lloydsire.staging.cavendishonline.co.uk
Open in
urlscan Pro
23.37.36.22
Malicious Activity!
Public Scan
Effective URL: https://lloydsire.staging.cavendishonline.co.uk/
Submission: On June 28 via api from JP — Scanned from GB
Summary
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on March 20th 2024. Valid for: a year.
This is the only time lloydsire.staging.cavendishonline.co.uk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Lloyds (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 23.37.36.22 23.37.36.22 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 | 2a04:4e42::485 2a04:4e42::485 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6811:f7cb | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 4 |
ASN16625 (AKAMAI-AS, US)
PTR: a23-37-36-22.deploy.static.akamaitechnologies.com
lloydsire.staging.cavendishonline.co.uk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
cavendishonline.co.uk
lloydsire.staging.cavendishonline.co.uk |
478 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 381 |
59 KB |
1 |
unpkg.com
unpkg.com — Cisco Umbrella Rank: 1008 |
83 KB |
16 | 3 |
Domain | Requested by | |
---|---|---|
13 | lloydsire.staging.cavendishonline.co.uk |
lloydsire.staging.cavendishonline.co.uk
|
2 | cdn.jsdelivr.net |
lloydsire.staging.cavendishonline.co.uk
|
1 | unpkg.com |
lloydsire.staging.cavendishonline.co.uk
|
16 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
CAVENDISH-PREPROD-02.lloydsbanking.com DigiCert SHA2 Extended Validation Server CA |
2024-03-20 - 2025-03-19 |
a year | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3 |
2023-09-27 - 2024-10-28 |
a year | crt.sh |
unpkg.com GTS CA 1P5 |
2024-05-30 - 2024-08-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://lloydsire.staging.cavendishonline.co.uk/
Frame ID: 289704295BBEDB8FF66C6B9EC2E480EA
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Lloyds IR EnginePage URL History Show full URLs
-
http://lloydsire.staging.cavendishonline.co.uk/
HTTP 307
https://lloydsire.staging.cavendishonline.co.uk/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Akamai Bot Manager (Security) Expand
Detected patterns
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://lloydsire.staging.cavendishonline.co.uk/
HTTP 307
https://lloydsire.staging.cavendishonline.co.uk/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
lloydsire.staging.cavendishonline.co.uk/ Redirect Chain
|
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/ |
227 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/ |
79 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.7.1.js
lloydsire.staging.cavendishonline.co.uk/ |
279 KB 279 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
libphonenumber-max.js
unpkg.com/libphonenumber-js@1.10.50/bundle/ |
235 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lloyds.css
lloydsire.staging.cavendishonline.co.uk/css/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
51239218
lloydsire.staging.cavendishonline.co.uk/akam/13/ |
26 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Lloyds_logo.svg
lloydsire.staging.cavendishonline.co.uk/images/ |
18 KB 18 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cross.svg
lloydsire.staging.cavendishonline.co.uk/images/ |
826 B 989 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check_white.svg
lloydsire.staging.cavendishonline.co.uk/images/ |
274 B 436 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chevron_right_white.svg
lloydsire.staging.cavendishonline.co.uk/images/ |
278 B 441 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fscs_logo.png
lloydsire.staging.cavendishonline.co.uk/images/ |
19 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
157 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
lloydsire.staging.cavendishonline.co.uk/images/ |
1 KB 2 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lloyds_bank_jack-regularWEB.woff
lloydsire.staging.cavendishonline.co.uk/fonts/ |
63 KB 64 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lloyds_bank_jack-boldWEB.woff
lloydsire.staging.cavendishonline.co.uk/fonts/ |
73 KB 74 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
pixel_51239218
lloydsire.staging.cavendishonline.co.uk/akam/13/ |
0 629 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Lloyds (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage number| uidEvent object| bootstrap function| $ function| jQuery object| libphonenumber string| bazadebezolkohpepadr function| showPnP function| showNext function| validateData string| urhehlevkedkilrobacf3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
lloydsire.staging.cavendishonline.co.uk/ | Name: XSRF-TOKEN Value: eyJpdiI6ImJET3ZXVFA5aFUvS2tGYW9wUjRabWc9PSIsInZhbHVlIjoiWDBMTDNTSkVyMUVZVHRxdUlzZmNRUmhSUU03MCtNdzhiUmF2ZGt5anV2cEV6ZndlYkh4S3pEWUg2QThISlZ6ZURNZWN5UWk3bnczRFVDUTlmeTdkTkFzVktuTThoa2VXWGEyZHpXQUU3U1dyTmRndzMzOGs1OVJTTHQva3RiSTEiLCJtYWMiOiI3MjMwMjkxMzE3MWRlODMwZjY4ZjQ3MjQzMmNlNzBmNGRlNmI0OTU5ZTk2YzNkYWE5Njk5OGNlOTYzZGIwNWRkIiwidGFnIjoiIn0%3D |
|
lloydsire.staging.cavendishonline.co.uk/ | Name: interimire_session Value: eyJpdiI6ImxLSGdRR0N5SXpVR1ZNUG9CQXpQaUE9PSIsInZhbHVlIjoiYVRvZ2dmQWJ5WUFuN3BBODFxdHJQbTNZSURaSVlWSHZ4NkE0UGt6WjNIQkZ0WVNPNzFLb0UyZThjZXFIOG4vU21YMWNacVhGVks0S1ZKNnI4SGN1b3YwSFFrL2VCRE5iL3RmQU1xdWp0Z2ErbFAxbDVXVnRwMEJ3dm1IaFJ0dGYiLCJtYWMiOiIwOWI0ZGI4ZTdmZTU5N2I1MzAyYWQ5NjkzNjg2MzU2NmMzNWM1YWQ1NzU5YzNjYjg0MmJjMDkwODYzNzUyZWJlIiwidGFnIjoiIn0%3D |
|
.staging.cavendishonline.co.uk/ | Name: ak_bmsc Value: 5B253ABFDF20DADB22266811B36E2110~000000000000000000000000000000~YAAQnV5swXbHpFOQAQAA6sWYXxh1ID/ZlR+3/uAqMLoQ4pqLDcu+BvqQ7f8LIYeBUjJdin5MuutyBtYKjsMlCRqkk1xEhxmMuPhrG7tJGAeJS1uCGOUt8MPhnUxgb3CAwszgl5uN5rjYaqQgzKoCrF3mplXsVyCiSGZXYe8k2v9sLpjtODX9zDlas6OoAwdyv4srgtaKK7ESw7UHjD4hGcPx8XDIZy+AAPdisnIwFW+KiqqP88IebqFFw0dOnsSR70APjGEWdfiHif8MgbkRvAUB+ijPG7ICXNk3VM9bGgLHtPw2uQjitK2PYlavO8hGlm6FDuMdvn43qUR5dmMNwnhPuR4uSoDFx7sPDZvaQiq2fKvAw9LqvFiY2zUPzVx+Fj13dwaknHb8EGLZS8Vnpya3K0foMGcFgG1uCj10iF9t0JwNc+w+zh9rIijSU0SibqHAWkEG7V+d3+K8zIbajRMv5Xedi8LaFJQuy7UgP2E= |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 ; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
lloydsire.staging.cavendishonline.co.uk
unpkg.com
23.37.36.22
2606:4700::6811:f7cb
2a04:4e42::485
2e7371e0f659b7a1f644d298225127a47b9b0b69de5ac0c30afdf49508e76143
3017df4a76db5f01c2b99b603d88b03106df13bcfe18e67b7c13c2341d3a67df
31e88fca79b7ccdbf4fa109fdbf514d261451e875e25ca7229ad79eeae352656
4f4cc64be3787eb574ccf5ce13d15434ea52a476f57d37f50a6d9b587c4b870f
4ffa5ba9aace2783e510502a97ff98512795eebd59b5262e65becc6d5d0caca6
78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd
84748aeb1575491412be1ceed27a208ae759f226139a1a8729b3bdd85aefcaac
8900e6e8e5976249fcac13038ac86dbee3f750ac7d04719309cf128326349c83
98635bd9e557ff89c90e3e47c218c69fb2bc80cae3078f03fff4866abc1ca35b
991a121de8faf40ccce7ee09da5d5058a6a9fc0f116da0ae6661937d564718fe
b36703b664af4d971a40d9d9a1d11d4c0527d97d4b925f99a876cded590f0834
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2
dd36f63e050686e559178cd4bbf18e360de884d74b37c7b6c959c9897f4aee71
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebf797b15dfae3e9c02ccf7b4f5f7f04592da892555e7d9202d4bf56ee34e9c4
f8e7aba5b6bde788b20fb9dc64e6f9896037ee9e5c30cb27df33c6e8d6270357