urlscan.io logo urlscan.io
SecurityTrails logo

www.hsbc.com.tr Open in urlscan Pro
212.127.96.84  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.hsbc.com.tr/guvenlieposta/phishing
Effective URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Submission: On May 27 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 5 countries across 12 domains to perform 45 HTTP transactions. The main IP is 212.127.96.84, located in Turkey and belongs to HSBC_TR_BANK_INTERNET, TR. The main domain is www.hsbc.com.tr.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on July 15th 2019. Valid for: a year.
This is the only time www.hsbc.com.tr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

20    212.127.96.84 (Turkey)

ASN12729 (HSBC_TR_BANK_INTERNET, TR)
www.hsbc.com.tr
9    152.199.23.241 (United States)

ASN15133 (EDGECAST, US)
tags.tiqcdn.com
3    3.248.138.59 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-138-59.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    172.217.23.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s18-in-f2.1e100.net
www.googleadservices.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    172.217.22.6 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s14-in-f6.1e100.net
ad.doubleclick.net
1    2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a00:1450:4001:81e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:816::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    34.250.224.170 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-224-170.eu-west-1.compute.amazonaws.com
hsbcbankglobal.demdex.net
2    15.188.31.119 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-31-119.eu-west-3.compute.amazonaws.com
hsbcbankglobal.sc.omtrdc.net
1    66.117.28.86 (United States)

ASN15224 (OMNITURE, US)
cm.everesttech.net
Domain Requested by
20 www.hsbc.com.tr 1 redirects www.hsbc.com.tr
9 tags.tiqcdn.com www.hsbc.com.tr
tags.tiqcdn.com
3 dpm.demdex.net 1 redirects www.hsbc.com.tr
2 hsbcbankglobal.sc.omtrdc.net tags.tiqcdn.com
www.hsbc.com.tr
2 www.google.de www.hsbc.com.tr
2 www.google.com www.hsbc.com.tr
2 googleads.g.doubleclick.net www.googleadservices.com
2 ad.doubleclick.net 2 redirects
2 connect.facebook.net tags.tiqcdn.com
connect.facebook.net
1 cm.everesttech.net 1 redirects
1 hsbcbankglobal.demdex.net tags.tiqcdn.com
1 www.facebook.com www.hsbc.com.tr
1 www.googletagmanager.com tags.tiqcdn.com
1 adservice.google.com www.hsbc.com.tr
1 www.googleadservices.com tags.tiqcdn.com
45 15
Subject Issuer Validity Valid
www.hsbc.com.tr
DigiCert SHA2 Secure Server CA		 2019-07-15 -
2020-08-13		 a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA		 2020-03-17 -
2022-06-17		 2 years crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA		 2018-01-09 -
2021-02-12		 3 years crt.sh
www.googleadservices.com
GTS CA 1O1		 2020-05-05 -
2020-07-28		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-05-14 -
2020-08-05		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-05-05 -
2020-07-28		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-05-05 -
2020-07-28		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-05-05 -
2020-07-28		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-05-05 -
2020-07-28		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-05-05 -
2020-07-28		 3 months crt.sh
*.sc.omtrdc.net
DigiCert SHA2 High Assurance Server CA		 2020-02-28 -
2022-03-04		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://www.hsbc.com.tr/guvenlieposta/phishing
Frame ID: F93457C0E1047E759301157D8E1EF194
Requests: 44 HTTP requests in this frame

Frame: https://hsbcbankglobal.demdex.net/dest5.html?d_nsid=0
Frame ID: A7B66A59788F265D052F4C2C4E03827D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.hsbc.com.tr/guvenlieposta/phishing HTTP 302
    https://www.hsbc.com.tr/guvenlieposta/phishing Page URL

Detected technologies

Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

Page Statistics

45
Requests

100 %
HTTPS

47 %
IPv6

12
Domains

15
Subdomains

13
IPs

5
Countries

1077 kB
Transfer

2181 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.hsbc.com.tr/guvenlieposta/phishing HTTP 302
    https://www.hsbc.com.tr/guvenlieposta/phishing Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://dpm.demdex.net/id?d_visid_ver=3.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1590591962327 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=3.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1590591962327
Request Chain 29
  • https://ad.doubleclick.net/ddm/activity/src=8715527;type=rbwm_0;cat=tur_r0;ord=1;num=650287337216.373 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8715527;dc_pre=CNespeeo1OkCFU2-GQodJtoD6g;type=rbwm_0;cat=tur_r0;ord=1;num=650287337216.373 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=8715527;dc_pre=CNespeeo1OkCFU2-GQodJtoD6g;type=rbwm_0;cat=tur_r0;ord=1;num=650287337216.373
Request Chain 40
  • https://cm.everesttech.net/cm/dd?d_uuid=51289088127904178701611762215218110511 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Xs6B2gAAAv5wP1L0

45 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set phishing
www.hsbc.com.tr/guvenlieposta/
Redirect Chain
  • http://www.hsbc.com.tr/guvenlieposta/phishing
  • https://www.hsbc.com.tr/guvenlieposta/phishing
113 KB
114 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
91498ca173318bd4e9aef54b667b7a8b1ce0cb2ce5ef07e7b2983651b44c1435
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
www.hsbc.com.tr
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
TS0100e6b9=01de9487a5df22c8299fe0591c8a1631df6886061d91d971d57ce689ccf995b73ec46a3b15d0bbdfc7bd2bc680a8456f347fdf829c
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Set-Cookie
BehaviorPad_Profile=baf3443b-c910-4610-b429-f9bcee6d647c; expires=Fri, 27-Nov-2020 15:06:00 GMT; path=/; HttpOnly TS01935294=01de9487a50eb54817a92bb5356fa4b7fa15fe37364a7a6fc605faa627377fa2b26737a57394147b16375d2d214fb8bea8de4f7ea8287dda14dddd17f2b7e2fac49eeb2494; Path=/
BehaviorPad-Version
1.3.0.0-release
cacheControlHeader
max-age=60480
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Date
Wed, 27 May 2020 15:05:59 GMT
Content-Length
115639

Redirect headers

Content-Type
text/html; charset=UTF-8
Location
https://www.hsbc.com.tr/guvenlieposta/phishing
cacheControlHeader
max-age=60480
Date
Wed, 27 May 2020 15:05:59 GMT
Content-Length
169
Set-Cookie
TS0100e6b9=01de9487a5df22c8299fe0591c8a1631df6886061d91d971d57ce689ccf995b73ec46a3b15d0bbdfc7bd2bc680a8456f347fdf829c; Path=/
magiclick.min.css
www.hsbc.com.tr/ 		363 KB
74 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/magiclick.min.css?v=ux4iw0cG_v9_w05cKGvIXCdO3swI_Jyk8ZczTlw7ndQ1
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
683e99a73a2f3c8809dc2d54b5525cc1cb1c7f1dbe9cbb8c89a2491c178c07a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 27 May 2020 15:06:00 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 May 2020 15:06:01 GMT
X-Frame-Options
SAMEORIGIN
Vary
User-Agent,Accept-Encoding
Content-Type
text/css; charset=utf-8
Cache-Control
public
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
Expires
Thu, 27 May 2021 15:06:01 GMT
utag.sync.js
tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.sync.js
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F25) /
Resource Hash
53812e03c926c324ba28b19846f267dcf608697bd8a528316e9416c86c4cca6a

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:01 GMT
content-encoding
gzip
last-modified
Wed, 18 Mar 2020 15:13:13 GMT
server
ECAcc (frc/8F25)
age
274
etag
"2794081770"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=300
accept-ranges
bytes
content-length
1010
expires
Wed, 27 May 2020 15:11:01 GMT
bquery.js
www.hsbc.com.tr/BehaviorPad/Load.axd/assets/js/ 		94 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/BehaviorPad/Load.axd/assets/js/bquery.js
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
346c4ba882f4c264c1f7c3260412a3ffa5ba35f09e45f53a98c82e38aaa072a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 27 May 2020 15:06:00 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
private
BehaviorPad-Version
1.3.0.0-release
Content-Length
43118
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
behaviorpad.js
www.hsbc.com.tr/BehaviorPad/Load.axd/assets/js/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/BehaviorPad/Load.axd/assets/js/behaviorpad.js
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
859a9459d2ff01f4dc720de9cd7ac66677533afcee63a795b9d2803fa3c67e2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 27 May 2020 15:06:00 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
private
BehaviorPad-Version
1.3.0.0-release
Content-Length
3500
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
logo-2x.png
www.hsbc.com.tr/_assets/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsbc.com.tr/_assets/img/logo-2x.png
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
ee57c6ea82a68868b8906f018b015734dfd0b5d11cff37aa45dba98e191fd065
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 29 Mar 2019 08:13:35 GMT
ETag
"50c85c4e7e6d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
public,max-age=691200
Accept-Ranges
bytes
Content-Length
1372
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
print.css
www.hsbc.com.tr/_assets/css/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/_assets/css/print.css
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
077b5c60ae25a2a72663f370a9601ec72204c9b9e2845a0fdb212779eaf906c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 11 Oct 2018 10:43:22 GMT
ETag
"081f43a4f61d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
public,max-age=691200
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
2472
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
logo_mobile.png
www.hsbc.com.tr/_assets/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsbc.com.tr/_assets/img/logo_mobile.png
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
a18e1cc4aff4cfaec6b6722d7b9822e04a18a8c19dd002cdaea387ba6a31f5a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 29 Mar 2019 08:13:35 GMT
ETag
"b0415b4e7e6d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
public,max-age=691200
Accept-Ranges
bytes
Content-Length
1161
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
magiclick.core.min.js
www.hsbc.com.tr/ 		401 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/magiclick.core.min.js?v=jkVLrlUtJgQqtFz_SEZAO5l8xLMZCGyrZV6qlNMgZoU1
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
53a79442df00e96a3c70b0769b1256e8cd0c776f39d5597aa8bc05f734942e8b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 27 May 2020 15:06:00 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 May 2020 15:06:01 GMT
X-Frame-Options
SAMEORIGIN
Vary
User-Agent,Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
Expires
Thu, 27 May 2021 15:06:01 GMT
magiclick.tr.min.js
www.hsbc.com.tr/ 		72 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/magiclick.tr.min.js?v=VNrwylzZIDmfAd3COdwvzyNvdPOSFZQNmi0kBOY--yw1
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
e10adbde760ed093ea3dc019c562a6027b6aab900f0abc6a1013efc68c59e350
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Vary
Accept-Encoding
Content-Length
26511
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
utag.js
tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/ 		162 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.js
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F63) /
Resource Hash
74c2052cd0f01958c60ef8a090714a8e6d3438a0693884b0d3acfe014baa5b46

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:01 GMT
content-encoding
gzip
last-modified
Wed, 18 Mar 2020 15:13:13 GMT
server
ECAcc (frc/8F63)
age
7
etag
"195258243"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=300
accept-ranges
bytes
content-length
50069
expires
Wed, 27 May 2020 15:11:01 GMT
n.png
www.hsbc.com.tr/_assets/img/ 		96 B
460 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsbc.com.tr/_assets/img/n.png
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
01591f692ce1c0bcc39b4584df733f8028eef5d34d75b946cf29bb60f3d49f71
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 11 Oct 2018 10:43:23 GMT
ETag
"80afc73b4f61d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
public,max-age=691200
Accept-Ranges
bytes
Content-Length
96
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
sub-bg.jpg
www.hsbc.com.tr/_assets/img/ 		317 KB
317 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsbc.com.tr/_assets/img/sub-bg.jpg
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
83334154a64a27fa2d35a018d88338bbfb9e8a3779e12f0cb2411fddbd78c6f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hsbc.com.tr/magiclick.min.css?v=ux4iw0cG_v9_w05cKGvIXCdO3swI_Jyk8ZczTlw7ndQ1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 11 Oct 2018 10:43:23 GMT
ETag
"d0c5cf3b4f61d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
public,max-age=691200
Accept-Ranges
bytes
Content-Length
324191
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
UniversNextforHSBCW02-Rg.woff
www.hsbc.com.tr/_assets/fonts/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/_assets/fonts/UniversNextforHSBCW02-Rg.woff
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.hsbc.com.tr/magiclick.min.css?v=ux4iw0cG_v9_w05cKGvIXCdO3swI_Jyk8ZczTlw7ndQ1
Origin
https://www.hsbc.com.tr

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 11 Oct 2018 10:43:22 GMT
ETag
"1067673b4f61d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-font-woff
Cache-Control
max-age=691200
Accept-Ranges
bytes
Content-Length
27464
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
UniversNextforHSBCW02-Bd.woff
www.hsbc.com.tr/_assets/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/_assets/fonts/UniversNextforHSBCW02-Bd.woff
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
1fe93d773a537c17456fc95e7dbfb69cba2914ac73c5f9b01d4db046667c688e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.hsbc.com.tr/magiclick.min.css?v=ux4iw0cG_v9_w05cKGvIXCdO3swI_Jyk8ZczTlw7ndQ1
Origin
https://www.hsbc.com.tr

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 11 Oct 2018 10:43:22 GMT
ETag
"3087453b4f61d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-font-woff
Cache-Control
max-age=691200
Accept-Ranges
bytes
Content-Length
26328
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
icomoon.ttf
www.hsbc.com.tr/_assets/css/plugins/fonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/_assets/css/plugins/fonts/icomoon.ttf?p9j7r9
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
29d568277f6f46daaaa195400dc1ac51a5418e487516e9f014d2215d9dac2c09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.hsbc.com.tr/magiclick.min.css?v=ux4iw0cG_v9_w05cKGvIXCdO3swI_Jyk8ZczTlw7ndQ1
Origin
https://www.hsbc.com.tr

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 Jan 2020 19:27:00 GMT
ETag
"01a7fc322c7d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/octet-stream
Cache-Control
max-age=691200
Accept-Ranges
bytes
Content-Length
14224
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
UniversNextforHSBCW02-Md.woff
www.hsbc.com.tr/_assets/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/_assets/fonts/UniversNextforHSBCW02-Md.woff
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
deb432099ed0602a936a693b908770893ad49a77af8841c5657fbde2900561bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.hsbc.com.tr/magiclick.min.css?v=ux4iw0cG_v9_w05cKGvIXCdO3swI_Jyk8ZczTlw7ndQ1
Origin
https://www.hsbc.com.tr

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 11 Oct 2018 10:43:22 GMT
ETag
"f0545d3b4f61d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-font-woff
Cache-Control
max-age=691200
Accept-Ranges
bytes
Content-Length
26408
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
UniversNextforHSBCW02-Lt.woff
www.hsbc.com.tr/_assets/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/_assets/fonts/UniversNextforHSBCW02-Lt.woff
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
1410bf3ef15162a56d0c7ea0f851483738179ce8281a269f4ed88612e9c9a695
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.hsbc.com.tr/magiclick.min.css?v=ux4iw0cG_v9_w05cKGvIXCdO3swI_Jyk8ZczTlw7ndQ1
Origin
https://www.hsbc.com.tr

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 11 Oct 2018 10:43:22 GMT
ETag
"c0394e3b4f61d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-font-woff
Cache-Control
max-age=691200
Accept-Ranges
bytes
Content-Length
26300
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
148 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=hsbc/tr-rbwm/202003181512&cb=1590591962218
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FCF) /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:02 GMT
last-modified
Thu, 14 Apr 2016 16:59:33 GMT
server
ECAcc (frc/8FCF)
age
1088539
etag
"2243872957"
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Wed, 27 May 2020 15:16:02 GMT
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=3.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1590591962327
  • https://dpm.demdex.net/id/rd?d_visid_ver=3.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1590591962327
791 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=3.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1590591962327
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.248.138.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-138-59.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e2d1ef272a613a94ef7dab4744ba515222f62cfe121e917af48dcbb5c5025467
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v069-0ffde9726.edge-irl1.demdex.com 5.71.1.20200513095924 2ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-TID
8h0DFtCIR7Y=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.hsbc.com.tr
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
462
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://www.hsbc.com.tr
X-TID
+COJ1CntTQE=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=3.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1590591962327
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
utag.215.js
tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/ 		74 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.215.js?utv=ut4.44.202003181512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F6B) /
Resource Hash
3974bb7290e7a2f15ccc1d495240e2cb99beb51dafa75dcb059438927836ef10

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:02 GMT
content-encoding
gzip
last-modified
Wed, 18 Mar 2020 15:13:13 GMT
server
ECAcc (frc/8F6B)
age
1088522
etag
"1378577282+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
25420
expires
Thu, 11 Jun 2020 15:06:02 GMT
utag.126.js
tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.126.js?utv=ut4.44.201711301352
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F17) /
Resource Hash
2cc4c587dd9018c087d64d4b9e7da24caccdb007b73abfad39ce720023c6bef5

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:02 GMT
content-encoding
gzip
last-modified
Thu, 01 Nov 2018 07:18:03 GMT
server
ECAcc (frc/8F17)
age
1084591
etag
"3788043525+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
1737
expires
Thu, 11 Jun 2020 15:06:02 GMT
utag.159.js
tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.159.js?utv=ut4.44.202003181512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F06) /
Resource Hash
4982c5e313c7126af88f7f232467b6f55a02543ec5e89251375a790f7ee1c86f

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:02 GMT
content-encoding
gzip
last-modified
Thu, 01 Nov 2018 07:18:07 GMT
server
ECAcc (frc/8F06)
age
1088384
etag
"4037580421+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
3113
expires
Thu, 11 Jun 2020 15:06:02 GMT
utag.180.js
tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.180.js?utv=ut4.44.201810151337
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F54) /
Resource Hash
e5e2d3c05203b341fd2286e50a78759973cb4097045d2f7ee42a6aebbc628005

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:02 GMT
content-encoding
gzip
last-modified
Thu, 01 Nov 2018 07:18:05 GMT
server
ECAcc (frc/8F54)
age
1088522
etag
"638103989+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
2282
expires
Thu, 11 Jun 2020 15:06:02 GMT
utag.226.js
tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.226.js?utv=ut4.44.201910231337
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F95) /
Resource Hash
57b8c60c2370407d802bbf10fc3dd4dac6fd009ffc0c3ff021cac4ac128d8c26

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:02 GMT
content-encoding
gzip
last-modified
Wed, 23 Oct 2019 13:38:07 GMT
server
ECAcc (frc/8F95)
age
1088521
etag
"4025462681+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
2894
expires
Thu, 11 Jun 2020 15:06:02 GMT
utag.312.js
tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.312.js?utv=ut4.44.202003181512
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F3E) /
Resource Hash
1e9a2af5db64b3e8b0dd65121d2505ff52f2413b7aa16c452b9ee57199bb1366

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:02 GMT
content-encoding
gzip
last-modified
Wed, 18 Mar 2020 15:13:14 GMT
server
ECAcc (frc/8F3E)
age
1088522
etag
"1849357645+gzip"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript
status
200
cache-control
max-age=1296000
accept-ranges
bytes
content-length
2034
expires
Thu, 11 Jun 2020 15:06:02 GMT
notifications
www.hsbc.com.tr/api/ 		691 B
988 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/api/notifications
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/magiclick.core.min.js?v=jkVLrlUtJgQqtFz_SEZAO5l8xLMZCGyrZV6qlNMgZoU1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
7e1d844d98f5758da6870a9af3c5b5374b761d49c08fad17896fbcc721163a50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
X-Bone-Language
BRYSL_TR
Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
PageSize
10
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Wed, 27 May 2020 15:06:01 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
no-cache
Vary
Accept-Encoding
Content-Length
617
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
Expires
-1
bpcrossbanner
www.hsbc.com.tr/ 		16 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/bpcrossbanner
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/magiclick.core.min.js?v=jkVLrlUtJgQqtFz_SEZAO5l8xLMZCGyrZV6qlNMgZoU1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
d42b53211628ff7fd1b5792b2fcdde5ba8f52c29d71d2eaab68fd697333553eb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
X-Bone-Language
BRYSL_TR
Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Cache-Control
private
BehaviorPad-Version
1.3.0.0-release
Content-Length
2858
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
conversion_async.js
www.googleadservices.com/pagead/ 		28 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s18-in-f2.1e100.net
Software
cafe /
Resource Hash
20f2b7c4f6f460542ac14424e621a9aa42dbdd98447feb325b3e81e322598860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
10882
x-xss-protection
0
server
cafe
etag
5410868192711959244
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 27 May 2020 15:06:02 GMT
fbevents.js
connect.facebook.net/en_US/ 		131 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
31766
x-xss-protection
0
pragma
public
x-fb-debug
YcoKftrP5R5WNefV1acs8goxAVb/InAjKiijAv1Pd4tnmV59SqqReZBlcTlnrfZ5KnZ1etuohdlAkaJO/m2rvw==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Wed, 27 May 2020 15:06:02 GMT, Wed, 27 May 2020 15:06:02 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
src=8715527;dc_pre=CNespeeo1OkCFU2-GQodJtoD6g;type=rbwm_0;cat=tur_r0;ord=1;num=650287337216.373
adservice.google.com/ddm/fls/z/
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=8715527;type=rbwm_0;cat=tur_r0;ord=1;num=650287337216.373?
  • https://ad.doubleclick.net/ddm/activity/src=8715527;dc_pre=CNespeeo1OkCFU2-GQodJtoD6g;type=rbwm_0;cat=tur_r0;ord=1;num=650287337216.373?
  • https://adservice.google.com/ddm/fls/z/src=8715527;dc_pre=CNespeeo1OkCFU2-GQodJtoD6g;type=rbwm_0;cat=tur_r0;ord=1;num=650287337216.373
42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/src=8715527;dc_pre=CNespeeo1OkCFU2-GQodJtoD6g;type=rbwm_0;cat=tur_r0;ord=1;num=650287337216.373
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 May 2020 15:06:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 27 May 2020 15:06:02 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/src=8715527;dc_pre=CNespeeo1OkCFU2-GQodJtoD6g;type=rbwm_0;cat=tur_r0;ord=1;num=650287337216.373
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		83 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-1047530769
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.312.js?utv=ut4.44.202003181512
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
640a99d75339ec2c43b3c2ba27991fea8db0359c56d84a1f84ab44692dc47891
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:02 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33254
x-xss-protection
0
expires
Wed, 27 May 2020 15:06:02 GMT
2058624141055648
connect.facebook.net/signals/config/ 		147 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/2058624141055648?v=2.9.18&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0340ddba96bf3a51f74980e796eb25646c5c3ad5c027c2bf769b1fb165085f78
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
37508
x-xss-protection
0
pragma
public
x-fb-debug
RAvvgqO4Si0VdkhWeViZKE3CQdMKaItxOD7Q1dk3DxNl/oKnsp6de8Ih7uW9J2WLqS7WjYt95/Qu6yjo9hZbow==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Wed, 27 May 2020 15:06:02 GMT, Wed, 27 May 2020 15:06:02 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1047530769/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1047530769/?random=1590591962523&cv=9&fst=1590591962523&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.hsbc.com.tr%2Fguvenlieposta%2Fphishing&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cadfbf9b8f189866b4b4333dde70052271994d60b3a6e5b9246635b0d7146d97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 May 2020 15:06:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
972
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1047530769/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1047530769/?random=1590591962564&cv=9&fst=1590591962564&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5e1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.hsbc.com.tr%2Fguvenlieposta%2Fphishing&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e6dfac6be6897c16ce2fc5574a4621e9983d970fedf372b420185cb731fb977e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 May 2020 15:06:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1010
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/1047530769/ 		42 B
119 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1047530769/?random=1590591962523&cv=9&fst=1590591600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.hsbc.com.tr%2Fguvenlieposta%2Fphishing&async=1&fmt=3&is_vtc=1&random=938712077&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 May 2020 15:06:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1047530769/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1047530769/?random=1590591962523&cv=9&fst=1590591600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.hsbc.com.tr%2Fguvenlieposta%2Fphishing&async=1&fmt=3&is_vtc=1&random=938712077&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 May 2020 15:06:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bpnotifications
www.hsbc.com.tr/ 		6 B
788 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.hsbc.com.tr/bpnotifications
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/magiclick.core.min.js?v=jkVLrlUtJgQqtFz_SEZAO5l8xLMZCGyrZV6qlNMgZoU1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.127.96.84 , Turkey, ASN12729 (HSBC_TR_BANK_INTERNET, TR),
Reverse DNS
Software
/
Resource Hash
aea52d27230b89ca1b732866afbe137a98e65100049a56b3293def8d5fe7dda0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
X-Bone-Language
BRYSL_TR
Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 27 May 2020 15:06:01 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Cache-Control
private
BehaviorPad-Version
1.3.0.0-release
Content-Length
127
X-XSS-Protection
1; mode=block
cacheControlHeader
max-age=60480
/
www.facebook.com/tr/ 		44 B
252 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=2058624141055648&ev=PageView&dl=https%3A%2F%2Fwww.hsbc.com.tr%2Fguvenlieposta%2Fphishing&rl=&if=false&ts=1590591962604&sw=1600&sh=1200&v=2.9.18&r=stable&a=tmtealium&ec=0&o=28&fbp=fb.2.1590591962594.2144532487&it=1590591962508&coo=false&rqm=GET
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:02 GMT, Wed, 27 May 2020 15:06:02 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-27=":443"; ma=3600
content-length
44
expires
Wed, 27 May 2020 15:06:02 GMT
Cookie set dest5.html
hsbcbankglobal.demdex.net/ Frame A7B6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://hsbcbankglobal.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.250.224.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-224-170.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Host
hsbcbankglobal.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
demdex=51289088127904178701611762215218110511
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.hsbc.com.tr/guvenlieposta/phishing

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Thu, 14 May 2020 10:36:18 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=51289088127904178701611762215218110511;Path=/;Domain=.demdex.net;Expires=Mon, 23-Nov-2020 15:06:02 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding, User-Agent
X-TID
zkpjo2GITXA=
Content-Length
2785
Connection
keep-alive
id
hsbcbankglobal.sc.omtrdc.net/ 		2 B
318 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hsbcbankglobal.sc.omtrdc.net/id?d_visid_ver=3.3.0&d_fieldgroup=A&mcorgid=AE9446FC57CECBEE7F000101%40AdobeOrg&mid=51533381713225082171655072410055281240&ts=1590591962633
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/tr-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.31.119 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-31-119.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

status
200
date
Wed, 27 May 2020 15:06:02 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-65fb49f79-jx4l8
vary
Origin
x-c
master-1221.I0e927e.M0-376
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.hsbc.com.tr
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
2
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=Xs6B2gAAAv5wP1L0
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=51289088127904178701611762215218110511
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Xs6B2gAAAv5wP1L0
42 B
915 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Xs6B2gAAAv5wP1L0
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.248.138.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-138-59.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v069-0171f3f38.edge-irl1.demdex.com 5.71.1.20200513095924 1ms (+0ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-TID
n6dUcOhyTrQ=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Wed, 27 May 2020 15:06:02 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Xs6B2gAAAv5wP1L0
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
/
www.google.com/pagead/1p-user-list/1047530769/ 		42 B
119 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1047530769/?random=1590591962564&cv=9&fst=1590591600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5e1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.hsbc.com.tr%2Fguvenlieposta%2Fphishing&async=1&fmt=3&is_vtc=1&random=4279227183&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 May 2020 15:06:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1047530769/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1047530769/?random=1590591962564&cv=9&fst=1590591600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5e1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.hsbc.com.tr%2Fguvenlieposta%2Fphishing&async=1&fmt=3&is_vtc=1&random=4279227183&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 May 2020 15:06:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
s75357847627625
hsbcbankglobal.sc.omtrdc.net/b/ss/hsbc-rbwm-tr/1/JS-2.10.0/ 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hsbcbankglobal.sc.omtrdc.net/b/ss/hsbc-rbwm-tr/1/JS-2.10.0/s75357847627625?AQB=1&ndh=1&pf=1&t=27%2F4%2F2020%2017%3A6%3A2%203%20-120&sdid=1EF4DBD4209DBB29-2A59B2909BC546BE&mid=51533381713225082171655072410055281240&aamlh=6&ce=UTF-8&ns=hsbcbankglobal&cdp=3&pageName=pws%3A%20&g=https%3A%2F%2Fwww.hsbc.com.tr%2Fguvenlieposta%2Fphishing&cc=USD&ch=PWS&server=www.hsbc.com.tr&events=event8%3D2.4%2Cevent5&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=pws%3A%20&v2=pws%3A%20&l2=utag%3A4.44%3A2020-03-18%2015%3A13GMT%7Cadobeanalytics%3A1.14%7Cadobetarget%3A1.5%7Cappnexus%3A1.0%7Ccore%3A1.5%7Cdoubleclick_hsbc%3A1.0%7Cdoubleclick_link_hsbc%3A1.0%7Cfacebookpixel%3A1.0&v3=www.hsbc.com.tr%2F&c6=hsbc-rbwm-tr&c7=5%3A06%20PM%7CWednesday&v10=HSBC&v11=Middle%20East%20%26%20Africa&v12=en&v13=Turkey&c14=2.4&v15=5%3A06%20PM%7CWednesday&v16=hsbc-rbwm-tr&c17=tr-rbwm&v17=tr-rbwm&c21=multi-page&c22=1590591962664&c23=www.hsbc.com.tr%2Fguvenlieposta%2Fphishing&v48=s%3A39%7Cm%3A6%7Cl%3A8%7Ctotal%3A53%7CtotalSize%3A50kb&v91=D%3Dmid&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=AE9446FC57CECBEE7F000101%40AdobeOrg&AQE=1
Requested by
Host: www.hsbc.com.tr
URL: https://www.hsbc.com.tr/guvenlieposta/phishing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.31.119 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-31-119.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.hsbc.com.tr/guvenlieposta/phishing
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 27 May 2020 15:06:02 GMT
x-content-type-options
nosniff
x-c
master-1221.I0e927e.M0-376
p3p
CP="This is not a P3P policy"
status
200
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Thu, 28 May 2020 15:06:02 GMT
server
jag
xserver
anedge-65fb49f79-ht45b
etag
3415770229120532480-4615813929752506819
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Tue, 26 May 2020 15:06:02 GMT

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| TMS function| dcsEncode function| dcsEscape object| HSBC undefined| WebTrends object| DCSext function| dcsGetHSBCCookie function| dcsVar function| dcsMultiTrack function| dcsMapHSBC function| dcsMeta function| dcsFunc function| dcsTag object| Webtrends object| __TEALIUM function| $b function| bQuery object| bp object| utag_data boolean| utag_condload object| utag function| e object| utag_cfg_ovrd object| Evnt string| mn object| TEALIUM function| Visitor object| Browser object| ieBrowser object| touchBrowser boolean| isMobile boolean| isMobileRecourse undefined| Form object| ajaxForm undefined| dataForm boolean| validForm object| fakewaffle function| $ function| jQuery function| _ function| moment object| lazySizesConfig object| lazySizes function| setFooter function| PopItUp function| setCookie function| anindaSifre object| BehaviorPad object| langChart object| jsResources undefined| myBtn object| site function| smsLink object| BehaviorPadModel object| BehaviorPadModule function| BehaviorPadSetCookieBtn function| BehaviorPadSearchCookie object| utag_extn object| s_c_il number| s_c_in function| fbq function| _fbq object| item function| gtag object| dataLayer object| s function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| cookieHandler boolean| clkev object| google_tag_manager function| GooglemKTybQhCsO function| google_trackConversion object| google_tag_data object| GooglebQhCsO number| s_loadT object| s_i_hsbc-rbwm-tr

4 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 51289088127904178701611762215218110511
.hsbc.com.tr/ Name: AMCV_AE9446FC57CECBEE7F000101%40AdobeOrg
Value: -1303530583%7CMCIDTS%7C18410%7CMCMID%7C51533381713225082171655072410055281240%7CMCAAMLH-1591196762%7C6%7CMCAAMB-1591196762%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1590599162s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18417%7CvVersion%7C3.3.0
www.hsbc.com.tr/ Name: TS01935294
Value: 01de9487a50eb54817a92bb5356fa4b7fa15fe37364a7a6fc605faa627377fa2b26737a57394147b16375d2d214fb8bea8de4f7ea8287dda14dddd17f2b7e2fac49eeb2494
www.hsbc.com.tr/ Name: BehaviorPad_Profile
Value: baf3443b-c910-4610-b429-f9bcee6d647c

1 Console Messages

Source Level URL
Text
console-api warning URL: https://www.hsbc.com.tr/magiclick.core.min.js?v=jkVLrlUtJgQqtFz_SEZAO5l8xLMZCGyrZV6qlNMgZoU1(Line 1)
Message:
Deprecation warning: years accessor is deprecated. Use year instead Arguments: Error at oi.years (https://www.hsbc.com.tr/magiclick.core.min.js?v=jkVLrlUtJgQqtFz_SEZAO5l8xLMZCGyrZV6qlNMgZoU1:1:338900) at Object.CampaignFilter (https://www.hsbc.com.tr/magiclick.tr.min.js?v=VNrwylzZIDmfAd3COdwvzyNvdPOSFZQNmi0kBOY--yw1:1:42239) at Object.init (https://www.hsbc.com.tr/magiclick.tr.min.js?v=VNrwylzZIDmfAd3COdwvzyNvdPOSFZQNmi0kBOY--yw1:1:61370) at HTMLDocument.<anonymous> (https://www.hsbc.com.tr/magiclick.tr.min.js?v=VNrwylzZIDmfAd3COdwvzyNvdPOSFZQNmi0kBOY--yw1:1:65020) at l (https://www.hsbc.com.tr/magiclick.core.min.js?v=jkVLrlUtJgQqtFz_SEZAO5l8xLMZCGyrZV6qlNMgZoU1:1:42426) at c (https://www.hsbc.com.tr/magiclick.core.min.js?v=jkVLrlUtJgQqtFz_SEZAO5l8xLMZCGyrZV6qlNMgZoU1:1:42742)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
cm.everesttech.net
connect.facebook.net
dpm.demdex.net
googleads.g.doubleclick.net
hsbcbankglobal.demdex.net
hsbcbankglobal.sc.omtrdc.net
tags.tiqcdn.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.hsbc.com.tr
15.188.31.119
152.199.23.241
172.217.22.6
172.217.23.130
212.127.96.84
2a00:1450:4001:800::2008
2a00:1450:4001:801::2002
2a00:1450:4001:816::2003
2a00:1450:4001:81e::2004
2a00:1450:4001:825::2002
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.248.138.59
34.250.224.170
66.117.28.86
01591f692ce1c0bcc39b4584df733f8028eef5d34d75b946cf29bb60f3d49f71
0340ddba96bf3a51f74980e796eb25646c5c3ad5c027c2bf769b1fb165085f78
077b5c60ae25a2a72663f370a9601ec72204c9b9e2845a0fdb212779eaf906c3
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1410bf3ef15162a56d0c7ea0f851483738179ce8281a269f4ed88612e9c9a695
1e9a2af5db64b3e8b0dd65121d2505ff52f2413b7aa16c452b9ee57199bb1366
1fe93d773a537c17456fc95e7dbfb69cba2914ac73c5f9b01d4db046667c688e
20f2b7c4f6f460542ac14424e621a9aa42dbdd98447feb325b3e81e322598860
29d568277f6f46daaaa195400dc1ac51a5418e487516e9f014d2215d9dac2c09
2cc4c587dd9018c087d64d4b9e7da24caccdb007b73abfad39ce720023c6bef5
346c4ba882f4c264c1f7c3260412a3ffa5ba35f09e45f53a98c82e38aaa072a3
3974bb7290e7a2f15ccc1d495240e2cb99beb51dafa75dcb059438927836ef10
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4982c5e313c7126af88f7f232467b6f55a02543ec5e89251375a790f7ee1c86f
4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787
53812e03c926c324ba28b19846f267dcf608697bd8a528316e9416c86c4cca6a
53a79442df00e96a3c70b0769b1256e8cd0c776f39d5597aa8bc05f734942e8b
57b8c60c2370407d802bbf10fc3dd4dac6fd009ffc0c3ff021cac4ac128d8c26
640a99d75339ec2c43b3c2ba27991fea8db0359c56d84a1f84ab44692dc47891
683e99a73a2f3c8809dc2d54b5525cc1cb1c7f1dbe9cbb8c89a2491c178c07a0
74c2052cd0f01958c60ef8a090714a8e6d3438a0693884b0d3acfe014baa5b46
7e1d844d98f5758da6870a9af3c5b5374b761d49c08fad17896fbcc721163a50
83334154a64a27fa2d35a018d88338bbfb9e8a3779e12f0cb2411fddbd78c6f3
859a9459d2ff01f4dc720de9cd7ac66677533afcee63a795b9d2803fa3c67e2a
91498ca173318bd4e9aef54b667b7a8b1ce0cb2ce5ef07e7b2983651b44c1435
a18e1cc4aff4cfaec6b6722d7b9822e04a18a8c19dd002cdaea387ba6a31f5a1
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
aea52d27230b89ca1b732866afbe137a98e65100049a56b3293def8d5fe7dda0
cadfbf9b8f189866b4b4333dde70052271994d60b3a6e5b9246635b0d7146d97
d42b53211628ff7fd1b5792b2fcdde5ba8f52c29d71d2eaab68fd697333553eb
deb432099ed0602a936a693b908770893ad49a77af8841c5657fbde2900561bd
e10adbde760ed093ea3dc019c562a6027b6aab900f0abc6a1013efc68c59e350
e2d1ef272a613a94ef7dab4744ba515222f62cfe121e917af48dcbb5c5025467
e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13
e5e2d3c05203b341fd2286e50a78759973cb4097045d2f7ee42a6aebbc628005
e6dfac6be6897c16ce2fc5574a4621e9983d970fedf372b420185cb731fb977e
ee57c6ea82a68868b8906f018b015734dfd0b5d11cff37aa45dba98e191fd065
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629