urlscan.io logo urlscan.io
SecurityTrails logo

kulissekoeln.de Open in urlscan Pro
134.119.0.121  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://maroc-bricolage.com/wp-includes/system/database/anz/wp-supprt.php
Effective URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Submission: On September 27 via manual from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 3 countries across 9 domains to perform 43 HTTP transactions. The main IP is 134.119.0.121, located in Cologne, Germany and belongs to GD-EMEA-DC-CGN1, DE. The main domain is kulissekoeln.de.
This is the only time kulissekoeln.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ANZ Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 159.89.107.0 14061 (DIGITALOC...)
3 134.119.0.121 34011 (GD-EMEA-D...)
18 45.60.126.46 19551 (INCAPSULA)
4 54.66.24.156 16509 (AMAZON-02)
3 54.253.232.35 16509 (AMAZON-02)
2 3.24.252.36 16509 (AMAZON-02)
1 3 54.213.162.191 16509 (AMAZON-02)
1 63.140.36.103 ()
1 42.99.140.208 ()
43 10
1    159.89.107.0 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: plesk.i2advert.com
maroc-bricolage.com
3    134.119.0.121 (Cologne, Germany)

ASN34011 (GD-EMEA-DC-CGN1, DE)
PTR: ms10988.ispgateway.de
kulissekoeln.de
18    45.60.126.46 (United States)

ASN19551 (INCAPSULA, US)
www.anz.com
4    54.66.24.156 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-66-24-156.ap-southeast-2.compute.amazonaws.com
mstcl3.anz.com
3    54.253.232.35 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-253-232-35.ap-southeast-2.compute.amazonaws.com
ctmdx.anz.com
2    3.24.252.36 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-24-252-36.ap-southeast-2.compute.amazonaws.com
waf1x.anz.com
3    54.213.162.191 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-213-162-191.us-west-2.compute.amazonaws.com
dpm.demdex.net
1    63.140.36.103 (None, )

ASN- ()
info.anz.com
1    42.99.140.208 (None, )

ASN- ()
fast.anz.demdex.net
Domain Requested by
18 www.anz.com kulissekoeln.de
www.anz.com
4 mstcl3.anz.com kulissekoeln.de
3 dpm.demdex.net 1 redirects kulissekoeln.de
www.anz.com
3 ctmdx.anz.com kulissekoeln.de
3 kulissekoeln.de kulissekoeln.de
www.anz.com
2 waf1x.anz.com kulissekoeln.de
1 fast.anz.demdex.net www.anz.com
1 info.anz.com www.anz.com
1 maroc-bricolage.com
0 anz.demdex.net Failed kulissekoeln.de
0 3636033.fls.doubleclick.net Failed kulissekoeln.de
0 googleads.g.doubleclick.net Failed kulissekoeln.de
0 www.path-logic.com Failed kulissekoeln.de
0 www.google-analytics.com Failed kulissekoeln.de
0 cm.everesttech.net Failed kulissekoeln.de
0 australianewzealandb.tt.omtrdc.net Failed www.anz.com
43 16

This site contains no links.

Subject Issuer Validity Valid
maroc-bricolage.com
R3		 2022-08-27 -
2022-11-25		 3 months crt.sh
www.anz.com
DigiCert Global CA G2		 2022-08-09 -
2023-08-08		 a year crt.sh
mstcl3.anz.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-07 -
2023-01-06		 a year crt.sh
ctmdx.anz.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-07 -
2023-01-06		 a year crt.sh
waf1x.anz.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-07 -
2023-01-06		 a year crt.sh

This page contains 4 frames:

Primary Page: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Frame ID: B60448F6B44970B6BFFA1FF2080FBBD5
Requests: 40 HTTP requests in this frame

Frame: http://fast.anz.demdex.net/dest5.html?d_nsid=0
Frame ID: CCCD4F7D13544334646B7005B20C9EA6
Requests: 1 HTTP requests in this frame

Frame: https://3636033.fls.doubleclick.net/activityi;src=3636033;type=globa0;cat=anz-s0;ord=1503793596497.517933;u2=IBlogonaustralia;u5=httpswww.anz.comINETBANKlogin.asp
Frame ID: 8FC11C13EEF7B3348A658686E334EE26
Requests: 1 HTTP requests in this frame

Frame: https://anz.demdex.net/dest5.html?d_nsid=0
Frame ID: 303A49195A7771DF6F6DBCEEDC2870DD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ANZ Internet BankingANZ Internet Banking - Logon

Page URL History Show full URLs

  1. https://maroc-bricolage.com/wp-includes/system/database/anz/wp-supprt.php Page URL
  2. http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

43
Requests

56 %
HTTPS

0 %
IPv6

9
Domains

16
Subdomains

10
IPs

3
Countries

435 kB
Transfer

1024 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://maroc-bricolage.com/wp-includes/system/database/anz/wp-supprt.php Page URL
  2. http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21
  • http://www.anz.com/resources/4/d/4d3722f8-c86f-4e15-b530-1320e0688e0d/1/IB-logon-480x150-silver.jpg HTTP 307
  • https://www.anz.com/resources/4/d/4d3722f8-c86f-4e15-b530-1320e0688e0d/1/IB-logon-480x150-silver.jpg
Request Chain 27
  • http://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67A216D751E567B20A490D4C%40AdobeOrg&d_nsid=0&ts=1664320077110 HTTP 302
  • http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67A216D751E567B20A490D4C%40AdobeOrg&d_nsid=0&ts=1664320077110
Request Chain 34
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js

43 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
wp-supprt.php
maroc-bricolage.com/wp-includes/system/database/anz/ 		114 B
330 B 		Document
General
Check archive.org
Download Go to
Full URL
https://maroc-bricolage.com/wp-includes/system/database/anz/wp-supprt.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.89.107.0 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
plesk.i2advert.com
Software
nginx / PHP/7.4.30 PleskLin
Resource Hash
16ca738560ba594f0c53abee681d2d42a5fa73992b27557cec9fef33e1f9b637

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
gzip
content-length
126
content-type
text/html; charset=UTF-8
date
Tue, 27 Sep 2022 23:07:53 GMT
referrer-policy
no-referrer-when-downgrade
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/7.4.30 PleskLin
Primary Request INETBANKbankmain.htm
kulissekoeln.de/wp-includes/star/verify/ 		25 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
HTTP/1.1
Server
134.119.0.121 Cologne, Germany, ASN34011 (GD-EMEA-DC-CGN1, DE),
Reverse DNS
ms10988.ispgateway.de
Software
nginx /
Resource Hash
ed4f7817728fd8f20774b6b0149e4094e6b4222979509c8cb3cdb07e82fe87ae

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 27 Sep 2022 23:07:54 GMT
ETag
W/"6580-5e98b45a94380"
Last-Modified
Mon, 26 Sep 2022 02:27:42 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Cache-Status
BYPASS
layout.css
www.anz.com/common/css/new/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/common/css/new/layout.css
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
98a299c5cefb80b69d58f78e07f90d886d092dd9e8b0da3bacf4c418e47e9c28
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2011 13:22:42 GMT
x-cdn
Imperva
age
86, 203
etag
"4e1f4d9c"
vary
Accept-Encoding
content-type
text/css
x-iinfo
7-17140873-0 0cNN RT(1664320074590 103) q(0 -1 -1 0) r(0 -1)
cache-control
max-age=60, public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
2050
visuals.css
www.anz.com/common/css/new/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/common/css/new/visuals.css
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
ad3056d218034b8c81557d352b9aeec4d91a646f2cab0fc2fba22c6464b8313d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2011 13:22:43 GMT
x-cdn
Imperva
age
85, 203
etag
"974ac4a8"
vary
Accept-Encoding
content-type
text/css
x-iinfo
7-17140873-0 0cNN RT(1664320074590 104) q(0 -1 -1 2) r(0 -1)
cache-control
max-age=60, public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
1209
rhn.css
www.anz.com/common/css/new/ 		7 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/common/css/new/rhn.css
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
586ae06139b280e9907e7b38a8e34de1b99257b0b700a1fd8d78a9e52fa84a66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2011 13:22:42 GMT
x-cdn
Imperva
age
85, 203
etag
"1521e2fc"
vary
Accept-Encoding
content-type
text/css
x-iinfo
7-17140873-0 0cNN RT(1664320074590 106) q(0 -1 -1 2) r(0 -1)
cache-control
max-age=60, public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
2219
tertiaryNav.css
www.anz.com/common/navbar/aus/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/common/navbar/aus/css/tertiaryNav.css
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f1bd6e8c19005aedcba8418aa9a75c44b4de7749af7fb5322576bf6579ed68bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2011 13:23:03 GMT
x-cdn
Imperva
age
85, 203
etag
"10996beb"
vary
Accept-Encoding
content-type
text/css
x-iinfo
7-17140873-0 0cNN RT(1664320074590 108) q(0 -1 -1 2) r(1 -1)
cache-control
max-age=60, public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
1020
assembly.js
mstcl3.anz.com/947684/ 		65 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mstcl3.anz.com/947684/assembly.js
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.66.24.156 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-66-24-156.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
0f2bb8b5f16eda673b2f3834e6d08adde669ee2651e140aa7665c0c4a133b2ef
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Sep 2022 23:07:55 GMT
content-encoding
gzip
server
haile
strict-transport-security
max-age=86400
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
content-type
application/x-javascript
pics-label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
QAW.js
ctmdx.anz.com/947684/ 		65 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ctmdx.anz.com/947684/QAW.js
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.253.232.35 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-253-232-35.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
fe063faa7a40e2b80fbaaba303ec98522e13c8856e92fb02a6b7b4c2328cc8fd
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Sep 2022 23:07:55 GMT
content-encoding
gzip
server
haile
strict-transport-security
max-age=86400
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
content-type
application/x-javascript
pics-label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Lrt.js
waf1x.anz.com/inetbank1/ 		96 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://waf1x.anz.com/inetbank1/Lrt.js
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.24.252.36 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-24-252-36.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
7f850bb4d9c33d441364e2133894bd308dc03f9cba09b616cc43b1a35e62b1aa
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Sep 2022 23:07:55 GMT
content-encoding
gzip
server
haile
strict-transport-security
max-age=86400
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
content-type
application/x-javascript
pics-label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
uHDqs
ctmdx.anz.com/947684/ 		0
435 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ctmdx.anz.com/947684/uHDqs?d=JTVCJTdCJTIyaWQlMjIlM0ElMjI0JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMnMlMjIlM0ElMjIlN0I0RkY0QzU3My00QTYwLTQzQzgtQjgxRS1FNkI3MDcyQ0FBMjIlN0QlMjIlN0QlN0QlNUQ%3D&cid=4&si=2&e=https%3A%2F%2Fwww.anz.com&LSESSIONID=jLd1p6Ae4IMkdS6BJhoh2TsMp%2F2SpX7YUki3EXavFtPX08UvP8d35cyjf26U3Y8KR0KXH6AhhBgaKlmTfQ%3D%3D&t=jsonp&c=aym_sgpdblxbviud&eu=https%3A%2F%2Fwww.anz.com%2FINETBANK%2Flogin.asp
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.253.232.35 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-253-232-35.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Sep 2022 23:07:55 GMT
server
haile
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
expires
0
cache-control
no-cache, no-store, must-revalidate
content-type
text/html
content-length
0
pics-label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
ofs
mstcl3.anz.com/947684/mga/ 		0
435 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mstcl3.anz.com/947684/mga/ofs?si=0&e=https%3A%2F%2Fwww.anz.com&LSESSIONID=jLd1p6Ae4IMkdS6BJhoh2TsMp%2F2SpX7YUki3EXavFtPX08UvP8d35cyjf26U3Y8KR0KXH6AhhBgaKlmTfQ%3D%3D&t=jsonp&c=svuxoeozlybaszbl&eu=https%3A%2F%2Fwww.anz.com%2FINETBANK%2Flogin.asp
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.66.24.156 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-66-24-156.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Sep 2022 23:07:55 GMT
server
haile
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
expires
0
cache-control
no-cache, no-store, must-revalidate
content-type
text/html
content-length
0
pics-label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
ofs
mstcl3.anz.com/947684/mga/ 		0
434 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mstcl3.anz.com/947684/mga/ofs?si=0&e=https%3A%2F%2Fwww.anz.com&LSESSIONID=jLd1p6Ae4IMkdS6BJhoh2TsMp%2F2SpX7YUki3EXavFtPX08UvP8d35cyjf26U3Y8KR0KXH6AhhBgaKlmTfQ%3D%3D&t=jsonp&c=vdcetcwl_gpxva_s&eu=https%3A%2F%2Fwww.anz.com%2FINETBANK%2Flogin.asp
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.66.24.156 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-66-24-156.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 27 Sep 2022 23:07:55 GMT
server
haile
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
expires
0
cache-control
no-cache, no-store, must-revalidate
content-type
text/html
content-length
0
pics-label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
ib_responsive_header.css
www.anz.com/common/header/css/ 		317 B
658 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/common/header/css/ib_responsive_header.css
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
0dd99c576da8fd309dd2767acd0e2ada15f4c368c62b4c184e3182d9d83f25ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
content-encoding
gzip
last-modified
Fri, 23 Oct 2015 19:29:40 GMT
x-cdn
Imperva
age
38
etag
"58830aed"
vary
Accept-Encoding
content-type
text/css
x-iinfo
7-17140873-17139934 2CNN RT(1664320074590 111) q(0 0 0 3) r(0 0) U18
cache-control
max-age=60, public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
285
ib_logon_responsive_latest.css
www.anz.com/inetbank/css/ 		14 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/inetbank/css/ib_logon_responsive_latest.css
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5fdf14cc0c2a8a0be8e3cba6595bd4a684a414642d309187feab201e4eaedcbe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
content-encoding
gzip
last-modified
Fri, 15 Sep 2017 22:26:32 GMT
x-cdn
Imperva
age
38
etag
"bb9857b6"
vary
Accept-Encoding
access-control-allow-methods
POST,GET,OPTIONS
content-type
text/css
access-control-allow-origin
https://mstcl3.anz.com
x-iinfo
7-17140873-17139579 2CNN RT(1664320074590 115) q(0 0 0 0) r(0 0) U18
cache-control
max-age=60, public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
4117
bootstrap.css
www.anz.com/inetbank/css/ 		55 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/inetbank/css/bootstrap.css
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
a03cfc909a94860249580d7a8dc567ccae48252e8f6316b6b846b9338e565729
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
content-encoding
gzip
last-modified
Fri, 23 Oct 2015 19:29:29 GMT
x-cdn
Imperva
age
38
etag
"ab4dc498"
vary
Accept-Encoding
access-control-allow-methods
POST,GET,OPTIONS
content-type
text/css
access-control-allow-origin
https://mstcl3.anz.com
x-iinfo
7-17140873-17138470 2CNN RT(1664320074590 116) q(0 0 0 0) r(0 0) U18
cache-control
max-age=60, public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
12745
ANZ-logo.png
www.anz.com/common/header/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.anz.com/common/header/images/ANZ-logo.png
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5883670c91bc904352d1885f1d36b74b5eb8511118e17be4304f96300f591fa8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
last-modified
Fri, 23 Oct 2015 19:29:40 GMT
x-cdn
Imperva
age
2, 47
etag
"ebb41c33"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
x-iinfo
7-17140873-0 0CNN RT(1664320074590 315) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=60, public
accept-ranges
bytes
content-length
9118
ib_responsive_footer.css
www.anz.com/common/footer/css/ 		434 B
537 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/common/footer/css/ib_responsive_footer.css
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
1c01aafd0d1e8f724d75cd3770d3c3c3ba6d843564c874724eb8f60435cce32a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:55 GMT
content-encoding
gzip
last-modified
Fri, 23 Oct 2015 19:29:41 GMT
x-cdn
Imperva
age
39
etag
"e21b2b9d"
vary
Accept-Encoding
content-type
text/css
x-iinfo
7-17140873-17139579 2CNN RT(1664320074590 304) q(0 0 0 -1) r(0 0) U18
cache-control
max-age=60, public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
384
supertag.js
www.anz.com/auxiliary/supertag/ 		216 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/auxiliary/supertag/supertag.js?subtype=javascript&_dc=3002772017
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
6d4ebadb43d8a600a46bb2687b690efffd1315b62a53a5f9311030d8cc597ba9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
content-encoding
gzip
last-modified
Wed, 03 Mar 2021 04:45:26 GMT
x-cdn
Imperva
age
31
etag
"13318334"
vary
Accept-Encoding
content-type
application/javascript
x-iinfo
7-17140873-17138470 2CNN RT(1664320074590 307) q(0 0 0 -1) r(1 1) U18
cache-control
max-age=60, public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
87451
supertag-code-v54.js
www.anz.com/auxiliary/supertag/ 		182 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/auxiliary/supertag/supertag-code-v54.js
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
90c69fe03785db2368e83653344f592f475199f8556bf3dc1c60d91e0a153394
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:55 GMT
content-encoding
gzip
last-modified
Mon, 07 Aug 2017 02:25:42 GMT
x-cdn
Imperva
age
30
etag
"d0bdde93"
vary
Accept-Encoding
content-type
application/javascript
x-iinfo
7-17140873-17138491 2CNN RT(1664320074590 309) q(0 1 1 -1) r(1 1) U18
cache-control
max-age=60, public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
71498
common_all.js
www.anz.com/inetbank/banklink/ 		3 KB
934 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/inetbank/banklink/common_all.js
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
3fc5efbbff0c23d2ebc03f0c6d88f00be46c8604f7df8a60b5dbdbf0a36ce97e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
content-encoding
gzip
last-modified
Tue, 02 Aug 2005 07:11:00 GMT
x-cdn
Imperva
age
6582, 1
etag
"25869a3c"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
POST,GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
https://mstcl3.anz.com
x-iinfo
7-17140873-17139579 2CNN RT(1664320074590 311) q(0 0 0 -1) r(0 0)
cache-control
max-age=60, public
access-control-allow-credentials
true
accept-ranges
bytes
content-length
772
logon.js
www.anz.com/inetbank/banklink/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/inetbank/banklink/logon.js
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
869ae45682fd31741899ac791d90ff9e0ff194d311d85f6bad698216b040288c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-cdn
Imperva
age
1
x-iinfo
7-17140873-17130462 2CNN RT(1664320074590 312) q(0 0 0 -1) r(0 0)
content-length
3610
last-modified
Fri, 24 Feb 2012 11:27:17 GMT
etag
"68f174db"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
POST,GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
https://mstcl3.anz.com
cache-control
max-age=60, public
access-control-allow-credentials
true
accept-ranges
bytes
srlogon.js
www.anz.com/inetbank/banklink/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/inetbank/banklink/srlogon.js
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f5652adf22bc6c18da97da8a28bfa637ffd2c8b5bed78665c3281140919a9667
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
content-encoding
gzip
vary
Accept-Encoding
x-cdn
Imperva
age
1
x-iinfo
7-17140873-17138490 2CNN RT(1664320074590 313) q(0 0 0 -1) r(0 0)
content-length
2406
last-modified
Thu, 17 Aug 2006 06:25:00 GMT
etag
"46265bfa"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
POST,GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
https://mstcl3.anz.com
cache-control
max-age=60, public
access-control-allow-credentials
true
accept-ranges
bytes
IB-logon-480x150-silver.jpg
www.anz.com/resources/4/d/4d3722f8-c86f-4e15-b530-1320e0688e0d/1/
Redirect Chain
  • http://www.anz.com/resources/4/d/4d3722f8-c86f-4e15-b530-1320e0688e0d/1/IB-logon-480x150-silver.jpg
  • https://www.anz.com/resources/4/d/4d3722f8-c86f-4e15-b530-1320e0688e0d/1/IB-logon-480x150-silver.jpg
23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.anz.com/resources/4/d/4d3722f8-c86f-4e15-b530-1320e0688e0d/1/IB-logon-480x150-silver.jpg
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
66cb2cd1427792795a161b768c7b549ee054b8d5fb00559411ab78aa9fc82e78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:55 GMT
last-modified
Mon, 31 Jul 2017 04:22:36 GMT
x-cdn
Imperva
age
7
etag
"f990ba2f"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/jpeg
x-iinfo
7-17140873-17139579 2CNN RT(1664320074590 318) q(0 0 0 -1) r(0 0) U18
cache-control
max-age=60, public
accept-ranges
bytes
content-length
23133

Redirect headers

Location
https://www.anz.com/resources/4/d/4d3722f8-c86f-4e15-b530-1320e0688e0d/1/IB-logon-480x150-silver.jpg
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
print.css
www.anz.com/common/css/new/ 		575 B
535 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.anz.com/common/css/new/print.css
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
c9cd8082491ed5e3025515383fe7b48e01a20e23ebd3f7c32b272e41b3321a02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:54 GMT
content-encoding
gzip
last-modified
Tue, 30 Sep 2008 11:08:19 GMT
x-cdn
Imperva
age
85, 203
etag
"26015b5b"
vary
Accept-Encoding
content-type
text/css
x-iinfo
7-17140873-0 0cNN RT(1664320074590 317) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=60, public
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
405
assembly.js
mstcl3.anz.com/947684/ 		65 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mstcl3.anz.com/947684/assembly.js
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
HTTP/1.1
Server
54.66.24.156 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-66-24-156.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
962751ef4090132e85646053b79e47a4b5bc946732d371f36399df241dd51fea
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Sep 2022 23:07:55 GMT
Content-Encoding
gzip
Server
haile
Strict-Transport-Security
max-age=86400
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control
no-cache, no-store, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/x-javascript
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
QAW.js
ctmdx.anz.com/947684/ 		65 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ctmdx.anz.com/947684/QAW.js
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
HTTP/1.1
Server
54.253.232.35 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-253-232-35.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
54647d978b4db0838e84759cd86c76354aaa72c618ee23df7c2c5712ad0c89ec
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Sep 2022 23:07:55 GMT
Content-Encoding
gzip
Server
haile
Strict-Transport-Security
max-age=86400
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control
no-cache, no-store, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/x-javascript
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Lrt.js
waf1x.anz.com/inetbank1/ 		96 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://waf1x.anz.com/inetbank1/Lrt.js
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
HTTP/1.1
Server
3.24.252.36 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-24-252-36.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
161d40076a5fb613b813f98f053927bc0b949a4f2b942a442eb3fdbeb9a17aaf
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 27 Sep 2022 23:07:55 GMT
Content-Encoding
gzip
Server
haile
Strict-Transport-Security
max-age=86400
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control
no-cache, no-store, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/x-javascript
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
supertag.js
kulissekoeln.de/auxiliary/supertag/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://kulissekoeln.de/auxiliary/supertag/supertag.js?subtype=javascript&_dc=10232782022
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
HTTP/1.1
Server
134.119.0.121 Cologne, Germany, ASN34011 (GD-EMEA-DC-CGN1, DE),
Reverse DNS
ms10988.ispgateway.de
Software
nginx /
Resource Hash

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Tue, 27 Sep 2022 23:07:56 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Transfer-Encoding
chunked
Connection
keep-alive
Link
<http://kulissekoeln.de/wp-json/>; rel="https://api.w.org/"
Expires
Wed, 11 Jan 1984 05:00:00 GMT
rd
dpm.demdex.net/id/
Redirect Chain
  • http://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67A216D751E567B20A490D4C%40AdobeOrg&d_nsid=0&ts=1664320077110
  • http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67A216D751E567B20A490D4C%40AdobeOrg&d_nsid=0&ts=1664320077110
110 B
717 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67A216D751E567B20A490D4C%40AdobeOrg&d_nsid=0&ts=1664320077110
Requested by
Host: kulissekoeln.de
URL: http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
Protocol
HTTP/1.1
Server
54.213.162.191 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-162-191.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
165a21e984e417cd8ebf2c48f14d1e1640d49500e8a8107e303877aba51a9283

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v039-087a8a060.edge-usw2.demdex.com 0 ms
Pragma
no-cache
content-encoding
gzip
X-Error
172
X-TID
BtKN5LsTSnM=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
http://kulissekoeln.de
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
123
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-usw2-1-v039-05af80350.edge-usw2.demdex.com 0 ms
Pragma
no-cache
Access-Control-Allow-Origin
http://kulissekoeln.de
X-TID
gJd/mPQDQLI=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=67A216D751E567B20A490D4C%40AdobeOrg&d_nsid=0&ts=1664320077110
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
supertag-code-v59.js
kulissekoeln.de/auxiliary/supertag/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://kulissekoeln.de/auxiliary/supertag/supertag-code-v59.js
Requested by
Host: www.anz.com
URL: https://www.anz.com/auxiliary/supertag/supertag.js?subtype=javascript&_dc=3002772017
Protocol
HTTP/1.1
Server
134.119.0.121 Cologne, Germany, ASN34011 (GD-EMEA-DC-CGN1, DE),
Reverse DNS
ms10988.ispgateway.de
Software
nginx /
Resource Hash

Request headers

accept-language
en-AU,en;q=0.9
Referer
http://kulissekoeln.de/wp-includes/star/verify/INETBANKbankmain.htm
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Tue, 27 Sep 2022 23:07:58 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Transfer-Encoding
chunked
Connection
keep-alive
Link
<http://kulissekoeln.de/wp-json/>; rel="https://api.w.org/"
Expires
Wed, 11 Jan 1984 05:00:00 GMT
id
info.anz.com/ 		48 B
819 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://info.anz.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=67A216D751E567B20A490D4C%40AdobeOrg&ts=1664320077943
Requested by
Host: www.anz.com
URL: https://www.anz.com/auxiliary/supertag/supertag.js?subtype=javascript&_dc=3002772017
Protocol
HTTP/1.1
Server
63.140.36.103 -, , ASN (),
Reverse DNS
Software
jag /
Resource Hash
07925a871e572d369594040a9c748f61f0dd8e7f622e3fd8cef8febb7ecfb604
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://kulissekoeln.de/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 27 Sep 2022 23:07:58 GMT
x-content-type-options
nosniff
server
jag
vary
Origin
p3p
CP="This is not a P3P policy"
access-control-allow-origin
http://kulissekoeln.de
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
id
dpm.demdex.net/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=67A216D751E567B20A490D4C%40AdobeOrg&d_nsid=0&d_mid=79897862585640090363600936530969635828&ts=1664320078498
Requested by
Host: www.anz.com
URL: https://www.anz.com/auxiliary/supertag/supertag.js?subtype=javascript&_dc=3002772017
Protocol
HTTP/1.1
Server
54.213.162.191 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-213-162-191.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
a5d4c1e36514e686cc533a89b4a1e72d829055e33cd9cb1b892bd467a2819304

Request headers

Referer
http://kulissekoeln.de/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-usw2-1-v039-05a4089a6.edge-usw2.demdex.com 2 ms
Pragma
no-cache
content-encoding
gzip
X-TID
Rz+WWNCOSOM=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
http://kulissekoeln.de
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
556
Expires
Thu, 01 Jan 1970 00:00:00 UTC
json
australianewzealandb.tt.omtrdc.net/m2/australianewzealandb/mbox/ 		0
0
dest5.html
fast.anz.demdex.net/ Frame CCCD 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://fast.anz.demdex.net/dest5.html?d_nsid=0
Requested by
Host: www.anz.com
URL: https://www.anz.com/auxiliary/supertag/supertag.js?subtype=javascript&_dc=3002772017
Protocol
HTTP/1.1
Server
42.99.140.208 -, , ASN (),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Request headers

Referer
http://kulissekoeln.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Connection
keep-alive
Content-Encoding
gzip
Content-Length
2785
Content-Type
text/html
Date
Tue, 27 Sep 2022 23:07:59 GMT
ETag
"2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified
Mon, 03 Feb 2020 17:27:06 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Server
AkamaiNetStorage
Vary
Accept-Encoding
dd
cm.everesttech.net/cm/ 		0
0
analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
0
0
cc
www.path-logic.com/v4.0/840608/ 		0
0
icon-sprite.png
www.anz.com/inetbank5/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.anz.com/inetbank5/images/icon-sprite.png
Requested by
Host: www.anz.com
URL: https://www.anz.com/inetbank/css/ib_logon_responsive_latest.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
8386da17dbd5b25d5510f0d58b663b5c31e15d93531caa44029b63b5ecb2d687
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.anz.com/inetbank/css/ib_logon_responsive_latest.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:58 GMT
last-modified
Fri, 23 Oct 2015 19:29:30 GMT
x-cdn
Imperva
age
11
etag
"22d3f2ce"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
POST,GET,OPTIONS
content-type
image/png
access-control-allow-origin
https://mstcl3.anz.com
x-iinfo
7-17140873-17138490 2CNN RT(1664320074590 4124) q(0 0 0 -1) r(0 0) U18
cache-control
max-age=60, public
accept-ranges
bytes
content-length
2331
icon-sprite.png
www.anz.com/inetbank/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.anz.com/inetbank/images/icon-sprite.png
Requested by
Host: www.anz.com
URL: https://www.anz.com/inetbank/css/ib_logon_responsive_latest.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.126.46 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
8386da17dbd5b25d5510f0d58b663b5c31e15d93531caa44029b63b5ecb2d687
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.anz.com/inetbank/css/ib_logon_responsive_latest.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Tue, 27 Sep 2022 23:07:59 GMT
last-modified
Fri, 23 Oct 2015 19:29:35 GMT
x-cdn
Imperva
age
12
etag
"22d3f2ce"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
POST,GET,OPTIONS
content-type
image/png
access-control-allow-origin
https://mstcl3.anz.com
x-iinfo
7-17140873-17130462 2CNN RT(1664320074590 4126) q(0 0 0 -1) r(0 0) U18
cache-control
max-age=60, public
accept-ranges
bytes
content-length
2331
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1049917176/ 		0
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/962627931/ 		0
0
activityi;src=3636033;type=globa0;cat=anz-s0;ord=1503793596497.517933;u2=IBlogonaustralia;u5=httpswww.anz.comINETBANKlogin.asp
3636033.fls.doubleclick.net/ Frame 8FC1 		0
0
dest5.html
anz.demdex.net/ Frame 303A 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
australianewzealandb.tt.omtrdc.net
URL
https://australianewzealandb.tt.omtrdc.net/m2/australianewzealandb/mbox/json?screenHeight=1200&screenWidth=1600&colorDepth=24&browserWidth=1600&browserHeight=1200&browserTimeOffset=0&mboxPage=d4ef0b5a53e84d14936abcd37ac00693&mboxVersion=0.9.3&mboxHost=kulissekoeln.de&mboxURL=http%3A%2F%2Fkulissekoeln.de%2Fwp-includes%2Fstar%2Fverify%2FINETBANKbankmain.htm&mboxReferrer=&mboxSession=1d39fdf57e8347ee9cc7199d3b0703c4&mboxPC=&mboxTime=1664320078779&mbox=target-global-mbox&mboxCount=1&mboxMCGVID=79897862585640090363600936530969635828&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCAVID=&mboxMCGLH=9&vst.trk=info.anz.com&vst.trks=infos.anz.com&mboxMCSDID=11C983196395BB46-01266F40CA77B951
Domain
cm.everesttech.net
URL
http://cm.everesttech.net/cm/dd?d_uuid=79753182092433143623582175208578719490
Domain
www.google-analytics.com
URL
https://www.google-analytics.com/analytics.js
Domain
www.path-logic.com
URL
https://www.path-logic.com/v4.0/840608/cc?params=4Mjz1CLR2tPGT2WqqOqPYTJajB%2FQaISJxco1xYzVYxIrCKTXcHyHFRaOGIPAa0aFIPSuwKy20dvD1SaEPqhnliIG%2BaIdpE1QdqXB7lu2%2FKl5wqiKYo5RVS%2F6ocMatIWZ9XtOyTNXmCRJ8hl%2BLGOdvV55Jn8VeHqyTjZTAMIG
Domain
googleads.g.doubleclick.net
URL
http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1049917176/?value=0&guid=ON&script=0
Domain
googleads.g.doubleclick.net
URL
http://googleads.g.doubleclick.net/pagead/viewthroughconversion/962627931/?value=0&guid=ON&script=0
Domain
3636033.fls.doubleclick.net
URL
https://3636033.fls.doubleclick.net/activityi;src=3636033;type=globa0;cat=anz-s0;ord=1503793596497.517933;u2=IBlogonaustralia;u5=httpswww.anz.comINETBANKlogin.asp
Domain
anz.demdex.net
URL
https://anz.demdex.net/dest5.html?d_nsid=0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ANZ Bank (Banking)

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| RedirectParent function| OpenIBWindow function| openPopupWindow function| openPopupLocator function| loadIntoOpener string| strLanguage string| strCountry object| superT_dcd object| ___sc947684 object| ___so947684 number| CLIWHIT string| PSESSIONID string| SSESSIONID string| LSESSIONID object| __tp number| __gt object| launchLib object| sC object| nT string| sP undefined| force object| visitorObjectConfig undefined| domainSplit object| visitor function| fireViewStart function| fireViewEnd function| fireActionTrigger function| fireViewBottom object| superT object| digitalData function| Visitor object| s_c_il number| s_c_in object| adobe function| mboxDefine function| mboxUpdate function| mboxCreate string| file

5 Cookies

Domain/Path Name / Value
.anz.com/ Name: visid_incap_1967394
Value: xrlTlSnCTWuVcTTfnJ1tikqCM2MAAAAAQUIPAAAAAADVjbNgENFk+pZLdcNjWMF2
.anz.com/ Name: incap_ses_808_1967394
Value: IgECVi/a+zHhgtpu65g2C0qCM2MAAAAAUOmoQcXGJKVCuKMNLB7CMA==
kulissekoeln.de/ Name: LSESSIONID
Value: eyJpIjoiSlZtVDk2cW5VaWg3NGNScUdGOGdcL3c9PSIsImUiOiJ6OHc0a1R4R09kRjFuVnlMdERRTHBmbCtaQ0pHTTJuekg2Y09RTVVTRCtxdmI5azRydmF4UnBpMkJnQXorbjQ4SENucFo3T0lCXC9sRUI4NndNZ1JsRmhKXC9CMFZPOUlaTmxzd1BMeUNwVDBCbEt2bDJHYlJnOFhFQjhLbThLTHg2MnRzTW5iK2JSaXorQ3lRY1UzMjZKZz09In0%3D.d2b82fe0cd64f14b.YWQwOTJiM2Y3YWFlODQ0YzlhOGIxMmM2ZGE0NTkyMTg2MjJhM2ExNTA3YTRkMGY4OGRlMjNhOTRiOTAxMmY2Yg%3D%3D
kulissekoeln.de/ Name: AMCV_67A216D751E567B20A490D4C%40AdobeOrg
Value: -330454231%7CMCIDTS%7C19263%7CvVersion%7C3.1.2
kulissekoeln.de/ Name: mbox
Value: session#1d39fdf57e8347ee9cc7199d3b0703c4#1664321938

2 Console Messages

Source Level URL
Text
network error URL: http://kulissekoeln.de/auxiliary/supertag/supertag.js?subtype=javascript&_dc=10232782022
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: http://kulissekoeln.de/auxiliary/supertag/supertag-code-v59.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3636033.fls.doubleclick.net
anz.demdex.net
australianewzealandb.tt.omtrdc.net
cm.everesttech.net
ctmdx.anz.com
dpm.demdex.net
fast.anz.demdex.net
googleads.g.doubleclick.net
info.anz.com
kulissekoeln.de
maroc-bricolage.com
mstcl3.anz.com
waf1x.anz.com
www.anz.com
www.google-analytics.com
www.path-logic.com
3636033.fls.doubleclick.net
anz.demdex.net
australianewzealandb.tt.omtrdc.net
cm.everesttech.net
googleads.g.doubleclick.net
www.google-analytics.com
www.path-logic.com
134.119.0.121
159.89.107.0
3.24.252.36
42.99.140.208
45.60.126.46
54.213.162.191
54.253.232.35
54.66.24.156
63.140.36.103
07925a871e572d369594040a9c748f61f0dd8e7f622e3fd8cef8febb7ecfb604
0dd99c576da8fd309dd2767acd0e2ada15f4c368c62b4c184e3182d9d83f25ca
0f2bb8b5f16eda673b2f3834e6d08adde669ee2651e140aa7665c0c4a133b2ef
161d40076a5fb613b813f98f053927bc0b949a4f2b942a442eb3fdbeb9a17aaf
165a21e984e417cd8ebf2c48f14d1e1640d49500e8a8107e303877aba51a9283
16ca738560ba594f0c53abee681d2d42a5fa73992b27557cec9fef33e1f9b637
1c01aafd0d1e8f724d75cd3770d3c3c3ba6d843564c874724eb8f60435cce32a
3fc5efbbff0c23d2ebc03f0c6d88f00be46c8604f7df8a60b5dbdbf0a36ce97e
54647d978b4db0838e84759cd86c76354aaa72c618ee23df7c2c5712ad0c89ec
586ae06139b280e9907e7b38a8e34de1b99257b0b700a1fd8d78a9e52fa84a66
5883670c91bc904352d1885f1d36b74b5eb8511118e17be4304f96300f591fa8
5fdf14cc0c2a8a0be8e3cba6595bd4a684a414642d309187feab201e4eaedcbe
66cb2cd1427792795a161b768c7b549ee054b8d5fb00559411ab78aa9fc82e78
6d4ebadb43d8a600a46bb2687b690efffd1315b62a53a5f9311030d8cc597ba9
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7f850bb4d9c33d441364e2133894bd308dc03f9cba09b616cc43b1a35e62b1aa
8386da17dbd5b25d5510f0d58b663b5c31e15d93531caa44029b63b5ecb2d687
869ae45682fd31741899ac791d90ff9e0ff194d311d85f6bad698216b040288c
90c69fe03785db2368e83653344f592f475199f8556bf3dc1c60d91e0a153394
962751ef4090132e85646053b79e47a4b5bc946732d371f36399df241dd51fea
98a299c5cefb80b69d58f78e07f90d886d092dd9e8b0da3bacf4c418e47e9c28
a03cfc909a94860249580d7a8dc567ccae48252e8f6316b6b846b9338e565729
a5d4c1e36514e686cc533a89b4a1e72d829055e33cd9cb1b892bd467a2819304
ad3056d218034b8c81557d352b9aeec4d91a646f2cab0fc2fba22c6464b8313d
c9cd8082491ed5e3025515383fe7b48e01a20e23ebd3f7c32b272e41b3321a02
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed4f7817728fd8f20774b6b0149e4094e6b4222979509c8cb3cdb07e82fe87ae
f1bd6e8c19005aedcba8418aa9a75c44b4de7749af7fb5322576bf6579ed68bd
f5652adf22bc6c18da97da8a28bfa637ffd2c8b5bed78665c3281140919a9667
fe063faa7a40e2b80fbaaba303ec98522e13c8856e92fb02a6b7b4c2328cc8fd