atofficeau.com Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://atofficeau.com/ANZ/
Submission: On May 15 via automatic, source openphish (May 15th 2024, 1:22:20 pm UTC) — Scanned from NL

Summary HTTP 12 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 12 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is atofficeau.com.
TLS certificate: Issued by E1 on April 14th 2024. Valid for: 3 months.

This is the only time atofficeau.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ANZ Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 11	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	45.60.126.46 45.60.126.46	19551 (INCAPSULA) (INCAPSULA)
1	45.60.124.46 45.60.124.46	19551 (INCAPSULA) (INCAPSULA)
1	13.55.215.164 13.55.215.164	16509 (AMAZON-02) (AMAZON-02)
12	3

11 188.114.96.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

atofficeau.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.60.126.46 (United States) 1 redirects

ASN19551 (INCAPSULA, US)

anz.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.60.124.46 (United States)

ASN19551 (INCAPSULA, US)

www.anz.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.55.215.164 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-55-215-164.ap-southeast-2.compute.amazonaws.com

ctmdx.anz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	atofficeau.com 1 redirects atofficeau.com	147 KB
2	anz.com.au 1 redirects anz.com.au — Cisco Umbrella Rank: 439421 www.anz.com.au — Cisco Umbrella Rank: 559648	79 KB
1	anz.com ctmdx.anz.com	35 KB
12	3

	Domain	Requested by
11	atofficeau.com	1 redirects atofficeau.com
1	ctmdx.anz.com	atofficeau.com
1	www.anz.com.au	atofficeau.com
1	anz.com.au	1 redirects
12	4

This site contains links to these domains. Also see Links.

Domain
www.anz.com.au
www.recovery.anz.com
register.anz.com

Subject Issuer	Validity	Valid
atofficeau.com E1	`2024-04-14` - `2024-07-13`	3 months	crt.sh
ctmdx.anz.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-05` - `2024-10-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://atofficeau.com/ANZ/
Frame ID: 17D006A826EAFB6C85E62FC4CA106B43
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login - ANZ Internet Banking

Page URL History Show full URLs

https://atofficeau.com/ANZ HTTP 301
https://atofficeau.com/ANZ/ Page URL

Page Statistics

12
Requests

92 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

261 kB
Transfer

695 kB
Size

3
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.anz.com.au/security/fraud-detection/latest-security-alerts/
Title: See more

Search URL Search Domain Scan URL

URL: https://www.anz.com.au/personal/?mboxid=session%232f9f478d26e14d3f9fc2e5b24af573a3%231679883798%7CPC%232f9f478d26e14d3f9fc2e5b24af573a3.38_0%231743125472&adobe_mc=MCMID%3D14973468861696096111878414256821862009%7CMCORGID%3D67A216D751E567B20A490D4C%2540AdobeOrg%7CTS%3D1679881938

Search URL Search Domain Scan URL

URL: https://www.recovery.anz.com/recover/do-you-know-your-crn?target=host1&ctiId={4fdc5270-e16d-4568-a081-fbcbcae7aef3}&mboxid=session%232f9f478d26e14d3f9fc2e5b24af573a3%231679883798%7CPC%232f9f478d26e14d3f9fc2e5b24af573a3.38_0%231743125472&adobe_mc=MCMID%3D14973468861696096111878414256821862009%7CMCORGID%3D67A216D751E567B20A490D4C%2540AdobeOrg%7CTS%3D1679881938
Title: Forgot login details?

Search URL Search Domain Scan URL

URL: https://register.anz.com/internetbanking?mboxid=session%232f9f478d26e14d3f9fc2e5b24af573a3%231679883798%7CPC%232f9f478d26e14d3f9fc2e5b24af573a3.38_0%231743125472&adobe_mc=MCMID%3D14973468861696096111878414256821862009%7CMCORGID%3D67A216D751E567B20A490D4C%2540AdobeOrg%7CTS%3D1679881938
Title: Register

Search URL Search Domain Scan URL

URL: https://www.anz.com.au/privacy/centre/?mboxid=session%232f9f478d26e14d3f9fc2e5b24af573a3%231679883798%7CPC%232f9f478d26e14d3f9fc2e5b24af573a3.38_0%231743125472&adobe_mc=MCMID%3D14973468861696096111878414256821862009%7CMCORGID%3D67A216D751E567B20A490D4C%2540AdobeOrg%7CTS%3D1679881938
Title: Security and Privacy Statement.

Search URL Search Domain Scan URL

URL: https://www.anz.com.au/support?pid=glo-ibl-td-ib-04-21-ser-support&mboxid=session%232f9f478d26e14d3f9fc2e5b24af573a3%231679883798%7CPC%232f9f478d26e14d3f9fc2e5b24af573a3.38_0%231743125472&adobe_mc=MCMID%3D14973468861696096111878414256821862009%7CMCORGID%3D67A216D751E567B20A490D4C%2540AdobeOrg%7CTS%3D1679881938

Search URL Search Domain Scan URL

URL: https://www.anz.com.au/personal/financial-wellbeing/guides/how-to-have-an-eggcellent-easter-break/?pid=glo-ibl-t-ib-03-23-ser-easter

Search URL Search Domain Scan URL

URL: https://www.anz.com.au/ways-to-bank/internet-banking/personal/whats-new/?mboxid=session%232f9f478d26e14d3f9fc2e5b24af573a3%231679883798%7CPC%232f9f478d26e14d3f9fc2e5b24af573a3.38_0%231743125472&adobe_mc=MCMID%3D14973468861696096111878414256821862009%7CMCORGID%3D67A216D751E567B20A490D4C%2540AdobeOrg%7CTS%3D1679881938
Title: What’s new

Search URL Search Domain Scan URL

URL: https://www.anz.com.au/support/customer-registration-number-password/?mboxid=session%232f9f478d26e14d3f9fc2e5b24af573a3%231679883798%7CPC%232f9f478d26e14d3f9fc2e5b24af573a3.38_0%231743125472&adobe_mc=MCMID%3D14973468861696096111878414256821862009%7CMCORGID%3D67A216D751E567B20A490D4C%2540AdobeOrg%7CTS%3D1679881938
Title: Find or change your CRN and Password

Search URL Search Domain Scan URL

URL: https://www.anz.com.au/support/statements/?mboxid=session%232f9f478d26e14d3f9fc2e5b24af573a3%231679883798%7CPC%232f9f478d26e14d3f9fc2e5b24af573a3.38_0%231743125472&adobe_mc=MCMID%3D14973468861696096111878414256821862009%7CMCORGID%3D67A216D751E567B20A490D4C%2540AdobeOrg%7CTS%3D1679881938
Title: View statements

Search URL Search Domain Scan URL

URL: https://www.anz.com.au/personal/credit-cards/using/managing/?mboxid=session%232f9f478d26e14d3f9fc2e5b24af573a3%231679883798%7CPC%232f9f478d26e14d3f9fc2e5b24af573a3.38_0%231743125472&adobe_mc=MCMID%3D14973468861696096111878414256821862009%7CMCORGID%3D67A216D751E567B20A490D4C%2540AdobeOrg%7CTS%3D1679881938#changepin
Title: Get or change your card PIN

Search URL Search Domain Scan URL

URL: https://www.anz.com.au/security/fraud-detection/latest-security-alerts/?mboxid=session%232f9f478d26e14d3f9fc2e5b24af573a3%231679883798%7CPC%232f9f478d26e14d3f9fc2e5b24af573a3.38_0%231743125472&adobe_mc=MCMID%3D14973468861696096111878414256821862009%7CMCORGID%3D67A216D751E567B20A490D4C%2540AdobeOrg%7CTS%3D1679881938
Title: Latest security alerts

Search URL Search Domain Scan URL

URL: https://www.anz.com.au/support/contact-us/?mboxid=session%232f9f478d26e14d3f9fc2e5b24af573a3%231679883798%7CPC%232f9f478d26e14d3f9fc2e5b24af573a3.38_0%231743125472&adobe_mc=MCMID%3D14973468861696096111878414256821862009%7CMCORGID%3D67A216D751E567B20A490D4C%2540AdobeOrg%7CTS%3D1679881938
Title: Contact us

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://atofficeau.com/ANZ HTTP 301
https://atofficeau.com/ANZ/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://anz.com.au/content/dam/anzcomau/campaigns/kid-with-easteregg_loginout.jpg HTTP 301
https://www.anz.com.au/content/dam/anzcomau/campaigns/kid-with-easteregg_loginout.jpg

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
atofficeau.com/ANZ/
Redirect Chain

https://atofficeau.com/ANZ
https://atofficeau.com/ANZ/

48 KB
11 KB

96ms
95ms

Document
text/html

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://atofficeau.com/ANZ/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fc4a41992f6a79b62d3ccebb2b55c951bcc53e3879b1301e34daf4d4dc591f4

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 88436f929db36668-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 15 May 2024 13:22:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wUadGIa%2BidRDx9qP5pucQM%2BQMlSdb8GSim75pzPPWPMozePdpgWQ2WAub0SU51jRN6KQkIv8%2B7ttbagvdAZi378HH81w2WF5mWl3Xj58Ao4tQdn3PwKsJBGQuqy1%2BQB0fw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 88436f918cb06668-AMS
content-type: text/html
date: Wed, 15 May 2024 13:22:16 GMT
location: https://atofficeau.com/ANZ/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CtP9RiMvLjxXTjyHZgbJ6KbnSEDsgVCZp%2FVLcSW1rECyO426YXQcNw644Vv1uRepUmdgtJPOqJ92JOq0QC0N2U6r5li5UnNdYlK7rzYuvCJ1zDGGLgL8PZxMPRMonU1exQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3 200 style.css
atofficeau.com/ANZ/files/ 8 KB
2 KB 52ms
51ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://atofficeau.com/ANZ/files/style.css
Requested by: Host: atofficeau.com
URL: https://atofficeau.com/ANZ/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c8a95298d614f97b8b8ab8752cfed11caba2337f7b1495fcdb56ab73a226a38

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://atofficeau.com/ANZ/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 13:22:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 31 Mar 2023 08:24:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 26024
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1dr5Tbi6yAYqRzaQYt2eE5xVrs9L5r2Bg6gXcRhSvDA8IBMKhRMjg3IMap0fQ0%2F9fvEI1z4QObhbElyGslLhvZCMI4HxHnIFO0WnLd1sr1HqNgDspLc4FTqN%2BtNXfDMVtA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 88436f933e796668-AMS
alt-svc: h3=":443"; ma=86400
expires: Wed, 22 May 2024 06:08:32 GMT

GET
H3 200 anz-logo.1.0.0.svg
atofficeau.com/ANZ/assets/img/ 38 KB
28 KB 29ms
28ms Image
image/svg+xml 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://atofficeau.com/ANZ/assets/img/anz-logo.1.0.0.svg
Requested by: Host: atofficeau.com
URL: https://atofficeau.com/ANZ/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://atofficeau.com/ANZ/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 13:22:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 31 Mar 2023 07:57:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 26024
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W12jQdLoGYuQMVOs%2BGKMM2ZESPJBA%2B1bJSUfKcp3ohZIO4uzMeVZqdeU%2BgTsUvwLprMxo4cova313HFjEVG2CDUoc6RchrplDzaGF32I3efPgdSInDREAFX5IybMzNQ7uQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=604800
cf-ray: 88436f933e7a6668-AMS
alt-svc: h3=":443"; ma=86400
expires: Wed, 22 May 2024 06:08:32 GMT

GET
H2

200

kid-with-easteregg_loginout.jpg
www.anz.com.au/content/dam/anzcomau/campaigns/
Redirect Chain

https://anz.com.au/content/dam/anzcomau/campaigns/kid-with-easteregg_loginout.jpg
https://www.anz.com.au/content/dam/anzcomau/campaigns/kid-with-easteregg_loginout.jpg

77 KB
79 KB

332ms
21ms

Image
image/jpeg

45.60.124.46
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.anz.com.au/content/dam/anzcomau/campaigns/kid-with-easteregg_loginout.jpg

Requested by

Host: atofficeau.com
URL: https://atofficeau.com/ANZ/

Protocol

Server

45.60.124.46 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Apache /

Resource Hash

fc3216fb5a21fd67b8d343885e35295ecaebadc96f2ef328f4ddf7a72edf5324

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://epr.onepath.com.au https://eprotectpriv.service.anz https://eprotect.service.anz https://eprotectauth.service.anz https://eprotect https://epr.anz.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, ALLOW-FROM=https://eprotectpriv.service.anz/, ALLOW-FROM=https://epr.onepath.com.au/, ALLOW-FROM=https://eprotect.service.anz/, ALLOW-FROM=https://eprotect/, ALLOW-FROM=https://eprotectauth.service.anz/, ALLOW-FROM=https://epr.anz.com/

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer: https://atofficeau.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

x-dispatcher: dispatcher2apsoutheast2-28464335
date: Wed, 15 May 2024 13:22:16 GMT
content-security-policy: frame-ancestors 'self' https://epr.onepath.com.au https://eprotectpriv.service.anz https://eprotect.service.anz https://eprotectauth.service.anz https://eprotect https://epr.anz.com;
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cdn: Imperva
age: 3927
x-vhost: publish
x-iinfo: 58-51652124-51652138 2cNN RT(1715779336597 20) q(0 0 0 1) r(0 0) U18
content-disposition: attachment
content-length: 79138
last-modified: Thu, 16 Mar 2023 08:28:06 GMT
server: Apache
etag: "71d30084"
x-frame-options: SAMEORIGIN, ALLOW-FROM=https://eprotectpriv.service.anz/, ALLOW-FROM=https://epr.onepath.com.au/, ALLOW-FROM=https://eprotect.service.anz/, ALLOW-FROM=https://eprotect/, ALLOW-FROM=https://eprotectauth.service.anz/, ALLOW-FROM=https://epr.anz.com/
access-control-max-age: 1000
content-type: image/jpeg
access-control-allow-methods: POST, GET, OPTIONS
cache-control: max-age=60, public
x-incap-sess-cookie-hdr: 4E6mGjr41ywjUQSLL+BlFwi3RGYAAAAAVw3AuMm3TZecL+lTDKevAw==
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, Origin, authorization, accept, client-security-token

Redirect headers

location: https://www.anz.com.au/content/dam/anzcomau/campaigns/kid-with-easteregg_loginout.jpg
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 0

GET
H3 404 env.js
atofficeau.com/ANZ/config/ 0
0 176ms
170ms Script
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://atofficeau.com/ANZ/config/env.js?797c85f0edaccdcf87e6
Requested by: Host: atofficeau.com
URL: https://atofficeau.com/ANZ/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://atofficeau.com/ANZ/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 13:22:16 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WmhQsV5sWe%2FaL3dfvPzekGQ0jpmrEl2vanH8gpOc9FLPoZnpgiNLR3Ml7gZK1AspOnSBpsnmMSw3HlvvAT0sWjcVVk0RJ6FzX7sspJe%2Bwa4y%2F0PNbAyxYszDCUO4xqiFlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-ray: 88436f936ea16668-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 404 new-relic-script.js
atofficeau.com/ANZ/assets/scripts/ 0
0 174ms
168ms Script
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://atofficeau.com/ANZ/assets/scripts/new-relic-script.js?797c85f0edaccdcf87e6
Requested by: Host: atofficeau.com
URL: https://atofficeau.com/ANZ/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://atofficeau.com/ANZ/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 13:22:16 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bmids0RJ8akDYI6NmbLDx1eX33f7j6I3znNSi9j8aeM6xufbNhr3QJjzUOgyW0%2Ffk237YRp7YHTlCtbwTXn1NolJRxMYBytefC2Jk43Dw14JCVaqPi%2FS3XChGHLCw10SBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-ray: 88436f936ea26668-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 404 manifest.797c85f0.js
atofficeau.com/ANZ/js/ 0
0 173ms
172ms Script
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://atofficeau.com/ANZ/js/manifest.797c85f0.js
Requested by: Host: atofficeau.com
URL: https://atofficeau.com/ANZ/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://atofficeau.com/ANZ/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 13:22:16 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RuvqgobatjftKtjKecumAysBFUadvr8LkgKerzzvhSREocXS8WnxGiwPbBfVlxaelfQwTRZrpSnoLhsAdAQUopMig5end1rdy2dCiw5eauPQtMDC3t3sQrW7tWweP6VJzA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-ray: 88436f936ea56668-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 200 main.797c85f0.js Show response
atofficeau.com/ANZ/internetbanking/js/ 450 KB
106 KB 70ms
69ms Script
text/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://atofficeau.com/ANZ/internetbanking/js/main.797c85f0.js
Requested by: Host: atofficeau.com
URL: https://atofficeau.com/ANZ/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b73c3e1ca8fcdc0f2bdf19233b5562edd8628619b58332c026d18db0307d8949

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://atofficeau.com/ANZ/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 13:22:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 27 Mar 2023 07:52:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4721
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jua7iEb52oonGqLDqSsbv1gYt4xWUWiwbs5GgS%2BWQSzQ0oRzJ%2Fuu%2BRzOExSxQd6ATd2LE5P%2BPqJ02Ae5l4fS7kfh34GNjZ3CmbhQXM5jHFn%2BwpayqL3mdyatGDYNtXIE1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 88436f936eaa6668-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 404 main.797c85f0.js
atofficeau.com/ANZ/js/ 0
0 170ms
169ms Script
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://atofficeau.com/ANZ/js/main.797c85f0.js
Requested by: Host: atofficeau.com
URL: https://atofficeau.com/ANZ/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://atofficeau.com/ANZ/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 13:22:16 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SJ1nhBEM0LWzWdUoSCR3DVHQWD%2F2VDfI6PDs4IVVjKLUCjzdsk1OsyMBRRAbx3wADLg0PnlM6MFhYfwgH2GrSjdA8%2BHZDt7hm601raexMHfKcm3QQmycuNaPe1lktuoCpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-ray: 88436f936eab6668-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 hyptxt.js Show response
ctmdx.anz.com/947684/ 74 KB
35 KB 1093ms
326ms Script
application/x-javascript 13.55.215.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ctmdx.anz.com/947684/hyptxt.js?dt=login&r=0.063093069359617

Requested by

Host: atofficeau.com
URL: https://atofficeau.com/ANZ/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.55.215.164 Sydney, Australia, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-55-215-164.ap-southeast-2.compute.amazonaws.com

Software

haile /

Resource Hash

6c582b72b02d543b68c12e9ae066e541c17fba96dca61222f547b27312327403

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://atofficeau.com/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 13:22:17 GMT
strict-transport-security: max-age=86400
x-content-type-options: nosniff
content-encoding: gzip
server: haile
content-type: application/x-javascript
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control: no-cache, no-store, must-revalidate
pics-label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))

GET
H3 404 env.js
atofficeau.com/ANZ/config/ 0
0 96ms
90ms Script
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://atofficeau.com/ANZ/config/env.js?797c85f0edaccdcf87e6
Requested by: Host: atofficeau.com
URL: https://atofficeau.com/ANZ/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://atofficeau.com/ANZ/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 13:22:16 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sXzLGvU4XyDVO%2Fukf3lOjmx%2BZKislJWXSNW6Q8EQP3IGxAbv1poe0jLTerWGOg4qQ1xVLP7Giz1gk6IgBO1JXr3Omf%2BMwOIxcZWgQp9RLun4AxIJFhvpI0deph4RXCb0XA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-ray: 88436f947f9a6668-AMS
alt-svc: h3=":443"; ma=86400

GET
H3 404 new-relic-script.js
atofficeau.com/ANZ/assets/scripts/ 0
0 82ms
82ms Script
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://atofficeau.com/ANZ/assets/scripts/new-relic-script.js?797c85f0edaccdcf87e6
Requested by: Host: atofficeau.com
URL: https://atofficeau.com/ANZ/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://atofficeau.com/ANZ/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 13:22:16 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hmnSMO9UqWbGIg0Wfh4ElNvw2gvg96pjrG5rR0V3iUFHOsjdxFcYmDc0HbL5GuI87C5jz2JxBWVN9%2BL8co2x%2BzGfpoC%2BHIhKrGuC7WJEwMoHCCbyG%2BkXBrOJG9S4IrHJpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-ray: 88436f9518406668-AMS
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ANZ Bank (Banking)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.anz.com.au/	1970-01-21 05:21:03	Name: visid_incap_1539045 Value: XjwFaa+aRmm6z+/Du6WPTQi3RGYAAAAAQUIPAAAAAABgzcuWiAy6ywds8CP2ZgWa
.anz.com.au/	1969-12-31 23:59:59	Name: incap_ses_1686_1539045 Value: AXalOptgHyUjUQSLL+BlFwi3RGYAAAAAftx8h8kvIyAD+V6/qB0P0g==
atofficeau.com/	1969-12-31 23:59:59	Name: LSESSIONID Value: eyJpIjoiY2w5UkVMeVwvWkg0bXUzN3FKVVwvcHV3PT0iLCJlIjoiK3FaaU5cL1FiVmVSdnl3Y2dacWJiWEt3YThsMUJEZVVKZHVMZGNBVEtSeDhMMWdZdFFlanJDMmJBWlYrTERyd2pRa3JqdFVGOG02bjdUanMwaVlLSVNENE1EQkpjUmVWekxWcldObkZZTnJLZ1RGSEhaNjRraFdTd0RVUFprYm80enVJcExsRUs3QklXaTVoYis5VWtEdz09In0%3D.65ef5e677cb74630.Njc5ZWRmZmMzNGY0MzAxMjFlMGQzNjc3YmM2OTExNzQ0YzMyYmI4NDcxNWVkZTc0YjU3NzhiMjY3NGE5NzY0YQ%3D%3D

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://atofficeau.com/ANZ/assets/scripts/new-relic-script.js?797c85f0edaccdcf87e6 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://atofficeau.com/ANZ/js/main.797c85f0.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://atofficeau.com/ANZ/config/env.js?797c85f0edaccdcf87e6 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://atofficeau.com/ANZ/js/manifest.797c85f0.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://atofficeau.com/ANZ/config/env.js?797c85f0edaccdcf87e6 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://atofficeau.com/ANZ/assets/scripts/new-relic-script.js?797c85f0edaccdcf87e6 Message: Failed to load resource: the server responded with a status of 404 ()
recommendation	verbose	URL: https://atofficeau.com/ANZ/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
other	warning	URL: https://atofficeau.com/ANZ/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://atofficeau.com/ANZ/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

anz.com.au
atofficeau.com
ctmdx.anz.com
www.anz.com.au
13.55.215.164
188.114.96.3
45.60.124.46
45.60.126.46
6c582b72b02d543b68c12e9ae066e541c17fba96dca61222f547b27312327403
7c8a95298d614f97b8b8ab8752cfed11caba2337f7b1495fcdb56ab73a226a38
8fc4a41992f6a79b62d3ccebb2b55c951bcc53e3879b1301e34daf4d4dc591f4
b73c3e1ca8fcdc0f2bdf19233b5562edd8628619b58332c026d18db0307d8949
df477d03866885295a31b44c475bc6150273fc522c3bd5c1db69478650ebc2a5
fc3216fb5a21fd67b8d343885e35295ecaebadc96f2ef328f4ddf7a72edf5324

atofficeau.com Open in urlscan Pro 188.114.96.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

12 Requests

92 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

3 Countries

261 kBTransfer

695 kBSize

3 Cookies

13 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

20 JavaScript Global Variables

3 Cookies

9 Console Messages

Indicators

atofficeau.com Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

261 kB
Transfer

695 kB
Size

3
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!