www.rckik-opole.com.pl Open in urlscan Pro
46.242.130.89 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html
Submission: On April 13 via manual (April 13th 2023, 5:30:07 am UTC) from AU — Scanned from AU

Summary HTTP 22 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 22 HTTP transactions. The main IP is 46.242.130.89, located in Poland and belongs to HOMEPL-AS, PL. The main domain is www.rckik-opole.com.pl.
TLS certificate: Issued by R3 on February 12th 2023. Valid for: 3 months.

This is the only time www.rckik-opole.com.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ANZ Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	46.242.130.89 46.242.130.89	12824 (HOMEPL-AS) (HOMEPL-AS)
8 24	45.60.160.117 45.60.160.117	19551 (INCAPSULA) (INCAPSULA)
22	3

1 46.242.130.89 (Poland)

ASN12824 (HOMEPL-AS, PL)
PTR: rckik-opole.com.pl

www.rckik-opole.com.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 45.60.160.117 (United States) 8 redirects

ASN19551 (INCAPSULA, US)

digital.anz.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	anz.co.nz 8 redirects digital.anz.co.nz	151 KB
1	rckik-opole.com.pl www.rckik-opole.com.pl	5 KB
22	2

	Domain	Requested by
24	digital.anz.co.nz	8 redirects www.rckik-opole.com.pl digital.anz.co.nz
1	www.rckik-opole.com.pl
22	2

This site contains links to these domains. Also see Links.

Domain
www.anz.co.nz
windows.microsoft.com
www.mozilla.org
www.google.com
digital.anz.co.nz

Subject Issuer	Validity	Valid
rckik-opole.com.pl R3	`2023-02-12` - `2023-05-13`	3 months	crt.sh
digital.anz.co.nz DigiCert SHA2 Extended Validation Server CA	`2022-08-16` - `2023-09-16`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html
Frame ID: 25DED703D5F1A8916E4BC5BF8EACF7E5
Requests: 25 HTTP requests in this frame

Frame: https://digital.anz.co.nz/preauth/assets/images/svg/brand/anz_logo_gradient.svg
Frame ID: 2ADD74C646A71FBECDABCA3729C451F3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ANZ: Internet Banking Log On

Page Statistics

22
Requests

41 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

231 kB
Transfer

397 kB
Size

3
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: http://www.anz.co.nz/

Search URL Search Domain Scan URL

URL: http://windows.microsoft.com/en-us/internet-explorer/download-ie/
Title: Internet Explorer �

Search URL Search Domain Scan URL

URL: http://www.mozilla.org/en-US/firefox/
Title: Firefox �

Search URL Search Domain Scan URL

URL: http://www.google.com/chrome/
Title: Chrome �

Search URL Search Domain Scan URL

URL: http://www.anz.co.nz/personal/ways-bank/internet-banking/software-settings/
Title: More about our recommended software settings

Search URL Search Domain Scan URL

URL: https://digital.anz.co.nz/preauth/service/login
Title: Log on

Search URL Search Domain Scan URL

URL: http://www.anz.co.nz/auxiliary/help/help/website-security-privacy/
Title: Security & Privacy Statement

Search URL Search Domain Scan URL

URL: http://www.anz.co.nz/auxiliary/help/help/website-terms-use/
Title: Website Terms of Use

Search URL Search Domain Scan URL

URL: http://www.anz.co.nz/resources/6/7/67cd07804ee131e5bc44fe146f64e4a5/ANZ-Electronic-COU.pdf
Title: Electronic Banking Conditions

Search URL Search Domain Scan URL

URL: http://www.anz.co.nz/auxiliary/contact-us/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://digital.anz.co.nz/preauth/dtagent_ICA23jrx_7000000031020.js HTTP 302
https://digital.anz.co.nz/preauth/web/service/login

Request Chain 5

https://digital.anz.co.nz/preauth/vendor/modernizr.js HTTP 302
https://digital.anz.co.nz/preauth/web/service/login

Request Chain 6

https://digital.anz.co.nz/preauth/config.require.js HTTP 302
https://digital.anz.co.nz/preauth/web/service/login

Request Chain 7

https://digital.anz.co.nz/preauth/vendor/require.js HTTP 302
https://digital.anz.co.nz/preauth/web/service/login

Request Chain 8

https://digital.anz.co.nz/preauth/vendor.js HTTP 302
https://digital.anz.co.nz/preauth/web/service/login

Request Chain 9

https://digital.anz.co.nz/preauth/config.js HTTP 302
https://digital.anz.co.nz/preauth/web/service/login

Request Chain 10

https://digital.anz.co.nz/preauth/app/app.js HTTP 302
https://digital.anz.co.nz/preauth/web/service/login

Request Chain 13

https://digital.anz.co.nz/preauth/assets/core.print.css HTTP 302
https://digital.anz.co.nz/preauth/web/service/login

22 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request login.html Show response
www.rckik-opole.com.pl/ftp1//App.anz.nz/ 16 KB
5 KB 1888ms
399ms Document
text/html 46.242.130.89
HOMEPL-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

46.242.130.89 , Poland, ASN12824 (HOMEPL-AS, PL),

Reverse DNS

rckik-opole.com.pl

Software

nginx / PleskLin

Resource Hash

17e96da79f2323235f310a4278daac62014f11aaf3cbfd38caaccbe128b99226

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

content-encoding: br
content-type: text/html
date: Thu, 13 Apr 2023 05:30:00 GMT
etag: W/"59930b0e-3e46"
last-modified: Tue, 15 Aug 2017 14:54:06 GMT
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PleskLin

GET
H/1.1

200
OK

https://digital.anz.co.nz/preauth/dtagent_ICA23jrx_7000000031020.js
https://digital.anz.co.nz/preauth/web/service/login

0
0

185ms
146ms

Script
text/html

45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://digital.anz.co.nz/preauth/web/service/login
Requested by: Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html
Protocol: HTTP/1.1
Server: 45.60.160.117 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Redirect headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 13 Apr 2023 05:30:00 GMT
X-CDN: Imperva
X-Powered-By: ARR/3.0
Content-Type: text/html;charset=ISO-8859-1
Location: /preauth/web/service/login
$WSEP
Content-Language: en-US
X-Iinfo: 1-18993922-18978435 3NNN RT(1681363800439 101) q(0 0 0 0) r(0 0) U11
Content-Length: 0

GET
H/1.1 200
OK script Show response
digital.anz.co.nz/preauth/web/service/ 11 KB
4 KB 321ms
110ms Script
application/javascript 45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://digital.anz.co.nz/preauth/web/service/script

Requested by

Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.160.117 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0aa257dd4f2480ac9580c8137d344623eafe2a78dab2c6169acf16cbdf3dcdce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 05:30:00 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 05 Apr 2023 19:41:53 GMT
X-CDN: Imperva
Etag: "8aa00278"
Content-Type: application/javascript
X-Iinfo: 2-30288255-0 0CNN RT(1681363800439 105) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=377, public
Content-Length: 3101
Expires: Thu, 13 Apr 2023 05:36:17 GMT

GET
H/1.1 200
OK pff0kwo.js Show response
digital.anz.co.nz/preauth/assets/fonts/licenced/myriad-pro/ 19 KB
8 KB 314ms
102ms Script
application/x-javascript 45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://digital.anz.co.nz/preauth/assets/fonts/licenced/myriad-pro/pff0kwo.js

Requested by

Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.160.117 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

033507aeefb0c4b634f96824777a8edf96ea06fb69f0aaac3f79fe00b37e9383

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 05:30:00 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 01 Mar 2023 22:10:26 GMT
X-CDN: Imperva
Etag: "03b905d3"
Content-Type: application/x-javascript
X-Iinfo: 1-18993923-0 0CNN RT(1681363800439 102) q(0 -1 -1 2) r(0 -1)
Cache-Control: max-age=1316, public
Content-Length: 7247
Expires: Thu, 13 Apr 2023 05:51:56 GMT

GET
H/1.1 200
OK pff0kwo-d.css
digital.anz.co.nz/preauth/assets/fonts/licenced/myriad-pro//c/ 108 KB
80 KB 322ms
111ms Stylesheet
text/css 45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://digital.anz.co.nz/preauth/assets/fonts/licenced/myriad-pro//c/pff0kwo-d.css

Requested by

Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.160.117 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e0b1acb0e098f44401d9d89902d17604b0eeb90d9873398e89efaadb2f4e0b43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 05:30:00 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 01 Mar 2023 22:10:26 GMT
X-CDN: Imperva
Etag: "2394cb3e"
Content-Type: text/css
X-Iinfo: 10-70865033-0 0CNN RT(1681363800439 111) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1256, public
Content-Length: 80826
Expires: Thu, 13 Apr 2023 05:50:56 GMT

GET
H/1.1 200
OK core.nonresponsive.css
digital.anz.co.nz/preauth/assets/ 129 KB
23 KB 317ms
106ms Stylesheet
text/css 45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://digital.anz.co.nz/preauth/assets/core.nonresponsive.css

Requested by

Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.160.117 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

94d9d7a604727a6112f35f344d0190b2e86e0beb40c6a17644f0699e03361694

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 05:30:00 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 01 Mar 2023 22:10:26 GMT
X-CDN: Imperva
Etag: "8f9a2056"
Content-Type: text/css
X-Iinfo: 2-30288254-30286565 2CNN RT(1681363800439 102) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=119, public
Content-Length: 22986
Expires: Thu, 13 Apr 2023 05:31:59 GMT

GET
H/1.1

200
OK

https://digital.anz.co.nz/preauth/vendor/modernizr.js
https://digital.anz.co.nz/preauth/web/service/login

0
0

186ms
143ms

Script
text/html

45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://digital.anz.co.nz/preauth/web/service/login
Requested by: Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html
Protocol: HTTP/1.1
Server: 45.60.160.117 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Redirect headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 13 Apr 2023 05:30:00 GMT
X-CDN: Imperva
X-Powered-By: ARR/3.0
Content-Type: text/html;charset=ISO-8859-1
Location: /preauth/web/service/login
$WSEP
Content-Language: en-US
X-Iinfo: 7-26643202-26635583 3NNN RT(1681363800439 102) q(0 0 0 0) r(1 1) U11
Content-Length: 0

GET
H/1.1

200
OK

https://digital.anz.co.nz/preauth/config.require.js
https://digital.anz.co.nz/preauth/web/service/login

0
0

143ms
143ms

Script
text/html

45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://digital.anz.co.nz/preauth/web/service/login
Requested by: Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html
Protocol: HTTP/1.1
Server: 45.60.160.117 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Redirect headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 13 Apr 2023 05:30:01 GMT
X-CDN: Imperva
X-Powered-By: ARR/3.0
Content-Type: text/html;charset=ISO-8859-1
Location: /preauth/web/service/login
$WSEP
Content-Language: en-US
X-Iinfo: 2-30288255-30286579 3NNN RT(1681363800439 213) q(0 0 0 -1) r(1 1) U11
Content-Length: 0

GET
H/1.1

200
OK

https://digital.anz.co.nz/preauth/vendor/require.js
https://digital.anz.co.nz/preauth/web/service/login

0
0

139ms
139ms

Script
text/html

45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://digital.anz.co.nz/preauth/web/service/login
Requested by: Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html
Protocol: HTTP/1.1
Server: 45.60.160.117 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Redirect headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 13 Apr 2023 05:30:01 GMT
X-CDN: Imperva
X-Powered-By: ARR/3.0
Content-Type: text/html;charset=ISO-8859-1
Location: /preauth/web/service/login
$WSEP
Content-Language: en-US
X-Iinfo: 1-18993922-18991303 3NNN RT(1681363800439 258) q(0 0 0 -1) r(1 1) U11
Content-Length: 0

GET
H/1.1

200
OK

https://digital.anz.co.nz/preauth/vendor.js
https://digital.anz.co.nz/preauth/web/service/login

0
0

756ms
756ms

Script
text/html

45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://digital.anz.co.nz/preauth/web/service/login
Requested by: Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html
Protocol: HTTP/1.1
Server: 45.60.160.117 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Redirect headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 13 Apr 2023 05:30:00 GMT
X-CDN: Imperva
X-Powered-By: ARR/3.0
Content-Type: text/html;charset=ISO-8859-1
Location: /preauth/web/service/login
$WSEP
Content-Language: en-US
X-Iinfo: 7-26643202-26635583 3NNN RT(1681363800439 265) q(0 0 0 -1) r(4 4) U11
Content-Length: 0

GET
H/1.1

200
OK

https://digital.anz.co.nz/preauth/config.js
https://digital.anz.co.nz/preauth/web/service/login

0
0

165ms
165ms

Script
text/html

45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://digital.anz.co.nz/preauth/web/service/login
Requested by: Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html
Protocol: HTTP/1.1
Server: 45.60.160.117 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Redirect headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 13 Apr 2023 05:30:01 GMT
X-CDN: Imperva
X-Powered-By: ARR/3.0
Content-Type: text/html;charset=ISO-8859-1
Location: /preauth/web/service/login
$WSEP
Content-Language: en-US
X-Iinfo: 10-70865033-70860080 3NNN RT(1681363800439 535) q(0 0 0 -1) r(7 7) U11
Content-Length: 0

GET
H/1.1

200
OK

https://digital.anz.co.nz/preauth/app/app.js
https://digital.anz.co.nz/preauth/web/service/login

0
0

139ms
139ms

Script
text/html

45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://digital.anz.co.nz/preauth/web/service/login
Requested by: Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html
Protocol: HTTP/1.1
Server: 45.60.160.117 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Redirect headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 13 Apr 2023 05:30:01 GMT
X-CDN: Imperva
X-Powered-By: ARR/3.0
Content-Type: text/html;charset=ISO-8859-1
Location: /preauth/web/service/login
$WSEP
Content-Language: en-US
X-Iinfo: 3-48552787-48547169 3NNN RT(1681363802126 99) q(0 0 0 -1) r(1 1) U11
Content-Length: 0

GET
H/1.1 200
OK primary-spinner.svg
digital.anz.co.nz/preauth/assets/images/svg/brand/ 522 B
669 B 302ms
103ms Image
image/svg+xml 45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digital.anz.co.nz/preauth/assets/images/svg/brand/primary-spinner.svg

Requested by

Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.160.117 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a2ecd495b2cb054b889984abb7f9602fd858d05608a5fd2efcbcd0b6b79b50a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 05:30:02 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 01 Mar 2023 22:10:26 GMT
X-CDN: Imperva
Etag: "9577fc79"
Content-Type: image/svg+xml
X-Iinfo: 8-41393629-0 0CNN RT(1681363802126 104) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1380, public
Content-Length: 265
Expires: Thu, 13 Apr 2023 05:53:02 GMT

GET
H/1.1 200
OK 140717-goMoney_login.jpg
digital.anz.co.nz/App_Themes/Common/Images/sidebar/ 16 KB
17 KB 305ms
106ms Image
image/jpeg 45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digital.anz.co.nz/App_Themes/Common/Images/sidebar/140717-goMoney_login.jpg

Requested by

Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.160.117 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e933d79c9c46b88f678fff582138d682bd48c30fc3d69d9a8fc599f56d8bff27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 05:30:02 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Tue, 11 Jul 2017 22:36:26 GMT
X-CDN: Imperva
Etag: "64f7f42196fad21:0"
Content-Type: image/jpeg
X-Iinfo: 2-30288407-30286565 2CNN RT(1681363802126 104) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=2425, public
Content-Length: 16665
Expires: Thu, 13 Apr 2023 06:10:27 GMT

GET
H/1.1

200
OK

https://digital.anz.co.nz/preauth/assets/core.print.css
https://digital.anz.co.nz/preauth/web/service/login

0
0

144ms
143ms

Stylesheet
text/html

45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://digital.anz.co.nz/preauth/web/service/login
Requested by: Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html
Protocol: HTTP/1.1
Server: 45.60.160.117 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rckik-opole.com.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Redirect headers

Strict-Transport-Security: max-age=31536000
Date: Thu, 13 Apr 2023 05:30:01 GMT
X-CDN: Imperva
X-Powered-By: ARR/3.0
Content-Type: text/html;charset=ISO-8859-1
Location: /preauth/web/service/login
$WSEP
Content-Language: en-US
Cache-Control: max-age=1800
X-Iinfo: 5-87693328-87666306 3NNN RT(1681363802046 201) q(0 0 0 -1) r(1 1) U11
Content-Length: 0
Expires: Thu, 13 Apr 2023 06:00:02 GMT

GET
H/1.1 200
OK logo-gradient.png
digital.anz.co.nz/preauth/assets/images/brand/ 11 KB
11 KB 303ms
99ms Image
image/png 45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digital.anz.co.nz/preauth/assets/images/brand/logo-gradient.png

Requested by

Host: digital.anz.co.nz
URL: https://digital.anz.co.nz/preauth/assets/core.nonresponsive.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.160.117 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

6b9c3e1cdac34aa860caabd9530a5376891b7a0bc6e56d73d2c7b52455316722

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://digital.anz.co.nz/preauth/assets/core.nonresponsive.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Thu, 13 Apr 2023 05:30:02 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 01 Mar 2023 22:10:26 GMT
X-CDN: Imperva
Etag: "ff95a247"
Content-Type: image/png
X-Iinfo: 8-41393630-0 0CNN RT(1681363802126 105) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1318, public
Content-Length: 11374
Expires: Thu, 13 Apr 2023 05:52:00 GMT

GET
DATA 200
OK truncated
/ 20 KB
20 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca56be0afd8ae811b855bffe503e095c0b6deb1b52d7a7d42d0b6e6624e8bc97

Request headers

Referer
Origin: https://www.rckik-opole.com.pl
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: font/opentype

GET proximanova-semibold-webfont.woff2
digital.anz.co.nz/preauth/assets/fonts/licenced/proxima-nova/ 0
0

GET anz-icons.woff
digital.anz.co.nz/preauth/assets/fonts/ 0
0

GET
DATA 200
OK truncated
/ 20 KB
20 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c48627cca0acac1bbb30401c842c8c0b31b2429575fa27daa6ffcdd64f2f7da2

Request headers

Referer
Origin: https://www.rckik-opole.com.pl
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H/1.1 200
OK anz_logo_gradient.svg Show response
digital.anz.co.nz/preauth/assets/images/svg/brand/ Frame 2ADD 5 KB
2 KB 166ms
100ms Document
image/svg+xml 45.60.160.117
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://digital.anz.co.nz/preauth/assets/images/svg/brand/anz_logo_gradient.svg

Requested by

Host: www.rckik-opole.com.pl
URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.160.117 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

c89404f1564e543aa95db072387fd1f3f84998b748be83af3e1df75910991925

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.rckik-opole.com.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Cache-Control: max-age=1304, public
Content-Encoding: gzip
Content-Length: 2108
Content-Type: image/svg+xml
Date: Thu, 13 Apr 2023 05:30:02 GMT
Etag: "8253ba66"
Expires: Thu, 13 Apr 2023 05:51:46 GMT
Last-Modified: Wed, 01 Mar 2023 22:10:26 GMT
Strict-Transport-Security: max-age=31536000
X-CDN: Imperva
X-Iinfo: 5-87693328-0 0CNN RT(1681363802046 98) q(0 -1 -1 -1) r(0 -1)

GET
DATA 200
OK truncated
/ 20 KB
20 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b461e8e2d58e6a5fceaa1146cc332688c484af9b331208480d25a4b1ebd2886

Request headers

Referer
Origin: https://www.rckik-opole.com.pl
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: font/opentype

GET
DATA 200
OK truncated
/ 20 KB
20 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: affe814530b0a75b0babdd571ffcd7ca1a3b5a1bc7ebe25f292d27f774df7281

Request headers

Referer
Origin: https://www.rckik-opole.com.pl
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: font/opentype

GET proximanova-semibold-webfont.woff
digital.anz.co.nz/preauth/assets/fonts/licenced/proxima-nova/ 0
0

GET anz-icons.ttf
digital.anz.co.nz/preauth/assets/fonts/ 0
0

GET proximanova-semibold-webfont.ttf
digital.anz.co.nz/preauth/assets/fonts/licenced/proxima-nova/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: digital.anz.co.nz
URL: https://digital.anz.co.nz/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.woff2

Domain: digital.anz.co.nz
URL: https://digital.anz.co.nz/preauth/assets/fonts/anz-icons.woff?88b0600a601495d043793b3d6c58d55c

Domain: digital.anz.co.nz
URL: https://digital.anz.co.nz/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.woff

Domain: digital.anz.co.nz
URL: https://digital.anz.co.nz/preauth/assets/fonts/anz-icons.ttf?88b0600a601495d043793b3d6c58d55c

Domain: digital.anz.co.nz
URL: https://digital.anz.co.nz/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ANZ Bank (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.anz.co.nz/	1969-12-31 23:59:59	Name: nlbi_2646974 Value: WsSTc8bg0xWwdrPPDGrZtAAAAADgdXaN65iRTjUlW/IMlXGF
.anz.co.nz/	1970-01-20 19:47:17	Name: visid_incap_2646974 Value: U4Ls3lMcSiGO+zMJcbS/x1iTN2QAAAAAQUIPAAAAAADjykB8jc8KXDzmlq31I/WN
.anz.co.nz/	1969-12-31 23:59:59	Name: incap_ses_435_2646974 Value: fPWJWC79cS2daqPsL3AJBlmTN2QAAAAA8YuowJSRrMio5sbR8XhQug==

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html Message: Access to font at 'https://digital.anz.co.nz/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.woff2' from origin 'https://www.rckik-opole.com.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://digital.anz.co.nz/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html Message: Access to font at 'https://digital.anz.co.nz/preauth/assets/fonts/anz-icons.woff?88b0600a601495d043793b3d6c58d55c' from origin 'https://www.rckik-opole.com.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://digital.anz.co.nz/preauth/assets/fonts/anz-icons.woff?88b0600a601495d043793b3d6c58d55c Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html Message: Access to font at 'https://digital.anz.co.nz/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.woff' from origin 'https://www.rckik-opole.com.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://digital.anz.co.nz/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html Message: Access to font at 'https://digital.anz.co.nz/preauth/assets/fonts/anz-icons.ttf?88b0600a601495d043793b3d6c58d55c' from origin 'https://www.rckik-opole.com.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://digital.anz.co.nz/preauth/assets/fonts/anz-icons.ttf?88b0600a601495d043793b3d6c58d55c Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.rckik-opole.com.pl/ftp1//App.anz.nz/login.html Message: Access to font at 'https://digital.anz.co.nz/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.ttf' from origin 'https://www.rckik-opole.com.pl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://digital.anz.co.nz/preauth/assets/fonts/licenced/proxima-nova/proximanova-semibold-webfont.ttf Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

digital.anz.co.nz
www.rckik-opole.com.pl
digital.anz.co.nz
45.60.160.117
46.242.130.89
033507aeefb0c4b634f96824777a8edf96ea06fb69f0aaac3f79fe00b37e9383
0aa257dd4f2480ac9580c8137d344623eafe2a78dab2c6169acf16cbdf3dcdce
17e96da79f2323235f310a4278daac62014f11aaf3cbfd38caaccbe128b99226
6b9c3e1cdac34aa860caabd9530a5376891b7a0bc6e56d73d2c7b52455316722
94d9d7a604727a6112f35f344d0190b2e86e0beb40c6a17644f0699e03361694
9b461e8e2d58e6a5fceaa1146cc332688c484af9b331208480d25a4b1ebd2886
a2ecd495b2cb054b889984abb7f9602fd858d05608a5fd2efcbcd0b6b79b50a7
affe814530b0a75b0babdd571ffcd7ca1a3b5a1bc7ebe25f292d27f774df7281
c48627cca0acac1bbb30401c842c8c0b31b2429575fa27daa6ffcdd64f2f7da2
c89404f1564e543aa95db072387fd1f3f84998b748be83af3e1df75910991925
ca56be0afd8ae811b855bffe503e095c0b6deb1b52d7a7d42d0b6e6624e8bc97
e0b1acb0e098f44401d9d89902d17604b0eeb90d9873398e89efaadb2f4e0b43
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e933d79c9c46b88f678fff582138d682bd48c30fc3d69d9a8fc599f56d8bff27

www.rckik-opole.com.pl Open in urlscan Pro 46.242.130.89 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

22 Requests

41 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

231 kBTransfer

397 kBSize

3 Cookies

10 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

3 Cookies

10 Console Messages

Security Headers

Indicators

www.rckik-opole.com.pl Open in urlscan Pro
46.242.130.89 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

41 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

231 kB
Transfer

397 kB
Size

3
Cookies

22 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!