urlscan.io logo urlscan.io
SecurityTrails logo

www.bpoint.com.au Open in urlscan Pro
203.195.127.34  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://onlinebilling.energyaustralia.com.au/
Effective URL: https://www.bpoint.com.au/payments/EnergyAustralia
Submission: On February 02 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 20 HTTP transactions. The main IP is 203.195.127.34, located in Australia and belongs to PREMIERTECH-AU Premier Technologies Pty Ltd, AU. The main domain is www.bpoint.com.au.
TLS certificate: Issued by Entrust Certification Authority - L1M on January 26th 2022. Valid for: a year.
This is the only time www.bpoint.com.au was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Energy Australia (Utility)

Domain & IP information

IP Address AS Autonomous System
1 1 223.27.176.174 7474 (OPTUSCOM-...)
1 1 104.111.241.249 16625 (AKAMAI-AS)
20 203.195.127.34 38859 (PREMIERTE...)
20 1
Domain Requested by
20 www.bpoint.com.au www.bpoint.com.au
1 www.energyaustralia.com.au 1 redirects
1 onlinebilling.energyaustralia.com.au 1 redirects
20 3

This site contains links to these domains. Also see Links.

Domain
www.energyaustralia.com.au
www.commbank.com.au
Subject Issuer Validity Valid
www.bpoint.com.au
Entrust Certification Authority - L1M		 2022-01-26 -
2023-01-27		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.bpoint.com.au/payments/EnergyAustralia
Frame ID: F6047CEAEEC20D40B5CA07C1A60DF5D8
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Make a payment

Page URL History Show full URLs

  1. https://onlinebilling.energyaustralia.com.au/ HTTP 301
    https://www.energyaustralia.com.au/upgrade-my-account HTTP 301
    https://www.bpoint.com.au/payments/EnergyAustralia Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

1
IPs

2
Countries

103 kB
Transfer

213 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://onlinebilling.energyaustralia.com.au/ HTTP 301
    https://www.energyaustralia.com.au/upgrade-my-account HTTP 301
    https://www.bpoint.com.au/payments/EnergyAustralia Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request EnergyAustralia
www.bpoint.com.au/payments/
Redirect Chain
  • https://onlinebilling.energyaustralia.com.au/
  • https://www.energyaustralia.com.au/upgrade-my-account
  • https://www.bpoint.com.au/payments/EnergyAustralia
9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bpoint.com.au/payments/EnergyAustralia
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
603de44cd2a1ac892d20be8de0113a60803b9d21d92d150e743cf2fe67970523
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Cache-Control
private,no-store,no-cache,must-revalidate,proxy-revalidate
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Date
Wed, 02 Feb 2022 05:18:57 GMT
Content-Length
3131
Strict-Transport-Security
max-age=15552000; includeSubDomains

Redirect headers

content-type
text/html; charset=UTF-8
content-length
31970
x-content-type-options
nosniff
x-redirect-id
10826
location
https://www.bpoint.com.au/payments/EnergyAustralia
x-ua-compatible
IE=edge
content-language
en
x-frame-options
SAMEORIGIN
permissions-policy
interest-cohort=()
x-analytics-tracking
off
vary
x-analytics-tracking,X-Auth
x-varnish
16978320 17336973
cache-tags
HIT
x-powered-by
EnergyAustralia
x-xss-protection
1;mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
cache-control
max-age=0
expires
Wed, 02 Feb 2022 05:18:57 GMT
date
Wed, 02 Feb 2022 05:18:57 GMT
referrer-policy
same-origin
server
Energy Australia
legacystaticstyles_base.css
www.bpoint.com.au/payments/Views/Base/DefaultViews/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bpoint.com.au/payments/Views/Base/DefaultViews/legacystaticstyles_base.css?v=1643732723
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/EnergyAustralia
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
87161780623279db2ad19c81f8743f024e459cff5c4e02c83be8234e2f6a656f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/EnergyAustralia
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 15 Nov 2021 03:47:36 GMT
ETag
"03c2e87d3d9d71:0"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:58 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Accept-Ranges
bytes
Content-Length
1308
X-XSS-Protection
1; mode=block
legacystaticstyles.css
www.bpoint.com.au/payments/Views/Bpoint/DefaultViews/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bpoint.com.au/payments/Views/Bpoint/DefaultViews/legacystaticstyles.css?v=1643732723
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/EnergyAustralia
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
2b39ea3bbf453383e5ba682ebe5816825f4105dfaef263e7548b11e90ec25e16
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/EnergyAustralia
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 15 Nov 2021 03:47:37 GMT
ETag
"c2371488d3d9d71:0"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:58 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Accept-Ranges
bytes
Content-Length
629
X-XSS-Protection
1; mode=block
staticstyles_base.css
www.bpoint.com.au/payments/Views/Base/DefaultViews/ 		14 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bpoint.com.au/payments/Views/Base/DefaultViews/staticstyles_base.css?v=1643732723
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/EnergyAustralia
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
3b2cc2a57284cd84bfb46528e6f0a07e9452e4dd80910167672f7b88e44137c2
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/EnergyAustralia
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 15 Nov 2021 03:47:37 GMT
ETag
"80d2c687d3d9d71:0"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:58 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Accept-Ranges
bytes
Content-Length
2861
X-XSS-Protection
1; mode=block
staticstyles.css
www.bpoint.com.au/payments/Views/Bpoint/DefaultViews/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bpoint.com.au/payments/Views/Bpoint/DefaultViews/staticstyles.css?v=1643732723
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/EnergyAustralia
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
16d040e9d3a98799914960b9bb49fea345dc9101dcd7aa95222d8e5cea95d3cf
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/EnergyAustralia
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 15 Nov 2021 03:47:37 GMT
ETag
"80d2c687d3d9d71:0"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:58 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Accept-Ranges
bytes
Content-Length
1844
X-XSS-Protection
1; mode=block
style.css
www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/style.css
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/EnergyAustralia
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
4169d263b91793c4182f3397d1f72a0a01d8470b4107a059935b0e950d9098ea
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/EnergyAustralia
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 24 Feb 2017 04:09:13 GMT
ETag
"9960ffc1538ed21:0"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:58 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Accept-Ranges
bytes
Content-Length
990
X-XSS-Protection
1; mode=block
jquery-3.5.1.min.js
www.bpoint.com.au/payments/Scripts/jquery/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bpoint.com.au/payments/Scripts/jquery/jquery-3.5.1.min.js
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/EnergyAustralia
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/EnergyAustralia
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 29 Oct 2021 05:06:23 GMT
ETag
"8071abb782ccd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:58 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Accept-Ranges
bytes
Content-Length
30981
X-XSS-Protection
1; mode=block
ui.tools.min.js
www.bpoint.com.au/payments/Scripts/ 		915 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bpoint.com.au/payments/Scripts/ui.tools.min.js
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/EnergyAustralia
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
d3cfaf28e6c871bf342177f023618baa2d2d8b8ccc9795e98672a70c7e866ae9
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/EnergyAustralia
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 29 Oct 2021 05:06:23 GMT
ETag
"3a681cb882ccd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:58 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Accept-Ranges
bytes
Content-Length
604
X-XSS-Protection
1; mode=block
layout-helper.js
www.bpoint.com.au/payments/Views/Base/DefaultViews/scripts/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bpoint.com.au/payments/Views/Base/DefaultViews/scripts/layout-helper.js?v=1643732723
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/EnergyAustralia
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
5935720db76cc59cce2b4c1e6f7afd762df8b0616f525abcb3c30520b571848a
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/EnergyAustralia
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 15 Nov 2021 03:47:25 GMT
ETag
"80c49f80d3d9d71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:58 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Accept-Ranges
bytes
Content-Length
2052
X-XSS-Protection
1; mode=block
payment.js
www.bpoint.com.au/payments/Views/Base/DefaultViews/scripts/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bpoint.com.au/payments/Views/Base/DefaultViews/scripts/payment.js?v=1643732723
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/EnergyAustralia
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
ab5ed61f171ca6d2dbfd05eb73f19da0ff9ebc0c76b2defe6573ca2c117eec0c
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/EnergyAustralia
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 15 Nov 2021 03:47:28 GMT
ETag
"0886982d3d9d71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:58 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Accept-Ranges
bytes
Content-Length
2214
X-XSS-Protection
1; mode=block
clientjs.min.js
www.bpoint.com.au/payments/Scripts/ 		46 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bpoint.com.au/payments/Scripts/clientjs.min.js
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/EnergyAustralia
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
591c48a161f91ce005b11fa41df8645cff1859ae842c615dbcf929cd8ee108f8
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/EnergyAustralia
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 29 Oct 2021 05:06:23 GMT
ETag
"8071abb782ccd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:58 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Accept-Ranges
bytes
Content-Length
16758
X-XSS-Protection
1; mode=block
logon_body_bck.png
www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/ 		720 B
720 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/logon_body_bck.png
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
5cbdd88035fee489d39fa5c6937fb51ee91bf10d24a49e034af26c70d0dd1b1b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
X-Content-Type-Options
nosniff
Date
Wed, 02 Feb 2022 05:18:59 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
text/html
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Content-Length
720
X-XSS-Protection
1; mode=block
page_left_shadow.gif
www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/ 		720 B
720 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/page_left_shadow.gif
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
5cbdd88035fee489d39fa5c6937fb51ee91bf10d24a49e034af26c70d0dd1b1b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
X-Content-Type-Options
nosniff
Date
Wed, 02 Feb 2022 05:18:59 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
text/html
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Content-Length
720
X-XSS-Protection
1; mode=block
BPOINT-EA-LOGO-5.png
www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/BPOINT-EA-LOGO-5.png
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
d7454c6b6486e85005d371f2f9fcd33cb078cd3864cd9733a3346bcfd82e60b9
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
X-Content-Type-Options
nosniff
Last-Modified
Fri, 24 Feb 2017 04:06:54 GMT
ETag
"f48e3b6f538ed21:0"
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
image/png
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:59 GMT
Accept-Ranges
bytes
Content-Length
10318
X-XSS-Protection
1; mode=block
bpoint_login_bck.png
www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/ 		720 B
720 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/bpoint_login_bck.png
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
5cbdd88035fee489d39fa5c6937fb51ee91bf10d24a49e034af26c70d0dd1b1b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
X-Content-Type-Options
nosniff
Date
Wed, 02 Feb 2022 05:18:59 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
text/html
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Content-Length
720
X-XSS-Protection
1; mode=block
page_right_shadow.gif
www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/ 		720 B
720 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/page_right_shadow.gif
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
5cbdd88035fee489d39fa5c6937fb51ee91bf10d24a49e034af26c70d0dd1b1b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
X-Content-Type-Options
nosniff
Date
Wed, 02 Feb 2022 05:18:59 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
text/html
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Content-Length
720
X-XSS-Protection
1; mode=block
bpoint_consumer_footer_logo.png
www.bpoint.com.au/payments/Views/Bpoint/DefaultViews/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bpoint.com.au/payments/Views/Bpoint/DefaultViews/images/bpoint_consumer_footer_logo.png
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/Views/Bpoint/DefaultViews/staticstyles.css?v=1643732723
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
69314b5fb987ecdbdc8df4bab01d2b146beac851215be3f094e2c4512127c138
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/Views/Bpoint/DefaultViews/staticstyles.css?v=1643732723
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
X-Content-Type-Options
nosniff
Last-Modified
Fri, 29 Oct 2021 05:06:24 GMT
ETag
"f2d35fb882ccd71:0"
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
image/png
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:59 GMT
Accept-Ranges
bytes
Content-Length
1589
X-XSS-Protection
1; mode=block
icon_help.png
www.bpoint.com.au/payments/Views/Base/DefaultViews/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bpoint.com.au/payments/Views/Base/DefaultViews/images/icon_help.png
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/Views/Base/DefaultViews/staticstyles_base.css?v=1643732723
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
e8d482e9f652cd2e5180c09c8961bbe6ea3972c8307755e3ebdeb7cc8bf8a118
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/Views/Base/DefaultViews/staticstyles_base.css?v=1643732723
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
X-Content-Type-Options
nosniff
Last-Modified
Fri, 29 Oct 2021 05:06:23 GMT
ETag
"7ed935b882ccd71:0"
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
image/png
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:59 GMT
Accept-Ranges
bytes
Content-Length
3424
X-XSS-Protection
1; mode=block
cardlogos.jpg
www.bpoint.com.au/payments/Views/Base/DefaultViews/images/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bpoint.com.au/payments/Views/Base/DefaultViews/images/cardlogos.jpg
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/Views/Base/DefaultViews/staticstyles_base.css?v=1643732723
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
753a7067027af8d95537762b0d08826a61c80ca8c3e268df39a146ef2994b400
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.bpoint.com.au/payments/Views/Base/DefaultViews/staticstyles_base.css?v=1643732723
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
X-Content-Type-Options
nosniff
Last-Modified
Fri, 29 Oct 2021 05:06:23 GMT
ETag
"c67a34b882ccd71:0"
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
image/jpeg
Cache-Control
no-store,no-cache,must-revalidate,proxy-revalidate
Date
Wed, 02 Feb 2022 05:18:59 GMT
Accept-Ranges
bytes
Content-Length
10004
X-XSS-Protection
1; mode=block
DeviceInformation
www.bpoint.com.au/payments/EnergyAustralia/Payment/ 		26 B
879 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bpoint.com.au/payments/EnergyAustralia/Payment/DeviceInformation
Requested by
Host: www.bpoint.com.au
URL: https://www.bpoint.com.au/payments/Scripts/jquery/jquery-3.5.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
203.195.127.34 , Australia, ASN38859 (PREMIERTECH-AU Premier Technologies Pty Ltd, AU),
Reverse DNS
Software
/
Resource Hash
be8b6e393410ba92bc5f08bceb5024ccd9baf43f86c0b94cb0dd69a71de3159a
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.bpoint.com.au/payments/EnergyAustralia
X-Requested-With
XMLHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
X-Content-Type-Options
nosniff
Date
Wed, 02 Feb 2022 05:19:00 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
private,no-store,no-cache,must-revalidate,proxy-revalidate
Content-Type
application/json; charset=utf-8
Content-Length
26
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Energy Australia (Utility)

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| bin2 object| visacard object| mastercard object| amexcard object| dinerscard object| jcbcard16 object| jcbcard15 function| is_mastercard_bin2 function| get_cardtype function| ClearTextContent function| SetTextContent object| billpay function| SetLayout function| SetupTooltip function| GetCRNFromField function| ShowErrors function| LookupBSB function| GetTimeZoneOffset function| ErrorListObject function| GetSystemError function| GetTabIndex function| ResetCaptcha function| SetInputFilter function| CreditCardInputFilter object| $jscomp function| OnClickPaymentMethod function| OnKeyDownPaymentMethod function| GetFormJSReady function| GetbillerDetails function| SubmitForm function| ResetForm function| BeforeFormSend function| AfterFromReturn function| SetHelpText function| GetCRN2FormField function| GetCRN3FormField function| GetCardWalletDiv object| deviceInformation function| SendDeviceInformation object| deployJava function| Detector function| murmurhash3_32_gc object| swfobject function| ClientJS function| UAParser string| s

1 Cookies

Domain/Path Name / Value
www.bpoint.com.au/ Name: paymentpage_session
Value: ez1po2je4fge5fk4ve0um503

4 Console Messages

Source Level URL
Text
network error URL: https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/logon_body_bck.png
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/page_left_shadow.gif
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/bpoint_login_bck.png
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://www.bpoint.com.au/payments/Views/Bpoint/CustomViews/EnergyAustralia/active/images/page_right_shadow.gif
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com https://*.klarna.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.aexp-static.com https://*.americanexpress.com; img-src data: *; font-src data: *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block