lloydsire.staging.cavendishonline.co.uk Open in urlscan Pro
23.37.36.22 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://lloydsire.staging.cavendishonline.co.uk/
Effective URL:
https://lloydsire.staging.cavendishonline.co.uk/
Submission: On June 28 via api (June 28th 2024, 4:06:10 pm UTC) from JP — Scanned from GB

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 16 HTTP transactions. The main IP is 23.37.36.22, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is lloydsire.staging.cavendishonline.co.uk.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on March 20th 2024. Valid for: a year.

This is the only time lloydsire.staging.cavendishonline.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Lloyds (Banking)

Domain & IP information

	IP Address	AS Autonomous System
13	23.37.36.22 23.37.36.22	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:f7cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	4

13 23.37.36.22 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-36-22.deploy.static.akamaitechnologies.com

lloydsire.staging.cavendishonline.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f7cb (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	cavendishonline.co.uk lloydsire.staging.cavendishonline.co.uk	478 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 381	59 KB
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 1008	83 KB
16	3

	Domain	Requested by
13	lloydsire.staging.cavendishonline.co.uk	lloydsire.staging.cavendishonline.co.uk
2	cdn.jsdelivr.net	lloydsire.staging.cavendishonline.co.uk
1	unpkg.com	lloydsire.staging.cavendishonline.co.uk
16	3

This site contains no links.

Subject Issuer	Validity	Valid
CAVENDISH-PREPROD-02.lloydsbanking.com DigiCert SHA2 Extended Validation Server CA	`2024-03-20` - `2025-03-19`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
unpkg.com GTS CA 1P5	`2024-05-30` - `2024-08-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://lloydsire.staging.cavendishonline.co.uk/
Frame ID: 289704295BBEDB8FF66C6B9EC2E480EA
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Lloyds IR Engine

Page URL History Show full URLs

http://lloydsire.staging.cavendishonline.co.uk/ HTTP 307
https://lloydsire.staging.cavendishonline.co.uk/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

16
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

620 kB
Transfer

1049 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://lloydsire.staging.cavendishonline.co.uk/ HTTP 307
https://lloydsire.staging.cavendishonline.co.uk/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
lloydsire.staging.cavendishonline.co.uk/
Redirect Chain

http://lloydsire.staging.cavendishonline.co.uk/
https://lloydsire.staging.cavendishonline.co.uk/

13 KB
5 KB

798ms
499ms

Document
text/html

23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lloydsire.staging.cavendishonline.co.uk/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

98635bd9e557ff89c90e3e47c218c69fb2bc80cae3078f03fff4866abc1ca35b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: private, must-revalidate
content-encoding: gzip
content-length: 3658
content-type: text/html; charset=UTF-8
date: Fri, 28 Jun 2024 16:06:04 GMT
expires: -1
pragma: no-cache
strict-transport-security: max-age=31536000 ; includeSubDomains
vary: Accept-Encoding
x-akamai-transformed: 9 3458 0 pmb=mTOE,2
x-ratelimit-limit: 5000
x-ratelimit-remaining: 5000

Redirect headers

Location: https://lloydsire.staging.cavendishonline.co.uk/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/ 227 KB
35 KB 137ms
43ms Stylesheet
text/css 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3017df4a76db5f01c2b99b603d88b03106df13bcfe18e67b7c13c2341d3a67df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Origin: https://lloydsire.staging.cavendishonline.co.uk
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 28 Jun 2024 16:06:04 GMT
x-content-type-options: nosniff
content-encoding: br
age: 812967
x-jsd-version: 5.3.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 34902
x-served-by: cache-fra-etou8220083-FRA, cache-lon420092-LON
x-jsd-version-type: version
etag: W/"38df4-HxOZgbm0enZu+gphu3ito1HxbEs"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/ 79 KB
25 KB 179ms
85ms Script
application/javascript 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Origin: https://lloydsire.staging.cavendishonline.co.uk
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 28 Jun 2024 16:06:04 GMT
x-content-type-options: nosniff
content-encoding: br
age: 4465201
x-jsd-version: 5.3.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25109
x-served-by: cache-fra-etou8220085-FRA, cache-lon420092-LON
x-jsd-version-type: version
etag: W/"13b17-9/0PPchLLPk7+B6DJQWmc/NU4KM"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 jquery-3.7.1.js Show response
lloydsire.staging.cavendishonline.co.uk/ 279 KB
279 KB 177ms
176ms Script
application/javascript 23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lloydsire.staging.cavendishonline.co.uk/jquery-3.7.1.js

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 16:06:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
last-modified: Fri, 08 Dec 2023 18:55:25 GMT
accept-ranges: bytes
etag: "6573669d-45a82"
content-length: 285314
content-type: application/javascript

GET
H2 200 libphonenumber-max.js Show response
unpkg.com/libphonenumber-js@1.10.50/bundle/ 235 KB
83 KB 188ms
97ms Script
application/javascript 2606:4700::6811:f7cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/libphonenumber-js@1.10.50/bundle/libphonenumber-max.js

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31e88fca79b7ccdbf4fa109fdbf514d261451e875e25ca7229ad79eeae352656

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 16:06:04 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 8496860
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HSJJ9VS3S0BCE49XX88H8CJB-lhr
server: cloudflare
etag: "3ac0a-2D6oR4Aos+I2ininHl50BFns3f4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 89aeec07eaa1632e-LHR

GET
H2 200 lloyds.css
lloydsire.staging.cavendishonline.co.uk/css/ 4 KB
4 KB 90ms
89ms Stylesheet
text/css 23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lloydsire.staging.cavendishonline.co.uk/css/lloyds.css

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

b36703b664af4d971a40d9d9a1d11d4c0527d97d4b925f99a876cded590f0834

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 16:06:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
last-modified: Tue, 19 Dec 2023 10:18:56 GMT
accept-ranges: bytes
etag: "65816e10-eae"
content-length: 3758
content-type: text/css

GET
H2 200 51239218 Show response
lloydsire.staging.cavendishonline.co.uk/akam/13/ 26 KB
9 KB 416ms
416ms Script
application/javascript 23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lloydsire.staging.cavendishonline.co.uk/akam/13/51239218

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

ebf797b15dfae3e9c02ccf7b4f5f7f04592da892555e7d9202d4bf56ee34e9c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 16:06:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000 ; includeSubDomains
last-modified: Thu, 22 Feb 2024 19:50:47 GMT
etag: "02b648d503d68aeb1b44e22b224b56f175ea5408b84c208c60d0934b9c58d414"
stored-attribute-sha-checksum: ebf797b15dfae3e9c02ccf7b4f5f7f04592da892555e7d9202d4bf56ee34e9c4
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=21600
content-length: 8796

GET
H2 200 Lloyds_logo.svg
lloydsire.staging.cavendishonline.co.uk/images/ 18 KB
18 KB 248ms
247ms Image
image/svg+xml 23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lloydsire.staging.cavendishonline.co.uk/images/Lloyds_logo.svg

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

8900e6e8e5976249fcac13038ac86dbee3f750ac7d04719309cf128326349c83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 16:06:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
last-modified: Fri, 08 Dec 2023 18:55:25 GMT
accept-ranges: bytes
etag: "6573669d-491d"
content-length: 18717
content-type: image/svg+xml

GET
H2 200 cross.svg
lloydsire.staging.cavendishonline.co.uk/images/ 826 B
989 B 131ms
131ms Image
image/svg+xml 23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lloydsire.staging.cavendishonline.co.uk/images/cross.svg

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

84748aeb1575491412be1ceed27a208ae759f226139a1a8729b3bdd85aefcaac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 16:06:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
last-modified: Mon, 11 Dec 2023 16:16:24 GMT
x-accel-version: 0.01
etag: "33a-60c3e4163bb61"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 826

GET
H2 200 check_white.svg
lloydsire.staging.cavendishonline.co.uk/images/ 274 B
436 B 228ms
228ms Image
image/svg+xml 23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lloydsire.staging.cavendishonline.co.uk/images/check_white.svg

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

dd36f63e050686e559178cd4bbf18e360de884d74b37c7b6c959c9897f4aee71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 16:06:04 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
last-modified: Fri, 08 Dec 2023 18:55:25 GMT
x-accel-version: 0.01
etag: "112-60c04208a841b"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 274

GET
H2 200 chevron_right_white.svg
lloydsire.staging.cavendishonline.co.uk/images/ 278 B
441 B 118ms
117ms Image
image/svg+xml 23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lloydsire.staging.cavendishonline.co.uk/images/chevron_right_white.svg

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

2e7371e0f659b7a1f644d298225127a47b9b0b69de5ac0c30afdf49508e76143

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 16:06:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
last-modified: Fri, 08 Dec 2023 18:55:25 GMT
x-accel-version: 0.01
etag: "116-60c04208a841b"
content-type: image/svg+xml
accept-ranges: bytes
content-length: 278

GET
H2 200 fscs_logo.png
lloydsire.staging.cavendishonline.co.uk/images/ 19 KB
20 KB 107ms
107ms Image
image/png 23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lloydsire.staging.cavendishonline.co.uk/images/fscs_logo.png

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

4f4cc64be3787eb574ccf5ce13d15434ea52a476f57d37f50a6d9b587c4b870f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 16:06:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
last-modified: Fri, 08 Dec 2023 18:55:25 GMT
accept-ranges: bytes
etag: "6573669d-4dcf"
content-length: 19919
content-type: image/png

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 157 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 favicon.ico
lloydsire.staging.cavendishonline.co.uk/images/ 1 KB
2 KB 86ms
86ms Other
image/vnd.microsoft.icon 23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lloydsire.staging.cavendishonline.co.uk/images/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

f8e7aba5b6bde788b20fb9dc64e6f9896037ee9e5c30cb27df33c6e8d6270357

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 16:06:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
last-modified: Fri, 08 Dec 2023 18:55:25 GMT
accept-ranges: bytes
etag: "6573669d-47e"
content-length: 1150
content-type: image/vnd.microsoft.icon

GET
H2 200 lloyds_bank_jack-regularWEB.woff
lloydsire.staging.cavendishonline.co.uk/fonts/ 63 KB
64 KB 200ms
199ms Font
font/woff 23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lloydsire.staging.cavendishonline.co.uk/fonts/lloyds_bank_jack-regularWEB.woff

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/css/lloyds.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

991a121de8faf40ccce7ee09da5d5058a6a9fc0f116da0ae6661937d564718fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/css/lloyds.css
Origin: https://lloydsire.staging.cavendishonline.co.uk
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 16:06:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
last-modified: Wed, 13 Dec 2023 15:57:52 GMT
accept-ranges: bytes
etag: "6579d480-fc64"
content-length: 64612
content-type: font/woff

GET
H2 200 lloyds_bank_jack-boldWEB.woff
lloydsire.staging.cavendishonline.co.uk/fonts/ 73 KB
74 KB 108ms
108ms Font
font/woff 23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lloydsire.staging.cavendishonline.co.uk/fonts/lloyds_bank_jack-boldWEB.woff

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/css/lloyds.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

4ffa5ba9aace2783e510502a97ff98512795eebd59b5262e65becc6d5d0caca6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://lloydsire.staging.cavendishonline.co.uk/css/lloyds.css
Origin: https://lloydsire.staging.cavendishonline.co.uk
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 28 Jun 2024 16:06:05 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
last-modified: Wed, 13 Dec 2023 15:57:52 GMT
accept-ranges: bytes
etag: "6579d480-125d8"
content-length: 75224
content-type: font/woff

POST
H2 200 pixel_51239218 Show response
lloydsire.staging.cavendishonline.co.uk/akam/13/ 0
629 B 87ms
86ms XHR
text/html 23.37.36.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lloydsire.staging.cavendishonline.co.uk/akam/13/pixel_51239218

Requested by

Host: lloydsire.staging.cavendishonline.co.uk
URL: https://lloydsire.staging.cavendishonline.co.uk/akam/13/51239218

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.36.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-36-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://lloydsire.staging.cavendishonline.co.uk/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 28 Jun 2024 16:06:06 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
content-length: 0
content-type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Lloyds (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
lloydsire.staging.cavendishonline.co.uk/	1970-01-20 21:39:57	Name: XSRF-TOKEN Value: eyJpdiI6ImJET3ZXVFA5aFUvS2tGYW9wUjRabWc9PSIsInZhbHVlIjoiWDBMTDNTSkVyMUVZVHRxdUlzZmNRUmhSUU03MCtNdzhiUmF2ZGt5anV2cEV6ZndlYkh4S3pEWUg2QThISlZ6ZURNZWN5UWk3bnczRFVDUTlmeTdkTkFzVktuTThoa2VXWGEyZHpXQUU3U1dyTmRndzMzOGs1OVJTTHQva3RiSTEiLCJtYWMiOiI3MjMwMjkxMzE3MWRlODMwZjY4ZjQ3MjQzMmNlNzBmNGRlNmI0OTU5ZTk2YzNkYWE5Njk5OGNlOTYzZGIwNWRkIiwidGFnIjoiIn0%3D
lloydsire.staging.cavendishonline.co.uk/	1970-01-20 21:39:57	Name: interimire_session Value: eyJpdiI6ImxLSGdRR0N5SXpVR1ZNUG9CQXpQaUE9PSIsInZhbHVlIjoiYVRvZ2dmQWJ5WUFuN3BBODFxdHJQbTNZSURaSVlWSHZ4NkE0UGt6WjNIQkZ0WVNPNzFLb0UyZThjZXFIOG4vU21YMWNacVhGVks0S1ZKNnI4SGN1b3YwSFFrL2VCRE5iL3RmQU1xdWp0Z2ErbFAxbDVXVnRwMEJ3dm1IaFJ0dGYiLCJtYWMiOiIwOWI0ZGI4ZTdmZTU5N2I1MzAyYWQ5NjkzNjg2MzU2NmMzNWM1YWQ1NzU5YzNjYjg0MmJjMDkwODYzNzUyZWJlIiwidGFnIjoiIn0%3D
.staging.cavendishonline.co.uk/	1970-01-20 21:39:57	Name: ak_bmsc Value: 5B253ABFDF20DADB22266811B36E2110~000000000000000000000000000000~YAAQnV5swXbHpFOQAQAA6sWYXxh1ID/ZlR+3/uAqMLoQ4pqLDcu+BvqQ7f8LIYeBUjJdin5MuutyBtYKjsMlCRqkk1xEhxmMuPhrG7tJGAeJS1uCGOUt8MPhnUxgb3CAwszgl5uN5rjYaqQgzKoCrF3mplXsVyCiSGZXYe8k2v9sLpjtODX9zDlas6OoAwdyv4srgtaKK7ESw7UHjD4hGcPx8XDIZy+AAPdisnIwFW+KiqqP88IebqFFw0dOnsSR70APjGEWdfiHif8MgbkRvAUB+ijPG7ICXNk3VM9bGgLHtPw2uQjitK2PYlavO8hGlm6FDuMdvn43qUR5dmMNwnhPuR4uSoDFx7sPDZvaQiq2fKvAw9LqvFiY2zUPzVx+Fj13dwaknHb8EGLZS8Vnpya3K0foMGcFgG1uCj10iF9t0JwNc+w+zh9rIijSU0SibqHAWkEG7V+d3+K8zIbajRMv5Xedi8LaFJQuy7UgP2E=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
lloydsire.staging.cavendishonline.co.uk
unpkg.com
23.37.36.22
2606:4700::6811:f7cb
2a04:4e42::485
2e7371e0f659b7a1f644d298225127a47b9b0b69de5ac0c30afdf49508e76143
3017df4a76db5f01c2b99b603d88b03106df13bcfe18e67b7c13c2341d3a67df
31e88fca79b7ccdbf4fa109fdbf514d261451e875e25ca7229ad79eeae352656
4f4cc64be3787eb574ccf5ce13d15434ea52a476f57d37f50a6d9b587c4b870f
4ffa5ba9aace2783e510502a97ff98512795eebd59b5262e65becc6d5d0caca6
78a85aca2f0b110c29e0d2b137e09f0a1fb7a8e554b499f740d6744dc8962cfe
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd
84748aeb1575491412be1ceed27a208ae759f226139a1a8729b3bdd85aefcaac
8900e6e8e5976249fcac13038ac86dbee3f750ac7d04719309cf128326349c83
98635bd9e557ff89c90e3e47c218c69fb2bc80cae3078f03fff4866abc1ca35b
991a121de8faf40ccce7ee09da5d5058a6a9fc0f116da0ae6661937d564718fe
b36703b664af4d971a40d9d9a1d11d4c0527d97d4b925f99a876cded590f0834
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2
dd36f63e050686e559178cd4bbf18e360de884d74b37c7b6c959c9897f4aee71
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebf797b15dfae3e9c02ccf7b4f5f7f04592da892555e7d9202d4bf56ee34e9c4
f8e7aba5b6bde788b20fb9dc64e6f9896037ee9e5c30cb27df33c6e8d6270357

lloydsire.staging.cavendishonline.co.uk Open in urlscan Pro 23.37.36.22 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

620 kBTransfer

1049 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

lloydsire.staging.cavendishonline.co.uk Open in urlscan Pro
23.37.36.22 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

620 kB
Transfer

1049 kB
Size

3
Cookies

16 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!