onlinefactor.pages.dev Open in urlscan Pro
172.66.45.28  Malicious Activity! Public Scan

Submitted URL: http://onlinefactor.pages.dev/
Effective URL: https://onlinefactor.pages.dev/
Submission: On July 20 via api from US — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 172.66.45.28, located in United States and belongs to CLOUDFLARENET, US. The main domain is onlinefactor.pages.dev.
TLS certificate: Issued by GTS CA 1P5 on May 29th 2024. Valid for: 3 months.
This is the only time onlinefactor.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BT (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 172.66.45.28 13335 (CLOUDFLAR...)
17 178.79.242.181 22822 (LLNW)
19 3
Apex Domain
Subdomains
Transfer
17 bt.co.uk
img01.bt.co.uk
164 KB
1 pages.dev
onlinefactor.pages.dev
11 KB
0 bt.com Failed
www.bt.com Failed
19 3
Domain Requested by
17 img01.bt.co.uk onlinefactor.pages.dev
img01.bt.co.uk
1 onlinefactor.pages.dev
0 www.bt.com Failed onlinefactor.pages.dev
19 3

This site contains links to these domains. Also see Links.

Domain
https
Subject Issuer Validity Valid
onlinefactor.pages.dev
GTS CA 1P5
2024-05-29 -
2024-08-27
3 months crt.sh
www.bt.com
GeoTrust EV RSA CA G2
2024-07-03 -
2024-09-24
3 months crt.sh

This page contains 1 frames:

Primary Page: https://onlinefactor.pages.dev/
Frame ID: A54CE1E27386186E8BC0329E3A618B16
Requests: 20 HTTP requests in this frame

Screenshot

Page Title

Login Page

Page URL History Show full URLs

  1. http://onlinefactor.pages.dev/ HTTP 307
    https://onlinefactor.pages.dev/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

95 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

216 kB
Transfer

713 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://onlinefactor.pages.dev/ HTTP 307
    https://onlinefactor.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • https://home.bt.com/images/rebrand-bt-logo-login-page-136440342141502601-221028080308.png HTTP 301
  • https://www.bt.com/

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
onlinefactor.pages.dev/
Redirect Chain
  • http://onlinefactor.pages.dev/
  • https://onlinefactor.pages.dev/
72 KB
11 KB
Document
General
Full URL
https://onlinefactor.pages.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.45.28 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ed497415c060e1624207d68ac485134b020282f2ff5bb24fcc4f0a0c00a74c1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, must-revalidate
cf-ray
8a631523f9e9c41c-WAW
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 20 Jul 2024 12:51:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ASMWYRYACnlnBHHRaaq%2FK%2FILaJ5FVi%2FTDT5jhIPtZuppp526M1oaeUGdV978PO9PnuIy9id8OValpEKeNAuBVbiEpJhuzarlMOMuf74MPelYHXusLl3psJAjn000YCzoMN6VIn2nDiQq"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://onlinefactor.pages.dev/
Non-Authoritative-Reason
HSTS
login-datalayer.js
img01.bt.co.uk/s/assets/020822/js/
710 B
796 B
Script
General
Full URL
https://img01.bt.co.uk/s/assets/020822/js/login-datalayer.js
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
c8f47c528c93a4dc7104388ee8d7e5fd2e67efd2cc641116825f4d539198cd2a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onlinefactor.pages.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Sat, 20 Jul 2024 12:51:25 GMT
age
13338
x-btsite
1
content-length
417
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-llid
620458b2af94efb75ce74a00c43a8391
expires
Sun, 21 Jul 2024 09:09:07 GMT
common-reset.css
img01.bt.co.uk/s/assets/020822/css/
65 KB
35 KB
Stylesheet
General
Full URL
https://img01.bt.co.uk/s/assets/020822/css/common-reset.css
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
d4a986c22ae001e743c50f59d647eabba306e35899b7aec56992e37833bd7015
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onlinefactor.pages.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Sat, 20 Jul 2024 12:51:25 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
x-btsite
1
cache-control
max-age=86400
content-length
35373
x-xss-protection
1; mode=block
x-llid
5a6f3c284b76800c45ce1e7da08cdc1d
expires
Sun, 21 Jul 2024 12:51:25 GMT
common.css
img01.bt.co.uk/s/assets/020822/css/
181 KB
34 KB
Stylesheet
General
Full URL
https://img01.bt.co.uk/s/assets/020822/css/common.css
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
425f3e3943172803a8b9f0520d73b6227698f8bbf8eeb304045996e201d3fbf6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onlinefactor.pages.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Sat, 20 Jul 2024 12:51:25 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
x-btsite
1
cache-control
max-age=86400
content-length
34693
x-xss-protection
1; mode=block
x-llid
12dd0defcf59317366deeae52024bd87
expires
Sun, 21 Jul 2024 12:51:25 GMT
index.css
img01.bt.co.uk/s/assets/020822/aauth/css/
125 KB
20 KB
Stylesheet
General
Full URL
https://img01.bt.co.uk/s/assets/020822/aauth/css/index.css
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
e3f7a58fe67b04d01e049ca1cd6604b939cd660eb2df6a2d7fa3fca4c01676b0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onlinefactor.pages.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Sat, 20 Jul 2024 12:51:25 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
x-btsite
1
cache-control
max-age=86400
content-length
20406
x-xss-protection
1; mode=block
x-llid
b5626171fe664e16f224d4bc9418d677
expires
Sun, 21 Jul 2024 12:51:25 GMT
bts-common.css
img01.bt.co.uk/s/assets/020822/css/
88 KB
13 KB
Stylesheet
General
Full URL
https://img01.bt.co.uk/s/assets/020822/css/bts-common.css
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
7deb5405a84486905b040b40d17438fbdfe40db3e1fff910992758e27dc59d43
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onlinefactor.pages.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Sat, 20 Jul 2024 12:51:25 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
x-btsite
1
cache-control
max-age=86400
content-length
12866
x-xss-protection
1; mode=block
x-llid
2185522477a6e3bf2a7b9bcbb94d8ee3
expires
Sun, 21 Jul 2024 12:51:25 GMT
login-index.css
img01.bt.co.uk/s/assets/020822/css/
76 KB
13 KB
Stylesheet
General
Full URL
https://img01.bt.co.uk/s/assets/020822/css/login-index.css
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
32f9b445cdf66b5aa8fc260f589ec18984fbe2042fd319c5693c8054c6378de8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onlinefactor.pages.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Sat, 20 Jul 2024 12:51:25 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
x-btsite
1
cache-control
max-age=86400
content-length
13465
x-xss-protection
1; mode=block
x-llid
ba66eded043ca08ace1a172e4808ce89
expires
Sun, 21 Jul 2024 12:51:25 GMT
jquery.cookie.js
img01.bt.co.uk/s/assets/020822/js/
819 B
798 B
Script
General
Full URL
https://img01.bt.co.uk/s/assets/020822/js/jquery.cookie.js
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
330c54b74b453f6d086933cce146ead03e561fc20321119e5551657f0a1c433f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onlinefactor.pages.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Sat, 20 Jul 2024 12:51:25 GMT
age
13338
x-btsite
1
content-length
419
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
x-llid
02d90cc3fe725792b658d9138c0051de
expires
Sun, 21 Jul 2024 09:09:07 GMT
/
www.bt.com/
Redirect Chain
  • https://home.bt.com/images/rebrand-bt-logo-login-page-136440342141502601-221028080308.png
  • https://www.bt.com/
0
0

dantegf.api-1.0.js
img01.bt.co.uk/s/assets/020822/js/
7 KB
3 KB
Script
General
Full URL
https://img01.bt.co.uk/s/assets/020822/js/dantegf.api-1.0.js
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
c64ac95339e0cc125800cd52da8c04a1c25de8aeb8b77820b8f094de7990dd0c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onlinefactor.pages.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Sat, 20 Jul 2024 12:51:25 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
13338
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
x-btsite
1
cache-control
max-age=86400
content-length
2306
x-xss-protection
1; mode=block
x-llid
306c6138ed1946ddf2eb6c976d599cd4
expires
Sun, 21 Jul 2024 09:09:07 GMT
login.js
img01.bt.co.uk/s/assets/020822/js/
14 KB
4 KB
Script
General
Full URL
https://img01.bt.co.uk/s/assets/020822/js/login.js
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
b076b3c04db956163b42f5ddbd60e330f98389fb8fafba135ad373962922c320
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onlinefactor.pages.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Sat, 20 Jul 2024 12:51:25 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
13338
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
x-btsite
1
cache-control
max-age=86400
content-length
3978
x-xss-protection
1; mode=block
x-llid
9ab9f32cb6e56191a4bf7b6ce768caa2
expires
Sun, 21 Jul 2024 09:09:07 GMT
core.js
img01.bt.co.uk/s/assets/020822/js/
6 KB
3 KB
Script
General
Full URL
https://img01.bt.co.uk/s/assets/020822/js/core.js
Requested by
Host: onlinefactor.pages.dev
URL: https://onlinefactor.pages.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
3ab188d6cbe03d181c10ede40d6292456677fd5fa6be9edd2b2f86649a223732
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onlinefactor.pages.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
content-encoding
gzip
date
Sat, 20 Jul 2024 12:51:25 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
13338
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
x-btsite
1
cache-control
max-age=86400
content-length
2388
x-xss-protection
1; mode=block
x-llid
f74f5f5d6e6e746fba59233553c8b609
expires
Sun, 21 Jul 2024 09:09:07 GMT
logintextboxbg.png
img01.bt.co.uk/s/assets/020822/images/
966 B
1 KB
Image
General
Full URL
https://img01.bt.co.uk/s/assets/020822/images/logintextboxbg.png
Requested by
Host: img01.bt.co.uk
URL: https://img01.bt.co.uk/s/assets/020822/css/login-index.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
2b1930ba4a2e3f401d744fc3d55c2464a79736bfbc0f0875d98dca864b16449f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://img01.bt.co.uk/s/assets/020822/css/login-index.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Sat, 20 Jul 2024 12:51:26 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
x-btsite
1
cache-control
max-age=86400
accept-ranges
bytes
content-length
966
x-xss-protection
1; mode=block
x-llid
62a49f36bbc261cb979258f0b0597a52
expires
Sun, 21 Jul 2024 12:51:26 GMT
icons-sprite-8bit.png
img01.bt.co.uk/s/assets/020822/images/
5 KB
5 KB
Image
General
Full URL
https://img01.bt.co.uk/s/assets/020822/images/icons-sprite-8bit.png
Requested by
Host: img01.bt.co.uk
URL: https://img01.bt.co.uk/s/assets/020822/css/common.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
6c15da6e07c5e0c79941d5f3e5e5839e1b1d87d3f03badceb337e88bbe78609f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://img01.bt.co.uk/s/assets/020822/css/common.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Sat, 20 Jul 2024 12:51:25 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
x-btsite
1
cache-control
max-age=86400
accept-ranges
bytes
content-length
5100
x-xss-protection
1; mode=block
x-llid
dba05751ec763daec22428026b8e2726
expires
Sun, 21 Jul 2024 12:51:25 GMT
LoginButtonBg.png
img01.bt.co.uk/s/assets/020822/images/
211 B
540 B
Image
General
Full URL
https://img01.bt.co.uk/s/assets/020822/images/LoginButtonBg.png
Requested by
Host: img01.bt.co.uk
URL: https://img01.bt.co.uk/s/assets/020822/css/common.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
7583bdd341399e600785dab65ac725a95dced3b0054ed8ca9b8d69fbde04def8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://img01.bt.co.uk/s/assets/020822/css/common.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Sat, 20 Jul 2024 12:51:26 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
x-btsite
1
cache-control
max-age=86400
content-length
211
x-xss-protection
1; mode=block
x-llid
94312c87937bbe2ecb5da32898f0a572
expires
Sun, 21 Jul 2024 12:51:26 GMT
login-back.png
img01.bt.co.uk/s/assets/020822/images/
279 B
615 B
Image
General
Full URL
https://img01.bt.co.uk/s/assets/020822/images/login-back.png
Requested by
Host: img01.bt.co.uk
URL: https://img01.bt.co.uk/s/assets/020822/css/common.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
6de9b19d62ae2029b5d7c51c7eb8fcbdee6503abf32cd74fa3963c76490bc0ac
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://img01.bt.co.uk/s/assets/020822/css/common.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Sat, 20 Jul 2024 12:51:26 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
x-btsite
1
cache-control
max-age=86400
accept-ranges
bytes
content-length
279
x-xss-protection
1; mode=block
x-llid
7b592a4e767ac5f0ee59ff0868262d40
expires
Sun, 21 Jul 2024 12:51:26 GMT
bt-footer-bg.jpg
img01.bt.co.uk/s/assets/020822/images/
1 KB
2 KB
Image
General
Full URL
https://img01.bt.co.uk/s/assets/020822/images/bt-footer-bg.jpg
Requested by
Host: img01.bt.co.uk
URL: https://img01.bt.co.uk/s/assets/020822/css/common-reset.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
cbf86fc1cedf23b294f4610fe0140df33f350071028953d6cc1c2c4249851038
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://img01.bt.co.uk/s/assets/020822/css/common-reset.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Sat, 20 Jul 2024 12:51:25 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
content-type
image/jpeg
x-btsite
1
cache-control
max-age=86400
accept-ranges
bytes
content-length
1251
x-xss-protection
1; mode=block
x-llid
c09193ed4cdc8fd4d58e8b46eb9d61a9
expires
Sun, 21 Jul 2024 12:51:25 GMT
truncated
/
42 KB
42 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
91d32af051d9ace7282b43d300b85debad94fa8659ee69f3e7616e4e1a7605e2

Request headers

Referer
Origin
https://onlinefactor.pages.dev
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
font/truetype;charset=utf-8
bttv_rg-webfont.woff
img01.bt.co.uk/s/assets/020822/aauth/css/fonts/
26 KB
26 KB
Font
General
Full URL
https://img01.bt.co.uk/s/assets/020822/aauth/css/fonts/bttv_rg-webfont.woff
Requested by
Host: img01.bt.co.uk
URL: https://img01.bt.co.uk/s/assets/020822/aauth/css/index.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
1313323817898228d6399b6de26686f15af3bfc9ebda293cc7656e27611673f9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://img01.bt.co.uk/s/assets/020822/aauth/css/index.css
Origin
https://onlinefactor.pages.dev
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Sat, 20 Jul 2024 12:51:26 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
x-frame-options
SAMEORIGIN
content-type
application/x-font-woff
access-control-allow-origin
*
x-btsite
1
cache-control
max-age=86400
accept-ranges
bytes
content-length
26600
x-xss-protection
1; mode=block
x-llid
ff6ec7c7386372639f0d362e8ccd6380
expires
Sun, 21 Jul 2024 12:51:26 GMT
favicon.ico
img01.bt.co.uk/s/assets/020822/images/logo/
877 B
1 KB
Other
General
Full URL
https://img01.bt.co.uk/s/assets/020822/images/logo/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.79.242.181 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-178-79-242-181.fra.llnw.net
Software
/
Resource Hash
fd98910da13b877b92584901ae97b8aa508c1d55bd132cbdde01f45bdeb1008c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://onlinefactor.pages.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ua-compatible
IE=Edge
content-security-policy
frame-ancestors 'self'
date
Sat, 20 Jul 2024 12:51:26 GMT
last-modified
Wed, 07 Feb 2024 18:38:15 GMT
age
37014
x-frame-options
SAMEORIGIN
content-type
image/x-icon
x-btsite
1
cache-control
max-age=86400
accept-ranges
bytes
content-length
877
x-xss-protection
1; mode=block
x-llid
3845341e5a56565dda084d2178dea4cc
expires
Sun, 21 Jul 2024 02:34:32 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.bt.com
URL
https://www.bt.com/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BT (Telecommunication)

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| analyticsPageName object| tar string| formTarget object| digitalData object| _exhaust_init_queue function| emitToExhaust function| mobileSearchBTS string| loginpagetype function| reportErrors function| expireCookie function| getUserStatus function| logDetails string| customView object| settings object| Encoder string| pageType string| bghexcolor string| ua function| getAndriodBanner string| userAgent object| DanteGF object| FooterEncoder object| footerconfig function| displayerrors function| setUsernameFromCookie function| checkPwdEnc function| hexEncode function| validateEmailDomain function| validEmail function| setRememberMeCookiees

0 Cookies

6 Console Messages

Source Level URL
Text
javascript warning URL: https://onlinefactor.pages.dev/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://img01.bt.co.uk/s/assets/020822/js/login-datalayer.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://onlinefactor.pages.dev/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://img01.bt.co.uk/s/assets/020822/js/login-datalayer.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://onlinefactor.pages.dev/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://img01.bt.co.uk/s/assets/020822/js/jquery.cookie.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://onlinefactor.pages.dev/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://img01.bt.co.uk/s/assets/020822/js/dantegf.api-1.0.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://onlinefactor.pages.dev/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://img01.bt.co.uk/s/assets/020822/js/login.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://onlinefactor.pages.dev/
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://img01.bt.co.uk/s/assets/020822/js/core.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff