urlscan.io logo urlscan.io
SecurityTrails logo

consent-mgt-ui.uat.openbank.api.banksyd.com.au Open in urlscan Pro
18.155.68.102  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Effective URL: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Submission Tags: phishing
Submission: On July 15 via api from ES — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 18 HTTP transactions. The main IP is 18.155.68.102, located in United States and belongs to AMAZON-02, US. The main domain is consent-mgt-ui.uat.openbank.api.banksyd.com.au.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 28th 2023. Valid for: 6 months.
This is the only time consent-mgt-ui.uat.openbank.api.banksyd.com.au was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 18.155.68.102 16509 (AMAZON-02)
2 142.251.220.170 15169 (GOOGLE)
3 142.251.220.195 15169 (GOOGLE)
6 54.153.187.116 16509 (AMAZON-02)
18 5
Domain Requested by
8 consent-mgt-ui.uat.openbank.api.banksyd.com.au 1 redirects consent-mgt-ui.uat.openbank.api.banksyd.com.au
6 consent-mgt.uat.cds.cuscal.com.au consent-mgt-ui.uat.openbank.api.banksyd.com.au
3 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com consent-mgt-ui.uat.openbank.api.banksyd.com.au
18 4

This site contains links to these domains. Also see Links.

Domain
www.banksyd.com.au
Subject Issuer Validity Valid
consent-mgt-ui.uat.openbank.api.banksyd.com.au
Amazon RSA 2048 M02		 2023-02-28 -
2023-09-12		 6 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-06-19 -
2023-09-11		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-06-19 -
2023-09-11		 3 months crt.sh
consent-mgt.uat.cds.cuscal.com.au
Amazon RSA 2048 M02		 2023-07-05 -
2024-08-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Frame ID: 58B47E899CF17DA56C859191EA4E6788
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Data sharing

Page URL History Show full URLs

  1. http://consent-mgt-ui.uat.openbank.api.banksyd.com.au/ HTTP 301
    https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

555 kB
Transfer

1974 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://consent-mgt-ui.uat.openbank.api.banksyd.com.au/ HTTP 301
    https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Redirect Chain
  • http://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
  • https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
1 KB
830 B 		Document
General
Check archive.org
Download Go to
Full URL
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.68.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-68-102.sin52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6d338887870be7f828315b8e19fa3a0be49e58d4ff47f3e7b82e9a4dc34356bb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

content-encoding
br
content-type
text/html
date
Sat, 15 Jul 2023 04:26:59 GMT
etag
W/"fea481641359b7c78301c74b8dd78c29"
last-modified
Mon, 19 Dec 2022 09:58:38 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 0a7b620f0f14feda0f8b9c00e925e1a4.cloudfront.net (CloudFront)
x-amz-cf-id
lFYYab5g-NbmumzGdk4OlvIW8xVbyROtNR8BUxLJt9ujsTKmqBpvgg==
x-amz-cf-pop
SIN52-P1
x-amz-server-side-encryption
AES256
x-amz-version-id
J_baJuqpIx0BhVk1qVripnsTqWRHmX9D
x-cache
Miss from cloudfront

Redirect headers

Connection
keep-alive
Content-Length
167
Content-Type
text/html
Date
Sat, 15 Jul 2023 04:26:57 GMT
Location
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Server
CloudFront
Via
1.1 e0a25dd43c42c3d534f35d394e12b204.cloudfront.net (CloudFront)
X-Amz-Cf-Id
JG8xC03Cevdg6y851jeDpNOkMaTtvDmv49TPpFHty-1btHy46PcR8w==
X-Amz-Cf-Pop
SIN52-P1
X-Cache
Redirect from cloudfront
icon
fonts.googleapis.com/ 		592 B
781 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons&display=block
Requested by
Host: consent-mgt-ui.uat.openbank.api.banksyd.com.au
URL: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.220.170 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mnl07s02-in-f10.1e100.net
Software
ESF /
Resource Hash
15577a57bbdb4563a2244a7518f1558fe84c8e9aaf216a926762fd40d7f061a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 15 Jul 2023 04:26:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 15 Jul 2023 04:26:59 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 15 Jul 2023 04:26:59 GMT
css2
fonts.googleapis.com/ 		8 KB
800 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;600;700&display=swap%22
Requested by
Host: consent-mgt-ui.uat.openbank.api.banksyd.com.au
URL: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.220.170 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mnl07s02-in-f10.1e100.net
Software
ESF /
Resource Hash
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 15 Jul 2023 04:26:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 15 Jul 2023 04:26:59 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 15 Jul 2023 04:26:59 GMT
styles.de1ffc559d5d60a61ed2.css
consent-mgt-ui.uat.openbank.api.banksyd.com.au/ 		224 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/styles.de1ffc559d5d60a61ed2.css
Requested by
Host: consent-mgt-ui.uat.openbank.api.banksyd.com.au
URL: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.68.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-68-102.sin52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a1e463c6386ffa9ac791049f7c548ad9c40db2068120c59cb5ee1cd505edd2d

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 04:27:00 GMT
x-amz-version-id
eEXq_q85H6CiNMqBHhF9Nv73qomoF_Hs
content-encoding
br
last-modified
Mon, 19 Dec 2022 09:58:38 GMT
server
AmazonS3
via
1.1 0a7b620f0f14feda0f8b9c00e925e1a4.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN52-P1
etag
W/"dff990047ebf76856fb62cda89d10771"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
x-amz-cf-id
syjJXVdJDDLCJvLraF8BIi4BlsZ29z9l0V5w2qiaBimFDoKArcx9CQ==
runtime-es2015.8143c0ad111a1145096e.js
consent-mgt-ui.uat.openbank.api.banksyd.com.au/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/runtime-es2015.8143c0ad111a1145096e.js
Requested by
Host: consent-mgt-ui.uat.openbank.api.banksyd.com.au
URL: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.68.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-68-102.sin52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
07b5c628723fb057d72b61bee3dee613a6f66fa841d7e4cb365f2182c0fc9662

Request headers

Referer
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Origin
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 04:27:00 GMT
x-amz-version-id
lk9HudMXEryfzHy6Hez0.ld2A1yLURYO
content-encoding
br
last-modified
Mon, 19 Dec 2022 09:58:38 GMT
server
AmazonS3
via
1.1 0a7b620f0f14feda0f8b9c00e925e1a4.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN52-P1
etag
W/"8d566b1b28c375dd2fa5d027d59098ae"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
x-amz-cf-id
VPGSTaVL9LhGHct6zqFziiqgGSftBir3tnGx-UK8jH0JVjuNLll59A==
polyfills-es2015.f763938f968ab9b46112.js
consent-mgt-ui.uat.openbank.api.banksyd.com.au/ 		36 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/polyfills-es2015.f763938f968ab9b46112.js
Requested by
Host: consent-mgt-ui.uat.openbank.api.banksyd.com.au
URL: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.68.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-68-102.sin52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b0e9f1b5fff2fa5c98ef0255f22705b90d414b1448d60db4a5bfec55e3128a14

Request headers

Referer
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Origin
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 04:27:00 GMT
x-amz-version-id
rqKS_cEIGMavvkNt6Khiq3v.UxFL0.uW
content-encoding
br
last-modified
Mon, 19 Dec 2022 09:58:38 GMT
server
AmazonS3
via
1.1 0a7b620f0f14feda0f8b9c00e925e1a4.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN52-P1
etag
W/"77533e3606322b44d3a9ba00ad98649c"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
x-amz-cf-id
TBdsoVr3yr8PvyU9WKlAHI-qEhuW5O8iboGTX-cNYiNWcDTOEzQMPw==
main-es2015.ff425a8466154519c4a8.js
consent-mgt-ui.uat.openbank.api.banksyd.com.au/ 		1 MB
330 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/main-es2015.ff425a8466154519c4a8.js
Requested by
Host: consent-mgt-ui.uat.openbank.api.banksyd.com.au
URL: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.68.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-68-102.sin52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3cb10dc959c68f660becf5cb7d066cc25aab1780ffe861418579888fea04198b

Request headers

Referer
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
Origin
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 04:27:00 GMT
x-amz-version-id
KTeWPBBf0ISmuz3RWtdxc6NcopdycqCv
content-encoding
br
last-modified
Mon, 19 Dec 2022 09:58:38 GMT
server
AmazonS3
via
1.1 0a7b620f0f14feda0f8b9c00e925e1a4.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN52-P1
etag
W/"ee75784471ad51042262a1644f632520"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
x-amz-cf-id
4VSujvTtejMzgWojGXan5X2EGSRooune-kj2-43ZkxAGsdq5b77ijw==
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;600;700&display=swap%22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.220.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mnl07s03-in-f3.1e100.net
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 08 Jul 2023 11:19:29 GMT
x-content-type-options
nosniff
age
580051
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 07 Jul 2024 11:19:29 GMT
sessions
consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/config/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/config/sessions
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.153.187.116 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-153-187-116.ap-southeast-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,x-cuscal-tenant-reference
Access-Control-Request-Method
POST
Origin
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
*
access-control-expose-headers
Set-Cookie,_s
content-length
0
content-type
application/json
date
Sat, 15 Jul 2023 04:27:01 GMT
x-amz-apigw-id
IFnzVGO_ywMFgGQ=
x-amzn-requestid
af2e7be7-3ccf-4009-8832-68ab7ab15660
x-amzn-trace-id
Root=1-64b22015-2178a26a2b7c73f473c36029
sessions
consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/config/ 		57 B
506 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/config/sessions
Requested by
Host: consent-mgt-ui.uat.openbank.api.banksyd.com.au
URL: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/polyfills-es2015.f763938f968ab9b46112.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.153.187.116 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-153-187-116.ap-southeast-2.compute.amazonaws.com
Software
/ Express
Resource Hash
00610926267e25315020a91a2fbba8928d258c366949f09868ce1dc6ff8f5338

Request headers

Accept
application/json
Referer
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
x-cuscal-tenant-reference
consent-mgt-ui.uat.openbank.api.banksyd.com.au
accept-language
en-AU,en;q=0.9
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 15 Jul 2023 04:27:01 GMT
x-amzn-remapped-content-length
57
x-amzn-requestid
673068da-4761-4f63-986b-447895278662
x-amzn-remapped-connection
keep-alive
_s
ba45506b-f45d-4e5e-b13e-243a55ad5404
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-powered-by
Express
access-control-expose-headers
_s
access-control-allow-credentials
true
etag
W/"39-yQiQH4QVqTNGU1INJd/gw2V7yio"
x-amzn-trace-id
Root=1-64b22015-5a04d7ae38a67e695dfa72ad
x-amz-apigw-id
IFnzWHxvSwMFtaQ=
content-length
57
x-amzn-remapped-date
Sat, 15 Jul 2023 04:27:01 GMT
consents
consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/config/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/config/consents
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.153.187.116 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-153-187-116.ap-southeast-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
_s,authorization,content-type,x-cuscal-tenant-reference
Access-Control-Request-Method
GET
Origin
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
GET,OPTIONS
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Sat, 15 Jul 2023 04:27:01 GMT
x-amz-apigw-id
IFnzXFrtSwMFpPA=
x-amzn-requestid
c8094531-8eca-41ad-ba3d-5e357ac2216e
x-amzn-trace-id
Root=1-64b22015-33faabf757911bde16d150ee
consents
consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/config/ 		13 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/config/consents
Requested by
Host: consent-mgt-ui.uat.openbank.api.banksyd.com.au
URL: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/polyfills-es2015.f763938f968ab9b46112.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.153.187.116 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-153-187-116.ap-southeast-2.compute.amazonaws.com
Software
/ Express
Resource Hash
65d0580748a8ca18b85ae9b61e48f75d7a2d23b66a1c4353a7cffd78c84c2899

Request headers

x-cuscal-tenant-reference
consent-mgt-ui.uat.openbank.api.banksyd.com.au
accept-language
en-AU,en;q=0.9
_s
ba45506b-f45d-4e5e-b13e-243a55ad5404
Authorization
Bearer ddf3e149-33ea-4ba8-986f-206917e39f37
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/

Response headers

date
Sat, 15 Jul 2023 04:27:01 GMT
x-amzn-remapped-content-length
13624
x-amzn-requestid
d6d47d23-f8b0-46bf-bba4-f12f09387386
x-amzn-remapped-connection
keep-alive
x-powered-by
Express
content-type
application/json; charset=utf-8
access-control-allow-origin
*
etag
W/"3538-MozM9OgZ3w6hKYl1YDHyeNUpB88"
access-control-expose-headers
_s
access-control-allow-credentials
true
x-amzn-trace-id
Root=1-64b22015-766d2fa8339315347daf77ae
x-amz-apigw-id
IFnzYFEOywMFrOA=
content-length
13624
x-amzn-remapped-date
Sat, 15 Jul 2023 04:27:01 GMT
common-es2015.ad1e5581277c3f57bb72.js
consent-mgt-ui.uat.openbank.api.banksyd.com.au/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/common-es2015.ad1e5581277c3f57bb72.js
Requested by
Host: consent-mgt-ui.uat.openbank.api.banksyd.com.au
URL: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/runtime-es2015.8143c0ad111a1145096e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.68.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-68-102.sin52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
19c1c867ca79a557793190dced10f1ec9d3b171358aea2891a25d8ad92a33bba

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 04:27:02 GMT
x-amz-version-id
giqg41SgcJJa6vjvTNZgfiVdB0Le.RVi
content-encoding
br
last-modified
Mon, 19 Dec 2022 09:58:38 GMT
server
AmazonS3
via
1.1 0a7b620f0f14feda0f8b9c00e925e1a4.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN52-P1
etag
W/"b3b483ad7fd2e9d6513f45242a0a0d11"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
x-amz-cf-id
ZYPIsst9WxNoL_eergx4VkiqPUXw4nfmYzqLIujnpYJLLreVIuTx8A==
8-es2015.fcaedbd58d1824fe4cbf.js
consent-mgt-ui.uat.openbank.api.banksyd.com.au/ 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/8-es2015.fcaedbd58d1824fe4cbf.js
Requested by
Host: consent-mgt-ui.uat.openbank.api.banksyd.com.au
URL: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/runtime-es2015.8143c0ad111a1145096e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.68.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-68-102.sin52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9b2ebf96f1ce02a484b4f371292a4d6d0715d6502251357c3af609b76cab403a

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 15 Jul 2023 04:27:02 GMT
x-amz-version-id
Tf9159ogsf53.H9nnQFnUd4PJnrNnO4N
content-encoding
br
last-modified
Mon, 19 Dec 2022 09:58:38 GMT
server
AmazonS3
via
1.1 0a7b620f0f14feda0f8b9c00e925e1a4.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN52-P1
etag
W/"db068a5864298cc0cbee67417f95bff8"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
x-amz-cf-id
1JdlvJYDIXPlbA0Uw7hlQh1S6KD_trWz3TzVBepABK9hSv7i0tDkFQ==
verifyId
consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/customers/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/customers/verifyId
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.153.187.116 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-153-187-116.ap-southeast-2.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
_s,authorization,content-type,x-cuscal-tenant-reference
Access-Control-Request-Method
GET
Origin
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
GET,OPTIONS
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Sat, 15 Jul 2023 04:27:02 GMT
x-amz-apigw-id
IFnzhE0ASwMFjLg=
x-amzn-requestid
f96415d5-6c4a-4142-974b-ca63804f829b
x-amzn-trace-id
Root=1-64b22016-1ecf97bf670e7d497cdee17f
verifyId
consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/customers/ 		132 B
549 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/customers/verifyId
Requested by
Host: consent-mgt-ui.uat.openbank.api.banksyd.com.au
URL: https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/polyfills-es2015.f763938f968ab9b46112.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.153.187.116 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-153-187-116.ap-southeast-2.compute.amazonaws.com
Software
/ Express
Resource Hash
1c22ee804b7f7eb8d1ea39fa48fcdd5e1817a55c365de98fc564ea22b295d256

Request headers

x-cuscal-tenant-reference
consent-mgt-ui.uat.openbank.api.banksyd.com.au
accept-language
en-AU,en;q=0.9
_s
ba45506b-f45d-4e5e-b13e-243a55ad5404
Authorization
Bearer ddf3e149-33ea-4ba8-986f-206917e39f37
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au/

Response headers

date
Sat, 15 Jul 2023 04:27:02 GMT
x-amzn-remapped-content-length
132
x-amzn-requestid
f721c539-3186-439d-a6d4-6a3ce8f24a62
x-amzn-remapped-connection
keep-alive
x-powered-by
Express
content-type
application/json; charset=utf-8
access-control-allow-origin
*
etag
W/"84-o4VNa22CNn5hRjVp+gFORVcy0l0"
access-control-expose-headers
_s
access-control-allow-credentials
true
x-amzn-trace-id
Root=1-64b22016-19506966163085701f31dc40
x-amz-apigw-id
IFnziGRlywMFmpw=
content-length
132
x-amzn-remapped-date
Sat, 15 Jul 2023 04:27:02 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;600;700&display=swap%22
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.220.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mnl07s03-in-f3.1e100.net
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 08 Jul 2023 04:53:33 GMT
x-content-type-options
nosniff
age
603209
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 07 Jul 2024 04:53:33 GMT
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v140/ 		125 KB
126 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons&display=block
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.220.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mnl07s03-in-f3.1e100.net
Software
sffe /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://consent-mgt-ui.uat.openbank.api.banksyd.com.au
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Fri, 14 Jul 2023 02:54:04 GMT
x-content-type-options
nosniff
age
91978
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128352
x-xss-protection
0
last-modified
Tue, 07 Mar 2023 19:51:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jul 2024 02:54:04 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
043ec781af9b75f2081971de1074db25cbc28b24ff8521569d3185cd11315f22

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

145 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend object| webpackJsonp function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__queueMicrotask function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononmessageerrorpatched function| _ object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse object| __zone_symbol__resizefalse object| __zone_symbol__orientationchangefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers object| __zone_symbol__focusfalse function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://consent-mgt.uat.cds.cuscal.com.au/exp/opendata/client/v1/customers/verifyId
Message:
Failed to load resource: the server responded with a status of 400 ()