urlscan.io logo urlscan.io
SecurityTrails logo

tko.lp.security.online-banking.hsbc.com.cn Open in urlscan Pro
180.169.159.229  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tko.lp.security.online-banking.hsbc.com.cn/
Effective URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
Submission: On January 13 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 180.169.159.229, located in Shanghai, China and belongs to CHINANET-SH-AP China Telecom (Group), CN. The main domain is tko.lp.security.online-banking.hsbc.com.cn.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on July 30th 2020. Valid for: a year.
This is the only time tko.lp.security.online-banking.hsbc.com.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 15 180.169.159.229 4812 (CHINANET-...)
16 2
Apex Domain
Subdomains		 Transfer
15 hsbc.com.cn
tko.lp.security.online-banking.hsbc.com.cn
253 KB
16 1
Domain Requested by
15 tko.lp.security.online-banking.hsbc.com.cn 2 redirects tko.lp.security.online-banking.hsbc.com.cn
16 1

This site contains no links.

Subject Issuer Validity Valid
tko.lp.security.online-banking.hsbc.com.cn
DigiCert SHA2 Extended Validation Server CA		 2020-07-30 -
2021-09-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
Frame ID: 50C3B2352E59A4026CD7BC86F541624B
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://tko.lp.security.online-banking.hsbc.com.cn/ HTTP 301
    https://tko.lp.security.online-banking.hsbc.com.cn/gsa HTTP 302
    https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

16
Requests

81 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

251 kB
Transfer

880 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tko.lp.security.online-banking.hsbc.com.cn/ HTTP 301
    https://tko.lp.security.online-banking.hsbc.com.cn/gsa HTTP 302
    https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
Redirect Chain
  • https://tko.lp.security.online-banking.hsbc.com.cn/
  • https://tko.lp.security.online-banking.hsbc.com.cn/gsa
  • https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
12 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
62fd5267fe02b95bb0259da4e19bd8f2a3d063149ffa02d28b8bdc87c58e8a6f
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Host
tko.lp.security.online-banking.hsbc.com.cn
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
CAMToken=; ALLSSPLPTK=!17/HMe9WAtAm2YCga/BJFJ5nMTrkAtGME8lHsGI+0YiOT/e921FzqD3DPda9ZXTHZ/ER2ey1NBrkC/8=; ADRUM_BTa=R:0|g:acaa712a-bd20-498a-bf29-bec5999b7b2e|n:hostap_098c552b-7264-4d55-8e21-32d54b9dac18; JSESSIONID=0000OKuqXuBtaxjI0BrzWoNewH-:1cd25vins
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:10 GMT
Server
Apache
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
Access-Control-Allow-Credentials
true
Expires
Sat, 06 May 1995 12:00:00 GMT
Cache-Control
max-age=1,s-maxage=0, no-cache, no-store, must-revalidate, private post-check=0, pre-check=0
Pragma
no-cache
X-Frame-Options
sameorigin
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Vary
Accept-Encoding
Content-Encoding
gzip
S
tko_961_lp_saasip, LREV01RPCU-WS
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
text/html;charset=UTF-8
Content-Language
en-US
Set-Cookie
ADRUM_BTa=R:0|g:acaa712a-bd20-498a-bf29-bec5999b7b2e|n:hostap_098c552b-7264-4d55-8e21-32d54b9dac18; Expires=Thu, 01-Dec-94 16:00:00 GMT; Path=/; Secure ADRUM_BTa=R:0|g:8758d232-68ce-45e1-998b-5be7998b9f36; Expires=Wed, 13-Jan-21 09:51:39 GMT; Path=/; Secure ADRUM_BTa=R:0|g:8758d232-68ce-45e1-998b-5be7998b9f36|n:hostap_098c552b-7264-4d55-8e21-32d54b9dac18; Expires=Wed, 13-Jan-21 09:51:39 GMT; Path=/; Secure CAMToken=OhXyTddOmO9b354JziIIA/HWdZU=; HttpOnly; Path=/gsa; Secure ADRUM_BT1=R:0|i:206430; Expires=Wed, 13-Jan-21 09:51:39 GMT; Path=/; Secure ADRUM_BT1=R:0|i:206430|e:14; Expires=Wed, 13-Jan-21 09:51:39 GMT; Path=/; Secure
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Transfer-Encoding
chunked

Redirect headers

Date
Wed, 13 Jan 2021 09:51:10 GMT
Server
Apache
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
Access-Control-Allow-Credentials
true
Location
https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
Content-Length
0
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control
no-cache="set-cookie, set-cookie2"
S
tko_961_lp_saasip, LREV01RPCU-WS
X-Frame-Options
sameorigin
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Language
en-US
Set-Cookie
ADRUM_BTa=R:0|g:acaa712a-bd20-498a-bf29-bec5999b7b2e; Expires=Wed, 13-Jan-21 09:51:39 GMT; Path=/; Secure ADRUM_BTa=R:0|g:acaa712a-bd20-498a-bf29-bec5999b7b2e|n:hostap_098c552b-7264-4d55-8e21-32d54b9dac18; Expires=Wed, 13-Jan-21 09:51:39 GMT; Path=/; Secure JSESSIONID=00002lPVmuihSU0xx5ayt9ppifb:1cd25vins; Path=/; Secure; HttpOnly CAMToken=CTN8lC3MaHESy+3F8RxScWoRqxo=; HttpOnly; Path=/gsa; Secure ICIPDOMAINCOOKIE=; HttpOnly; Expires=Thu, 01-Dec-94 16:00:00 GMT; Path=/; Domain=hsbc.com.cn; Secure CAMToken=; HttpOnly; Path=/gsa; Secure JSESSIONID=0000OKuqXuBtaxjI0BrzWoNewH-:1cd25vins; Path=/; Secure; HttpOnly
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
top_section.js
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/theme_public/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/theme_public/js/top_section.js
Requested by
Host: tko.lp.security.online-banking.hsbc.com.cn
URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
186b7acb4a807db40b3000e00fe998edc61dbf6873dff71c6b9a854e039f9bb3
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options sameorigin

Request headers

Referer
https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:10 GMT
Content-Encoding
gzip
Access-Control-Allow-Methods
GET, POST, OPTIONS
Connection
Keep-Alive
Content-Length
1206
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
Last-Modified
Wed, 18 Nov 2020 01:22:58 GMT
Server
Apache
X-Frame-Options
sameorigin
ETag
"bc5-5b45773974080"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
max-age=604800
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
S
tko_961_lp_saasip, LREV01RPCU-WS
Keep-Alive
timeout=5, max=97
Expires
Wed, 20 Jan 2021 09:51:10 GMT
adrum.js
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/theme_public/js/ 		35 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/theme_public/js/adrum.js
Requested by
Host: tko.lp.security.online-banking.hsbc.com.cn
URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
77fe0fdc363f4e45946f17911eac651a64d1eb1d88f326ce80125bc837f58e93
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options sameorigin

Request headers

Referer
https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:11 GMT
Content-Encoding
gzip
Access-Control-Allow-Methods
GET, POST, OPTIONS
Connection
Keep-Alive
Content-Length
11566
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
Last-Modified
Mon, 07 Aug 2017 09:31:06 GMT
Server
Apache
X-Frame-Options
sameorigin
ETag
"8cb1-556268192edd0"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
max-age=604800
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
S
tko_961_lp_saasip, LREV01RPCU-WS
Keep-Alive
timeout=5, max=100
Expires
Wed, 20 Jan 2021 09:51:11 GMT
dojo.js
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/dtk/dojo/ 		587 KB
176 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/dtk/dojo/dojo.js
Requested by
Host: tko.lp.security.online-banking.hsbc.com.cn
URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
f86c098e09edcf67dd44f8f6c223faeb275864f21a86e82abd36204c7132f7d4
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options sameorigin

Request headers

Referer
https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:11 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, OPTIONS
Connection
Keep-Alive
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
Last-Modified
Wed, 18 Nov 2020 01:22:58 GMT
Server
Apache
X-Frame-Options
sameorigin
ETag
"92df9-5b45773974080"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
max-age=604800
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
S
tko_961_lp_saasip, LREV01RPCU-WS
Keep-Alive
timeout=5, max=100
Expires
Wed, 20 Jan 2021 09:51:11 GMT
HSBCGLBL.js
tko.lp.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/script/theme_public/js/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/script/theme_public/js/HSBCGLBL.js
Requested by
Host: tko.lp.security.online-banking.hsbc.com.cn
URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
25fb058df0799a3d943c74f54999c39ddc0e53f568d37d3bbf8b13b099869d4c
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options sameorigin

Request headers

Referer
https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:11 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, OPTIONS, GET
Connection
Keep-Alive
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone, x-requested-with
Last-Modified
Wed, 18 Nov 2020 01:22:58 GMT
Server
Apache
X-Frame-Options
sameorigin
Access-Control-Max-Age
3600
CONTENT_RESOURCE_PATH
gsp_lp/saas/Components/default/resources/script/theme_public/js/HSBCGLBL.js
Content-Language
en-US
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
Access-Control-Allow-Credentials
true
S
tko_961_lp_saasip, LREV01RPCU-WS
Content-Type
application/x-javascript
Keep-Alive
timeout=5, max=100
Expires
Wed, 20 Jan 2021 09:51:11 GMT
ursula.css
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ 		209 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ursula.css
Requested by
Host: tko.lp.security.online-banking.hsbc.com.cn
URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
9edc672e6aa741e8070c60a94f6439d19ffa38010231890abddafb6bb4fef3dd
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options sameorigin

Request headers

Referer
https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:11 GMT
Content-Encoding
gzip
Access-Control-Allow-Methods
GET, POST, OPTIONS
Connection
Keep-Alive
Content-Length
35327
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
Last-Modified
Wed, 18 Nov 2020 01:23:02 GMT
Server
Apache
X-Frame-Options
sameorigin
ETag
"342ac-5b45773d44980"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
text/css
Cache-Control
max-age=604800
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
S
tko_961_lp_saasip, LREV01RPCU-WS
Keep-Alive
timeout=5, max=96
Expires
Wed, 20 Jan 2021 09:51:11 GMT
hsbc-logo_SC.gif
tko.lp.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/doc/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/doc/hsbc-logo_SC.gif
Requested by
Host: tko.lp.security.online-banking.hsbc.com.cn
URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
841097054b7f048753e299d12e8193b423e1838241203459552f1f0b1e334a34
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options sameorigin

Request headers

Referer
https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:12 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Methods
GET, POST, OPTIONS, GET
Connection
Keep-Alive
Content-Length
3031
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone, x-requested-with
Last-Modified
Mon, 05 Dec 2016 07:48:42 GMT
Server
Apache
X-Frame-Options
sameorigin
Access-Control-Max-Age
3600
CONTENT_RESOURCE_PATH
gsp_lp/saas/Components/default/doc/hsbc-logo_SC.gif
Content-Language
en-US
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000
Access-Control-Allow-Credentials
true
S
tko_961_lp_saasip, LREV01RPCU-WS
Content-Type
image/gif
Keep-Alive
timeout=5, max=98
Expires
Fri, 12 Feb 2021 09:51:12 GMT
bottom_section.js
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/theme_public/js/ 		31 B
773 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/theme_public/js/bottom_section.js
Requested by
Host: tko.lp.security.online-banking.hsbc.com.cn
URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
e7f03fd80d07ec749dfdd522a6f0c666301dbffd25783947f5f28ea1804b0d58
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options sameorigin

Request headers

Referer
https://tko.lp.security.online-banking.hsbc.com.cn/gsa/IDV_GLOBAL_SESSION_INVALID_ERROR/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:11 GMT
Connection
Keep-Alive
Content-Length
31
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
Last-Modified
Wed, 18 Nov 2020 01:22:58 GMT
Server
Apache
X-Frame-Options
sameorigin
ETag
"1f-5b45773974080"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/x-javascript
Cache-Control
max-age=604800
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
S
tko_961_lp_saasip, LREV01RPCU-WS
Keep-Alive
timeout=5, max=99
Expires
Wed, 20 Jan 2021 09:51:11 GMT
top.gif
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/background/ 		54 B
782 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/background/top.gif
Requested by
Host: tko.lp.security.online-banking.hsbc.com.cn
URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ursula.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
bf266f02007642c1b71807c6b399ee1268d8a5a36b8d03162bce1fa222942c98
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options sameorigin

Request headers

Referer
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ursula.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:12 GMT
Connection
Keep-Alive
Content-Length
54
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
Last-Modified
Wed, 18 Nov 2020 01:23:10 GMT
Server
Apache
X-Frame-Options
sameorigin
ETag
"36-5b457744e5b80"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Cache-Control
max-age=2592000
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
S
tko_961_lp_saasip, LREV01RPCU-WS
Keep-Alive
timeout=5, max=99
Expires
Fri, 12 Feb 2021 09:51:12 GMT
bg_gradient_red.gif
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/masthead/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/masthead/bg_gradient_red.gif
Requested by
Host: tko.lp.security.online-banking.hsbc.com.cn
URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ursula.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
9bcbc0ff19ab678085c819498dbb667ad36a1862b0fa3dd8ae8c19e93f0f5ff7
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options sameorigin

Request headers

Referer
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ursula.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:12 GMT
Connection
Keep-Alive
Content-Length
1269
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
Last-Modified
Wed, 18 Nov 2020 01:23:10 GMT
Server
Apache
X-Frame-Options
sameorigin
ETag
"4f5-5b457744e5b80"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Cache-Control
max-age=2592000
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
S
tko_961_lp_saasip, LREV01RPCU-WS
Keep-Alive
timeout=5, max=95
Expires
Fri, 12 Feb 2021 09:51:12 GMT
page-heading-gradient.png
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/background/ 		942 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/background/page-heading-gradient.png
Requested by
Host: tko.lp.security.online-banking.hsbc.com.cn
URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ursula.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
b5a3dd3f96d3e983873762c6b69b7946be6b1627dff5eca7716ad8396bbab132
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options sameorigin

Request headers

Referer
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ursula.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:12 GMT
Connection
Keep-Alive
Content-Length
942
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
Last-Modified
Wed, 18 Nov 2020 01:23:10 GMT
Server
Apache
X-Frame-Options
sameorigin
ETag
"3ae-5b457744e5b80"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/png
Cache-Control
max-age=2592000
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
S
tko_961_lp_saasip, LREV01RPCU-WS
Keep-Alive
timeout=5, max=99
Expires
Fri, 12 Feb 2021 09:51:12 GMT
icon-informative-xlarge.gif
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/AlertBox/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/AlertBox/icon-informative-xlarge.gif
Requested by
Host: tko.lp.security.online-banking.hsbc.com.cn
URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ursula.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
89dd2a6532086263a6a1779df469fdb83d16e7b16061095ebc801b19ceb195e7
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options sameorigin

Request headers

Referer
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ursula.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:12 GMT
Connection
Keep-Alive
Content-Length
5100
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
Last-Modified
Wed, 18 Nov 2020 01:23:10 GMT
Server
Apache
X-Frame-Options
sameorigin
ETag
"13ec-5b457744e5b80"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Cache-Control
max-age=2592000
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
S
tko_961_lp_saasip, LREV01RPCU-WS
Keep-Alive
timeout=5, max=100
Expires
Fri, 12 Feb 2021 09:51:12 GMT
darkgrey-left.gif
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/button/backgrounds/ 		0
0
darkgrey.gif
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/button/backgrounds/ 		0
0
UniversNextforHSBCW02-Bd.woff
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/fonts/ 		16 KB
0 		Font
General
Check archive.org
Download Go to
Full URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/fonts/UniversNextforHSBCW02-Bd.woff
Requested by
Host: tko.lp.security.online-banking.hsbc.com.cn
URL: https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ursula.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
180.169.159.229 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom (Group), CN),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options sameorigin

Request headers

Origin
https://tko.lp.security.online-banking.hsbc.com.cn
Referer
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ursula.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 13 Jan 2021 09:51:12 GMT
Connection
Keep-Alive
Content-Length
27228
Access-Control-Allow-Headers
accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
Last-Modified
Wed, 18 Nov 2020 01:23:06 GMT
Server
Apache
X-Frame-Options
sameorigin
ETag
"6a5c-5b45774115280"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://tko.lp.security.online-banking.hsbc.com.cn
Cache-Control
max-age=43200
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
S
tko_961_lp_saasip, LREV01RPCU-WS
Keep-Alive
timeout=5, max=97
Expires
Wed, 13 Jan 2021 21:51:12 GMT
UniversNextforHSBCW02-Rg.woff
tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/fonts/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
tko.lp.security.online-banking.hsbc.com.cn
URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/button/backgrounds/darkgrey-left.gif
Domain
tko.lp.security.online-banking.hsbc.com.cn
URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/button/backgrounds/darkgrey.gif
Domain
tko.lp.security.online-banking.hsbc.com.cn
URL
https://tko.lp.security.online-banking.hsbc.com.cn/gsp_lp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/fonts/UniversNextforHSBCW02-Rg.woff

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block