atofficeau.com
Open in
urlscan Pro
188.114.96.3
Malicious Activity!
Public Scan
Submission: On May 15 via automatic, source openphish — Scanned from NL
Summary
TLS certificate: Issued by E1 on April 14th 2024. Valid for: 3 months.
This is the only time atofficeau.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ANZ Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 45.60.126.46 45.60.126.46 | 19551 (INCAPSULA) (INCAPSULA) | |
1 | 45.60.124.46 45.60.124.46 | 19551 (INCAPSULA) (INCAPSULA) | |
1 | 13.55.215.164 13.55.215.164 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 3 |
ASN16509 (AMAZON-02, US)
PTR: ec2-13-55-215-164.ap-southeast-2.compute.amazonaws.com
ctmdx.anz.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
atofficeau.com
1 redirects
atofficeau.com |
147 KB |
2 |
anz.com.au
1 redirects
anz.com.au — Cisco Umbrella Rank: 439421 www.anz.com.au — Cisco Umbrella Rank: 559648 |
79 KB |
1 |
anz.com
ctmdx.anz.com |
35 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
11 | atofficeau.com |
1 redirects
atofficeau.com
|
1 | ctmdx.anz.com |
atofficeau.com
|
1 | www.anz.com.au |
atofficeau.com
|
1 | anz.com.au | 1 redirects |
12 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.anz.com.au |
www.recovery.anz.com |
register.anz.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
atofficeau.com E1 |
2024-04-14 - 2024-07-13 |
3 months | crt.sh |
ctmdx.anz.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-10-05 - 2024-10-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://atofficeau.com/ANZ/
Frame ID: 17D006A826EAFB6C85E62FC4CA106B43
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
Login - ANZ Internet BankingPage URL History Show full URLs
-
https://atofficeau.com/ANZ
HTTP 301
https://atofficeau.com/ANZ/ Page URL
Page Statistics
13 Outgoing links
These are links going to different origins than the main page.
Title: See more
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Forgot login details?
Search URL Search Domain Scan URL
Title: Register
Search URL Search Domain Scan URL
Title: Security and Privacy Statement.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: What’s new
Search URL Search Domain Scan URL
Title: Find or change your CRN and Password
Search URL Search Domain Scan URL
Title: View statements
Search URL Search Domain Scan URL
Title: Get or change your card PIN
Search URL Search Domain Scan URL
Title: Latest security alerts
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://atofficeau.com/ANZ
HTTP 301
https://atofficeau.com/ANZ/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://anz.com.au/content/dam/anzcomau/campaigns/kid-with-easteregg_loginout.jpg HTTP 301
- https://www.anz.com.au/content/dam/anzcomau/campaigns/kid-with-easteregg_loginout.jpg
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
atofficeau.com/ANZ/ Redirect Chain
|
48 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
atofficeau.com/ANZ/files/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
anz-logo.1.0.0.svg
atofficeau.com/ANZ/assets/img/ |
38 KB 28 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kid-with-easteregg_loginout.jpg
www.anz.com.au/content/dam/anzcomau/campaigns/ Redirect Chain
|
77 KB 79 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
env.js
atofficeau.com/ANZ/config/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
new-relic-script.js
atofficeau.com/ANZ/assets/scripts/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
manifest.797c85f0.js
atofficeau.com/ANZ/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.797c85f0.js
atofficeau.com/ANZ/internetbanking/js/ |
450 KB 106 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.797c85f0.js
atofficeau.com/ANZ/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hyptxt.js
ctmdx.anz.com/947684/ |
74 KB 35 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
env.js
atofficeau.com/ANZ/config/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
new-relic-script.js
atofficeau.com/ANZ/assets/scripts/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ANZ Bank (Banking)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| webpackJsonp object| digitalData string| logTime object| analytics_lib function| fireViewStart function| fireViewEnd function| fireActionTrigger object| superT object| ___sc947684 object| ___so947684 function| index number| CLIWHIT string| PSESSIONID string| SSESSIONID string| LSESSIONID object| __tp number| __gt3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.anz.com.au/ | Name: visid_incap_1539045 Value: XjwFaa+aRmm6z+/Du6WPTQi3RGYAAAAAQUIPAAAAAABgzcuWiAy6ywds8CP2ZgWa |
|
.anz.com.au/ | Name: incap_ses_1686_1539045 Value: AXalOptgHyUjUQSLL+BlFwi3RGYAAAAAftx8h8kvIyAD+V6/qB0P0g== |
|
atofficeau.com/ | Name: LSESSIONID Value: eyJpIjoiY2w5UkVMeVwvWkg0bXUzN3FKVVwvcHV3PT0iLCJlIjoiK3FaaU5cL1FiVmVSdnl3Y2dacWJiWEt3YThsMUJEZVVKZHVMZGNBVEtSeDhMMWdZdFFlanJDMmJBWlYrTERyd2pRa3JqdFVGOG02bjdUanMwaVlLSVNENE1EQkpjUmVWekxWcldObkZZTnJLZ1RGSEhaNjRraFdTd0RVUFprYm80enVJcExsRUs3QklXaTVoYis5VWtEdz09In0%3D.65ef5e677cb74630.Njc5ZWRmZmMzNGY0MzAxMjFlMGQzNjc3YmM2OTExNzQ0YzMyYmI4NDcxNWVkZTc0YjU3NzhiMjY3NGE5NzY0YQ%3D%3D |
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
anz.com.au
atofficeau.com
ctmdx.anz.com
www.anz.com.au
13.55.215.164
188.114.96.3
45.60.124.46
45.60.126.46
6c582b72b02d543b68c12e9ae066e541c17fba96dca61222f547b27312327403
7c8a95298d614f97b8b8ab8752cfed11caba2337f7b1495fcdb56ab73a226a38
8fc4a41992f6a79b62d3ccebb2b55c951bcc53e3879b1301e34daf4d4dc591f4
b73c3e1ca8fcdc0f2bdf19233b5562edd8628619b58332c026d18db0307d8949
df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5
fc3216fb5a21fd67b8d343885e35295ecaebadc96f2ef328f4ddf7a72edf5324