urlscan.io logo urlscan.io
SecurityTrails logo

forms.hsbc.com.sg Open in urlscan Pro
99.84.156.87  Public Scan

Go To Rescan Add Verdict Report
URL: https://forms.hsbc.com.sg/
Submission Tags: @phishunt_io
Submission: On September 09 via api from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 99.84.156.87, located in Seattle, United States and belongs to AMAZON-02, US. The main domain is forms.hsbc.com.sg.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on October 17th 2019. Valid for: a year.
This is the only time forms.hsbc.com.sg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 99.84.156.87 16509 (AMAZON-02)
9 1
Apex Domain
Subdomains		 Transfer
9 hsbc.com.sg
forms.hsbc.com.sg
58 KB
9 1
Domain Requested by
9 forms.hsbc.com.sg forms.hsbc.com.sg
9 1

This site contains no links.

Subject Issuer Validity Valid
forms.hsbc.com.sg
DigiCert SHA2 Extended Validation Server CA		 2019-10-17 -
2020-10-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://forms.hsbc.com.sg/
Frame ID: 4B72C651842DC29E3B0E87B045F40049
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<div class="[^"]*parbase/i
  • script /\/etc.clientlibs\//i
Overall confidence: 100%
Detected patterns
  • html /<div class="[^"]*parbase/i
  • script /\/etc.clientlibs\//i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+foundation[^>"]+css/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

58 kB
Transfer

162 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
forms.hsbc.com.sg/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://forms.hsbc.com.sg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.156.87 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-156-87.txl52.r.cloudfront.net
Software
Apache /
Resource Hash
5fca85ab6709707689ed77dbb498854fbc3ebedc76cb1922fdcb6774c2f9daf0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
forms.hsbc.com.sg
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
content-type
text/html; charset=utf-8
content-length
990
date
Wed, 09 Sep 2020 03:13:44 GMT
server
Apache
strict-transport-security
max-age=31536000;includeSubdomains
last-modified
Tue, 08 Sep 2020 22:53:27 GMT
accept-ranges
bytes
content-encoding
gzip
s
dispatcher3euwest2
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
cache-control
no-cache, no-store, must-revalidate
vary
Accept-Language,Accept-Encoding
x-cache
Miss from cloudfront
via
1.1 81db6db0bc548ca5046f3395364a3667.cloudfront.net (CloudFront)
x-amz-cf-pop
TXL52-C1
x-amz-cf-id
iVv46MzV97lVsVYQ8qWOuZv0X7SYHSclBUbv61t5l7gbtHw7YVa6Pw==
main.min.b4994788cf1eaeed300a0aa7af53f3c8.css
forms.hsbc.com.sg/etc.clientlibs/foundation/clientlibs/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://forms.hsbc.com.sg/etc.clientlibs/foundation/clientlibs/main.min.b4994788cf1eaeed300a0aa7af53f3c8.css
Requested by
Host: forms.hsbc.com.sg
URL: https://forms.hsbc.com.sg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.156.87 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-156-87.txl52.r.cloudfront.net
Software
Apache /
Resource Hash
5de7ed40dec4289e49836c4def825318df1956de0d0befe695e77f50fc638292
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://forms.hsbc.com.sg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 03:13:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL52-C1
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=31536000;includeSubdomains
content-length
1848
x-xss-protection
1; mode=block
last-modified
Tue, 08 Sep 2020 23:44:31 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
via
1.1 81db6db0bc548ca5046f3395364a3667.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=31536000
accept-ranges
bytes
s
dispatcher2euwest2
x-amz-cf-id
CcZkaBGgJJB9SWCzBD0ZW5wIDKrNV0AOy-C3AQb3rhnwkDReL-5pVA==
jquery.min.1494c0abbe501301e2ab9daecc6082a8.js
forms.hsbc.com.sg/etc.clientlibs/clientlibs/granite/ 		98 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hsbc.com.sg/etc.clientlibs/clientlibs/granite/jquery.min.1494c0abbe501301e2ab9daecc6082a8.js
Requested by
Host: forms.hsbc.com.sg
URL: https://forms.hsbc.com.sg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.156.87 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-156-87.txl52.r.cloudfront.net
Software
Apache /
Resource Hash
1d5dcc1f5ef70e9ab2b6190c1bc183d8c7b7bb7e37f99a2a426174c5c4f2b7c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://forms.hsbc.com.sg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 03:13:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL52-C1
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=31536000;includeSubdomains
content-length
35339
x-xss-protection
1; mode=block
last-modified
Wed, 09 Sep 2020 00:00:04 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
via
1.1 81db6db0bc548ca5046f3395364a3667.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=31536000
accept-ranges
bytes
s
dispatcher3euwest2
x-amz-cf-id
hAV_kBEeuGIIhNNVxXimTVCqXcSIKqjb7cJ43-Qz7rypaAsnKh454A==
utils.min.4a192b590a2c2926fb000264370c0588.js
forms.hsbc.com.sg/etc.clientlibs/clientlibs/granite/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hsbc.com.sg/etc.clientlibs/clientlibs/granite/utils.min.4a192b590a2c2926fb000264370c0588.js
Requested by
Host: forms.hsbc.com.sg
URL: https://forms.hsbc.com.sg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.156.87 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-156-87.txl52.r.cloudfront.net
Software
Apache /
Resource Hash
06bff916cefa0e2d5595ee421e0e8652f349e85c0a14a6e6921f4368200a9629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://forms.hsbc.com.sg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 03:13:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL52-C1
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=31536000;includeSubdomains
content-length
3359
x-xss-protection
1; mode=block
last-modified
Wed, 09 Sep 2020 00:00:04 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
via
1.1 81db6db0bc548ca5046f3395364a3667.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=31536000
accept-ranges
bytes
s
dispatcher3euwest2
x-amz-cf-id
vjmcyWTmd8R_7ecBDQg-IUSZI0D23iczoyFVL2h-A7oP_LwRUR9I8Q==
granite.min.543d214c88dfa6f4a3233b630c82d875.js
forms.hsbc.com.sg/etc.clientlibs/clientlibs/granite/jquery/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hsbc.com.sg/etc.clientlibs/clientlibs/granite/jquery/granite.min.543d214c88dfa6f4a3233b630c82d875.js
Requested by
Host: forms.hsbc.com.sg
URL: https://forms.hsbc.com.sg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.156.87 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-156-87.txl52.r.cloudfront.net
Software
Apache /
Resource Hash
4125f7fb5ef940e03901ec9b35eb9a9345427aaf6348976e7b9521b6322919f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://forms.hsbc.com.sg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 03:13:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL52-C1
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=31536000;includeSubdomains
content-length
1626
x-xss-protection
1; mode=block
last-modified
Tue, 08 Sep 2020 23:44:31 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
via
1.1 81db6db0bc548ca5046f3395364a3667.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=31536000
accept-ranges
bytes
s
dispatcher2euwest2
x-amz-cf-id
SRFYfHEiYp_ISBGl1UgV-V6-RxhQ7IyDE4o7SD4DcSVtonhE4LjaQg==
jquery.min.dd9b395c741ce2784096e26619e14910.js
forms.hsbc.com.sg/etc.clientlibs/foundation/clientlibs/ 		16 B
457 B 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hsbc.com.sg/etc.clientlibs/foundation/clientlibs/jquery.min.dd9b395c741ce2784096e26619e14910.js
Requested by
Host: forms.hsbc.com.sg
URL: https://forms.hsbc.com.sg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.156.87 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-156-87.txl52.r.cloudfront.net
Software
Apache /
Resource Hash
c084b47104c493fb377b6d35d8c08df67d773f6dcf8294c0a7360710cd8cacbd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://forms.hsbc.com.sg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 03:13:44 GMT
via
1.1 81db6db0bc548ca5046f3395364a3667.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
TXL52-C1
x-cache
Miss from cloudfront
status
200
content-length
16
x-xss-protection
1; mode=block
last-modified
Wed, 09 Sep 2020 00:00:04 GMT
server
Apache
strict-transport-security
max-age=31536000;includeSubdomains
content-type
application/javascript
cache-control
max-age=31536000, s-maxage=31536000
accept-ranges
bytes
s
dispatcher2euwest2
x-amz-cf-id
KIJBNbpb8B5ykpqGKc1Gg9j6hji8UdEJkcoNpVDoDPqyL6AgFdFM7Q==
shared.min.9f3716b2c473fd53ab31b1caa53131a8.js
forms.hsbc.com.sg/etc.clientlibs/foundation/clientlibs/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hsbc.com.sg/etc.clientlibs/foundation/clientlibs/shared.min.9f3716b2c473fd53ab31b1caa53131a8.js
Requested by
Host: forms.hsbc.com.sg
URL: https://forms.hsbc.com.sg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.156.87 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-156-87.txl52.r.cloudfront.net
Software
Apache /
Resource Hash
631aec724dec848a694973e4bed9697adb9cf16f7cb65b8d4039ca0755c48f3e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://forms.hsbc.com.sg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 03:13:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL52-C1
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=31536000;includeSubdomains
content-length
6180
x-xss-protection
1; mode=block
last-modified
Tue, 08 Sep 2020 23:44:31 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
via
1.1 81db6db0bc548ca5046f3395364a3667.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=31536000
accept-ranges
bytes
s
dispatcher3euwest2
x-amz-cf-id
dqlyXueI610ObCuAEyObwUkRTXeqEpg3foDMIzw0QaWDLNnpK8swbw==
main.min.a6faafbeed24f5d40aaf367c778753ab.js
forms.hsbc.com.sg/etc.clientlibs/foundation/clientlibs/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hsbc.com.sg/etc.clientlibs/foundation/clientlibs/main.min.a6faafbeed24f5d40aaf367c778753ab.js
Requested by
Host: forms.hsbc.com.sg
URL: https://forms.hsbc.com.sg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.156.87 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-156-87.txl52.r.cloudfront.net
Software
Apache /
Resource Hash
6168b6a855d7e1160dfe320457f3a95adaf92305b27952b6f8eb22d48751d1b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://forms.hsbc.com.sg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 03:13:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
TXL52-C1
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=31536000;includeSubdomains
content-length
6237
x-xss-protection
1; mode=block
last-modified
Tue, 08 Sep 2020 23:47:56 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
via
1.1 81db6db0bc548ca5046f3395364a3667.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=31536000
accept-ranges
bytes
s
dispatcher3euwest2
x-amz-cf-id
wze3ZoRzatsXm-BiEicGrS3XIcTEYqbonAPvEioZW2jeQQTN-6eTjA==
token.json
forms.hsbc.com.sg/libs/granite/csrf/ 		2 B
392 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hsbc.com.sg/libs/granite/csrf/token.json
Requested by
Host: forms.hsbc.com.sg
URL: https://forms.hsbc.com.sg/etc.clientlibs/clientlibs/granite/jquery/granite.min.543d214c88dfa6f4a3233b630c82d875.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.156.87 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-156-87.txl52.r.cloudfront.net
Software
Apache /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://forms.hsbc.com.sg/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 03:13:44 GMT
via
1.1 81db6db0bc548ca5046f3395364a3667.cloudfront.net (CloudFront)
x-content-type-options
nosniff
server
Apache
x-amz-cf-pop
TXL52-C1
strict-transport-security
max-age=31536000;includeSubdomains
x-cache
Miss from cloudfront
content-type
application/json;charset=iso-8859-1
status
200
cache-control
no-cache
s
dispatcher2euwest2
content-length
2
x-xss-protection
1; mode=block
x-amz-cf-id
koWw7fjP8Ow5HeJLYsclG-ZWtIUiBW6rZTMtelFbvmUi0hV6syI44Q==
expires
-1

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| hsbc function| $ function| jQuery object| matched object| browser object| Granite object| _g function| $CQ object| CQ undefined| G_XHR_HOOK undefined| G_RELOAD_HOOK undefined| G_IS_HOOKED undefined| G_CONTENT_PATH function| cq5forms_isArray function| cq5forms_isNodeList function| cq5forms_showMsg function| cq5forms_isEmpty function| cq5forms_regcheck function| cq5forms_multiResourceChange function| picturefill object| jQuery1124005100808001629398

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block