links to these domains. Also see Links.

Domain
www.anz.com.au
www.recovery.anz.com
register.anz.com
Subject Issuer Validity Valid
au-anz-com.cyou
R3		 2022-02-12 -
2022-05-13		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-02-07 -
2022-05-02		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-05 -
2022-07-04		 a year crt.sh
*.getclicky.com
Sectigo RSA Domain Validation Secure Server CA		 2020-08-03 -
2022-08-03		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.au-anz-com.cyou/Loading.php
Frame ID: 1C2F1C9A849789C065D6662A1E2B9B8A
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Verifying details... - ANZ Internet Banking

Page URL History Show full URLs

  1. https://www.au-anz-com.cyou/ Page URL
  2. https://www.au-anz-com.cyou/Loading.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • static\.getclicky\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

228 kB
Transfer

499 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.au-anz-com.cyou/ Page URL
  2. https://www.au-anz-com.cyou/Loading.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.au-anz-com.cyou/ 		69 B
362 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.au-anz-com.cyou/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.146.14.103 , Hong Kong, ASN138152 (YISUCLOUDLTD-HK YISU CLOUD LTD, HK),
Reverse DNS
Software
nginx /
Resource Hash
2568836ed99ada3b4a7da345c3991b7db33fea89daa21891d0d599f7560be22a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

server
nginx
date
Fri, 18 Feb 2022 06:19:18 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
Primary Request Loading.php
www.au-anz-com.cyou/ 		41 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.au-anz-com.cyou/Loading.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.146.14.103 , Hong Kong, ASN138152 (YISUCLOUDLTD-HK YISU CLOUD LTD, HK),
Reverse DNS
Software
nginx /
Resource Hash
3b152855af92b1512ec8da9787148d87e608c7c3f76a9df43c41f569542f049a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.au-anz-com.cyou/

Response headers

server
nginx
date
Fri, 18 Feb 2022 06:19:19 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
static-styles.css
www.au-anz-com.cyou/assets/css/ 		2 KB
982 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.au-anz-com.cyou/assets/css/static-styles.css
Requested by
Host: www.au-anz-com.cyou
URL: https://www.au-anz-com.cyou/Loading.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.146.14.103 , Hong Kong, ASN138152 (YISUCLOUDLTD-HK YISU CLOUD LTD, HK),
Reverse DNS
Software
nginx /
Resource Hash
4caab44b55faac4d09e272ffe13943078236a35195e8e3d6e9afd032b34efdea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.au-anz-com.cyou/Loading.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 06:19:19 GMT
content-encoding
gzip
last-modified
Fri, 07 Jan 2022 09:42:36 GMT
server
nginx
etag
W/"61d80b0c-7ab"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=43200
strict-transport-security
max-age=31536000
expires
Fri, 18 Feb 2022 18:19:19 GMT
jquery.js
www.au-anz-com.cyou/files/js/ 		266 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.au-anz-com.cyou/files/js/jquery.js
Requested by
Host: www.au-anz-com.cyou
URL: https://www.au-anz-com.cyou/Loading.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.146.14.103 , Hong Kong, ASN138152 (YISUCLOUDLTD-HK YISU CLOUD LTD, HK),
Reverse DNS
Software
nginx /
Resource Hash
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.au-anz-com.cyou/Loading.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 06:19:19 GMT
content-encoding
gzip
last-modified
Sat, 12 Dec 2020 07:20:22 GMT
server
nginx
etag
W/"5fd46f36-42719"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
strict-transport-security
max-age=31536000
expires
Fri, 18 Feb 2022 18:19:19 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: www.au-anz-com.cyou
URL: https://www.au-anz-com.cyou/Loading.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:808::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.au-anz-com.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 12 Feb 2022 15:24:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
485697
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30774
x-xss-protection
0
last-modified
Mon, 13 May 2019 14:37:17 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Feb 2023 15:24:35 GMT
anz-logo.1.0.0.svg
www.au-anz-com.cyou/assets/img/ 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.au-anz-com.cyou/assets/img/anz-logo.1.0.0.svg
Requested by
Host: www.au-anz-com.cyou
URL: https://www.au-anz-com.cyou/Loading.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.146.14.103 , Hong Kong, ASN138152 (YISUCLOUDLTD-HK YISU CLOUD LTD, HK),
Reverse DNS
Software
nginx /
Resource Hash
df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.au-anz-com.cyou/Loading.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 06:19:20 GMT
last-modified
Fri, 07 Jan 2022 08:17:50 GMT
server
nginx
etag
"61d7f72e-97ce"
strict-transport-security
max-age=31536000
content-type
image/svg+xml
accept-ranges
bytes
content-length
38862
101350339.js
static.getclicky.com/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.getclicky.com/101350339.js
Requested by
Host: www.au-anz-com.cyou
URL: https://www.au-anz-com.cyou/Loading.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:a010 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bccea165a93059ab8868a2b9ed40caa48cd9c1ee62e1b438b04e6bdd6b508cb0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.au-anz-com.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 06:19:33 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 18 Feb 2022 06:19:33 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
expires
Fri, 25 Feb 2022 06:19:33 GMT
cache-control
public, max-age=604800
cf-ray
6df524ff69b98089-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-proxy-cache
MISS
MyriadPro-Regular.1.0.0.woff
www.au-anz-com.cyou/assets/font/ 		51 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.au-anz-com.cyou/assets/font/MyriadPro-Regular.1.0.0.woff
Requested by
Host: www.au-anz-com.cyou
URL: https://www.au-anz-com.cyou/Loading.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
103.146.14.103 , Hong Kong, ASN138152 (YISUCLOUDLTD-HK YISU CLOUD LTD, HK),
Reverse DNS
Software
nginx /
Resource Hash
9af4df3b7f044525975716b175351fa75553070734627cf3b1325332284208c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.au-anz-com.cyou/Loading.php
Origin
https://www.au-anz-com.cyou
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 06:19:20 GMT
last-modified
Fri, 07 Jan 2022 08:17:50 GMT
server
nginx
etag
"61d7f72e-cdb0"
strict-transport-security
max-age=31536000
content-type
font/woff
accept-ranges
bytes
content-length
52656
in.php
in.getclicky.com/ 		139 B
434 B 		Script
General
Check archive.org
Download Go to
Full URL
https://in.getclicky.com/in.php?site_id=101350339&type=pageview&href=%2FLoading.php&title=Verifying%20details...%20-%20ANZ%20Internet%20Banking&res=1600x1200&lang=en&jsuid=1557681575&mime=js&x=0.5045684906084518
Requested by
Host: static.getclicky.com
URL: https://static.getclicky.com/101350339.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.145.13.11 , United States, ASN2044 (DF-PTL01, US),
Reverse DNS
getclicky.com
Software
nginx /
Resource Hash
22aa4a79cd268ec72d24d0f8fe53ea8496bbff7bb5eb75b5cd08417d8188d94f

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.au-anz-com.cyou/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 06:19:34 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate, post-check=0, pre-check=0
expires
Mon, 26 Jul 1997 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ANZ Bank (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone function| $ function| jQuery number| interval function| heartbeat object| clicky_obj object| clicky object| clicky_custom undefined| test object| clicky_site_ids object| _genericStats object| _genericStatsCustom

4 Cookies

Domain/Path Name / Value
www.au-anz-com.cyou/ Name: PHPSESSID
Value: rthtaqog5c965d9kubjsvkam86
.au-anz-com.cyou/ Name: _first_pageview
Value: 1
.au-anz-com.cyou/ Name: _jsuid
Value: 1557681575
in.getclicky.com/ Name: cluid
Value: 1557681575

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000