urlscan.io logo urlscan.io
SecurityTrails logo

spb-st.ru Open in urlscan Pro
2a00:f940:2:1:2::8bf  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bit.do/fxJSE
Effective URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Submission: On March 03 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 23 HTTP transactions. The main IP is 2a00:f940:2:1:2::8bf, located in Russian Federation and belongs to AS-REG, RU. The main domain is spb-st.ru.
This is the only time spb-st.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ANZ Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 54.83.52.76 14618 (AMAZON-AES)
1 17 2a00:f940:2:1... 197695 (AS-REG)
3 3.105.15.160 16509 (AMAZON-02)
2 3.104.84.116 16509 (AMAZON-02)
1 13.236.198.84 16509 (AMAZON-02)
1 2406:da00:ff0... 14618 (AMAZON-AES)
23 5
1    54.83.52.76 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-83-52-76.compute-1.amazonaws.com
bit.do
17    2a00:f940:2:1:2::8bf (Russian Federation)

ASN197695 (AS-REG, RU)
spb-st.ru
www.spb-st.ru
3    3.105.15.160 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-105-15-160.ap-southeast-2.compute.amazonaws.com
mstcl3.anz.com
2    3.104.84.116 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-104-84-116.ap-southeast-2.compute.amazonaws.com
ctmdx.anz.com
1    13.236.198.84 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-236-198-84.ap-southeast-2.compute.amazonaws.com
waf1x.anz.com
1    2406:da00:ff00::1717:661d (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
www.path-logic.com
Apex Domain
Subdomains		 Transfer
17 spb-st.ru
spb-st.ru
www.spb-st.ru
140 KB
6 anz.com
mstcl3.anz.com
ctmdx.anz.com
waf1x.anz.com
53 KB
1 path-logic.com
www.path-logic.com
111 B
1 bit.do
bit.do
252 B
23 4
Domain Requested by
16 spb-st.ru 1 redirects spb-st.ru
3 mstcl3.anz.com spb-st.ru
mstcl3.anz.com
2 ctmdx.anz.com spb-st.ru
ctmdx.anz.com
1 www.path-logic.com spb-st.ru
1 www.spb-st.ru spb-st.ru
1 waf1x.anz.com spb-st.ru
1 bit.do 1 redirects
23 7

This site contains links to these domains. Also see Links.

Domain
banking4.anz.com
www.anz.com
Subject Issuer Validity Valid
www.path-logic.com
GeoTrust TLS RSA CA G1		 2019-11-13 -
2022-01-11		 2 years crt.sh

This page contains 3 frames:

Primary Page: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Frame ID: 0CC6FCF8E67E0C8EAD3CF26B7CE1E562
Requests: 21 HTTP requests in this frame

Frame: http://mstcl3.anz.com/947684/pTx.html?si=0&e=http%3A%2F%2Fspb-st.ru&LSESSIONID=jLd1pqQZ4IQndiqCLRIt2zYMqP%2BSoX3fXU6yEXavFtPX08UvP8d35cyj&t=xframe&eu=http%3A%2F%2Fspb-st.ru%2Fwp-includes%2Fjs%2Ftinymce%2Fanz%2Fanz%2Flogin.php&icid=158319488440491549
Frame ID: 37C6456D99806355FD9786F844FEE7F3
Requests: 1 HTTP requests in this frame

Frame: http://mstcl3.anz.com/947684/3FjB.html//?cid=5&si=0&e=http%3A%2F%2Fspb-st.ru&LSESSIONID=jLd1pqQZ4IQndiqCLRIt2zYMqP%2BSoX3fXU6yEXavFtPX08UvP8d35cyj&t=xframe&eu=http%3A%2F%2Fspb-st.ru%2Fwp-includes%2Fjs%2Ftinymce%2Fanz%2Fanz%2Flogin.php&icid=158319488440698965
Frame ID: 58B91F54E271DD7BD1929E09D0EB14F5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://bit.do/fxJSE HTTP 301
    http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

23
Requests

4 %
HTTPS

33 %
IPv6

4
Domains

7
Subdomains

5
IPs

3
Countries

193 kB
Transfer

260 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bit.do/fxJSE HTTP 301
    http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16
  • http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/supertag.js?subtype=javascript&_dc=250322020 HTTP 301
  • http://www.spb-st.ru/wp-includes/js/tinymce/anz/anz/images/supertag.js?subtype=javascript&_dc=250322020

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set login.php
spb-st.ru/wp-includes/js/tinymce/anz/anz/
Redirect Chain
  • http://bit.do/fxJSE
  • http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
21 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 / PHP/7.2.8
Resource Hash
6c5c03c14f5d25f088998ed698b2d010e7517fd64bb33a269218fa4adbe3ddc0

Request headers

Host
spb-st.ru
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.10.2
Date
Tue, 03 Mar 2020 00:21:21 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.2.8
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
PHPSESSID=2563a45ba38904bf4216fb52a1f238e2; path=/

Redirect headers

Server
nginx/1.16.1
Date
Tue, 03 Mar 2020 00:21:19 GMT
Content-Type
text/html; charset=iso-8859-1
Content-Length
337
Connection
keep-alive
Location
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
layout.css
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/layout.css
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
98a299c5cefb80b69d58f78e07f90d886d092dd9e8b0da3bacf4c418e47e9c28

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:21 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-1765"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5989
visuals.css
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/visuals.css
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
ad3056d218034b8c81557d352b9aeec4d91a646f2cab0fc2fba22c6464b8313d

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:21 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-efa"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3834
rhn.css
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		7 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/rhn.css
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
586ae06139b280e9907e7b38a8e34de1b99257b0b700a1fd8d78a9e52fa84a66

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:21 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-1ce2"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7394
tertiaryNav.css
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/tertiaryNav.css
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
f1bd6e8c19005aedcba8418aa9a75c44b4de7749af7fb5322576bf6579ed68bd

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:21 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-88f"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2191
ib_responsive_header.css
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		317 B
554 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ib_responsive_header.css
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
0dd99c576da8fd309dd2767acd0e2ada15f4c368c62b4c184e3182d9d83f25ca

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:21 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-13d"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
317
ib_logon_responsive_latest.css
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ib_logon_responsive_latest.css
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
cb34bc530bc178ca8fbe1c78eb6b6818de31efd9fbb23ce0f794a3b5d31aecab

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:21 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-2bc9"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11209
bootstrap.css
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		55 KB
55 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/bootstrap.css
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
a03cfc909a94860249580d7a8dc567ccae48252e8f6316b6b846b9338e565729

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:21 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-dae6"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
56038
logo.png
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/logo.png
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
5883670c91bc904352d1885f1d36b74b5eb8511118e17be4304f96300f591fa8

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:21 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-239e"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9118
ib_responsive_footer.css
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		434 B
671 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ib_responsive_footer.css
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
1c01aafd0d1e8f724d75cd3770d3c3c3ba6d843564c874724eb8f60435cce32a

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:21 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-1b2"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
434
common_all.js
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/common_all.js
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
3fc5efbbff0c23d2ebc03f0c6d88f00be46c8604f7df8a60b5dbdbf0a36ce97e

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:21 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-d03"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3331
logon.js
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		7 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/logon.js
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
869ae45682fd31741899ac791d90ff9e0ff194d311d85f6bad698216b040288c

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:21 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-1cde"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7390
srlogon.js
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/srlogon.js
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
f5652adf22bc6c18da97da8a28bfa637ffd2c8b5bed78665c3281140919a9667

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:21 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-1878"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6264
print.css
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		575 B
812 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/print.css
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
c9cd8082491ed5e3025515383fe7b48e01a20e23ebd3f7c32b272e41b3321a02

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:22 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-23f"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
575
assembly.js
mstcl3.anz.com/947684/ 		34 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mstcl3.anz.com/947684/assembly.js
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
3.105.15.160 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-105-15-160.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
4898501c3ee1389ec048bcd468354419105bfc47a4c300ce2c48a3d09e46387e

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 03 Mar 2020 00:21:23 GMT
Content-Encoding
gzip
Server
haile
transfer-encoding
chunked
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/x-javascript
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Expires
0
QAW.js
ctmdx.anz.com/947684/ 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ctmdx.anz.com/947684/QAW.js
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
3.104.84.116 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-104-84-116.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
78e9e656402593ec357080dbbd63e807f22491310545f50ebbb801f58da1b814

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 03 Mar 2020 00:21:23 GMT
Content-Encoding
gzip
Server
haile
transfer-encoding
chunked
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/x-javascript
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Expires
0
Lrt.js
waf1x.anz.com/inetbank1/ 		54 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://waf1x.anz.com/inetbank1/Lrt.js
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
13.236.198.84 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-236-198-84.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
99d1a658da687a934b02c77c4c4cf2b4bc64cc33008085ba8365d24add7bf68f

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 03 Mar 2020 00:21:23 GMT
Content-Encoding
gzip
Server
haile
transfer-encoding
chunked
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/x-javascript
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Expires
0
supertag.js
www.spb-st.ru/wp-includes/js/tinymce/anz/anz/images/
Redirect Chain
  • http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/supertag.js?subtype=javascript&_dc=250322020
  • http://www.spb-st.ru/wp-includes/js/tinymce/anz/anz/images/supertag.js?subtype=javascript&_dc=250322020
0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://www.spb-st.ru/wp-includes/js/tinymce/anz/anz/images/supertag.js?subtype=javascript&_dc=250322020
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

Date
Tue, 03 Mar 2020 00:21:22 GMT
Server
nginx/1.10.2
X-Powered-By
PHP/7.2.8
Content-Type
text/html; charset=UTF-8
Location
http://www.spb-st.ru/wp-includes/js/tinymce/anz/anz/images/supertag.js?subtype=javascript&_dc=250322020
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
0
X-Redirect-By
WordPress
Expires
Wed, 11 Jan 1984 05:00:00 GMT
uHDqs
ctmdx.anz.com/947684/ 		102 B
764 B 		Script
General
Check archive.org
Download Go to
Full URL
http://ctmdx.anz.com/947684/uHDqs?d=JTVCJTdCJTIyaWQlMjIlM0ElMjI0JTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMnMlMjIlM0ElMjIlN0JCNUE1Q0NBQS0yRDdBLTRDODYtQTMzQy1BNjdFNDRDNzg5N0UlN0QlMjIlN0QlN0QlNUQ%3D&cid=4&si=2&e=http%3A%2F%2Fspb-st.ru&LSESSIONID=jLd1pqQZ4IQndiqCLRIt2zYMqP%2BSoX3fXU6yEXavFtPX08UvP8d35cyj&t=jsonp&c=ooizwxe_cpykfntr&eu=http%3A%2F%2Fspb-st.ru%2Fwp-includes%2Fjs%2Ftinymce%2Fanz%2Fanz%2Flogin.php
Requested by
Host: ctmdx.anz.com
URL: http://ctmdx.anz.com/947684/QAW.js
Protocol
HTTP/1.1
Server
3.104.84.116 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-104-84-116.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash
e0047e2d9be3686de375242144c6952a7350896564b63a923a9bd06d1c8f01b2

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 03 Mar 2020 00:21:23 GMT
Server
haile
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript
Content-Length
102
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Expires
0
cc
www.path-logic.com/v4.0/840608/ 		0
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.path-logic.com/v4.0/840608/cc?params=4Mjz1CLR2tPGT2WqqOqPeTdUyB%2FXI52Tj9ErxoHeLwkuQajKPHqBXgeUWYnZaVGFN%2F%2BmhquhhL3h%2FxWvEchcnDMU7r0Zq0YMbLTeqB2q9qF5zKaMf9AOAXqs8I9Q59KB7C8bn2QClC5Cu1MoP3Gf4l5y
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2406:da00:ff00::1717:661d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Connection
keep-alive
Content-Length
0
icon-sprite.png
spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/icon-sprite.png
Requested by
Host: spb-st.ru
URL: http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Protocol
HTTP/1.1
Server
2a00:f940:2:1:2::8bf , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS
Software
nginx/1.10.2 /
Resource Hash
a9998c36ef676be2c83829221240c8659fa0b0474e2af751beb3cd77bc91582b

Request headers

Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/images/ib_logon_responsive_latest.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 03 Mar 2020 00:21:24 GMT
Last-Modified
Tue, 03 May 2016 22:27:18 GMT
Server
nginx/1.10.2
ETag
"572925c6-d76"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3446
pTx.html
mstcl3.anz.com/947684/ Frame 37C6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://mstcl3.anz.com/947684/pTx.html?si=0&e=http%3A%2F%2Fspb-st.ru&LSESSIONID=jLd1pqQZ4IQndiqCLRIt2zYMqP%2BSoX3fXU6yEXavFtPX08UvP8d35cyj&t=xframe&eu=http%3A%2F%2Fspb-st.ru%2Fwp-includes%2Fjs%2Ftinymce%2Fanz%2Fanz%2Flogin.php&icid=158319488440491549
Requested by
Host: mstcl3.anz.com
URL: http://mstcl3.anz.com/947684/assembly.js
Protocol
HTTP/1.1
Server
3.105.15.160 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-105-15-160.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash

Request headers

Host
mstcl3.anz.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET, OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 03 Mar 2020 00:21:24 GMT
Expires
0
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Pragma
no-cache
Server
haile
transfer-encoding
chunked
Connection
keep-alive
/
mstcl3.anz.com/947684/3FjB.html// Frame 58B9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://mstcl3.anz.com/947684/3FjB.html//?cid=5&si=0&e=http%3A%2F%2Fspb-st.ru&LSESSIONID=jLd1pqQZ4IQndiqCLRIt2zYMqP%2BSoX3fXU6yEXavFtPX08UvP8d35cyj&t=xframe&eu=http%3A%2F%2Fspb-st.ru%2Fwp-includes%2Fjs%2Ftinymce%2Fanz%2Fanz%2Flogin.php&icid=158319488440698965
Requested by
Host: mstcl3.anz.com
URL: http://mstcl3.anz.com/947684/assembly.js
Protocol
HTTP/1.1
Server
3.105.15.160 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-105-15-160.ap-southeast-2.compute.amazonaws.com
Software
haile /
Resource Hash

Request headers

Host
mstcl3.anz.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://spb-st.ru/wp-includes/js/tinymce/anz/anz/login.php

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET, OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 03 Mar 2020 00:21:24 GMT
Expires
0
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Pragma
no-cache
Server
haile
transfer-encoding
chunked
Connection
keep-alive

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ANZ Bank (Banking)

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| getSessionId function| RedirectParent function| OpenIBWindow function| openPopupWindow function| openPopupLocator function| loadIntoOpener string| strLanguage string| strCountry object| superT_dcd object| ___so947684 number| CLIWHIT string| PSESSIONID string| SSESSIONID object| regex object| match string| LSESSIONID object| __tp number| __gt function| ooizwxe_cpykfntr function| OpenWindowNewSession function| isDigit function| isLetter function| OpenWindow function| OpenWindowBig function| OpenWindowExit function| OpenWindowAddress function| isValidANZCRN function| isValidTelecode function| isValidPassword function| initialiseResolver undefined| hiddenFrameLoaded function| executeResolver function| checkServiceResolverLoaded function| useTarget function| resolveService function| completeFormSubmission function| resetPage function| OpenWindowAndCallResolver function| SubmitEBS function| closeAndClearVisibleFields string| strActiveField function| ValidateForm function| showLogo function| handleReturn function| netscapeKeyPress function| microsoftKeyPress

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.do
ctmdx.anz.com
mstcl3.anz.com
spb-st.ru
waf1x.anz.com
www.path-logic.com
www.spb-st.ru
13.236.198.84
2406:da00:ff00::1717:661d
2a00:f940:2:1:2::8bf
3.104.84.116
3.105.15.160
54.83.52.76
0dd99c576da8fd309dd2767acd0e2ada15f4c368c62b4c184e3182d9d83f25ca
1c01aafd0d1e8f724d75cd3770d3c3c3ba6d843564c874724eb8f60435cce32a
3fc5efbbff0c23d2ebc03f0c6d88f00be46c8604f7df8a60b5dbdbf0a36ce97e
4898501c3ee1389ec048bcd468354419105bfc47a4c300ce2c48a3d09e46387e
586ae06139b280e9907e7b38a8e34de1b99257b0b700a1fd8d78a9e52fa84a66
5883670c91bc904352d1885f1d36b74b5eb8511118e17be4304f96300f591fa8
6c5c03c14f5d25f088998ed698b2d010e7517fd64bb33a269218fa4adbe3ddc0
78e9e656402593ec357080dbbd63e807f22491310545f50ebbb801f58da1b814
869ae45682fd31741899ac791d90ff9e0ff194d311d85f6bad698216b040288c
98a299c5cefb80b69d58f78e07f90d886d092dd9e8b0da3bacf4c418e47e9c28
99d1a658da687a934b02c77c4c4cf2b4bc64cc33008085ba8365d24add7bf68f
a03cfc909a94860249580d7a8dc567ccae48252e8f6316b6b846b9338e565729
a9998c36ef676be2c83829221240c8659fa0b0474e2af751beb3cd77bc91582b
ad3056d218034b8c81557d352b9aeec4d91a646f2cab0fc2fba22c6464b8313d
c9cd8082491ed5e3025515383fe7b48e01a20e23ebd3f7c32b272e41b3321a02
cb34bc530bc178ca8fbe1c78eb6b6818de31efd9fbb23ce0f794a3b5d31aecab
e0047e2d9be3686de375242144c6952a7350896564b63a923a9bd06d1c8f01b2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1bd6e8c19005aedcba8418aa9a75c44b4de7749af7fb5322576bf6579ed68bd
f5652adf22bc6c18da97da8a28bfa637ffd2c8b5bed78665c3281140919a9667