sultanbala.com Open in urlscan Pro
92.205.5.199 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sultanbala.com/BNZ/log/index4.php
Submission: On May 07 via manual (May 7th 2023, 9:45:36 pm UTC) from AU — Scanned from FR

Summary HTTP 26 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 26 HTTP transactions. The main IP is 92.205.5.199, located in Strasbourg, France and belongs to GODADDY-SXB, DE. The main domain is sultanbala.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 17th 2023. Valid for: a year.

This is the only time sultanbala.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNZ Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
15	92.205.5.199 92.205.5.199	21499 (GODADDY-SXB) (GODADDY-SXB)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.229.133.221 192.229.133.221	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
2	23.36.162.212 23.36.162.212	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 4	23.36.163.225 23.36.163.225	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:6c0... 2a02:26f0:6c00::210:bb62	() ()
26	7

15 92.205.5.199 (Strasbourg, France)

ASN21499 (GODADDY-SXB, DE)
PTR: 199.5.205.92.host.secureserver.net

sultanbala.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.133.221 (United States)

ASN15133 (EDGECAST, US)

www.w3schools.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.36.162.212 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-212.deploy.static.akamaitechnologies.com

secure.bnz.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.36.163.225 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-163-225.deploy.static.akamaitechnologies.com

img1.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img6.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00::210:bb62 (None, )

ASN- ()

events.api.secureserver.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	sultanbala.com sultanbala.com	19 KB
4	wsimg.com 2 redirects img1.wsimg.com — Cisco Umbrella Rank: 8698 img6.wsimg.com — Cisco Umbrella Rank: 10653	20 KB
2	secureserver.net events.api.secureserver.net	582 B
2	bnz.co.nz secure.bnz.co.nz
2	w3schools.com www.w3schools.com — Cisco Umbrella Rank: 17108	6 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 200	82 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	1 KB
26	7

	Domain	Requested by
15	sultanbala.com	sultanbala.com
2	events.api.secureserver.net	img1.wsimg.com
2	img6.wsimg.com	sultanbala.com
2	img1.wsimg.com	2 redirects
2	secure.bnz.co.nz	sultanbala.com
2	www.w3schools.com	sultanbala.com
2	cdnjs.cloudflare.com	sultanbala.com cdnjs.cloudflare.com
1	fonts.googleapis.com	sultanbala.com
26	8

This site contains no links.

Subject Issuer	Validity	Valid
sultanbala.com Go Daddy Secure Certificate Authority - G2	`2023-02-17` - `2024-02-15`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.w3schools.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-04`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
bnz.co.nz Entrust Certification Authority - L1K	`2022-09-20` - `2023-10-20`	a year	crt.sh
*.api.secureserver.net Starfield Secure Certificate Authority - G2	`2022-08-05` - `2023-09-06`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://sultanbala.com/BNZ/log/index4.php
Frame ID: A01293ACBAD34D8DEA088DD516154D7F
Requests: 25 HTTP requests in this frame

Frame: https://secure.bnz.co.nz/pingfederate/idp/startSLO.ping?TargetResource=%2Fauth&InErrorResource=%2Fauth
Frame ID: 71CFB9B383766F8D3CC73AD22DDB50BF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BNZ LoginBNZ Logolocked

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

26
Requests

92 %
HTTPS

43 %
IPv6

7
Domains

8
Subdomains

7
IPs

3
Countries

128 kB
Transfer

276 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 302
https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js

Request Chain 13

https://img1.wsimg.com/traffic-assets/js/tccl-tti.min.js HTTP 302
https://img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js

26 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request index4.php Show response
sultanbala.com/BNZ/log/ 59 KB
11 KB 331ms
167ms Document
text/html 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: https://sultanbala.com/BNZ/log/index4.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: 199.5.205.92.host.secureserver.net
Software: Apache / PHP/7.4.33
Resource Hash: b50babfc8b0916f65c2cfdd7239af3a6b0e3f3b7d717dd084ec151b90d7edf97

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-length: 11461
content-type: text/html; charset=UTF-8
date: Sun, 07 May 2023 21:45:24 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

GET
H2 200 font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 37 KB
6 KB 65ms
24ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 21:45:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1739645
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5884
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-9226"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XwovJQR%2BZGfnLfCUulxEH2mwI4FT7TRTPmYmHYvClCUZYteVutx%2FuoZqbF4OHWmpQQH%2BxowmMEAotuCKFSNrVWX9fPeXCvCAw2%2FJ7UO%2FcC0Ooid3c51q6W%2Fanck4%2Bav9UO2nsMyWQsi7%2B%2BiG3Vac24ZC"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c3ca65a88e6d3d0-CDG
expires: Fri, 26 Apr 2024 21:45:24 GMT

GET
H2 200 w3.css
www.w3schools.com/w3css/4/ 23 KB
5 KB 101ms
18ms Stylesheet
text/css 192.229.133.221
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.w3schools.com/w3css/4/w3.css

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.133.221 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (pab/6F8A) / ASP.NET

Resource Hash

c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://mycourses.w3schools.com;
X-Content-Security-Policy	frame-ancestors 'self' https://mycourses.w3schools.com;

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
content-encoding: gzip
date: Sun, 07 May 2023 21:45:24 GMT
last-modified: Thu, 04 May 2023 11:40:36 GMT
server: ECS (pab/6F8A)
age: 5683
etag: "0d2fa3d7d7ed91:0+gzip"
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: public,max-age=14400,public
accept-ranges: bytes
content-length: 5256
x-content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;

GET
H2 200 w3-theme-blue-grey.css
www.w3schools.com/lib/ 1 KB
328 B 102ms
19ms Stylesheet
text/css 192.229.133.221
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.w3schools.com/lib/w3-theme-blue-grey.css

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.133.221 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (pab/6F8E) / ASP.NET

Resource Hash

041f63478b8bee8ae92c89b1effcedd80bebc4ca98e946c0e529d18b2b6a919e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://mycourses.w3schools.com;
X-Content-Security-Policy	frame-ancestors 'self' https://mycourses.w3schools.com;

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;
content-encoding: gzip
date: Sun, 07 May 2023 21:45:24 GMT
last-modified: Thu, 04 May 2023 11:40:36 GMT
server: ECS (pab/6F8E)
age: 8950
etag: "0d2fa3d7d7ed91:0+gzip"
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: public,max-age=14400,public
accept-ranges: bytes
content-length: 251
x-content-security-policy: frame-ancestors 'self' https://mycourses.w3schools.com;

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 92ms
34ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d265615b79f98fdfff370ea32da7b4b02317fc6017b898cfb9c657a65618ac07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 07 May 2023 21:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 07 May 2023 20:37:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 07 May 2023 21:45:24 GMT

GET
H2 404 ruxitagentjs_ICA27Vfqrux_10249220905100923.js
sultanbala.com/auth/ 0
0 1670ms
1669ms Script
text/html 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL

https://sultanbala.com/auth/ruxitagentjs_ICA27Vfqrux_10249220905100923.js

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),

Reverse DNS

199.5.205.92.host.secureserver.net

Software

Apache / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/BNZ/log/index4.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains;preload
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
date: Sun, 07 May 2023 21:45:24 GMT
content-encoding: br
x-powered-by: PHP/7.4.33
content-length: 24583
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://sultanbala.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 serrano.css
sultanbala.com/BNZ/log/css/ 2 KB
525 B 29ms
28ms Stylesheet
text/css 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: https://sultanbala.com/BNZ/log/css/serrano.css
Requested by: Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: 199.5.205.92.host.secureserver.net
Software: Apache /
Resource Hash: f8260d7d44cfb1f8029f9a65067d76476106c2dbf95aab7673a51198ca6b9659

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/BNZ/log/index4.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 21:45:24 GMT
content-encoding: br
last-modified: Mon, 27 Mar 2023 00:48:23 GMT
server: Apache
etag: "294215f-976-5f7d7199863c0-br"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 432

GET
H2 404 7e214e99
secure.bnz.co.nz/akam/13/ 0
0 655ms
29ms Script
text/html 23.36.162.212
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bnz.co.nz/akam/13/7e214e99

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.212 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-212.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 21:45:27 GMT
strict-transport-security: max-age=15768000
akamai-grn: 0.d4d5ce17.1683495927.dc6d05d
content-length: 9
content-type: text/html

GET
H2 200 captcha.png
sultanbala.com/BNZ/log/ 6 KB
6 KB 29ms
27ms Image
image/png 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sultanbala.com/BNZ/log/captcha.png
Requested by: Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: 199.5.205.92.host.secureserver.net
Software: Apache /
Resource Hash: 49c97bbd20684dba4b1a0028b9e4af96c69bc329e9d3c353e83142ba68abc48e

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/BNZ/log/index4.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 21:45:26 GMT
last-modified: Mon, 27 Mar 2023 00:48:15 GMT
server: Apache
accept-ranges: bytes
etag: "294216b-18bb-5f7d7191e51c0"
content-length: 6331
content-type: image/png

GET
H2 200 captcha.php
sultanbala.com/BNZ/log/ 308 B
362 B 117ms
116ms Image
image/png 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sultanbala.com/BNZ/log/captcha.php
Requested by: Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: 199.5.205.92.host.secureserver.net
Software: Apache / PHP/7.4.33
Resource Hash: 3308e22e5699877a748e46ff7d4ee1236c5f760e9db056b28a35f6ea86d310df

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/BNZ/log/index4.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 07 May 2023 21:45:26 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
content-type: image/png
cache-control: no-cache, must-revalidate
content-length: 310
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 404 2.0ebac605.chunk.js
sultanbala.com/auth/static/js/ 0
0 2419ms
2419ms Script
text/html 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL

https://sultanbala.com/auth/static/js/2.0ebac605.chunk.js

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),

Reverse DNS

199.5.205.92.host.secureserver.net

Software

Apache / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/BNZ/log/index4.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains;preload
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
date: Sun, 07 May 2023 21:45:24 GMT
content-encoding: br
x-powered-by: PHP/7.4.33
content-length: 24561
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://sultanbala.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 503 main.eb7b1489.chunk.js
sultanbala.com/auth/static/js/ 0
0 2907ms
2907ms Script
text/html 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: https://sultanbala.com/auth/static/js/main.eb7b1489.chunk.js
Requested by: Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: 199.5.205.92.host.secureserver.net
Software: Apache /
Resource Hash

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/BNZ/log/index4.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 21:45:26 GMT
server: Apache
content-length: 428
content-type: text/html; charset=iso-8859-1

GET
H2 503 xPHlwB
sultanbala.com/jFPXjHF0Gfcg/8HSpwjX-CL/2C/u5Y3LLhp/OXl6GHI5AQ/PWowfC/ 0
0 1990ms
1988ms Script
text/html 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: https://sultanbala.com/jFPXjHF0Gfcg/8HSpwjX-CL/2C/u5Y3LLhp/OXl6GHI5AQ/PWowfC/xPHlwB
Requested by: Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: 199.5.205.92.host.secureserver.net
Software: Apache /
Resource Hash

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/BNZ/log/index4.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 21:45:26 GMT
server: Apache
content-length: 428
content-type: text/html; charset=iso-8859-1

GET
H2

200

tccl.min.js Show response
img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/
Redirect Chain

https://img1.wsimg.com/traffic-assets/js/tccl.min.js
https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js

45 KB
12 KB

35ms
27ms

Script
application/javascript

23.36.163.225
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js
Requested by: Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php
Protocol: H2
Server: 23.36.163.225 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-225.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d10c120206d25caa3deafc45a0ed90f2a6ce5290402c4502a68d95bcaeaa898b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: sTnOEJpl_Bn63xNm3Yru0HbQaHbS55CR
content-encoding: br
date: Sun, 07 May 2023 21:45:26 GMT
x-amz-request-id: FH0P3E93SF8PA32Y
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467637_388276677_245256812_13_1196_23_0";dur=1
content-length: 11347
x-amz-id-2: vfCRznBpTwUzsQTqqHQrPBdgJL8bd9m6fgJ2RsnQ7TUvg/tSMOpz6ogFdrj21JebiN+bK0g/VZM=
last-modified: Tue, 29 Nov 2022 21:26:18 GMT
etag: "5c3e20ad749ddb088afc84b1b7ff009e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

location: https://img6.wsimg.com/wrhs/5c3e20ad749ddb088afc84b1b7ff009e/tccl.min.js
access-control-allow-origin: *
date: Sun, 07 May 2023 21:45:26 GMT
cache-control: max-age=1800
timing-allow-origin: *
content-length: 0
expires: Sun, 07 May 2023 22:15:26 GMT

GET
H2

200

tti.min.js Show response
img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/
Redirect Chain

https://img1.wsimg.com/traffic-assets/js/tccl-tti.min.js
https://img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js

24 KB
8 KB

38ms
31ms

Script
application/javascript

23.36.163.225
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js
Requested by: Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php
Protocol: H2
Server: 23.36.163.225 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-225.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6e74c12390bdb48bf5b0bb295ceed4f68add11467d2472d983a42e3023ecf312

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 357
x-amz-version-id: F4fYptXBkP0fCCCWFLfVGE1HXlZmORny
content-encoding: br
unused62: 8096267
date: Sun, 07 May 2023 21:45:26 GMT
x-amz-request-id: RJ3J3PMANG6125DE
x-edgeconnect-midmile-rtt: 8
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467637_388276677_245256814_130_923_23_0";dur=1
content-length: 7498
x-amz-id-2: nldPfdb2FYbpxPRfMYRSd83AOL7ZmlBdZQSm5hguJELKdfn8+sza0oLEpTYjiKd2JeD3gDplFHw=
last-modified: Mon, 17 Jan 2022 17:21:37 GMT
etag: "ce554d2333f3801abafb32da18213ff7"
x-edgeconnect-cache-status: 1
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

Redirect headers

location: https://img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js
access-control-allow-origin: *
date: Sun, 07 May 2023 21:45:26 GMT
cache-control: max-age=1800
timing-allow-origin: *
content-length: 0
expires: Sun, 07 May 2023 22:15:26 GMT

GET
H2 404 3.6ca2a99c.chunk.js
sultanbala.com/auth/static/js/ 0
0 4332ms
4331ms Other
text/html 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL

https://sultanbala.com/auth/static/js/3.6ca2a99c.chunk.js

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),

Reverse DNS

199.5.205.92.host.secureserver.net

Software

Apache / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/BNZ/log/index4.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains;preload
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
date: Sun, 07 May 2023 21:45:26 GMT
content-encoding: br
x-powered-by: PHP/7.4.33
content-length: 24561
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://sultanbala.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 503 4.bb624667.chunk.js
sultanbala.com/auth/static/js/ 0
0 2953ms
2953ms Other
text/html 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: https://sultanbala.com/auth/static/js/4.bb624667.chunk.js
Requested by: Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: 199.5.205.92.host.secureserver.net
Software: Apache /
Resource Hash

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/BNZ/log/index4.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 21:45:26 GMT
server: Apache
content-length: 428
content-type: text/html; charset=iso-8859-1

GET
H2 404 5.c5c9bca4.chunk.js
sultanbala.com/auth/static/js/ 0
0 4591ms
4590ms Other
text/html 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL

https://sultanbala.com/auth/static/js/5.c5c9bca4.chunk.js

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),

Reverse DNS

199.5.205.92.host.secureserver.net

Software

Apache / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/BNZ/log/index4.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains;preload
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
date: Sun, 07 May 2023 21:45:26 GMT
content-encoding: br
x-powered-by: PHP/7.4.33
content-length: 24561
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://sultanbala.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 startSLO.ping
secure.bnz.co.nz/pingfederate/idp/ Frame 71CF 0
0 992ms
369ms Document
text/html 23.36.162.212
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bnz.co.nz/pingfederate/idp/startSLO.ping?TargetResource=%2Fauth&InErrorResource=%2Fauth

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/index4.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.212 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-212.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sultanbala.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

akamai-grn: 0.d4d5ce17.1683495927.dc6d05c
cache-control: no-cache, no-store
content-encoding: gzip
content-length: 1219
content-type: text/html;charset=utf-8
date: Sun, 07 May 2023 21:45:27 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server-timing: dtRpid;desc="-1315733025", dtSInfo;desc="0"
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-akamai-transformed: 9 1757 0 pmb=mTOE,3
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-oneagent-js-injection: true
x-xss-protection: 1; mode=block

GET
H2 503 SerranoWeb-Bold.woff2
sultanbala.com/BNZ/log/css/fonts/ 0
0 1995ms
1994ms Font
text/html 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: https://sultanbala.com/BNZ/log/css/fonts/SerranoWeb-Bold.woff2?v=1c25c2c065
Requested by: Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/css/serrano.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: 199.5.205.92.host.secureserver.net
Software: Apache /
Resource Hash

Request headers

Referer: https://sultanbala.com/BNZ/log/css/serrano.css
Origin: https://sultanbala.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 21:45:26 GMT
server: Apache
content-length: 428
content-type: text/html; charset=iso-8859-1

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 47ms
24ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Origin: https://sultanbala.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 07 May 2023 21:45:26 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5152741
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xEHz%2BXuK33ZYCueLmoIPPqRLipj0OzMVN2kh1DK1l712gzIzjiVmgGTWIb0tpycTiY%2B%2FxzHytSjxsjkKF7pv1YamQknn2XDdYAHffeaMw%2BIREJOKuSTNihhfTHQEQzJGjdMBngB3LGNbYthxDTxUJHrh"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c3ca664fc002a5e-CDG
expires: Fri, 26 Apr 2024 21:45:26 GMT

GET
H2 404 SerranoWeb-Regular.woff2
sultanbala.com/BNZ/log/css/fonts/ 0
0 4727ms
4726ms Font
text/html 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL

https://sultanbala.com/BNZ/log/css/fonts/SerranoWeb-Regular.woff2?v=5b6826770c

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/css/serrano.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),

Reverse DNS

199.5.205.92.host.secureserver.net

Software

Apache / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sultanbala.com/BNZ/log/css/serrano.css
Origin: https://sultanbala.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains;preload
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
date: Sun, 07 May 2023 21:45:26 GMT
content-encoding: br
x-powered-by: PHP/7.4.33
content-length: 24585
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://sultanbala.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 SerranoWeb-Bold.woff
sultanbala.com/BNZ/log/css/fonts/ 0
0 5509ms
5509ms Font
text/html 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL

https://sultanbala.com/BNZ/log/css/fonts/SerranoWeb-Bold.woff?v=76b2d97853

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/css/serrano.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),

Reverse DNS

199.5.205.92.host.secureserver.net

Software

Apache / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sultanbala.com/BNZ/log/css/serrano.css
Origin: https://sultanbala.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains;preload
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
date: Sun, 07 May 2023 21:45:28 GMT
content-encoding: br
x-powered-by: PHP/7.4.33
content-length: 24583
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://sultanbala.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 SerranoWeb-Regular.woff
sultanbala.com/BNZ/log/css/fonts/ 0
0 4399ms
4398ms Font
text/html 92.205.5.199
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL

https://sultanbala.com/BNZ/log/css/fonts/SerranoWeb-Regular.woff?v=f376ea958d

Requested by

Host: sultanbala.com
URL: https://sultanbala.com/BNZ/log/css/serrano.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.205.5.199 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),

Reverse DNS

199.5.205.92.host.secureserver.net

Software

Apache / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sultanbala.com/BNZ/log/css/serrano.css
Origin: https://sultanbala.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains;preload
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
date: Sun, 07 May 2023 21:45:31 GMT
content-encoding: br
x-powered-by: PHP/7.4.33
content-length: 24585
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://sultanbala.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 event Show response
events.api.secureserver.net/t/1/tl/ 43 B
291 B 215ms
126ms XHR
image/gif 2a02:26f0:6c00::210:bb62

General

Check archive.org

Show headers Download Go to

Full URL

https://events.api.secureserver.net/t/1/tl/event?cts=1683495929427&dh=sultanbala.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F113.0.5672.63%20Safari%2F537.36&vci=1730314678&cv=2.0.1&z=1125860809&vg=09bd7afb-8dbc-5166-8f12-5d01c907cd6f&vtg=09bd7afb-8dbc-5166-8f12-5d01c907cd6f&dp=%2FBNZ%2Flog%2Findex4.php&ap=cpbh-mt&trfd=%7B%22ap%22%3A%22cpbh-mt%22%2C%22server%22%3A%22p3plmcpnl486260%22%2C%22dcenter%22%3A%22p3%22%2C%22id%22%3A%228179984%22%7D&hit_id=eebec36f-fef2-55f7-919a-9a357bac2c9a&ht=pageview

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl-tti.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00::210:bb62 -, , ASN (),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
date: Sun, 07 May 2023 21:45:35 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/gif
access-control-allow-origin: https://sultanbala.com
cache-control: private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 43
x-xss-protection: 1; mode=block

GET
H2 200 event Show response
events.api.secureserver.net/t/1/tl/ 43 B
291 B 204ms
119ms XHR
image/gif 2a02:26f0:6c00::210:bb62

General

Check archive.org

Show headers Download Go to

Full URL

https://events.api.secureserver.net/t/1/tl/event?cts=1683495935652&dh=sultanbala.com&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F113.0.5672.63%20Safari%2F537.36&vci=1730314678&cv=2.0.1&z=855902777&vg=09bd7afb-8dbc-5166-8f12-5d01c907cd6f&vtg=09bd7afb-8dbc-5166-8f12-5d01c907cd6f&dp=%2FBNZ%2Flog%2Findex4.php&ap=cpbh-mt&trfd=%7B%22ap%22%3A%22cpbh-mt%22%2C%22server%22%3A%22p3plmcpnl486260%22%2C%22dcenter%22%3A%22p3%22%2C%22id%22%3A%228179984%22%7D&hit_id=fbccde40-068a-5c36-9200-96625349695c&ht=perf&tce=1683495924668&tcs=1683495924608&tdc=1683495935647&tdclee=1683495929437&tdcles=1683495929437&tdi=1683495929437&tdl=1683495924838&tdle=1683495924608&tdls=1683495924505&tfs=1683495924504&tns=1683495924504&trqs=1683495924668&tre=1683495924836&trps=1683495924835&tles=1683495935647&tlee=0&nt=navigate&lcp=2054&nav_type=hard

Requested by

Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl-tti.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00::210:bb62 -, , ASN (),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sultanbala.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
date: Sun, 07 May 2023 21:45:35 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/gif
access-control-allow-origin: https://sultanbala.com
cache-control: private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 43
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNZ Bank (Banking)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sultanbala.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 77a0f1aded1d4218fa2ea83df26d6728
.sultanbala.com/	1970-01-20 20:23:51	Name: _tccl_visitor Value: 09bd7afb-8dbc-5166-8f12-5d01c907cd6f
.sultanbala.com/	1970-01-20 11:38:17	Name: _tccl_visit Value: 09bd7afb-8dbc-5166-8f12-5d01c907cd6f

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sultanbala.com/auth/ruxitagentjs_ICA27Vfqrux_10249220905100923.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://sultanbala.com/BNZ/log/index4.php Message: Refused to execute script from 'https://sultanbala.com/auth/ruxitagentjs_ICA27Vfqrux_10249220905100923.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://secure.bnz.co.nz/akam/13/7e214e99 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sultanbala.com/auth/static/js/2.0ebac605.chunk.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://sultanbala.com/BNZ/log/index4.php Message: Refused to execute script from 'https://sultanbala.com/auth/static/js/2.0ebac605.chunk.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://secure.bnz.co.nz/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
network	error	URL: https://sultanbala.com/jFPXjHF0Gfcg/8HSpwjX-CL/2C/u5Y3LLhp/OXl6GHI5AQ/PWowfC/xPHlwB Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://sultanbala.com/BNZ/log/css/fonts/SerranoWeb-Bold.woff2?v=1c25c2c065 Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://sultanbala.com/auth/static/js/main.eb7b1489.chunk.js Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://sultanbala.com/auth/static/js/4.bb624667.chunk.js Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://sultanbala.com/auth/static/js/3.6ca2a99c.chunk.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sultanbala.com/auth/static/js/5.c5c9bca4.chunk.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sultanbala.com/BNZ/log/css/fonts/SerranoWeb-Regular.woff2?v=5b6826770c Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sultanbala.com/BNZ/log/css/fonts/SerranoWeb-Bold.woff?v=76b2d97853 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sultanbala.com/BNZ/log/css/fonts/SerranoWeb-Regular.woff?v=f376ea958d Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
events.api.secureserver.net
fonts.googleapis.com
img1.wsimg.com
img6.wsimg.com
secure.bnz.co.nz
sultanbala.com
www.w3schools.com
192.229.133.221
23.36.162.212
23.36.163.225
2606:4700::6811:180e
2a00:1450:4001:82f::200a
2a02:26f0:6c00::210:bb62
92.205.5.199
041f63478b8bee8ae92c89b1effcedd80bebc4ca98e946c0e529d18b2b6a919e
3308e22e5699877a748e46ff7d4ee1236c5f760e9db056b28a35f6ea86d310df
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
49c97bbd20684dba4b1a0028b9e4af96c69bc329e9d3c353e83142ba68abc48e
6e74c12390bdb48bf5b0bb295ceed4f68add11467d2472d983a42e3023ecf312
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b50babfc8b0916f65c2cfdd7239af3a6b0e3f3b7d717dd084ec151b90d7edf97
c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5
d10c120206d25caa3deafc45a0ed90f2a6ce5290402c4502a68d95bcaeaa898b
d265615b79f98fdfff370ea32da7b4b02317fc6017b898cfb9c657a65618ac07
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
f8260d7d44cfb1f8029f9a65067d76476106c2dbf95aab7673a51198ca6b9659

sultanbala.com Open in urlscan Pro 92.205.5.199 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

26 Requests

92 %HTTPS

43 %IPv6

7 Domains

8 Subdomains

7 IPs

3 Countries

128 kBTransfer

276 kBSize

3 Cookies

0 Outgoing links

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

3 Cookies

sultanbala.com Open in urlscan Pro
92.205.5.199 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

92 %
HTTPS

43 %
IPv6

7
Domains

8
Subdomains

7
IPs

3
Countries

128 kB
Transfer

276 kB
Size

3
Cookies

26 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!