urlscan.io logo urlscan.io
SecurityTrails logo

elijahpies.com.sg Open in urlscan Pro
103.36.92.87  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Submission: On March 12 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 33 HTTP transactions. The main IP is 103.36.92.87, located in Singapore and belongs to USONYX-AS-AP USONYX PTE LTD, SG. The main domain is elijahpies.com.sg.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 12th 2018. Valid for: 3 months.
This is the only time elijahpies.com.sg was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NatWest (Banking)

Domain & IP information

IP Address AS Autonomous System
9 103.36.92.87 38532 (USONYX-AS...)
19 38 155.136.22.4 21054 (RBSG-UK-A...)
33 3
Apex Domain
Subdomains		 Transfer
38 nwolb.com
www.nwolb.com
online.nwolb.com Failed
chat.nwolb.com Failed
199 KB
9 elijahpies.com.sg
elijahpies.com.sg
101 KB
33 2
Domain Requested by
38 www.nwolb.com 19 redirects elijahpies.com.sg
9 elijahpies.com.sg elijahpies.com.sg
0 chat.nwolb.com Failed www.nwolb.com
0 online.nwolb.com Failed elijahpies.com.sg
33 4

This site contains no links.

Subject Issuer Validity Valid
elijahpies.com.sg
cPanel, Inc. Certification Authority		 2018-01-12 -
2018-04-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Frame ID: 70D44A0AAC99B979874B96550D302A9
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

33
Requests

27 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

3
IPs

2
Countries

293 kB
Transfer

283 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www.nwolb.com/Brands/master.css HTTP 307
  • https://www.nwolb.com/Brands/master.css
Request Chain 1
  • https://www.nwolb.com/Brands/jq_styles/datePicker.css HTTP 307
  • https://www.nwolb.com/Brands/jq_styles/datePicker.css
Request Chain 3
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/overlayPromptMaster.css HTTP 307
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/overlayPromptMaster.css
Request Chain 4
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css HTTP 307
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css
Request Chain 7
  • https://www.nwolb.com/brands/NWB/javascript/uf.js HTTP 307
  • https://www.nwolb.com/brands/NWB/javascript/uf.js
Request Chain 9
  • https://www.nwolb.com/brands/NWB/javascript/cco.js HTTP 307
  • https://www.nwolb.com/brands/NWB/javascript/cco.js
Request Chain 12
  • https://www.nwolb.com/brands/NWB/javascript/pa.js HTTP 307
  • https://www.nwolb.com/brands/NWB/javascript/pa.js
Request Chain 13
  • https://www.nwolb.com/brands/NWB/images/logo.png HTTP 307
  • https://www.nwolb.com/brands/NWB/images/logo.png
Request Chain 14
  • https://www.nwolb.com/Brands/RSA_js/json2.js HTTP 307
  • https://www.nwolb.com/Brands/RSA_js/json2.js
Request Chain 15
  • https://www.nwolb.com/Brands/NWB/css/NPC_auralstyle.css HTTP 307
  • https://www.nwolb.com/Brands/NWB/css/NPC_auralstyle.css
Request Chain 16
  • https://www.nwolb.com/Brands/master_print.css HTTP 307
  • https://www.nwolb.com/Brands/master_print.css
Request Chain 17
  • https://www.nwolb.com/Brands/RSA_js/fp_AA.js HTTP 307
  • https://www.nwolb.com/Brands/RSA_js/fp_AA.js
Request Chain 18
  • https://www.nwolb.com/Brands/RSA_js/AC_OETags.js HTTP 307
  • https://www.nwolb.com/Brands/RSA_js/AC_OETags.js
Request Chain 19
  • https://www.nwolb.com/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx HTTP 307
  • https://www.nwolb.com/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx
Request Chain 20
  • https://www.nwolb.com/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx HTTP 307
  • https://www.nwolb.com/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx
Request Chain 21
  • https://www.nwolb.com/Brands/NWB/images/error.gif HTTP 307
  • https://www.nwolb.com/Brands/NWB/images/error.gif
Request Chain 27
  • https://www.nwolb.com/Brands/NWB/images/backgrounds/footerBackground.png HTTP 307
  • https://www.nwolb.com/Brands/NWB/images/backgrounds/footerBackground.png
Request Chain 28
  • https://www.nwolb.com/Brands/NWB/images/down_chevron_purple_transparent.gif HTTP 307
  • https://www.nwolb.com/Brands/NWB/images/down_chevron_purple_transparent.gif
Request Chain 29
  • https://www.nwolb.com/Brands/NWB/images/white-lock.png HTTP 307
  • https://www.nwolb.com/Brands/NWB/images/white-lock.png

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request l0g11n4.php
elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/ 		19 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.36.92.87 , Singapore, ASN38532 (USONYX-AS-AP USONYX PTE LTD, SG),
Reverse DNS
server1.advantechnologies.com
Software
Apache /
Resource Hash
edb61d454078c7b1e6f1de1662543604209ec954e6f905a7efed79e6d164f8f2

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
elijahpies.com.sg
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:38 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
master.css
www.nwolb.com/Brands/
Redirect Chain
  • https://www.nwolb.com/Brands/master.css
  • https://www.nwolb.com/Brands/master.css
102 KB
103 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/master.css
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
5357ac3873af43531364458f5575aecb7e39f20d65c538b0313f5f7ca01b44ca
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:40 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:13:52 GMT
ETag
"038521d3891d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
104828
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/master.css
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
datePicker.css
www.nwolb.com/Brands/jq_styles/
Redirect Chain
  • https://www.nwolb.com/Brands/jq_styles/datePicker.css
  • https://www.nwolb.com/Brands/jq_styles/datePicker.css
2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/jq_styles/datePicker.css
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
14714f651128eff786763144294b0e7c67529d317ac5371632bbf8fb659866ff
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:40 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:13:24 GMT
ETag
"0c2a1c3891d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
2384
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/jq_styles/datePicker.css
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
npc_new.css
elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/ 		36 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/npc_new.css
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.36.92.87 , Singapore, ASN38532 (USONYX-AS-AP USONYX PTE LTD, SG),
Reverse DNS
server1.advantechnologies.com
Software
Apache /
Resource Hash
ba004e1f088f44a5cc457c94b2dd11d9057a963c5433793ee0d52ca8ae52fbed

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
elijahpies.com.sg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Connection
keep-alive
Cache-Control
no-cache
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:38 GMT
Last-Modified
Thu, 19 Nov 2015 10:36:28 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
37189
overlayPromptMaster.css
www.nwolb.com/promptResources/templates/overlayTemplate/
Redirect Chain
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/overlayPromptMaster.css
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/overlayPromptMaster.css
2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/promptResources/templates/overlayTemplate/overlayPromptMaster.css
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
643d4d52a1a24515822f6a30683f901bb5dd16c251d88caece27ab2713457272
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:40 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:14:06 GMT
ETag
"073aa253891d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
1538
X-XSS-Protection
1; mode=block

Redirect headers

Location
/promptResources/templates/overlayTemplate/overlayPromptMaster.css
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
overlayPrompt.css
www.nwolb.com/promptResources/templates/overlayTemplate/NPC/
Redirect Chain
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css
76 B
791 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:39 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:14:06 GMT
ETag
"073aa253891d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
76
X-XSS-Protection
1; mode=block

Redirect headers

Location
/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
autoTab.js
elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/Brands/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/Brands/autoTab.js
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.36.92.87 , Singapore, ASN38532 (USONYX-AS-AP USONYX PTE LTD, SG),
Reverse DNS
server1.advantechnologies.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
elijahpies.com.sg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
*/*
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Connection
keep-alive
Cache-Control
no-cache
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:38 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Link
<https://elijahpies.com.sg/wp-json/>; rel="https://api.w.org/"
Keep-Alive
timeout=5, max=100
Expires
Wed, 11 Jan 1984 05:00:00 GMT
common.aspx
elijahpies.com.sg/Brands/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://elijahpies.com.sg/Brands/common.aspx
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.36.92.87 , Singapore, ASN38532 (USONYX-AS-AP USONYX PTE LTD, SG),
Reverse DNS
server1.advantechnologies.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
elijahpies.com.sg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
*/*
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Connection
keep-alive
Cache-Control
no-cache
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:38 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Link
<https://elijahpies.com.sg/wp-json/>; rel="https://api.w.org/"
Keep-Alive
timeout=5, max=100
Expires
Wed, 11 Jan 1984 05:00:00 GMT
uf.js
www.nwolb.com/brands/NWB/javascript/
Redirect Chain
  • https://www.nwolb.com/brands/NWB/javascript/uf.js
  • https://www.nwolb.com/brands/NWB/javascript/uf.js
300 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/brands/NWB/javascript/uf.js
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
a38958b32ba95fee237f93b7ee6b7d79a3f44991b91140bb26c00b50986449fc
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:40 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:12:56 GMT
ETag
"04cf1fb3791d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
300
X-XSS-Protection
1; mode=block

Redirect headers

Location
/brands/NWB/javascript/uf.js
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
align.js
online.nwolb.com/92121272/ 		0
0
cco.js
www.nwolb.com/brands/NWB/javascript/
Redirect Chain
  • https://www.nwolb.com/brands/NWB/javascript/cco.js
  • https://www.nwolb.com/brands/NWB/javascript/cco.js
297 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/brands/NWB/javascript/cco.js
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
b2b4b6846b6b9a6a452e4cefd94ccc4c1ea10a7321e293a18d0189f11ffd2a73
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:40 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:12:56 GMT
ETag
"04cf1fb3791d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
297
X-XSS-Protection
1; mode=block

Redirect headers

Location
/brands/NWB/javascript/cco.js
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
cc.js
online.nwolb.com/92121272/ 		0
0
mm.aspx
elijahpies.com.sg/Brands/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://elijahpies.com.sg/Brands/mm.aspx
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.36.92.87 , Singapore, ASN38532 (USONYX-AS-AP USONYX PTE LTD, SG),
Reverse DNS
server1.advantechnologies.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
elijahpies.com.sg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
*/*
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Connection
keep-alive
Cache-Control
no-cache
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:38 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Link
<https://elijahpies.com.sg/wp-json/>; rel="https://api.w.org/"
Keep-Alive
timeout=5, max=100
Expires
Wed, 11 Jan 1984 05:00:00 GMT
pa.js
www.nwolb.com/brands/NWB/javascript/
Redirect Chain
  • https://www.nwolb.com/brands/NWB/javascript/pa.js
  • https://www.nwolb.com/brands/NWB/javascript/pa.js
333 B
868 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/brands/NWB/javascript/pa.js
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
c9e4522e86885da59438d09c797f1c443d96254544e1e17d01f4af1757bbf1d7
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:40 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:12:56 GMT
ETag
"04cf1fb3791d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
333
X-XSS-Protection
1; mode=block

Redirect headers

Location
/brands/NWB/javascript/pa.js
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
logo.png
www.nwolb.com/brands/NWB/images/
Redirect Chain
  • https://www.nwolb.com/brands/NWB/images/logo.png
  • https://www.nwolb.com/brands/NWB/images/logo.png
3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nwolb.com/brands/NWB/images/logo.png
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
917942589e5b140755ee83bb4720ca9c1bbf7705f44f51a78ba1ffa635420c50
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:12:54 GMT
ETag
"01fc0fa3791d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
3053
X-XSS-Protection
1; mode=block

Redirect headers

Location
/brands/NWB/images/logo.png
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
json2.js
www.nwolb.com/Brands/RSA_js/
Redirect Chain
  • https://www.nwolb.com/Brands/RSA_js/json2.js
  • https://www.nwolb.com/Brands/RSA_js/json2.js
18 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/RSA_js/json2.js
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
e50cc902a05bb6110e91fe68ca2ddc4514ff5f750eb5bc7a5bed41ab03ef805c
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:12:14 GMT
ETag
"09be8e23791d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
18014
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/RSA_js/json2.js
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
NPC_auralstyle.css
www.nwolb.com/Brands/NWB/css/
Redirect Chain
  • https://www.nwolb.com/Brands/NWB/css/NPC_auralstyle.css
  • https://www.nwolb.com/Brands/NWB/css/NPC_auralstyle.css
515 B
897 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/NWB/css/NPC_auralstyle.css
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
04c45c81e1298e703f3bde9cec27446450294330ae06bd24c9f9343b264462e9
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:12:56 GMT
ETag
"04cf1fb3791d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
515
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/NWB/css/NPC_auralstyle.css
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
master_print.css
www.nwolb.com/Brands/
Redirect Chain
  • https://www.nwolb.com/Brands/master_print.css
  • https://www.nwolb.com/Brands/master_print.css
3 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/master_print.css
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
33986a6efe37bac6e66abe4a7cb5c75c732459013681a9bd4d81a9f2397fe85f
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:13:52 GMT
ETag
"038521d3891d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
3456
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/master_print.css
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
fp_AA.js
www.nwolb.com/Brands/RSA_js/
Redirect Chain
  • https://www.nwolb.com/Brands/RSA_js/fp_AA.js
  • https://www.nwolb.com/Brands/RSA_js/fp_AA.js
36 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/RSA_js/fp_AA.js
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
97426436d894e8f402ad4d5fc6c3653edec6dc5bcf752a5e24af0b5e47d037e0
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:12:14 GMT
ETag
"09be8e23791d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
36568
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/RSA_js/fp_AA.js
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
AC_OETags.js
www.nwolb.com/Brands/RSA_js/
Redirect Chain
  • https://www.nwolb.com/Brands/RSA_js/AC_OETags.js
  • https://www.nwolb.com/Brands/RSA_js/AC_OETags.js
8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/RSA_js/AC_OETags.js
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
63b78589ca0305eca8f18cdf0e73f17cebfc346b2f0d7cd6824e90cee70a66d9
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:12:14 GMT
ETag
"09be8e23791d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
7812
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/RSA_js/AC_OETags.js
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
rsaHiddenInputFieldsjs.aspx
www.nwolb.com/Brands/RSA_js/
Redirect Chain
  • https://www.nwolb.com/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx
  • https://www.nwolb.com/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx
1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
0b3814286eb706aea1103ccddf0abcaf0e2c9ccd1e2ed228d7ce0a951a230bba
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:42 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript; charset=utf-8
Cache-Control
private
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Length
1223
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
rsaDetectAndRunFlashObjectjs.aspx
www.nwolb.com/Brands/RSA_js/
Redirect Chain
  • https://www.nwolb.com/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx
  • https://www.nwolb.com/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx
979 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
16878183d3c4205deaefa1341df748978683e066350f5c6466285c2a9e90aa43
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:42 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript; charset=utf-8
Cache-Control
private
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Length
979
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
error.gif
www.nwolb.com/Brands/NWB/images/
Redirect Chain
  • https://www.nwolb.com/Brands/NWB/images/error.gif
  • https://www.nwolb.com/Brands/NWB/images/error.gif
111 B
494 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nwolb.com/Brands/NWB/images/error.gif
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
48827d7cb1ec7b7d7eacf3d9a8285aa25a006511a29da0223da8b919b903042b
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:12:50 GMT
ETag
"0c55df83791d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
111
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/NWB/images/error.gif
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
common.aspx
elijahpies.com.sg/Brands/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://elijahpies.com.sg/Brands/common.aspx
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.36.92.87 , Singapore, ASN38532 (USONYX-AS-AP USONYX PTE LTD, SG),
Reverse DNS
server1.advantechnologies.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
elijahpies.com.sg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
*/*
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Connection
keep-alive
Cache-Control
no-cache
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:40 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Link
<https://elijahpies.com.sg/wp-json/>; rel="https://api.w.org/"
Keep-Alive
timeout=5, max=98
Expires
Wed, 11 Jan 1984 05:00:00 GMT
align.js
online.nwolb.com/92121272/ 		0
0
cc.js
online.nwolb.com/92121272/ 		0
0
mm.aspx
elijahpies.com.sg/Brands/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://elijahpies.com.sg/Brands/mm.aspx
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.36.92.87 , Singapore, ASN38532 (USONYX-AS-AP USONYX PTE LTD, SG),
Reverse DNS
server1.advantechnologies.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
elijahpies.com.sg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
*/*
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Connection
keep-alive
Cache-Control
no-cache
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:41 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Link
<https://elijahpies.com.sg/wp-json/>; rel="https://api.w.org/"
Keep-Alive
timeout=5, max=100
Expires
Wed, 11 Jan 1984 05:00:00 GMT
bottom.js
chat.nwolb.com/nwbpwebassets/ 		0
0
footerBackground.png
www.nwolb.com/Brands/NWB/images/backgrounds/
Redirect Chain
  • https://www.nwolb.com/Brands/NWB/images/backgrounds/footerBackground.png
  • https://www.nwolb.com/Brands/NWB/images/backgrounds/footerBackground.png
4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nwolb.com/Brands/NWB/images/backgrounds/footerBackground.png
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
682df64974058b47f875e3e8c904ad1b28325a9b37e30b0735b7bd057b61be9a
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/npc_new.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:12:40 GMT
ETag
"0e467f23791d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
4167
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/NWB/images/backgrounds/footerBackground.png
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
down_chevron_purple_transparent.gif
www.nwolb.com/Brands/NWB/images/
Redirect Chain
  • https://www.nwolb.com/Brands/NWB/images/down_chevron_purple_transparent.gif
  • https://www.nwolb.com/Brands/NWB/images/down_chevron_purple_transparent.gif
843 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nwolb.com/Brands/NWB/images/down_chevron_purple_transparent.gif
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
58ac97186d61e424878863f9cb1258c1f04eb1016f6ab11359f97994b758955c
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/npc_new.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:12:52 GMT
ETag
"0f28ef93791d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
843
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/NWB/images/down_chevron_purple_transparent.gif
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
white-lock.png
www.nwolb.com/Brands/NWB/images/
Redirect Chain
  • https://www.nwolb.com/Brands/NWB/images/white-lock.png
  • https://www.nwolb.com/Brands/NWB/images/white-lock.png
285 B
839 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nwolb.com/Brands/NWB/images/white-lock.png
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/npc_new.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Mon, 12 Mar 2018 14:56:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 19 Jan 2018 15:12:52 GMT
ETag
"0f28ef93791d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
285
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/NWB/images/white-lock.png
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
RNHouseSansW01-Regular.woff
elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/fonts/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/fonts/RNHouseSansW01-Regular.woff
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.36.92.87 , Singapore, ASN38532 (USONYX-AS-AP USONYX PTE LTD, SG),
Reverse DNS
server1.advantechnologies.com
Software
Apache /
Resource Hash
faec2bd1524ea1127fb1a6fa6f9cc3af135442f296c125851d9d2398c7d1368a

Request headers

Pragma
no-cache
Origin
https://elijahpies.com.sg
Accept-Encoding
gzip, deflate
Host
elijahpies.com.sg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
*/*
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/npc_new.css
Connection
keep-alive
Cache-Control
no-cache
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/npc_new.css
Origin
https://elijahpies.com.sg

Response headers

Date
Mon, 12 Mar 2018 14:56:42 GMT
Last-Modified
Thu, 19 Nov 2015 10:27:24 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
22688
RNHouseSansW01-Bold.woff
elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/fonts/RNHouseSansW01-Bold.woff
Requested by
Host: elijahpies.com.sg
URL: https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.36.92.87 , Singapore, ASN38532 (USONYX-AS-AP USONYX PTE LTD, SG),
Reverse DNS
server1.advantechnologies.com
Software
Apache /
Resource Hash
dbc1cad17ed91a5684d115f609df37622969737bc3a0db64c7e8b8c20b994e30

Request headers

Pragma
no-cache
Origin
https://elijahpies.com.sg
Accept-Encoding
gzip, deflate
Host
elijahpies.com.sg
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept
*/*
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/npc_new.css
Connection
keep-alive
Cache-Control
no-cache
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer
https://elijahpies.com.sg/wp-admin/js/HMRC-Tax-Refund/ac/Natwest/1/npc_new.css
Origin
https://elijahpies.com.sg

Response headers

Date
Mon, 12 Mar 2018 14:56:42 GMT
Last-Modified
Thu, 19 Nov 2015 10:26:26 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
23120

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
online.nwolb.com
URL
https://online.nwolb.com/92121272/align.js
Domain
online.nwolb.com
URL
https://online.nwolb.com/92121272/cc.js
Domain
online.nwolb.com
URL
https://online.nwolb.com/92121272/align.js
Domain
online.nwolb.com
URL
https://online.nwolb.com/92121272/cc.js
Domain
chat.nwolb.com
URL
https://chat.nwolb.com/nwbpwebassets/bottom.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NatWest (Banking)

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| nww function| Hashtable function| startsWith function| DomDataCollection function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| Timer function| getRandomPort object| ProxyCollector function| BlackberryLocationCollector function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint string| HTML5 string| BLACKBERRY string| UNDEFINED string| GEO_LOCATION_DEFAULT_STRUCT object| geoLocator boolean| geoLocatorStatus function| detectDeviceCollectionAPIMode function| init function| startCollection function| stopCollection function| getGeolocationStruct function| HTML5LocationCollector object| UIEventCollector function| UIEvent function| InteractionElement function| UIElementList function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| convertTimestampToGMT function| getTimestampInMillis function| debug function| forceIE89Synchronicity boolean| isIE boolean| isWin boolean| isOpera function| ControlVersion function| GetSwfVer function| DetectFlashVer function| AC_AddExtension function| AC_Generateobj function| AC_FL_RunContent function| AC_GetArgs string| xForwardIpAddress

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

chat.nwolb.com
elijahpies.com.sg
online.nwolb.com
www.nwolb.com
chat.nwolb.com
online.nwolb.com
103.36.92.87
155.136.22.4
04c45c81e1298e703f3bde9cec27446450294330ae06bd24c9f9343b264462e9
0b3814286eb706aea1103ccddf0abcaf0e2c9ccd1e2ed228d7ce0a951a230bba
14714f651128eff786763144294b0e7c67529d317ac5371632bbf8fb659866ff
16878183d3c4205deaefa1341df748978683e066350f5c6466285c2a9e90aa43
33986a6efe37bac6e66abe4a7cb5c75c732459013681a9bd4d81a9f2397fe85f
48827d7cb1ec7b7d7eacf3d9a8285aa25a006511a29da0223da8b919b903042b
5357ac3873af43531364458f5575aecb7e39f20d65c538b0313f5f7ca01b44ca
58ac97186d61e424878863f9cb1258c1f04eb1016f6ab11359f97994b758955c
63b78589ca0305eca8f18cdf0e73f17cebfc346b2f0d7cd6824e90cee70a66d9
643d4d52a1a24515822f6a30683f901bb5dd16c251d88caece27ab2713457272
682df64974058b47f875e3e8c904ad1b28325a9b37e30b0735b7bd057b61be9a
917942589e5b140755ee83bb4720ca9c1bbf7705f44f51a78ba1ffa635420c50
97426436d894e8f402ad4d5fc6c3653edec6dc5bcf752a5e24af0b5e47d037e0
a38958b32ba95fee237f93b7ee6b7d79a3f44991b91140bb26c00b50986449fc
b2b4b6846b6b9a6a452e4cefd94ccc4c1ea10a7321e293a18d0189f11ffd2a73
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
ba004e1f088f44a5cc457c94b2dd11d9057a963c5433793ee0d52ca8ae52fbed
c9e4522e86885da59438d09c797f1c443d96254544e1e17d01f4af1757bbf1d7
dbc1cad17ed91a5684d115f609df37622969737bc3a0db64c7e8b8c20b994e30
e50cc902a05bb6110e91fe68ca2ddc4514ff5f750eb5bc7a5bed41ab03ef805c
edb61d454078c7b1e6f1de1662543604209ec954e6f905a7efed79e6d164f8f2
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee
faec2bd1524ea1127fb1a6fa6f9cc3af135442f296c125851d9d2398c7d1368a