banking4.anz-communications.com
Open in
urlscan Pro
2606:4700:30::6812:2db2
Malicious Activity!
Public Scan
Effective URL: https://banking4.anz-communications.com/default/fvQ1nm/default.aspx?sesionid=tOsPf0pGLSby5pqQ9ouAZIcyuIqRRoaG3ukaSk8IuVwc1HUGrgnegzAfS0b...
Submission: On March 18 via manual from AU
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 26th 2019. Valid for: a year.
This is the only time banking4.anz-communications.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online) NatWest (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 103.86.51.212 103.86.51.212 | 58955 (BANGMODEN...) (BANGMODENTERPRISE-TH Bangmod Enterprise Co.) | |
1 25 | 2606:4700:30:... 2606:4700:30::6812:2db2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
24 | 1 |
ASN58955 (BANGMODENTERPRISE-TH Bangmod Enterprise Co., Ltd., TH)
PTR: th212.ruk-com.in.th
balancedd.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
banking4.anz-communications.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
anz-communications.com
1 redirects
banking4.anz-communications.com |
259 KB |
2 |
balancedd.com
2 redirects
balancedd.com |
399 B |
24 | 2 |
Domain | Requested by | |
---|---|---|
25 | banking4.anz-communications.com |
1 redirects
banking4.anz-communications.com
|
2 | balancedd.com | 2 redirects |
24 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
anz-communications.com CloudFlare Inc ECC CA-2 |
2019-02-26 - 2020-02-26 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://banking4.anz-communications.com/default/fvQ1nm/default.aspx?sesionid=tOsPf0pGLSby5pqQ9ouAZIcyuIqRRoaG3ukaSk8IuVwc1HUGrgnegzAfS0bfpFE7VPyuf9kMHcpekrY1QJrNQ37idkGpWiujoaie&em=dayabamunusinghe@hotmail.com&langs=DE&rd=fvQ1nm&page=login&steep=cID&key=275
Frame ID: 70275124C72E441F05FD25CAD3127262
Requests: 23 HTTP requests in this frame
Frame:
https://banking4.anz-communications.com/action
Frame ID: 8B6F8A03405A32A8476C91CECE9A0BE7
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://balancedd.com/.rpd?em=dayabamunusinghe@hotmail.com&key=%RAND(100,999)%
HTTP 301
https://balancedd.com/.rpd/?em=dayabamunusinghe@hotmail.com&key=%RAND(100,999)% HTTP 302
https://banking4.anz-communications.com/?ra=l1c3yczyjvzx6eps6kwhelwtra918i&em=dayabamunusinghe@hotmail.com&key=562 HTTP 302
https://banking4.anz-communications.com/default/fvQ1nm/default.aspx?sesionid=tOsPf0pGLSby5pqQ9ouAZIcyuIqRRoaG3ukaSk8... Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /cloudflare/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://balancedd.com/.rpd?em=dayabamunusinghe@hotmail.com&key=%RAND(100,999)%
HTTP 301
https://balancedd.com/.rpd/?em=dayabamunusinghe@hotmail.com&key=%RAND(100,999)% HTTP 302
https://banking4.anz-communications.com/?ra=l1c3yczyjvzx6eps6kwhelwtra918i&em=dayabamunusinghe@hotmail.com&key=562 HTTP 302
https://banking4.anz-communications.com/default/fvQ1nm/default.aspx?sesionid=tOsPf0pGLSby5pqQ9ouAZIcyuIqRRoaG3ukaSk8IuVwc1HUGrgnegzAfS0bfpFE7VPyuf9kMHcpekrY1QJrNQ37idkGpWiujoaie&em=dayabamunusinghe@hotmail.com&langs=DE&rd=fvQ1nm&page=login&steep=cID&key=275 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
default.aspx
banking4.anz-communications.com/default/fvQ1nm/ Redirect Chain
|
114 KB 86 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
functions.js
banking4.anz-communications.com/RSCRIPTS/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
master.css
banking4.anz-communications.com/RSTYLES/ |
177 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
npc.css
banking4.anz-communications.com/RSTYLES/ |
45 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
master_print.css
banking4.anz-communications.com/RSTYLES/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.9.1.js
banking4.anz-communications.com/RSCRIPTS/ |
141 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.maskedinput.js
banking4.anz-communications.com/RSCRIPTS/ |
10 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
autoTab.js
banking4.anz-communications.com/RSCRIPTS/ |
2 KB 720 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.min.js
banking4.anz-communications.com/RSCRIPTS/ |
817 B 497 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favico-0.3.10.min.js
banking4.anz-communications.com/RSCRIPTS/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo1.png
banking4.anz-communications.com/RIMAGES/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LI5_tabA.gif
banking4.anz-communications.com/RIMAGES/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LI5_tabB.gif
banking4.anz-communications.com/RIMAGES/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error-marker.png
banking4.anz-communications.com/RIMAGES/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
security.gif
banking4.anz-communications.com/RIMAGES/ |
6 KB 6 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
action
banking4.anz-communications.com/ Frame 8B6F |
1 B 95 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
white-lock.png
banking4.anz-communications.com/RIMAGES/ |
285 B 363 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
alert.png
banking4.anz-communications.com/RIMAGES/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RNHouseSansW05-Regular_woff2
banking4.anz-communications.com/RSTYLES/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
radio-selected.png
banking4.anz-communications.com/RIMAGES/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
radio-normal.png
banking4.anz-communications.com/RIMAGES/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RNHouseSansW05-Bold_woff2
banking4.anz-communications.com/RSTYLES/ |
22 KB 22 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check-box.png
banking4.anz-communications.com/RIMAGES/ |
157 B 234 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
down-chevron.png
banking4.anz-communications.com/RIMAGES/ |
295 B 464 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online) NatWest (Banking)40 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| Aes object| Base64 object| Utf8 string| he12p string| gea string| output string| ctrTxt function| $ function| jQuery boolean| isNN function| autoTab function| FormReset function| e object| favicon function| Favico object| isMobile function| movetoNext function| luhnCheck function| removeFavicon function| changeFavicon function| validateForm function| clearcID function| clearcPAN function| clearcPIN function| clearcPhone function| cleancPinR function| cleanccR function| clearfPIN function| clearfPASS object| nat1 object| nat2 object| natbt1 object| natbt2 object| modal1 object| modal2 object| span function| keepLogin1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.anz-communications.com/ | Name: __cfduid Value: de98d03428aaf4c764c5e86bb68ea73131552949549 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
balancedd.com
banking4.anz-communications.com
103.86.51.212
2606:4700:30::6812:2db2
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
1ec277d20cb0b2b9d72322f3cc32d988435978a6a8f72b28e0f8ac8b1bf17a72
23d5df83d5a429e895043a5ce3b11b682e3d0b182d1032b89b0596de272f1a7e
27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005
355d9c76cbb74124fc0a1e85e9a0e10ede19eac1cdace5b3e7996be55f27e85c
3782792fed8939930d9c3fcf133a71c195f4c481dc9b6f5ee13233a815ac3284
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79
691a2eafc9720268bb1bdb52728c307f5dd9752eb06c3c213026faa39fe830b0
847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8
88e937e87ac5c03f78a6b8bbe1f5d97480ca2011a993ad8bbb97a7a607781521
9be8b2c42ad2d6f7327f62a7d03995a5a4615770154941d59493473186e5140c
a3f79118094b722830ea9b89c6b9a5a883e35ac179094b025d12af9177c94350
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
ce64c0d35d4ad8fd2fa79ecd45d6db37982940958b7f51448b697bad342ce55b
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082
d62e48911a53bb4548ac2ce90d29e133095304350890f97dfda740195a83ac17
d6f01bdb67a342b50dacb894a4cc585dbe700da9dd373886ade1480113972cc1
d72ec6afefdba9eead1c90eb833846da5f7436c270701406e2da0734454da980
d81db57832f4742b67755f90f8c3d37735cb9f58dbb10e312f931343d27552c6
e22c9c2c368a82f6e76adfd45bf606d30920f3b9d73d4daa001c52e51ff07f3a
e3c202c787d4eef5e65ab55ba52edc7113255175d2615a674e59f19ff26bc6fe
e4a1b9628a61642629299077aa8074e3ee6b280d397efa0d7220c7b09efe8522
f59eecc434dc2b72c429ecc35e3d76c735938e713cd630b21c4639f16089871a
facd4cca3ace693ca8a66b3fe830c9bb88d1226ac9e0a63907afed8d11a06e5d