www.security.online-banking.hsbc.com.cn Open in urlscan Pro
2600:140b:1c00:e::17cb:8536 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www2.m.services.online-banking.hsbc.com.cn/
Effective URL:
https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
Submission: On November 03 via api (November 3rd 2023, 12:45:53 pm UTC) from JP — Scanned from JP

Summary HTTP 40 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 40 HTTP transactions. The main IP is 2600:140b:1c00:e::17cb:8536, located in Tokyo, Japan and belongs to AKAMAI-ASN1, NL. The main domain is www.security.online-banking.hsbc.com.cn.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on March 16th 2023. Valid for: a year.

This is the only time www.security.online-banking.hsbc.com.cn was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 4	203.112.84.74 203.112.84.74	9221 (HSBC-HK-A...) (HSBC-HK-AS HSBC HongKong)
1 17	2600:140b:1c0... 2600:140b:1c00:e::17cb:8536	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2404:6800:400... 2404:6800:4004:828::2003	() ()
1	2404:6800:400... 2404:6800:4004:821::2003	() ()
40	5

4 203.112.84.74 (Hong Kong) 1 redirects

ASN9221 (HSBC-HK-AS HSBC HongKong, HK)

www2.m.services.online-banking.hsbc.com.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2600:140b:1c00:e::17cb:8536 (Tokyo, Japan) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.security.online-banking.hsbc.com.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:828::2003 (None, )

ASN- ()

www.recaptcha.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:821::2003 (None, )

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	hsbc.com.cn 2 redirects www2.m.services.online-banking.hsbc.com.cn www.security.online-banking.hsbc.com.cn	635 KB
1	gstatic.com www.gstatic.com	189 KB
1	recaptcha.net www.recaptcha.net	1 KB
40	3

	Domain	Requested by
17	www.security.online-banking.hsbc.com.cn	1 redirects www.security.online-banking.hsbc.com.cn
4	www2.m.services.online-banking.hsbc.com.cn	1 redirects www2.m.services.online-banking.hsbc.com.cn www.security.online-banking.hsbc.com.cn
1	www.gstatic.com	www.recaptcha.net
1	www.recaptcha.net	www.security.online-banking.hsbc.com.cn www.gstatic.com
40	4

This site contains no links.

Subject Issuer	Validity	Valid
www.security.online-banking.hsbc.com.cn DigiCert SHA2 Extended Validation Server CA	`2023-05-18` - `2024-06-17`	a year	crt.sh
misc.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
Frame ID: FAE9C78EEF7D87DBE38D1C15CF749E61
Requests: 39 HTTP requests in this frame

Frame: https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LeWO3wUAAAAAI-_YnZHM4-4LEBa5JJ6ph4Mla48&co=aHR0cHM6Ly93d3cuc2VjdXJpdHkub25saW5lLWJhbmtpbmcuaHNiYy5jb20uY246NDQz&hl=zh-CN&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&cb=78fypuqmvv4j
Frame ID: 34B09D908EC3DEE1DB0EB872529E1F5A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www2.m.services.online-banking.hsbc.com.cn/ HTTP 301
https://www2.m.services.online-banking.hsbc.com.cn/gpib/ Page URL
https://www2.m.services.online-banking.hsbc.com.cn/gpib/group/gpib/cmn/layouts/default.html?uid=dashboard Page URL
https://www.security.online-banking.hsbc.com.cn/gsa?idv_cmd=idv.SaaSSecurityCommand HTTP 302
https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/ Page URL

Detected technologies

AppDynamics (Analytics) Expand

Overall confidence: 100%
Detected patterns

adrum

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

40
Requests

53 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

823 kB
Transfer

2542 kB
Size

17
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www2.m.services.online-banking.hsbc.com.cn/ HTTP 301
https://www2.m.services.online-banking.hsbc.com.cn/gpib/ Page URL
https://www2.m.services.online-banking.hsbc.com.cn/gpib/group/gpib/cmn/layouts/default.html?uid=dashboard Page URL
https://www.security.online-banking.hsbc.com.cn/gsa?idv_cmd=idv.SaaSSecurityCommand HTTP 302
https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www2.m.services.online-banking.hsbc.com.cn/ HTTP 301
https://www2.m.services.online-banking.hsbc.com.cn/gpib/

40 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/
www2.m.services.online-banking.hsbc.com.cn/gpib/
Redirect Chain

https://www2.m.services.online-banking.hsbc.com.cn/
https://www2.m.services.online-banking.hsbc.com.cn/gpib/

605 B
2 KB

103ms
102ms

Document
text/html

203.112.84.74
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://www2.m.services.online-banking.hsbc.com.cn/gpib/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.84.74 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: accept,accept-encoding,accept-language,authorization,content-type,origin,X-HDR-Synchronizer-Token,X-HDR-DoubleSubmit-Token
Access-Control-Allow-Methods: GET, POST, OPTIONS, DELETE, PUT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Language: en-US
Content-Type: text/html
Date: Fri, 03 Nov 2023 12:45:45 GMT
Keep-Alive: timeout=5, max=499
Last-Modified: Wed, 13 Sep 2023 10:22:26 GMT
S: skm_370_02_gspgw
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=16070400; includeSubDomains
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

Redirect headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: accept,accept-encoding,accept-language,authorization,content-type,origin,X-HDR-Synchronizer-Token,X-HDR-DoubleSubmit-Token
Access-Control-Allow-Methods: GET, POST, OPTIONS, DELETE, PUT
Connection: Keep-Alive
Content-Length: 264
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 03 Nov 2023 12:45:45 GMT
Keep-Alive: timeout=5, max=500
Location: https://www2.m.services.online-banking.hsbc.com.cn/gpib/
Strict-Transport-Security: max-age=16070400; includeSubDomains

GET
H/1.1 200
OK default.html Show response
www2.m.services.online-banking.hsbc.com.cn/gpib/group/gpib/cmn/layouts/ 4 KB
4 KB 110ms
109ms Document
text/html 203.112.84.74
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://www2.m.services.online-banking.hsbc.com.cn/gpib/group/gpib/cmn/layouts/default.html?uid=dashboard

Requested by

Host: www2.m.services.online-banking.hsbc.com.cn
URL: https://www2.m.services.online-banking.hsbc.com.cn/gpib/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.84.74 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

5a505d73d7e50667535213aa5b10db74b2539a7d8d83807f088e669a19938c45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www2.m.services.online-banking.hsbc.com.cn/gpib/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: accept,accept-encoding,accept-language,authorization,content-type,origin,X-HDR-Synchronizer-Token,X-HDR-DoubleSubmit-Token
Access-Control-Allow-Methods: GET, POST, OPTIONS, DELETE, PUT
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Language: en-US
Content-Type: text/html;charset=ISO-8859-1
Date: Fri, 03 Nov 2023 12:45:45 GMT
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Keep-Alive: timeout=5, max=498
Pragma: no-cache
S: skm_370_02_gspgw
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=16070400; includeSubDomains
Surrogate-Control: no-store
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET
H2

200

Primary Request / Show response
www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
Redirect Chain

https://www.security.online-banking.hsbc.com.cn/gsa?idv_cmd=idv.SaaSSecurityCommand
https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

47 KB
10 KB

1510ms
1509ms

Document
text/html

2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5ba4a5189c8ec9ea892fb181eef0af64c160160ab826c973da48f98ef2a4e296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www2.m.services.online-banking.hsbc.com.cn
Referer: https://www2.m.services.online-banking.hsbc.com.cn/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
access-control-allow-methods: GET, POST, OPTIONS
cache-control: max-age=1,s-maxage=0, no-cache, no-store, must-revalidate, private post-check=0, pre-check=0
content-encoding: gzip
content-language: en-US
content-length: 9119
content-type: text/html;charset=UTF-8
date: Fri, 03 Nov 2023 12:45:50 GMT
expires: Sat, 06 May 1995 12:00:00 GMT
pragma: no-cache
s: tko_373_02_saasip, cn01_saasgsp_zhj01_proxy_tko
strict-transport-security: max-age=31536000;includeSubDomains max-age=31536000; includeSubdomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: sameorigin
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www2.m.services.online-banking.hsbc.com.cn
cache-control: max-age=1,s-maxage=0, no-cache, no-store, must-revalidate, private post-check=0, pre-check=0
content-language: en-US
content-length: 0
date: Fri, 03 Nov 2023 12:45:48 GMT
expires: Sat, 06 May 1995 12:00:00 GMT
location: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
pragma: no-cache
s: tko_373_02_saasip, cn01_saasgsp_zhj02_proxy_tko
strict-transport-security: max-age=31536000;includeSubDomains max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-frame-options: sameorigin
x-xss-protection: 1; mode=block

GET
H2 200 adrum.js Show response
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/theme_public/js/ 35 KB
12 KB 1107ms
1096ms Script
application/x-javascript 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/theme_public/js/adrum.js

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

77fe0fdc363f4e45946f17911eac651a64d1eb1d88f326ce80125bc837f58e93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
content-encoding: gzip
date: Fri, 03 Nov 2023 12:45:51 GMT
content-length: 11566
last-modified: Sat, 05 Aug 2017 18:31:46 GMT
etag: "8cb1-55605d37b0200"
x-frame-options: sameorigin
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/x-javascript
vary: Accept-Encoding
cache-control: max-age=604800
access-control-allow-credentials: true
accept-ranges: bytes
s: tko_373_02_saasip, cn01_saasgsp_zhj01_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
expires: Fri, 10 Nov 2023 12:45:50 GMT

GET
H2 200 googleCaptcha_wrapper.js Show response
www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/htmls/ 179 B
787 B 779ms
769ms Script
application/x-javascript 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/htmls/googleCaptcha_wrapper.js?ECAL=zh_CN&SAGG=gsp_hbcn

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

3f126420fd031c27598d6150009a3e4d317498a3c98305467679ffc3a55924e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
content-encoding: gzip
date: Fri, 03 Nov 2023 12:45:50 GMT
content-length: 166
last-modified: Fri, 07 Dec 2018 20:04:19 GMT
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS, GET
content_resource_path: gsp_hbcn/saas/Components/htmls/zh_CN/googleCaptcha_wrapper.js
access-control-allow-origin: *
content-type: application/x-javascript
cache-control: max-age=604800
access-control-allow-credentials: true
content-language: en-US
x-frame-options: sameorigin
s: tko_373_02_saasip, cn01_saasgsp_zhj02_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone, x-requested-with
vary: Accept-Encoding
expires: Fri, 10 Nov 2023 12:45:50 GMT

GET
H2 200 ursula.css
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ 209 KB
35 KB 425ms
415ms Stylesheet
text/css 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ursula.css

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9edc672e6aa741e8070c60a94f6439d19ffa38010231890abddafb6bb4fef3dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
content-encoding: gzip
date: Fri, 03 Nov 2023 12:45:50 GMT
content-length: 35327
last-modified: Tue, 14 Feb 2023 19:26:12 GMT
etag: "342ac-5f4adefb9bd00"
x-frame-options: sameorigin
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=604800
access-control-allow-credentials: true
accept-ranges: bytes
s: tko_373_02_saasip, cn01_saasgsp_zhj02_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
expires: Fri, 10 Nov 2023 12:45:50 GMT

GET
H2 200 lightbox.css
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ 6 KB
2 KB 855ms
847ms Stylesheet
text/css 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/lightbox.css

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

00c2e0475680a72840800a5ac4a42207ba587c60872e56e9c07bbce64f711f3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
content-encoding: gzip
date: Fri, 03 Nov 2023 12:45:50 GMT
content-length: 1542
last-modified: Tue, 14 Feb 2023 19:26:12 GMT
etag: "1865-5f4adefb9bd00"
x-frame-options: sameorigin
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=604800
access-control-allow-credentials: true
accept-ranges: bytes
s: tko_373_02_saasip, cn01_saasgsp_zhj02_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
expires: Fri, 10 Nov 2023 12:45:50 GMT

GET
H2 200 app_logon.js Show response
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/dtk/dojo/ 2 MB
460 KB 1673ms
1666ms Script
application/x-javascript 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/dtk/dojo/app_logon.js

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a40ac7100fce6e90b5feefb163ba4372725b190260e53582c7c36d31ed120ad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
content-encoding: gzip
date: Fri, 03 Nov 2023 12:45:51 GMT
last-modified: Tue, 14 Feb 2023 19:26:10 GMT
etag: "195f74-5f4adef9b3880"
x-frame-options: sameorigin
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/x-javascript
vary: Accept-Encoding
cache-control: max-age=604800
access-control-allow-credentials: true
accept-ranges: bytes
s: tko_373_02_saasip, cn01_saasgsp_zhj01_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
expires: Fri, 10 Nov 2023 12:45:50 GMT

GET
H2 200 top_section.js Show response
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/theme_public/js/ 3 KB
2 KB 774ms
767ms Script
application/x-javascript 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/theme_public/js/top_section.js

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

186b7acb4a807db40b3000e00fe998edc61dbf6873dff71c6b9a854e039f9bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
content-encoding: gzip
date: Fri, 03 Nov 2023 12:45:50 GMT
content-length: 1206
last-modified: Tue, 14 Feb 2023 19:26:08 GMT
etag: "bc5-5f4adef7cb400"
x-frame-options: sameorigin
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/x-javascript
vary: Accept-Encoding
cache-control: max-age=604800
access-control-allow-credentials: true
accept-ranges: bytes
s: tko_373_02_saasip, cn01_saasgsp_zhj01_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
expires: Fri, 10 Nov 2023 12:45:50 GMT

GET
H2 200 HSBCGLBL.js Show response
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/theme_public/js/ 9 KB
4 KB 1003ms
997ms Script
application/x-javascript 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/theme_public/js/HSBCGLBL.js

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

25fb058df0799a3d943c74f54999c39ddc0e53f568d37d3bbf8b13b099869d4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
content-encoding: gzip
date: Fri, 03 Nov 2023 12:45:51 GMT
content-length: 3303
last-modified: Tue, 14 Feb 2023 19:26:08 GMT
etag: "221b-5f4adef7cb400"
x-frame-options: sameorigin
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/x-javascript
vary: Accept-Encoding
cache-control: max-age=604800
access-control-allow-credentials: true
accept-ranges: bytes
s: tko_373_02_saasip, cn01_saasgsp_zhj02_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
expires: Fri, 10 Nov 2023 12:45:51 GMT

GET
H2 200 hsbc-logo_SC.gif
www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/doc/ 3 KB
4 KB 1020ms
1015ms Image
image/gif 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/doc/hsbc-logo_SC.gif

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

841097054b7f048753e299d12e8193b423e1838241203459552f1f0b1e334a34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
date: Fri, 03 Nov 2023 12:45:51 GMT
content-length: 3031
last-modified: Mon, 05 Dec 2016 07:48:42 GMT
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS, GET
content_resource_path: gsp/saas/Components/default/doc/hsbc-logo_SC.gif
access-control-allow-origin: *
content-type: image/gif
cache-control: max-age=2592000
access-control-allow-credentials: true
content-language: en-US
x-frame-options: sameorigin
s: tko_373_02_saasip, cn01_saasgsp_zhj01_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone, x-requested-with
expires: Sun, 03 Dec 2023 12:45:51 GMT

GET
H2 200 SecureKey_HardToken_v2_2.png
www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/images/content/hardToken_v2/ 13 KB
13 KB 1223ms
1220ms Image
image/png 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/images/content/hardToken_v2/SecureKey_HardToken_v2_2.png

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

eb2a77acd408043d7fa19a2d68bdada0d9e7b77c1e1f7a028f2cc6cf2f95ab43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
date: Fri, 03 Nov 2023 12:45:51 GMT
content-length: 12986
last-modified: Tue, 14 Feb 2023 19:26:08 GMT
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS, GET
content_resource_path: gsp/saas/Components/default/resources/images/content/hardToken_v2/SecureKey_HardToken_v2_2.png
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=2592000
access-control-allow-credentials: true
content-language: en-US
x-frame-options: sameorigin
s: tko_373_02_saasip, cn01_saasgsp_zhj02_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone, x-requested-with
expires: Sun, 03 Dec 2023 12:45:51 GMT

GET
H2 200 secureKeyGenerate.png
www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/images/content/ 8 KB
9 KB 612ms
611ms Image
image/png 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/images/content/secureKeyGenerate.png

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4621cb32c3b8f5c462b0ce8b79f427961cf5c52781479e9ed956e821a9133ecc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
date: Fri, 03 Nov 2023 12:45:51 GMT
content-length: 8197
last-modified: Tue, 14 Feb 2023 19:26:08 GMT
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS, GET
content_resource_path: gsp/saas/Components/default/resources/images/content/secureKeyGenerate.png
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=2592000
access-control-allow-credentials: true
content-language: en-US
x-frame-options: sameorigin
s: tko_373_02_saasip, cn01_saasgsp_zhj01_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone, x-requested-with
expires: Sun, 03 Dec 2023 12:45:51 GMT

GET
H2 200 security-device2.png
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/images/keylogin/ 38 KB
38 KB 513ms
512ms Image
image/png 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/images/keylogin/security-device2.png

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

806d7b9f0a11ae9e0f5a2dd2bd27d8a2e743c47da976603222f7be4685805707

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
date: Fri, 03 Nov 2023 12:45:52 GMT
last-modified: Tue, 14 Feb 2023 19:26:08 GMT
etag: "970f-5f4adef7cb400"
x-frame-options: sameorigin
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/png
cache-control: max-age=2592000
access-control-allow-credentials: true
accept-ranges: bytes
s: tko_373_02_saasip, cn01_saasgsp_zhj02_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
content-length: 38671
expires: Sun, 03 Dec 2023 12:45:52 GMT

GET
H2 200 SecureKey_HardToken_v2_3.png
www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/images/content/hardToken_v2/ 13 KB
14 KB 427ms
425ms Image
image/png 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/images/content/hardToken_v2/SecureKey_HardToken_v2_3.png

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

be0b4e3470b8b79c3663a2efd351ac2d0d108cd1fee45185fa7d19a9a924a800

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
date: Fri, 03 Nov 2023 12:45:53 GMT
content-length: 13753
last-modified: Tue, 14 Feb 2023 19:26:08 GMT
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS, GET
content_resource_path: gsp/saas/Components/default/resources/images/content/hardToken_v2/SecureKey_HardToken_v2_3.png
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=2592000
access-control-allow-credentials: true
content-language: en-US
x-frame-options: sameorigin
s: tko_373_02_saasip, cn01_saasgsp_zhj02_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone, x-requested-with
expires: Sun, 03 Dec 2023 12:45:52 GMT

GET
H2 200 SecureKey_HardToken_v2_5.png
www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/images/content/hardToken_v2/ 10 KB
11 KB 380ms
379ms Image
image/png 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/images/content/hardToken_v2/SecureKey_HardToken_v2_5.png

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

eba1f0611d938c1beb4d7ef16741cf12c6989f751a134c7b1dd04370beb839f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
date: Fri, 03 Nov 2023 12:45:53 GMT
content-length: 10339
last-modified: Tue, 14 Feb 2023 19:26:08 GMT
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS, GET
content_resource_path: gsp/saas/Components/default/resources/images/content/hardToken_v2/SecureKey_HardToken_v2_5.png
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=2592000
access-control-allow-credentials: true
content-language: en-US
x-frame-options: sameorigin
s: tko_373_02_saasip, cn01_saasgsp_zhj02_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone, x-requested-with
expires: Sun, 03 Dec 2023 12:45:53 GMT

GET
H2 200 04Generate.png
www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/images/content/softToken/ 7 KB
7 KB 404ms
403ms Image
image/png 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/images/content/softToken/04Generate.png

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
date: Fri, 03 Nov 2023 12:45:53 GMT
content-length: 6885
last-modified: Tue, 14 Feb 2023 19:26:08 GMT
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS, GET
content_resource_path: gsp/saas/Components/default/resources/images/content/softToken/04Generate.png
access-control-allow-origin: *
content-type: image/png
cache-control: max-age=2592000
access-control-allow-credentials: true
content-language: en-US
x-frame-options: sameorigin
s: tko_373_02_saasip, cn01_saasgsp_zhj01_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone, x-requested-with
expires: Sun, 03 Dec 2023 12:45:53 GMT

GET 05Key.png
www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/images/content/softToken/ 0
0

GET security-device1.png
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/images/keylogin/ 0
0

GET
H2 200 bottom_section_nd.js Show response
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/theme_public/js/ 306 B
726 B 437ms
436ms Script
application/x-javascript 2600:140b:1c00:e::17cb:8536
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/theme_public/js/bottom_section_nd.js

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:140b:1c00:e::17cb:8536 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

785e0ecf958235eff250309fb2b5f23e1f68d4ba91a4555240c10707b7beef2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
X-Frame-Options	sameorigin

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000;includeSubDomains, max-age=31536000; includeSubdomains; preload
content-encoding: gzip
date: Fri, 03 Nov 2023 12:45:52 GMT
content-length: 235
last-modified: Tue, 14 Feb 2023 19:26:08 GMT
etag: "132-5f4adef7cb400"
x-frame-options: sameorigin
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/x-javascript
vary: Accept-Encoding
cache-control: max-age=604800
access-control-allow-credentials: true
accept-ranges: bytes
s: tko_373_02_saasip, cn01_saasgsp_zhj01_proxy_tko
access-control-allow-headers: accept,accept-encoding,accept-language,authorization,content-type,origin,applicationname,channelid,countrycode,groupmember,locale,timezone
expires: Fri, 10 Nov 2023 12:45:52 GMT

GET
H2 200 api.js Show response
www.recaptcha.net/recaptcha/ 1 KB
1 KB 217ms
39ms Script
text/javascript 2404:6800:4004:828::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recaptcha.net/recaptcha/api.js?hl=zh-CN

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/htmls/googleCaptcha_wrapper.js?ECAL=zh_CN&SAGG=gsp_hbcn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:828::2003 -, , ASN (),

Reverse DNS

Software

GSE /

Resource Hash

afeff5c362e66e44b35695f69562fca35a65532c1ce4b9318484765d72f155c9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:45:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 03 Nov 2023 12:45:53 GMT

GET print.css
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/ 0
0

GET main.js
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/app/ 0
0

GET Utils.js
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/modules/logon/common/ 0
0

GET nls.js
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/app/ 0
0

GET ext.js
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/ 0
0

GET Interstitial.js
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/modules/common/widget/ 0
0

GET
H/1.1 200
OK prefetch.js Show response
www2.m.services.online-banking.hsbc.com.cn/ContentService/gsp/ChannelsLibrary/Components/client/cmn/prefetch/ 37 KB
6 KB 110ms
109ms Script
application/x-javascript 203.112.84.74
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://www2.m.services.online-banking.hsbc.com.cn/ContentService/gsp/ChannelsLibrary/Components/client/cmn/prefetch/prefetch.js?locale=zh_CN&1699015553371

Requested by

Host: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsa/SECURITY_LOGON_PAGE/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.84.74 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

f4607c23d45e3ffab610e95e78a5c9cd0c1207db09656c7409f8d7f3abb9b81d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.security.online-banking.hsbc.com.cn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Fri, 03 Nov 2023 12:45:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=16070400; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: Keep-Alive
Last-Modified: Fri, 03 Nov 2023 12:23:35 GMT
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET, POST, OPTIONS, DELETE, PUT, GET
CONTENT_RESOURCE_PATH: gsp/ChannelsLibrary/Components/client/cmn/prefetch/prefetch.js
Access-Control-Allow-Origin: *
Content-Type: application/x-javascript
Vary: Accept-Encoding
Access-Control-Allow-Credentials: true
Content-Language: en-US
X-Frame-Options: DENY
S: skm_370_02_gspgw
Access-Control-Allow-Headers: accept,accept-encoding,accept-language,authorization,content-type,origin,X-HDR-Synchronizer-Token,X-HDR-DoubleSubmit-Token, x-requested-with
Keep-Alive: timeout=5, max=500

GET top.gif
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/background/ 0
0

GET background.jpg
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/images/background/ 0
0

GET bg_gradient_red.gif
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/masthead/ 0
0

GET helpIcon.png
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/images/background/ 0
0

GET icon-important.png
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/images/background/ 0
0

GET forward.gif
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/button/ 0
0

GET icon-close.png
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/images/background/ 0
0

GET UniversNextforHSBCW02-Bd.woff
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/fonts/ 0
0

GET UniversNextforHSBCW02-Rg.woff
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/fonts/ 0
0

GET UniversNextforHSBCW02-Lt.woff
www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/fonts/ 0
0

GET
H2 200 recaptcha__zh_cn.js
www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/ 475 KB
189 KB 84ms
3ms Script
text/javascript 2404:6800:4004:821::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/3sU2vDRVDmUU2E0Ro4VadvPr/recaptcha__zh_cn.js

Requested by

Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/api.js?hl=zh-CN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:821::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.security.online-banking.hsbc.com.cn/
Origin: https://www.security.online-banking.hsbc.com.cn
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 03:36:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119339
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 193025
x-xss-protection: 0
last-modified: Mon, 30 Oct 2023 02:02:02 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 01 Nov 2024 03:36:54 GMT

GET anchor
www.recaptcha.net/recaptcha/api2/ Frame 34B0 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/ContentService/gsp/saas/Components/default/resources/images/content/softToken/05Key.png

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/images/keylogin/security-device1.png

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/print.css

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/app/main.js?1.0

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/modules/logon/common/Utils.js?1.0

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/app/nls.js?1.0

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/ext.js?1.0

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/modules/common/widget/Interstitial.js?1.0

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/background/top.gif

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/images/background/background.jpg

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/masthead/bg_gradient_red.gif

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/images/background/helpIcon.png

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/images/background/icon-important.png

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/images/button/forward.gif

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/images/background/icon-close.png

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/fonts/UniversNextforHSBCW02-Bd.woff

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/fonts/UniversNextforHSBCW02-Rg.woff

Domain: www.security.online-banking.hsbc.com.cn
URL: https://www.security.online-banking.hsbc.com.cn/gsp/saas/Components/default/resources/script/libraries/hsbc/widget/themes/ursula/fonts/UniversNextforHSBCW02-Lt.woff

Domain: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LeWO3wUAAAAAI-_YnZHM4-4LEBa5JJ6ph4Mla48&co=aHR0cHM6Ly93d3cuc2VjdXJpdHkub25saW5lLWJhbmtpbmcuaHNiYy5jb20uY246NDQz&hl=zh-CN&v=3sU2vDRVDmUU2E0Ro4VadvPr&size=invisible&cb=78fypuqmvv4j

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www2.m.services.online-banking.hsbc.com.cn/gpib	1969-12-31 23:59:59	Name: CAMToken Value: eZHwQdXeuuq9EnuuvorKLmY1SJg=
www2.m.services.online-banking.hsbc.com.cn/gpib	1969-12-31 23:59:59	Name: TS01be79f3 Value: 018de30b9a66b95f64b285d1c4e2c61790d2cac8ed04fd548db6f7598048d889f202d7b06adbeafbc4e0d60ec188833bbdace8ba71
www.security.online-banking.hsbc.com.cn/gsa	1969-12-31 23:59:59	Name: CAMToken Value: BpiDUzYmrGNgdyMg2BMGHs9R+f8=
.security.online-banking.hsbc.com.cn/gsa	1969-12-31 23:59:59	Name: SAASICIPCookie Value: KFLS4s3U9ptBUwsMH5N72CnHpePZ06fFHW1DTJqCwF09MuvWGYzzcZAuEpBYrwU17ZkSLUJQsYRVgVTLngBvQYQ54yH45WYJ0Kz+nyV/UhT8VLnfonU4nfSu0N93cJ59CsPe7Dy+IPVcvCN67ZCR6vXm6ESAuP+ojFxp3kXuyQY=
www.security.online-banking.hsbc.com.cn/gsa	1969-12-31 23:59:59	Name: TS01ccf6b8 Value: 019552f8d20dbc65e690e17b61461f744f8b9cfb6f0dfccd9d90de26a83e583520aa5da6079a5875aa2bd00d126689b05d52c670cb
.security.online-banking.hsbc.com.cn/gsa	1969-12-31 23:59:59	Name: TS01cc30b3 Value: 019552f8d20dbc65e690e17b61461f744f8b9cfb6f0dfccd9d90de26a83e583520aa5da6079a5875aa2bd00d126689b05d52c670cb
www2.m.services.online-banking.hsbc.com.cn/	1969-12-31 23:59:59	Name: GSP2-PRD-MOBILE-WWW Value: !9wIgG/rPWaLiWnzMeF0cQdf86OMezAENhzsG43loKU1iggNka69Po1hGCXC7vnpSvLJQf6nob/FND6A=
www2.m.services.online-banking.hsbc.com.cn/	1969-12-31 23:59:59	Name: TS01f477b4 Value: 018de30b9a66b95f64b285d1c4e2c61790d2cac8ed04fd548db6f7598048d889f202d7b06adbeafbc4e0d60ec188833bbdace8ba71
www2.m.services.online-banking.hsbc.com.cn/	1970-01-20 15:56:55	Name: SameSite Value: None
www2.m.services.online-banking.hsbc.com.cn/	1969-12-31 23:59:59	Name: JSESSIONID Value: 0000a8_Bn-CRbTHLVB69nK8vzaR:1ceb9pbqt
www2.m.services.online-banking.hsbc.com.cn/	1970-01-20 15:56:55	Name: ADRUM_BTa Value: R:56\|g:7cde9cf5-19a4-4cd0-86b7-bfb6db91c21e\|n:hostap_098c552b-7264-4d55-8e21-32d54b9dac18
www.security.online-banking.hsbc.com.cn/	1970-01-20 15:56:55	Name: SameSite Value: None
www.security.online-banking.hsbc.com.cn/	1969-12-31 23:59:59	Name: JSESSIONID Value: 0000h7KmP-fFidUkBvFDoQI64ZF:1cdovec7s
www.security.online-banking.hsbc.com.cn/	1969-12-31 23:59:59	Name: SAAS2PRDAOCDESK Value: !Jhm9/NmG6tDv2+gJohWljWBw5Y9l3qN/Wm8sDwHkbQkBPpYEjEEOlVA/zJtoSJCt1PcVvClDesrhf9w=
www.security.online-banking.hsbc.com.cn/	1970-01-20 15:56:55	Name: ADRUM_BTa Value: R:51\|g:a8f3f4a1-dcdf-4a8e-8fc3-5ae3352cb28f\|n:hostap_098c552b-7264-4d55-8e21-32d54b9dac18
www.security.online-banking.hsbc.com.cn/	1970-01-20 15:56:55	Name: ADRUM_BT1 Value: R:51\|i:633\|e:7
www.security.online-banking.hsbc.com.cn/	1969-12-31 23:59:59	Name: TS01f477b4 Value: 019552f8d20dbc65e690e17b61461f744f8b9cfb6f0dfccd9d90de26a83e583520aa5da6079a5875aa2bd00d126689b05d52c670cb

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.gstatic.com
www.recaptcha.net
www.security.online-banking.hsbc.com.cn
www2.m.services.online-banking.hsbc.com.cn
www.recaptcha.net
www.security.online-banking.hsbc.com.cn
203.112.84.74
2404:6800:4004:821::2003
2404:6800:4004:828::2003
2600:140b:1c00:e::17cb:8536
00c2e0475680a72840800a5ac4a42207ba587c60872e56e9c07bbce64f711f3a
186b7acb4a807db40b3000e00fe998edc61dbf6873dff71c6b9a854e039f9bb3
25fb058df0799a3d943c74f54999c39ddc0e53f568d37d3bbf8b13b099869d4c
3f126420fd031c27598d6150009a3e4d317498a3c98305467679ffc3a55924e9
4621cb32c3b8f5c462b0ce8b79f427961cf5c52781479e9ed956e821a9133ecc
5a505d73d7e50667535213aa5b10db74b2539a7d8d83807f088e669a19938c45
5ba4a5189c8ec9ea892fb181eef0af64c160160ab826c973da48f98ef2a4e296
77fe0fdc363f4e45946f17911eac651a64d1eb1d88f326ce80125bc837f58e93
785e0ecf958235eff250309fb2b5f23e1f68d4ba91a4555240c10707b7beef2e
806d7b9f0a11ae9e0f5a2dd2bd27d8a2e743c47da976603222f7be4685805707
841097054b7f048753e299d12e8193b423e1838241203459552f1f0b1e334a34
9edc672e6aa741e8070c60a94f6439d19ffa38010231890abddafb6bb4fef3dd
a40ac7100fce6e90b5feefb163ba4372725b190260e53582c7c36d31ed120ad3
afeff5c362e66e44b35695f69562fca35a65532c1ce4b9318484765d72f155c9
be0b4e3470b8b79c3663a2efd351ac2d0d108cd1fee45185fa7d19a9a924a800
eb2a77acd408043d7fa19a2d68bdada0d9e7b77c1e1f7a028f2cc6cf2f95ab43
eba1f0611d938c1beb4d7ef16741cf12c6989f751a134c7b1dd04370beb839f6
f4607c23d45e3ffab610e95e78a5c9cd0c1207db09656c7409f8d7f3abb9b81d

www.security.online-banking.hsbc.com.cn Open in urlscan Pro 2600:140b:1c00:e::17cb:8536 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

40 Requests

53 %HTTPS

75 %IPv6

3 Domains

4 Subdomains

5 IPs

2 Countries

823 kBTransfer

2542 kBSize

17 Cookies

0 Outgoing links

Page URL History

Redirected requests

40 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

17 Cookies

Security Headers

Indicators

www.security.online-banking.hsbc.com.cn Open in urlscan Pro
2600:140b:1c00:e::17cb:8536 Public Scan

Screenshot
Live screenshot

Full Image

40
Requests

53 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

823 kB
Transfer

2542 kB
Size

17
Cookies

40 HTTP transactions
0 data transactions