urlscan.io logo urlscan.io
SecurityTrails logo

onlinefactor.pages.dev Open in urlscan Pro
172.66.46.228  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://onlinefactor.pages.dev/
Effective URL: https://onlinefactor.pages.dev/
Submission: On June 20 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 172.66.46.228, located in United States and belongs to CLOUDFLARENET, US. The main domain is onlinefactor.pages.dev.
TLS certificate: Issued by GTS CA 1P5 on May 29th 2024. Valid for: 3 months.
This is the only time onlinefactor.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BT (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 172.66.46.228 13335 (CLOUDFLAR...)
18 41.63.96.130 22822 (LLNW)
19 3
Apex Domain
Subdomains		 Transfer
17 bt.co.uk
img01.bt.co.uk — Cisco Umbrella Rank: 636429
164 KB
1 bt.com
home.bt.com — Cisco Umbrella Rank: 245193
2 KB
1 pages.dev
onlinefactor.pages.dev
11 KB
19 3
Domain Requested by
17 img01.bt.co.uk onlinefactor.pages.dev
img01.bt.co.uk
1 home.bt.com onlinefactor.pages.dev
1 onlinefactor.pages.dev
19 3

This site contains links to these domains. Also see Links.

Domain
https
Subject Issuer Validity Valid
onlinefactor.pages.dev
GTS CA 1P5		 2024-05-29 -
2024-08-27		 3 months crt.sh
www.bt.com
GeoTrust EV RSA CA G2		 2024-06-05 -
2024-09-24		 4 months crt.sh

This page contains 1 frames:

Primary Page: https://onlinefactor.pages.dev/
Frame ID: 6742A6430F29DEFA5BEDCE5821EB213C
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login Page

Page URL History Show full URLs

  1. http://onlinefactor.pages.dev/ HTTP 307
    https://onlinefactor.pages.dev/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

219 kB
Transfer

715 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://onlinefactor.pages.dev/ HTTP 307
    https://onlinefactor.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
onlinefactor.pages.dev/
Redirect Chain
  • http://onlinefactor.pages.dev/
  • https://onlinefactor.pages.dev/
72 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://onlinefactor.pages.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.46.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ed497415c060e1624207d68ac485134b020282f2ff5bb24fcc4f0a0c00a74c1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
896c06c0eaf52c18-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 20 Jun 2024 13:15:13 GMT
etag
W/"947d18c3b899745a8f76c21bfae5c919"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M00jS6UIBvjy84Rdtov9Zj%2F5j5jfBBL5R4qTi5rQOcGFuCtVFF1DygprkdA%2FVsLZ98NjeKMtsfv%2BCvR4nSItyNUVfiu%2FXxSzarNdy0F%2FrSQMRfSQTgbjqPGrJ%2F3TCRDRr3iaAbUvHgmZ"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://onlinefactor.pages.dev/
Non-Authoritative-Reason
HSTS
login-datalayer.js
img01.bt.co.uk/s/assets/020822/js/ 		710 B
796 B 		Script
General
Check archive.org
Download Go to
Full URL
https://img01.bt.co.uk/s/assets/020822/js/login-datalayer.js
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
c8f47c528c93a4dc7104388ee8d7e5fd2e67efd2cc641116825f4d539198cd2a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onlinefactor.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Thu, 20 Jun 2024 13:15:13 GMT
age
53804
x-btsite
1
content-length
417
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-llid
4cfc55df4dcda068c483c08eefcd99dd
expires
Thu, 20 Jun 2024 22:18:29 GMT
common-reset.css
img01.bt.co.uk/s/assets/020822/css/ 		65 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://img01.bt.co.uk/s/assets/020822/css/common-reset.css
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
d4a986c22ae001e743c50f59d647eabba306e35899b7aec56992e37833bd7015
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onlinefactor.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
7480
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
x-btsite
1
cache-control
max-age=86400
content-length
35373
x-xss-protection
1; mode=block
x-llid
e323429b320f3046fbc3c3f836effc44
expires
Fri, 21 Jun 2024 11:10:33 GMT
common.css
img01.bt.co.uk/s/assets/020822/css/ 		181 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://img01.bt.co.uk/s/assets/020822/css/common.css
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
425f3e3943172803a8b9f0520d73b6227698f8bbf8eeb304045996e201d3fbf6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onlinefactor.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
7480
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
x-btsite
1
cache-control
max-age=86400
content-length
34693
x-xss-protection
1; mode=block
x-llid
79415f0691a386c6458d714aff76fe1a
expires
Fri, 21 Jun 2024 11:10:33 GMT
index.css
img01.bt.co.uk/s/assets/020822/aauth/css/ 		125 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://img01.bt.co.uk/s/assets/020822/aauth/css/index.css
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
e3f7a58fe67b04d01e049ca1cd6604b939cd660eb2df6a2d7fa3fca4c01676b0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onlinefactor.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
7480
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
x-btsite
1
cache-control
max-age=86400
content-length
20406
x-xss-protection
1; mode=block
x-llid
3d76558351c5f4d474a453805440092c
expires
Fri, 21 Jun 2024 11:10:33 GMT
bts-common.css
img01.bt.co.uk/s/assets/020822/css/ 		88 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://img01.bt.co.uk/s/assets/020822/css/bts-common.css
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
7deb5405a84486905b040b40d17438fbdfe40db3e1fff910992758e27dc59d43
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onlinefactor.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
7480
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
x-btsite
1
cache-control
max-age=86400
content-length
12866
x-xss-protection
1; mode=block
x-llid
1a053da9b48a0c40757109fb7adc1687
expires
Fri, 21 Jun 2024 11:10:33 GMT
login-index.css
img01.bt.co.uk/s/assets/020822/css/ 		76 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://img01.bt.co.uk/s/assets/020822/css/login-index.css
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
32f9b445cdf66b5aa8fc260f589ec18984fbe2042fd319c5693c8054c6378de8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onlinefactor.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
7480
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
x-btsite
1
cache-control
max-age=86400
content-length
13465
x-xss-protection
1; mode=block
x-llid
19bf55a45054903a7959ff2b14b8f254
expires
Fri, 21 Jun 2024 11:10:33 GMT
jquery.cookie.js
img01.bt.co.uk/s/assets/020822/js/ 		819 B
798 B 		Script
General
Check archive.org
Download Go to
Full URL
https://img01.bt.co.uk/s/assets/020822/js/jquery.cookie.js
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
330c54b74b453f6d086933cce146ead03e561fc20321119e5551657f0a1c433f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onlinefactor.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Thu, 20 Jun 2024 13:15:13 GMT
age
53804
x-btsite
1
content-length
419
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-llid
a60e0e6f50374cf114e1d2ce2b367ed4
expires
Thu, 20 Jun 2024 22:18:29 GMT
rebrand-bt-logo-login-page-136440342141502601-221028080308.png
home.bt.com/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://home.bt.com/images/rebrand-bt-logo-login-page-136440342141502601-221028080308.png
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
670d9073ccec70934db12cf5580205e55d8e2613e7b51a632736abb72bf8eb42
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onlinefactor.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 21 Jun 2024 11:10:33 GMT
content-security-policy
frame-ancestors 'self'
date
Thu, 20 Jun 2024 13:15:13 GMT
x-ua-compatible
IE=Edge
last-modified
Sat, 08 Jun 2024 20:40:33 GMT
age
7480
x-frame-options
SAMEORIGIN
content-type
image/png
x-btsite
1
cache-control
max-age=86400
content-length
1720
x-xss-protection
1; mode=block
x-llid
aae0efdb6f50c9fe6bbad0817161a46a
mdt-type
abinary; charset=UTF-8
dantegf.api-1.0.js
img01.bt.co.uk/s/assets/020822/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img01.bt.co.uk/s/assets/020822/js/dantegf.api-1.0.js
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
c64ac95339e0cc125800cd52da8c04a1c25de8aeb8b77820b8f094de7990dd0c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onlinefactor.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
53804
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
x-btsite
1
cache-control
max-age=86400
content-length
2306
x-xss-protection
1; mode=block
x-llid
253ba54f02e892e440395705efe6503c
expires
Thu, 20 Jun 2024 22:18:29 GMT
login.js
img01.bt.co.uk/s/assets/020822/js/ 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img01.bt.co.uk/s/assets/020822/js/login.js
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
b076b3c04db956163b42f5ddbd60e330f98389fb8fafba135ad373962922c320
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onlinefactor.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
53804
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
x-btsite
1
cache-control
max-age=86400
content-length
3978
x-xss-protection
1; mode=block
x-llid
f63ca952b9cd1f52683bc6777e3c5bc4
expires
Thu, 20 Jun 2024 22:18:29 GMT
core.js
img01.bt.co.uk/s/assets/020822/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img01.bt.co.uk/s/assets/020822/js/core.js
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
3ab188d6cbe03d181c10ede40d6292456677fd5fa6be9edd2b2f86649a223732
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onlinefactor.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
53804
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
x-btsite
1
cache-control
max-age=86400
content-length
2388
x-xss-protection
1; mode=block
x-llid
91a84c2b67722d0d67352227c90056b0
expires
Thu, 20 Jun 2024 22:18:29 GMT
logintextboxbg.png
img01.bt.co.uk/s/assets/020822/images/ 		966 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img01.bt.co.uk/s/assets/020822/images/logintextboxbg.png
Requested by
Host: img01.bt.co.uk
URL: https://img01.bt.co.uk/s/assets/020822/css/login-index.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
2b1930ba4a2e3f401d744fc3d55c2464a79736bfbc0f0875d98dca864b16449f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://img01.bt.co.uk/s/assets/020822/css/login-index.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
7479
x-frame-options
SAMEORIGIN
content-type
image/png
x-btsite
1
cache-control
max-age=86400
accept-ranges
bytes
content-length
966
x-xss-protection
1; mode=block
x-llid
e3bd7d0ae9f69772b55c48616cd9c352
expires
Fri, 21 Jun 2024 11:10:34 GMT
icons-sprite-8bit.png
img01.bt.co.uk/s/assets/020822/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img01.bt.co.uk/s/assets/020822/images/icons-sprite-8bit.png
Requested by
Host: img01.bt.co.uk
URL: https://img01.bt.co.uk/s/assets/020822/css/common.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
6c15da6e07c5e0c79941d5f3e5e5839e1b1d87d3f03badceb337e88bbe78609f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://img01.bt.co.uk/s/assets/020822/css/common.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
7479
x-frame-options
SAMEORIGIN
content-type
image/png
x-btsite
1
cache-control
max-age=86400
accept-ranges
bytes
content-length
5100
x-xss-protection
1; mode=block
x-llid
553321aae67ad8e130ac95b1de418868
expires
Fri, 21 Jun 2024 11:10:34 GMT
LoginButtonBg.png
img01.bt.co.uk/s/assets/020822/images/ 		211 B
546 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img01.bt.co.uk/s/assets/020822/images/LoginButtonBg.png
Requested by
Host: img01.bt.co.uk
URL: https://img01.bt.co.uk/s/assets/020822/css/common.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
7583bdd341399e600785dab65ac725a95dced3b0054ed8ca9b8d69fbde04def8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://img01.bt.co.uk/s/assets/020822/css/common.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
7479
x-frame-options
SAMEORIGIN
content-type
image/png
x-btsite
1
cache-control
max-age=86400
content-length
211
x-xss-protection
1; mode=block
x-llid
fd0757f66023fce1b33f4b1899815efd
expires
Fri, 21 Jun 2024 11:10:34 GMT
login-back.png
img01.bt.co.uk/s/assets/020822/images/ 		279 B
621 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img01.bt.co.uk/s/assets/020822/images/login-back.png
Requested by
Host: img01.bt.co.uk
URL: https://img01.bt.co.uk/s/assets/020822/css/common.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
6de9b19d62ae2029b5d7c51c7eb8fcbdee6503abf32cd74fa3963c76490bc0ac
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://img01.bt.co.uk/s/assets/020822/css/common.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
7479
x-frame-options
SAMEORIGIN
content-type
image/png
x-btsite
1
cache-control
max-age=86400
accept-ranges
bytes
content-length
279
x-xss-protection
1; mode=block
x-llid
7712f263bec2f6435db91552812f2050
expires
Fri, 21 Jun 2024 11:10:34 GMT
bt-footer-bg.jpg
img01.bt.co.uk/s/assets/020822/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img01.bt.co.uk/s/assets/020822/images/bt-footer-bg.jpg
Requested by
Host: img01.bt.co.uk
URL: https://img01.bt.co.uk/s/assets/020822/css/common-reset.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
cbf86fc1cedf23b294f4610fe0140df33f350071028953d6cc1c2c4249851038
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://img01.bt.co.uk/s/assets/020822/css/common-reset.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
7479
x-frame-options
SAMEORIGIN
content-type
image/jpeg
x-btsite
1
cache-control
max-age=86400
accept-ranges
bytes
content-length
1251
x-xss-protection
1; mode=block
x-llid
099e25a9b43431f43ee36e995536417b
expires
Fri, 21 Jun 2024 11:10:34 GMT
truncated
/ 		42 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
91d32af051d9ace7282b43d300b85debad94fa8659ee69f3e7616e4e1a7605e2

Request headers

Referer
Origin
https://onlinefactor.pages.dev
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
font/truetype;charset=utf-8
bttv_rg-webfont.woff
img01.bt.co.uk/s/assets/020822/aauth/css/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://img01.bt.co.uk/s/assets/020822/aauth/css/fonts/bttv_rg-webfont.woff
Requested by
Host: img01.bt.co.uk
URL: https://img01.bt.co.uk/s/assets/020822/aauth/css/index.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
1313323817898228d6399b6de26686f15af3bfc9ebda293cc7656e27611673f9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://img01.bt.co.uk/s/assets/020822/aauth/css/index.css
Origin
https://onlinefactor.pages.dev
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
7478
x-frame-options
SAMEORIGIN
content-type
application/x-font-woff
access-control-allow-origin
*
x-btsite
1
cache-control
max-age=86400
accept-ranges
bytes
content-length
26600
x-xss-protection
1; mode=block
x-llid
bd7b3ca2fc9e7ad636f5cbc697bbb51a
expires
Fri, 21 Jun 2024 11:10:35 GMT
favicon.ico
img01.bt.co.uk/s/assets/020822/images/logo/ 		877 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://img01.bt.co.uk/s/assets/020822/images/logo/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-130.hhn.llnw.net
Software
/
Resource Hash
fd98910da13b877b92584901ae97b8aa508c1d55bd132cbdde01f45bdeb1008c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://onlinefactor.pages.dev/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Thu, 20 Jun 2024 13:15:13 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
19513
x-frame-options
SAMEORIGIN
content-type
image/x-icon
x-btsite
1
cache-control
max-age=86400
accept-ranges
bytes
content-length
877
x-xss-protection
1; mode=block
x-llid
ea5e256b3e58bc2e89edc92ef34937c2
expires
Fri, 21 Jun 2024 07:50:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BT (Telecommunication)

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage string| analyticsPageName object| tar string| formTarget object| digitalData object| _exhaust_init_queue function| emitToExhaust function| mobileSearchBTS string| loginpagetype function| reportErrors function| expireCookie function| getUserStatus function| logDetails string| customView undefined| e undefined| loggedinCustomer undefined| xloginExists undefined| elbcExists undefined| authFailureReasonCookie undefined| usrName undefined| owmhash undefined| mxhash undefined| xloginArr undefined| target undefined| targetParts undefined| redirectUrl undefined| samltkns object| settings object| Encoder string| pageType undefined| frgtdetail string| bghexcolor string| ua function| getAndriodBanner string| userAgent object| DanteGF object| FooterEncoder undefined| portalcookie object| footerconfig function| displayerrors function| setUsernameFromCookie function| checkPwdEnc function| hexEncode undefined| submitcount function| validateEmailDomain function| validEmail function| setRememberMeCookiees undefined| bt undefined| lbi

0 Cookies

6 Console Messages

Source Level URL
Text
javascript warning URL: https://onlinefactor.pages.dev/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://img01.bt.co.uk/s/assets/020822/js/login-datalayer.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://onlinefactor.pages.dev/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://img01.bt.co.uk/s/assets/020822/js/login-datalayer.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://onlinefactor.pages.dev/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://img01.bt.co.uk/s/assets/020822/js/jquery.cookie.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://onlinefactor.pages.dev/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://img01.bt.co.uk/s/assets/020822/js/dantegf.api-1.0.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://onlinefactor.pages.dev/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://img01.bt.co.uk/s/assets/020822/js/login.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://onlinefactor.pages.dev/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://img01.bt.co.uk/s/assets/020822/js/core.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

home.bt.com
img01.bt.co.uk
onlinefactor.pages.dev
172.66.46.228
41.63.96.130
1313323817898228d6399b6de26686f15af3bfc9ebda293cc7656e27611673f9
2b1930ba4a2e3f401d744fc3d55c2464a79736bfbc0f0875d98dca864b16449f
32f9b445cdf66b5aa8fc260f589ec18984fbe2042fd319c5693c8054c6378de8
330c54b74b453f6d086933cce146ead03e561fc20321119e5551657f0a1c433f
3ab188d6cbe03d181c10ede40d6292456677fd5fa6be9edd2b2f86649a223732
3ed497415c060e1624207d68ac485134b020282f2ff5bb24fcc4f0a0c00a74c1
425f3e3943172803a8b9f0520d73b6227698f8bbf8eeb304045996e201d3fbf6
670d9073ccec70934db12cf5580205e55d8e2613e7b51a632736abb72bf8eb42
6c15da6e07c5e0c79941d5f3e5e5839e1b1d87d3f03badceb337e88bbe78609f
6de9b19d62ae2029b5d7c51c7eb8fcbdee6503abf32cd74fa3963c76490bc0ac
7583bdd341399e600785dab65ac725a95dced3b0054ed8ca9b8d69fbde04def8
7deb5405a84486905b040b40d17438fbdfe40db3e1fff910992758e27dc59d43
91d32af051d9ace7282b43d300b85debad94fa8659ee69f3e7616e4e1a7605e2
b076b3c04db956163b42f5ddbd60e330f98389fb8fafba135ad373962922c320
c64ac95339e0cc125800cd52da8c04a1c25de8aeb8b77820b8f094de7990dd0c
c8f47c528c93a4dc7104388ee8d7e5fd2e67efd2cc641116825f4d539198cd2a
cbf86fc1cedf23b294f4610fe0140df33f350071028953d6cc1c2c4249851038
d4a986c22ae001e743c50f59d647eabba306e35899b7aec56992e37833bd7015
e3f7a58fe67b04d01e049ca1cd6604b939cd660eb2df6a2d7fa3fca4c01676b0
fd98910da13b877b92584901ae97b8aa508c1d55bd132cbdde01f45bdeb1008c