urlscan.io logo urlscan.io
SecurityTrails logo

post.paymentconfirm.top Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Submission: On November 08 via manual from NZ — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 37 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is post.paymentconfirm.top.
TLS certificate: Issued by GTS CA 1P5 on November 6th 2023. Valid for: 3 months.
This is the only time post.paymentconfirm.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNZ Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
23 2a06:98c1:312... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a04:4e42::649 54113 (FASTLY)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
3 104.126.37.129 20940 (AKAMAI-ASN1)
37 7
23    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
post.paymentconfirm.top
4    2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
1    2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
3    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2606:4700::6810:7baf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
3    104.126.37.129 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-37-129.deploy.static.akamaitechnologies.com
secure.bnz.co.nz
Apex Domain
Subdomains		 Transfer
23 paymentconfirm.top
post.paymentconfirm.top
112 KB
4 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 335
73 KB
3 bnz.co.nz
secure.bnz.co.nz
93 KB
3 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 223
33 KB
2 unpkg.com
unpkg.com — Cisco Umbrella Rank: 903
12 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 762
30 KB
37 6
Domain Requested by
23 post.paymentconfirm.top post.paymentconfirm.top
cdnjs.cloudflare.com
4 cdn.jsdelivr.net post.paymentconfirm.top
3 secure.bnz.co.nz post.paymentconfirm.top
3 cdnjs.cloudflare.com post.paymentconfirm.top
2 unpkg.com 1 redirects post.paymentconfirm.top
1 code.jquery.com post.paymentconfirm.top
37 6

This site contains links to these domains. Also see Links.

Domain
www.bnz.co.nz
secure.bnz.co.nz
wealthnet.bnz.co.nz
Subject Issuer Validity Valid
paymentconfirm.top
GTS CA 1P5		 2023-11-06 -
2024-02-04		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
bnz.co.nz
Entrust Certification Authority - L1K		 2023-10-05 -
2024-10-05		 a year crt.sh

This page contains 2 frames:

Primary Page: https://post.paymentconfirm.top/bank/bnz/231312705
Frame ID: 384A9277CCE2175C69E8A21691B4E8AB
Requests: 30 HTTP requests in this frame

Frame: https://post.paymentconfirm.top/supportChatFrame/231312705
Frame ID: E41C8FA7D6A7D40E93C279F66FFE5264
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BNZ LoginBNZ Logolocked

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • socket\.io.*\.js
Overall confidence: 100%
Detected patterns
  • /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
Overall confidence: 100%
Detected patterns
  • sweet(?:-)?alert(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

37
Requests

92 %
HTTPS

83 %
IPv6

6
Domains

6
Subdomains

7
IPs

2
Countries

353 kB
Transfer

980 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://unpkg.com/sweetalert/dist/sweetalert.min.js HTTP 302
  • https://unpkg.com/sweetalert@2.1.2/dist/sweetalert.min.js

37 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 231312705
post.paymentconfirm.top/bank/bnz/ 		118 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
4e5a68ac2a724a437b3c266bfb459dbc6993a533f5e3cb3f6fd92b15f8776754

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
822af1bb1de766ac-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 08 Nov 2023 04:06:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MYPQXz1PhRcPHwcHXh5lNrEUq2vUTw3toYwBF7ktJUAhohVL0YYQGy6I5Hn104fjcvZPrs%2Bf5atA99zHHdAwmAKYsYTrINj%2FhHxdmMd5VzQEBckWw51uwwzzl8bJDBZsCiBL47lM2kmYJlHIXsy3%2ByhlQXYEXA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/ 		160 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://post.paymentconfirm.top/
Origin
https://post.paymentconfirm.top
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
499505
x-jsd-version
5.1.3
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220101-FRA, cache-ams21078-AMS
x-jsd-version-type
version
server
cloudflare
etag
W/"28021-7Ba9Gb9K6bwuIzasQJpQO7varK0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=967qoeFrtJAql2jccAdxamwCDNJvA5iaKi8eaibkrES0D9kbsk%2F2AQP%2FGJTbAkQ226kaaI4UnfnYpaHVXAcsuKgVnQgS0KnnyI3BDCS6BArlEVLAh8X%2BBZtnFKyFmtVMBDP9KWm8Sb0OTxNtYlg%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
822af1bbee2a0bda-AMS
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
https://post.paymentconfirm.top/
Origin
https://post.paymentconfirm.top
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
4178296
x-cache
HIT, HIT
content-length
30875
x-served-by
cache-lga21931-LGA, cache-bom4733-BOM
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1699416396.467353,VS0,VE0
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
46, 1075322
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/ 		76 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://post.paymentconfirm.top/
Origin
https://post.paymentconfirm.top
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
608485
x-jsd-version
5.1.3
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220091-FRA, cache-ams21042-AMS
x-jsd-version-type
version
server
cloudflare
etag
W/"13131-qF5oFiTJGhBqUUwx6s+A3oF7LMM"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FXjeYSvutXiMDGoJ12c3OFL0k5hCdk3LzLaf5wNPPiLHdQDSc7Iit6cupPnJ%2BoZF1McJ%2F6SPugLywSBJmWq%2FkS6udfE7hl7has2LS3bLoES%2FSTufLxnaYK0fDMMIKe3mFomK6QzyrQnwHD%2FHsqY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
822af1bbee2b0bda-AMS
popper.min.js
cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@popperjs/core@2.10.2/dist/umd/popper.min.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://post.paymentconfirm.top/
Origin
https://post.paymentconfirm.top
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
22361568
x-jsd-version
2.10.2
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230065-FRA, cache-yyz4566-YYZ
x-jsd-version-type
version
server
cloudflare
etag
W/"496b-DsfKR3i6PMtNGxaICUcgg0++ntM"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XOBF3gLGVKPxaP2RHdN8cj3kCMMkmTje02XwFKvYroN7gn665ihfqJUAxn%2FJKMoSo1w4UFsz%2BaWJuFUoSTg%2Fs1MS8ewP%2BlyZyl%2BVBHbpM3jsWj8Fjtwgs6Fi%2B5gSGZh3P0iRltDyCaCRTmXZHpw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
822af1bbee2c0bda-AMS
bootstrap.min.js
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/ 		58 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.min.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://post.paymentconfirm.top/
Origin
https://post.paymentconfirm.top
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
686454
x-jsd-version
5.1.3
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220048-FRA, cache-ams21022-AMS
x-jsd-version-type
version
server
cloudflare
etag
W/"e753-GQgMO4F5hTNqq14c5pJcmYA/Lv0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dJrKKK0Ikj%2Bo3Jdo36jdRdb5JbEF1D1JDVLe98R7gsbZ7y60q03702ze7qMWwRlxGNLwHziUHzxpGk4iMs5MXBXrbp%2BntOux8mxierdP9eo0PACTjFnc5MoPH%2FFBfxfrvvBl5dNaNj0o8r26RrU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
822af1bbee2d0bda-AMS
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/0.27.2/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/axios/0.27.2/axios.min.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e373b70a5167485c73a265421bcfcd1fdddbae49c9c51605e6d2918a3de4ae0d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://post.paymentconfirm.top
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
545452
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
6498
last-modified
Wed, 27 Apr 2022 10:03:29 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"626914f1-1962"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ilm%2F8vlqUhIwb1Kwk3N6%2B4bMjoT%2BTzHmLVZGkpH8j%2Fpqw6pUFw%2FFcqe6tOZr%2FgQRKCF2yWar4palItCfxuNEA5MtmuFpIuhhFem4s4MSLDvhyYsnxFEcsONsyszF1cNrILelxybw8P3dbK6rEmX2Jf0g"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
822af1bbfb4a06e0-AMS
expires
Mon, 28 Oct 2024 04:06:36 GMT
sweetalert.min.js
unpkg.com/sweetalert@2.1.2/dist/
Redirect Chain
  • https://unpkg.com/sweetalert/dist/sweetalert.min.js
  • https://unpkg.com/sweetalert@2.1.2/dist/sweetalert.min.js
40 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/sweetalert@2.1.2/dist/sweetalert.min.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Server
2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ac46ebee46d515be86deeba385b4e41f8cff160364b362c9a6e153df327c66b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
2740292
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HC4WDHR93QX853YTCA8VMD9B-ams
server
cloudflare
etag
W/"9f68-Kj2qvHAjLGNQq0jTJgXcSmrB8fo"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
822af1bc1a911c08-AMS

Redirect headers

date
Wed, 08 Nov 2023 04:06:36 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01HEPHF65D2D2P594MZNWMB2W1-ams
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
310
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/sweetalert@2.1.2/dist/sweetalert.min.js
cache-control
public, s-maxage=600, max-age=60
cf-ray
822af1bbea821c08-AMS
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/axios.min.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://post.paymentconfirm.top/
Origin
https://post.paymentconfirm.top
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
23209
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4420
last-modified
Tue, 22 Dec 2020 05:22:54 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5fe182ae-3813"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8x4juNrzkkvN%2FCA%2BF2cR2aU%2BVxgYT59h47ABABOwPpwsxnaxENSgHPwKqzqyyrqrfU7Amz5qqx43eO5%2F61rPD4Hlw3%2BIYnJzjlCkeiEAjUP%2FgJK1dnDwVIyi6kkTGJgPZL9AcNRAgpMjwRJYCBjdHlnE"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
822af1bbfb4b06e0-AMS
expires
Mon, 28 Oct 2024 04:06:36 GMT
ruxitagentjs_ICA27NVfqrux_10257221222094147.js.%D0%B7%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F
post.paymentconfirm.top/js/bank/bnz/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/js/bank/bnz/ruxitagentjs_ICA27NVfqrux_10257221222094147.js.%D0%B7%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-security-policy
default-src 'none'
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
content-encoding
br
x-powered-by
Express
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=118XDjS%2BRsmofXsGmUnvJS76bSdjp%2Bct9c%2FQVN3lNJzywbqQdgL6GkIPvKaKya8Tsk9WcaYd%2Bba00k9rbuH3HQIG%2BkZHys9MBQHWfsHx5WdV2I7uudb5Ja%2BBadJ16zstvgK5JauNzRbcNhItD0DZe6t55%2FeQcw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
cf-ray
822af1bbae4866ac-AMS
alt-svc
h3=":443"; ma=86400
serrano.css
post.paymentconfirm.top/css/bank/bnz/ 		0
0
other.js
post.paymentconfirm.top/js/ 		2 KB
940 B 		Script
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/js/other.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
3c96f1753f6772c380707416ed2cf75a964f62108d2c69a300d0c28947f4e5ab

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 03 Jul 2023 05:29:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"83d-1891a3a5da0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PqyOM31hW4Xg4hM1XIdFQYazKgy1TrrfPch05Hc3MiCWxJE4DBweqOvBYmxnrkwX2Yw%2FLR8cKGIdS56QJRVj0OE%2F%2FkK%2FTF7DAX1Rqx071%2B6J5DMsPjPsB1czPf0xFWXuccwKP4g2ybw54xQOG0k9ulhGzvOSrg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
822af1bbce5166ac-AMS
alt-svc
h3=":443"; ma=86400
axios.min.js
post.paymentconfirm.top/js/ 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/js/axios.min.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d5fba18e5f50a6f74db552765e4e256d2f4a6e9b46c2234b5e07f3c63fdcec28

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Fri, 10 Mar 2023 07:16:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"7467-186ca606380"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Zu7ObP4KTSzYo%2BDsgDZAdBRxrQYfQ1gmxkBAJFC%2FpIkCJynveUQiqVv4QJv%2BuzPWuJdNH2U6tAGlTu%2BXQivdDQQys1FKd0%2BWaU7lrTAMahGjHP16YIMQ%2FYekZYosKUpEs%2F%2BaGQO0Rz%2BbZqjWn6%2BBbnry2Zlkg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
822af1bbce5266ac-AMS
alt-svc
h3=":443"; ma=86400
jquery-3.6.0.min.js
post.paymentconfirm.top/js/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/js/jquery-3.6.0.min.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Fri, 28 Oct 2022 05:38:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"15d9d-1841d199a40"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8L44Nz4P%2FZU3pV99Jj89fvQl8kYLB%2BAQMgBCpZQZe%2Ftdc%2FEPpw0gQ4PsBJz3BdUChEYftxd3qh756CdOJ7KtI3Q%2BGtMCZAT20Ugj7wWkbL%2BmTKff7rVvkVQOHBUm78I1v9IGpc0pUZdB176uA5SiywyotlmHVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
822af1bbce5366ac-AMS
alt-svc
h3=":443"; ma=86400
socket.io.js
cdnjs.cloudflare.com/ajax/libs/socket.io/4.4.1/ 		105 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.4.1/socket.io.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78f843d3abb760189d189f74b3f80bb0ca13e40ede8caad1c05c321ffeb78cf4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
518805
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
20987
last-modified
Thu, 06 Jan 2022 11:01:53 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"61d6cc21-51fb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9QEK%2B4FWwApiEIdvSQKwu7S6kfhZbeu0EY5W7uomdlKZ1iflqWwPSgN8lCy5tVF150Ey02uRv%2BE6h%2F7oq5GSglh5XMis%2Fa%2By2d7JmiD9c8sFnjMtyboqI8cZZGZ6r9CgErZRh8vDPQ%2B3NGODuMm%2BWaRR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
822af1bbfdc30a48-AMS
expires
Mon, 28 Oct 2024 04:06:36 GMT
2.0ebac605.chunk.js.%D0%B7%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F
post.paymentconfirm.top/js/bank/bnz/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/js/bank/bnz/2.0ebac605.chunk.js.%D0%B7%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-security-policy
default-src 'none'
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
content-encoding
br
x-powered-by
Express
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6uBmCzQbQC47iNPOHB2SxXbWCzgbxaoJu17X5l%2FnXuHPc00cBcEAk%2BWHyjEsQtqJaXxoPF5ksbCLBvIPILlsFRzITg3lHaC1140mvI3JS0NUL4Jz13%2FM1trcet%2FhN8blKv72hI79NjrZaGIXqzcBCChkvAuOmA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
cf-ray
822af1bbce5466ac-AMS
alt-svc
h3=":443"; ma=86400
main.a5985273.chunk.js.%D0%B7%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F
post.paymentconfirm.top/js/bank/bnz/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/js/bank/bnz/main.a5985273.chunk.js.%D0%B7%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-security-policy
default-src 'none'
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
content-encoding
br
x-powered-by
Express
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0hIx0f%2B6vBaI4MlSKyYMfIYT2Nn0OSji0gmh3BUEPTRftn7WtiACiAP34DZnk495uKxV66fiZz1ls7%2FT%2BknyA8yXO6KQVy1lXuSIlmYyfoJP06wnNSAzDPYJF0OLayhkzE3XKqC3tz%2F4bUrR9Uj7sf2b1nCsTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
cf-ray
822af1bbce5666ac-AMS
alt-svc
h3=":443"; ma=86400
FR8nJHM
post.paymentconfirm.top/js/bank/bnz/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/js/bank/bnz/FR8nJHM
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-security-policy
default-src 'none'
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
content-encoding
br
x-powered-by
Express
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bMt4RceTgcBwWdaG9nI5txRvAOnqfvdlX5AYMErQml85bVn7%2FTnnw9ucGJB7QRXviqvdHKAldaqyk1iHNsMswkCMstkMUXJOY5JAPMzhOLl%2BO9AgkiezT6VseSWL%2BbLQuOOaXBYBYizGmb86G%2BgVZs1FqqIXNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
cf-ray
822af1bbce5766ac-AMS
alt-svc
h3=":443"; ma=86400
support_parent.css
post.paymentconfirm.top/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/css/support_parent.css
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
129ee1ff951798c6f58b214f1ead2b43f8166eded4fb0c6cb9ffd71aa099e872

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 18 Sep 2023 21:19:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"e03-18aaa296450"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RZxTOQkoNkbOYCWMogtQ1jUBsb%2F6Lnr26cF7e%2BwGjiaVktmyUAwSTgVUtioiuULGZ9KPBaNgKelEBsfInRbmlDJeVO1oOtpOjh%2FynM8mev5BRujaBWakXTB1lHMqHN4kfSPwtgbtB7fiSu2W2hOzZ9Cd6J5M5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
822af1bbce5566ac-AMS
alt-svc
h3=":443"; ma=86400
serrano.css
post.paymentconfirm.top/css/bank/bnz/ 		0
0
3.6ca2a99c.chunk.js
secure.bnz.co.nz/auth/static/js/ 		0
89 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://secure.bnz.co.nz/auth/static/js/3.6ca2a99c.chunk.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.129 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-129.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 08 Nov 2023 04:06:36 GMT
strict-transport-security
max-age=15768000
akamai-grn
0.7d257e68.1699416396.f73fe88
server-timing
dtSInfo;desc="0", dtRpid;desc="-992011820"
bnz-logon-request
1
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 28 Sep 2023 07:53:36 GMT
etag
"65153100-4faf7"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=62644
accept-ranges
bytes
expires
Wed, 08 Nov 2023 21:30:40 GMT
4.bb624667.chunk.js
secure.bnz.co.nz/auth/static/js/ 		0
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://secure.bnz.co.nz/auth/static/js/4.bb624667.chunk.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.129 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-129.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
date
Wed, 08 Nov 2023 04:06:36 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=15768000
akamai-grn
, 0.7d257e68.1699416396.f73fe86
server-timing
dtSInfo;desc="0", dtRpid;desc="-490270930"
bnz-logon-request
1
x-xss-protection
1; mode=block
content-length
281
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 28 Sep 2023 07:53:36 GMT
etag
"65153100-119"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=62623
accept-ranges
bytes
expires
Wed, 08 Nov 2023 21:30:19 GMT
5.c5c9bca4.chunk.js
secure.bnz.co.nz/auth/static/js/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://secure.bnz.co.nz/auth/static/js/5.c5c9bca4.chunk.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.129 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-129.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
default-src 'self';manifest-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz; child-src 'self' https://www.bnz.co.nz https://m.bnz.co.nz; object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://www.bnz.co.nz https://www.bnz.co.nz;img-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://www.bnz.co.nz;font-src 'self' https://www.bnz.co.nz https://www.bnz.co.nz;connect-src 'self' https://www.bnz.co.nz https://verify.bnz.co.nz https://m.bnz.co.nz https://api.bnz.co.nz https://*.launchdarkly.com ;
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 08 Nov 2023 04:06:36 GMT
strict-transport-security
max-age=15768000
akamai-grn
, 0.7d257e68.1699416396.f73fe89
server-timing
dtSInfo;desc="0", dtRpid;desc="167664615"
bnz-logon-request
1
x-xss-protection
1; mode=block
content-length
1913
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 28 Sep 2023 07:53:36 GMT
etag
"65153100-11e0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=61662
accept-ranges
bytes
expires
Wed, 08 Nov 2023 21:14:18 GMT
/
post.paymentconfirm.top/socket.io/ 		118 B
535 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/socket.io/?EIO=4&transport=polling&t=Okj75Dt
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.4.1/socket.io.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f7b88c9293d0f5478e1afd9aea52458973bcd747dad726065cb9ddf12cc7fa8

Request headers

Accept
*/*
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ELL8NgTJDIz2ET9KCpF5ReYdD%2FPnrcJdKbNVG9vyIHhMwfx9CjByQ8uu09stSVy93oa9yK7%2BEDdpxOYkMc6Ct27wLCFEfChuCZ3S4Nknxb6Xzd0Im7gV3mYuXJncKym283GwHBLatmPAMYNp5500x%2B02ImlKhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
822af1bf3e5b6691-AMS
alt-svc
h3=":443"; ma=86400
231312705
post.paymentconfirm.top/supportChatFrame/ Frame E41C 		23 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/supportChatFrame/231312705
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/bank/bnz/231312705
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c0f86ce2f6abfb65d318e24c2141a0cafe00c7ee35a276f7191c16b1fde322b1

Request headers

Referer
https://post.paymentconfirm.top/bank/bnz/231312705
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
822af1bf3e5d6691-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 08 Nov 2023 04:06:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CBbLjAdc%2Bbaks%2B6TbGMWM6GuxgBS6i4KXARwrvdt5ddGdK%2FoXA1LKQ1%2B98kzY6IK0ojPHJHuPhjjHPomNI0V%2FbDyr6kZzGqbYSrH1DI8OxD1LzMExSNGYWWPSCb4iWl0VPH1EetKFxtmBFAf9%2BacxXpAOhFkbA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
suppicon.svg
post.paymentconfirm.top/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://post.paymentconfirm.top/img/suppicon.svg
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/css/support_parent.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d35e73edc030e667b728e2e626c782ec2b4d3b0a3044730c02b9a25dbf46be59

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/css/support_parent.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Mon, 26 Jul 2021 23:21:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"4d3-17ae51f7d20"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XQhb78lzNwF%2BsdpkAg8tgfCvKxl%2BC1GQV%2Flry%2Bpm5hOoij0lblJ58eVEzaHAFLirpeZaDHoJFWZNgv51h0THErG9VjBrbd%2F%2Biz%2Fl0GoQiwajj5e0mbBKt49WgzUZ02N8AQqLcS2XfXbJUAWMsQHV8yW5MRPeuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
822af1bf3e5f6691-AMS
alt-svc
h3=":443"; ma=86400
/
post.paymentconfirm.top/socket.io/ 		2 B
424 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/socket.io/?EIO=4&transport=polling&t=Okj75Ef&sid=D9NWFSYHCFPUAVmoAAph
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.4.1/socket.io.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept
*/*
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type
text/plain;charset=UTF-8

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bbSAyt1rDLfWDofHb4w1uv%2FP5MLHrKj%2FoThLFMtOkfIveSaaIvKnoJESvk%2BxBSplM%2FSG1OscPYIf7CfrWYY7ZxWmjZwBR%2Byi8%2B7Cr3uxZnO6NASCgW35HcWSMtHEM6kdaBjFfmoI4hJbmNfab38yVGUgoIqe8w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cf-ray
822af1bf8e786691-AMS
alt-svc
h3=":443"; ma=86400
/
post.paymentconfirm.top/socket.io/ 		32 B
456 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/socket.io/?EIO=4&transport=polling&t=Okj75Eg&sid=D9NWFSYHCFPUAVmoAAph
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.4.1/socket.io.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da15289e850c8fe28314352c2222c80eaddacd3d0acfdc536607e733ee54b693

Request headers

Accept
*/*
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yASwzIcScydEmwI6GqBGZ8e3KewenKWKgg4vBCgJLnRPfveWmxG56wv0d9VI2iZp4oOOn4hujt7gD7suesSBHk8DZgZJUcWgrHOr19Aj83WzW%2F5opoFLdVeJ4NUL%2FPOFrmGpso3N120CzZeUPeLdFRcxkWQoeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
822af1bf8e796691-AMS
alt-svc
h3=":443"; ma=86400
content-length
32
support_chat.css
post.paymentconfirm.top/css/ Frame E41C 		101 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/css/support_chat.css
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/supportChatFrame/231312705
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d40c636c6f5df8e97ce5d56c336a9c1379bfa2b963053386d670b6865be2913f

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/supportChatFrame/231312705
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Fri, 06 May 2022 15:27:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"195ce-18099fbddb0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zF3plbbowuDY5wDwChd3%2BcEeUUJmh5AWStVe4qQ%2BouZd2AB15GJ2isi2OVmZ5ETACfSWbVCkRE6FKgumsh3vzX%2FLLxBn2Uh%2BOGaiVUSnE%2FWKkfr3vRVH9kihQ6rnLP2tIpWYHo7N4We%2BOxPpYCXkEU68wGyg2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
822af1bfbe956691-AMS
alt-svc
h3=":443"; ma=86400
axios.min.js
post.paymentconfirm.top/js/ Frame E41C 		29 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/js/axios.min.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/supportChatFrame/231312705
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d5fba18e5f50a6f74db552765e4e256d2f4a6e9b46c2234b5e07f3c63fdcec28

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/supportChatFrame/231312705
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Fri, 10 Mar 2023 07:16:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"7467-186ca606380"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=duBPM%2FD0e8AL8BbfJquAAU40HciTn%2BSd4eE0R%2BauHb9mXRX7WKdhRr1jk0cGSL7ZAxADvwoXgNT63nh%2FwaNB7mgqcVevciYZjASdy%2FNLJFqk6S3h1JZmtfvGSVNL3%2FGDGbeq0g42Hkw6pDkooMjmVzcFvKwFUg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
822af1bfbe966691-AMS
alt-svc
h3=":443"; ma=86400
support.js
post.paymentconfirm.top/js/ Frame E41C 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/js/support.js
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/supportChatFrame/231312705
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
525dfe15d7b865d55feee2557b7d665e34a9b1573996ffb491052b38052b4b79

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://post.paymentconfirm.top/supportChatFrame/231312705
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Tue, 06 Jun 2023 08:24:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"179b-1888fced970"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXhdPzav9grV7xEgaiA%2BWIioJpewETGhBqgidW1OvGnQVxsO2sxDHIAtFWHb7ZeppP3t5hK8YMrFtI8xEitBhG0EJd6T1b46ZHEliNtHwdPTx1J2w0LqLYL4VsNyq5XPDMaHcEG3wIvhvqDIA9thjhya0mo6mw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
cf-ray
822af1bfbe976691-AMS
alt-svc
h3=":443"; ma=86400
/
post.paymentconfirm.top/socket.io/ 		2 B
422 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/socket.io/?EIO=4&transport=polling&t=Okj75FP&sid=D9NWFSYHCFPUAVmoAAph
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.4.1/socket.io.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept
*/*
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-type
text/plain;charset=UTF-8

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UKJGQQKG0KREU4neMIayHL%2BSiYF0OsVTP9cuzW5d4k9efKluQKxjMAM%2FQLNJHgPRCkoq7V6KRJEcgiJWTt4LSI6gOsOMGNmjKOVSyDc1Fi4JoSYYtv8FN9FVW4%2FS2UzJ5mkz5Eigy8vHIN%2FaEneStSeHCa6iWg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cf-ray
822af1bfdea76691-AMS
alt-svc
h3=":443"; ma=86400
/
post.paymentconfirm.top/socket.io/ 		51 B
485 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/socket.io/?EIO=4&transport=polling&t=Okj75FP.0&sid=D9NWFSYHCFPUAVmoAAph
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.4.1/socket.io.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eca913a86994e99b1ba093aefa078a57695bfc7f21377b23aeb60fe6c537a04d

Request headers

Accept
*/*
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S9NRRg7GCC3jSiD8O2XiYJ%2BGyhykVzXpIVZg3BqcxAQe38vEZkugqYSmVv2gWRCOmfLXnjS7X4Szzu5jxHMTQUqi9anVfwyhKkLLDURgvYyP5HddgwlXOHNqwLqGkbKeZbaIH4gpeP%2BcJPBW9h6rucpXSDI4ew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
822af1bfdea86691-AMS
alt-svc
h3=":443"; ma=86400
/
post.paymentconfirm.top/socket.io/ 		1 B
430 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/socket.io/?EIO=4&transport=polling&t=Okj75Fy&sid=D9NWFSYHCFPUAVmoAAph
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/4.4.1/socket.io.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683

Request headers

Accept
*/*
Referer
https://post.paymentconfirm.top/bank/bnz/231312705
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h9sJBFUZMK5SLmMXwB%2BHdpFYLSDT8mnmTZDDXw0NgG3fqhFnJvezGOncyPgnUzU%2F4KA5JHeo4Egj0WDqafyqlCwZK3DuXr8jQuEmpu2ZZMi8yOqN4E%2Fu01bLLlQnW6GPBxEAM%2BZxuALZHU5UQ4SAgH7tLemBhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
822af1c00ec56691-AMS
alt-svc
h3=":443"; ma=86400
content-length
1
getMessages
post.paymentconfirm.top/api/support/ Frame E41C 		15 B
490 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/api/support/getMessages
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/js/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5e4ce7b36ba37b78a5d5f9fd08e6b7b54ba6879d651aa46ec9e1d6fa24ebe30a

Request headers

Accept
application/json, text/plain, */*
Referer
https://post.paymentconfirm.top/supportChatFrame/231312705
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 08 Nov 2023 04:06:36 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"f-FAzzTdccAfl0E2Lu/wbvI/6Anvk"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=heAnOmALYHk0P4SqZeCbbJ4GmcHmFuLF6MHaADjicJSj1d1pzu%2F8DcsdnclwQ3zBzLc0U5x%2Fj4hLhbpygZeoxru8FaUtdHj0X0Tv9PqFzDiC971yZy%2Fys8mwqm9OcJHM5SBtF4hMpFdS8m0OX72r58QbQZYMJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
cf-ray
822af1c04ee36691-AMS
alt-svc
h3=":443"; ma=86400
content-length
15
getMessages
post.paymentconfirm.top/api/support/ Frame E41C 		15 B
496 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/api/support/getMessages
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/js/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5e4ce7b36ba37b78a5d5f9fd08e6b7b54ba6879d651aa46ec9e1d6fa24ebe30a

Request headers

Accept
application/json, text/plain, */*
Referer
https://post.paymentconfirm.top/supportChatFrame/231312705
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 08 Nov 2023 04:06:38 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"f-FAzzTdccAfl0E2Lu/wbvI/6Anvk"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FQwE9GisheW3UEwEnxlyg8bWcbjNyEhxVvy8MlUGb1qbbkJlifvgKzVN6VHk1hdGNA13xkt2KkEV3F%2FVNLVpVWLfYVQKsPASVw%2BDFxLXipYKx%2FuK%2BvxDDhJQRbXcTdAlK%2FCErz5eDfB4dkIA84aH9fj2AW6QJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
cf-ray
822af1c9fbc66691-AMS
alt-svc
h3=":443"; ma=86400
content-length
15
getMessages
post.paymentconfirm.top/api/support/ Frame E41C 		15 B
495 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://post.paymentconfirm.top/api/support/getMessages
Requested by
Host: post.paymentconfirm.top
URL: https://post.paymentconfirm.top/js/axios.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5e4ce7b36ba37b78a5d5f9fd08e6b7b54ba6879d651aa46ec9e1d6fa24ebe30a

Request headers

Accept
application/json, text/plain, */*
Referer
https://post.paymentconfirm.top/supportChatFrame/231312705
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 08 Nov 2023 04:06:39 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"f-FAzzTdccAfl0E2Lu/wbvI/6Anvk"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q3oM0d7U9IEmcxXOY8jcmNqfdR%2Be9Ym5EkqAK9Mmrh3%2FYve9YN1P2jnkpBCh756lzLL%2FJ855WPnJ4EvInUpB%2FWqPl5nDFxtbqNMI08uGEMuKZ%2Fzgw7HOw1J5y4jBjYu87rIV7sIlqLeMvb03PuTzjQ9RtwUKOg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
cf-ray
822af1d3a8976691-AMS
alt-svc
h3=":443"; ma=86400
content-length
15

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
post.paymentconfirm.top
URL
https://post.paymentconfirm.top/css/bank/bnz/serrano.css
Domain
post.paymentconfirm.top
URL
https://post.paymentconfirm.top/css/bank/bnz/serrano.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNZ Bank (Banking)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture boolean| isIE boolean| isUnsupportedBrowser object| __BNZ_LOGIN_CLIENT function| $ function| jQuery number| uidEvent object| bootstrap object| Popper function| axios function| setImmediate function| clearImmediate function| swal function| sweetAlert function| sendOnlineStatus function| setOnlineStatus function| io

1 Cookies

Domain/Path Name / Value
post.paymentconfirm.top/ Name: connect.sid
Value: s%3Am6HJlxl8Hu5UWKRU2H-nYLdiLrIv8-Ks.6BisMmJs71tyXi1wvmyTpZF%2FwgX3MFmJ5WfkfRCfnFE

10 Console Messages

Source Level URL
Text
network error URL: https://post.paymentconfirm.top/js/bank/bnz/ruxitagentjs_ICA27NVfqrux_10257221222094147.js.%D0%B7%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://post.paymentconfirm.top/bank/bnz/231312705
Message:
Refused to apply style from 'https://post.paymentconfirm.top/css/bank/bnz/serrano.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network error URL: https://post.paymentconfirm.top/js/bank/bnz/main.a5985273.chunk.js.%D0%B7%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://post.paymentconfirm.top/js/bank/bnz/2.0ebac605.chunk.js.%D0%B7%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://post.paymentconfirm.top/js/bank/bnz/FR8nJHM
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://post.paymentconfirm.top/bank/bnz/231312705
Message:
Refused to execute script from 'https://post.paymentconfirm.top/js/bank/bnz/ruxitagentjs_ICA27NVfqrux_10257221222094147.js.%D0%B7%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://post.paymentconfirm.top/bank/bnz/231312705
Message:
Refused to apply style from 'https://post.paymentconfirm.top/css/bank/bnz/serrano.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://post.paymentconfirm.top/bank/bnz/231312705
Message:
Refused to execute script from 'https://post.paymentconfirm.top/js/bank/bnz/2.0ebac605.chunk.js.%D0%B7%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://post.paymentconfirm.top/bank/bnz/231312705
Message:
Refused to execute script from 'https://post.paymentconfirm.top/js/bank/bnz/main.a5985273.chunk.js.%D0%B7%D0%B0%D0%B2%D0%B0%D0%BD%D1%82%D0%B0%D0%B6%D0%B5%D0%BD%D0%BD%D1%8F' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://post.paymentconfirm.top/bank/bnz/231312705
Message:
Refused to execute script from 'https://post.paymentconfirm.top/js/bank/bnz/FR8nJHM' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
post.paymentconfirm.top
secure.bnz.co.nz
unpkg.com
post.paymentconfirm.top
104.126.37.129
2606:4700::6810:5514
2606:4700::6810:7baf
2606:4700::6811:190e
2a04:4e42::649
2a06:98c1:3120::3
129ee1ff951798c6f58b214f1ead2b43f8166eded4fb0c6cb9ffd71aa099e872
24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2ac46ebee46d515be86deeba385b4e41f8cff160364b362c9a6e153df327c66b
3c96f1753f6772c380707416ed2cf75a964f62108d2c69a300d0c28947f4e5ab
4e5a68ac2a724a437b3c266bfb459dbc6993a533f5e3cb3f6fd92b15f8776754
525dfe15d7b865d55feee2557b7d665e34a9b1573996ffb491052b38052b4b79
5e4ce7b36ba37b78a5d5f9fd08e6b7b54ba6879d651aa46ec9e1d6fa24ebe30a
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
70c3d690bdc5ce3b9a1527c46044989a3176e610882fa99f4523e75bc395bcce
78f843d3abb760189d189f74b3f80bb0ca13e40ede8caad1c05c321ffeb78cf4
8f7b88c9293d0f5478e1afd9aea52458973bcd747dad726065cb9ddf12cc7fa8
c0f86ce2f6abfb65d318e24c2141a0cafe00c7ee35a276f7191c16b1fde322b1
d35e73edc030e667b728e2e626c782ec2b4d3b0a3044730c02b9a25dbf46be59
d40c636c6f5df8e97ce5d56c336a9c1379bfa2b963053386d670b6865be2913f
d5fba18e5f50a6f74db552765e4e256d2f4a6e9b46c2234b5e07f3c63fdcec28
da15289e850c8fe28314352c2222c80eaddacd3d0acfdc536607e733ee54b693
e373b70a5167485c73a265421bcfcd1fdddbae49c9c51605e6d2918a3de4ae0d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
eca913a86994e99b1ba093aefa078a57695bfc7f21377b23aeb60fe6c537a04d
f395875eb5d58c5128c434812cd0a53d438b11536f7fd1577077d8a5c612e1fd
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e