serveugandainitiative.org Open in urlscan Pro
2606:4700:30::681b:b47c Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Submission Tags: @ipnigh
Submission: On August 26 via api (August 26th 2019, 12:29:57 am UTC) from GB

Summary HTTP 31 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 31 HTTP transactions. The main IP is 2606:4700:30::681b:b47c, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is serveugandainitiative.org.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on October 11th 2018. Valid for: a year.

This is the only time serveugandainitiative.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nationwide Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 6	2606:4700:30:... 2606:4700:30::681b:b47c	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
17	155.131.32.21 155.131.32.21	8698 () ()
1 3	34.253.55.79 34.253.55.79	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	63.140.40.27 63.140.40.27	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
31	5

6 2606:4700:30::681b:b47c (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

serveugandainitiative.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 155.131.32.21 (United Kingdom)

ASN8698 (, GB)

onlinebanking.nationwide.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.253.55.79 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-253-55-79.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.40.27 (United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: nationwide.co.uk.ssl.d2.sc.omtrdc.net

smetrics.nationwide.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	nationwide.co.uk onlinebanking.nationwide.co.uk smetrics.nationwide.co.uk	144 KB
6	serveugandainitiative.org 1 redirects serveugandainitiative.org	53 KB
3	demdex.net 1 redirects dpm.demdex.net	3 KB
31	3

	Domain	Requested by
17	onlinebanking.nationwide.co.uk	serveugandainitiative.org onlinebanking.nationwide.co.uk
6	serveugandainitiative.org	1 redirects serveugandainitiative.org
3	dpm.demdex.net	1 redirects serveugandainitiative.org onlinebanking.nationwide.co.uk
1	smetrics.nationwide.co.uk	onlinebanking.nationwide.co.uk
31	4

This site contains links to these domains. Also see Links.

Domain
www.nationwide.co.uk
onlinebanking.nationwide.co.uk
twitter.com
www.facebook.com
www.youtube.com
www.linkedin.com
www.fca.org.uk

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2018-10-11` - `2019-10-11`	a year	crt.sh
onlinebanking.nationwide.co.uk DigiCert SHA2 Extended Validation Server CA	`2018-07-18` - `2019-10-14`	a year	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
smetrics.nationwide.co.uk DigiCert Global CA G2	`2019-03-15` - `2021-03-15`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Frame ID: AD75DB23621ECEA97F2C5AC045BC2C1C
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://serveugandainitiative.org/wordpress/wp-content/upgrade HTTP 301
https://serveugandainitiative.org/wordpress/wp-content/upgrade/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

31
Requests

81 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

199 kB
Transfer

394 kB
Size

5
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nationwide.co.uk/support/digital-banking-hub
Title: Help logging inOpens in a new window

Search URL Search Domain Scan URL

URL: http://www.nationwide.co.uk/
Title: Nationwide.co.uk

Search URL Search Domain Scan URL

URL: https://onlinebanking.nationwide.co.uk/AccessManagement/Login/RCALogin?specifiedStartPage=MySecurity
Title: Log in with your card and card reader

Search URL Search Domain Scan URL

URL: https://onlinebanking.nationwide.co.uk/Registration/CustomerSelfRegistration/SelectAccountType
Title: by re-registering

Search URL Search Domain Scan URL

URL: https://www.nationwide.co.uk/support/security-centre/fraud-awareness/online-fraud
Title: visit our security centre.

Search URL Search Domain Scan URL

URL: https://www.nationwide.co.uk/support/ways-to-bank/internet-banking/services/internet-banking-terms-and-conditions-main
Title: Internet Bank Terms and Conditions

Search URL Search Domain Scan URL

URL: https://www.nationwide.co.uk/about/corporate-information/cookies-and-privacy/cookie-details
Title: cookies

Search URL Search Domain Scan URL

URL: http://www.nationwide.co.uk/support/security-centre/overview
Title: Security centre

Search URL Search Domain Scan URL

URL: https://www.nationwide.co.uk/support/accessibility/digital-accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: http://www.nationwide.co.uk/support/ways-to-bank/service-availability
Title: Service status

Search URL Search Domain Scan URL

URL: http://www.nationwide.co.uk/support/ways-to-bank/mobile-banking/features-and-benefits
Title: Mobile Banking app

Search URL Search Domain Scan URL

URL: http://www.nationwide.co.uk/support/ways-to-bank/internet-banking/services/internet-banking-terms-and-conditions-main
Title: Internet Bank Terms and Conditions

Search URL Search Domain Scan URL

URL: http://www.nationwide.co.uk/support/contact-us/call-us
Title: Contact us

Search URL Search Domain Scan URL

URL: https://twitter.com/AskNationwide
Title: Twitter (This link will open in a new window)

Search URL Search Domain Scan URL

URL: https://www.facebook.com/NationwideBuildingSociety
Title: Facebook (This link will open in a new window)

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/nationwidebsocietyuk
Title: Youtube (This link will open in a new window)

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/nationwide-building-society
Title: LinkedIn (This link will open in a new window)

Search URL Search Domain Scan URL

URL: https://www.fca.org.uk/
Title: www.fca.gov.uk Opens in a new window

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://serveugandainitiative.org/wordpress/wp-content/upgrade HTTP 301
https://serveugandainitiative.org/wordpress/wp-content/upgrade/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://dpm.demdex.net/id?d_visid_ver=1.7.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1566779378449 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=1.7.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1566779378449

31 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
serveugandainitiative.org/wordpress/wp-content/upgrade/
Redirect Chain

https://serveugandainitiative.org/wordpress/wp-content/upgrade
https://serveugandainitiative.org/wordpress/wp-content/upgrade/

42 KB
7 KB

234ms
232ms

Document
text/html

2606:4700:30::681b:b47c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681b:b47c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7d4dfeaa15f884eeda3f03839d140badd1548fdf60990c8ae46c7d513ca579b

Request headers

:method: GET
:authority: serveugandainitiative.org
:scheme: https
:path: /wordpress/wp-content/upgrade/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
cookie: __cfduid=d26a62fcbd86522f5fc6138449c8a733f1566779376
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
date: Mon, 26 Aug 2019 00:29:36 GMT
content-type: text/html
last-modified: Sun, 25 Aug 2019 08:18:55 GMT
vary: Accept-Encoding
x-server-cache: false
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 50c1b1403b3d8c6e-VIE
content-encoding: br

Redirect headers

status: 301
date: Mon, 26 Aug 2019 00:29:36 GMT
content-type: text/html; charset=iso-8859-1
set-cookie: __cfduid=d26a62fcbd86522f5fc6138449c8a733f1566779376; expires=Tue, 25-Aug-20 00:29:36 GMT; path=/; domain=.serveugandainitiative.org; HttpOnly
location: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
x-server-cache: false
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 50c1b13c5aad8c6e-VIE

GET
H2 404 adrum-ext.64575a4f0ccc435ef3de4778c280c647.js
serveugandainitiative.org/Scripts/adrum/ 0
0 1488ms
1487ms Script
text/html 2606:4700:30::681b:b47c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://serveugandainitiative.org/Scripts/adrum/adrum-ext.64575a4f0ccc435ef3de4778c280c647.js
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681b:b47c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Aug 2019 00:29:38 GMT
content-encoding: br
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
cf-ray: 50c1b141fba08c6e-VIE
link: <https://serveugandainitiative.org/wp-json/>; rel="https://api.w.org/"
x-ua-compatible: IE=edge

GET
H2 404 adrum.js
serveugandainitiative.org/Scripts/adrum/ 0
0 1406ms
1405ms Script
text/html 2606:4700:30::681b:b47c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://serveugandainitiative.org/Scripts/adrum/adrum.js
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681b:b47c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Aug 2019 00:29:38 GMT
content-encoding: br
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
cf-ray: 50c1b141fb9f8c6e-VIE
link: <https://serveugandainitiative.org/wp-json/>; rel="https://api.w.org/"
x-ua-compatible: IE=edge

GET
H/1.1 200
OK internet-bank.ashx
onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/ 86 KB
15 KB 229ms
120ms Stylesheet
text/css 155.131.32.21

General

Check archive.org

Show headers Download Go to

Full URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/internet-bank.ashx?timestamp=20171011170622
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 155.131.32.21 , United Kingdom, ASN8698 (, GB),
Reverse DNS
Software: /
Resource Hash: b32634b414f7ec3171ce9d176f2c989d7a91748d6f5c8c1da16b392ef433718e

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 26 Aug 2019 00:29:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Oct 2017 15:06:22 GMT
ETag: e322e740bedc499d87b26cbd805622c7
Content-Type: text/css
Cache-Control: public, no-cache="Set-Cookie", max-age=7776000
r: 8.1.2.0
Connection: Keep-Alive
Content-Length: 14467
Expires: Sun, 24 Nov 2019 01:29:36 GMT

GET
H/1.1 200
OK external.ashx
onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/ 3 KB
2 KB 161ms
52ms Stylesheet
text/css 155.131.32.21

General

Check archive.org

Show headers Download Go to

Full URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/external.ashx?timestamp=20180618121521
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 155.131.32.21 , United Kingdom, ASN8698 (, GB),
Reverse DNS
Software: /
Resource Hash: 2102b0eaa9cf9c8f0ebb190346ebf3d191c99f36173cef5fdec30523fccda19f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 26 Aug 2019 00:29:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Jun 2018 10:15:21 GMT
ETag: de5d6e5a62094fbfa319f68801bddda5
Content-Type: text/css
Cache-Control: public, no-cache="Set-Cookie", max-age=7776000
r: 8.1.2.0
Connection: Keep-Alive
Content-Length: 823
Expires: Sun, 24 Nov 2019 01:29:36 GMT

GET
H/1.1 200
OK app.master.head.js Show response
onlinebanking.nationwide.co.uk/Scripts/ 145 KB
51 KB 231ms
118ms Script
text/javascript 155.131.32.21

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.nationwide.co.uk/Scripts/app.master.head.js?v=S8Mn63VWm68eNyT9k8qymq_92Evo55TP7watStV-mAQ1

Requested by

Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

155.131.32.21 , United Kingdom, ASN8698 (, GB),

Reverse DNS

Software

Resource Hash

9b08f580df0077bea43c55c19312b9a8ffb33b767944159cde379115216ffb35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Secuirty-Policy-Report-Only: default-src *.nationwide.co.uk 'self'; connect-src *.nationwide.co.uk *.bing.com dpm.demdex.net 'self'; script-src 'unsafe-inline' *.nationwide.co.uk 'unsafe-eval'; style-src *.nationwide.co.uk 'unsafe-inline'; report-uri /csp-report
r: 56.0.56003.0
Connection: Keep-Alive
Content-Length: 51282
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Mon, 26 Aug 2019 00:29:37 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 26 Aug 2019 00:29:37 GMT
Vary: User-Agent
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Expires: Tue, 25 Aug 2020 00:29:37 GMT

GET
H/1.1 200
OK CardReader.ashx
onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/img/ 50 KB
51 KB 156ms
44ms Image
image/png 155.131.32.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/img/CardReader.ashx?timestamp=20160322130557
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 155.131.32.21 , United Kingdom, ASN8698 (, GB),
Reverse DNS
Software: /
Resource Hash: 65a99b820d3f50fc3159c1cd6acde26c7a87bf1e1a22c617ed39ec11289044d6

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 26 Aug 2019 00:29:36 GMT
Last-Modified: Tue, 22 Mar 2016 12:05:57 GMT
ETag: 48a9c5bec56048f789e89243c328e5fb
Content-Type: image/png
Cache-Control: public, no-cache="Set-Cookie", max-age=7776000
r: 8.1.2.0
Content-Length: 51127
Expires: Sun, 24 Nov 2019 01:29:36 GMT

GET
H/1.1 200
OK cardReaderIdentify.ashx
onlinebanking.nationwide.co.uk/cms/~/media/Files/default/img/ 680 B
2 KB 40ms
39ms Image
image/png 155.131.32.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/default/img/cardReaderIdentify.ashx?timestamp=20110608183450
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 155.131.32.21 , United Kingdom, ASN8698 (, GB),
Reverse DNS
Software: /
Resource Hash: f65524fbd00ec3ab3a6c666fb5ae933625b05fd5cf2065ca52ca7227e1fa2281

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 26 Aug 2019 00:29:37 GMT
Last-Modified: Wed, 08 Jun 2011 16:34:50 GMT
ETag: efd835dab7f44719838e9fbf7d90c6ee
Content-Type: image/png
Cache-Control: public, no-cache="Set-Cookie", max-age=7776000
r: 8.1.2.0
Content-Length: 680
Expires: Sun, 24 Nov 2019 01:29:38 GMT

GET
H/1.1 200
OK cardReaderOK.ashx
onlinebanking.nationwide.co.uk/cms/~/media/Files/default/img/ 819 B
2 KB 36ms
36ms Image
image/png 155.131.32.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/default/img/cardReaderOK.ashx?timestamp=20110608183450
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 155.131.32.21 , United Kingdom, ASN8698 (, GB),
Reverse DNS
Software: /
Resource Hash: 1ae4fa654fe6f05b911a1490eb7e3fa7cafd913bb9501f245b4b5e1af6e7052e

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 26 Aug 2019 00:29:37 GMT
Last-Modified: Wed, 08 Jun 2011 16:34:50 GMT
ETag: 51f73d7da1084be1a3ef16d7f0a298dd
Content-Type: image/png
Cache-Control: public, no-cache="Set-Cookie", max-age=7776000
r: 8.1.2.0
Content-Length: 819
Expires: Sun, 24 Nov 2019 01:29:38 GMT

GET
H/1.1 200
OK cardReaderClear.ashx
onlinebanking.nationwide.co.uk/cms/~/media/Files/default/img/ 643 B
1 KB 39ms
39ms Image
image/png 155.131.32.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/default/img/cardReaderClear.ashx?timestamp=20110608183449
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 155.131.32.21 , United Kingdom, ASN8698 (, GB),
Reverse DNS
Software: /
Resource Hash: 3e76108f4a25c59ca111562c826a1a4011d6f25c33cacbca1c72b13b9b33d221

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 26 Aug 2019 00:29:37 GMT
Last-Modified: Wed, 08 Jun 2011 16:34:49 GMT
ETag: 109674f1fb5b4e65868b3eefc2559df2
Content-Type: image/png
Cache-Control: public, no-cache="Set-Cookie", max-age=7776000
r: 8.1.2.0
Content-Length: 643
Expires: Sun, 24 Nov 2019 01:29:38 GMT

GET
H2 404 cardReaderCancel.ashx
serveugandainitiative.org/cms/~/media/Files/default/img/ 46 KB
46 KB 1000ms
999ms Image
text/html 2606:4700:30::681b:b47c
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://serveugandainitiative.org/cms/~/media/Files/default/img/cardReaderCancel.ashx?timestamp=20110608183448
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681b:b47c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f421d382398e4d447622b2e02e490ded348fd358ce4da8a74ba43e602c7a6753

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Aug 2019 00:29:39 GMT
content-encoding: br
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
cf-ray: 50c1b14b7d198c6e-VIE
link: <https://serveugandainitiative.org/wp-json/>; rel="https://api.w.org/"
x-ua-compatible: IE=edge

GET
H2 404 app.master.body.js
serveugandainitiative.org/Scripts/ 0
0 1883ms
1882ms Script
text/html 2606:4700:30::681b:b47c
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://serveugandainitiative.org/Scripts/app.master.body.js?v=-G29Zq8SnJeJ9DoDxLUidbdVRb4gcNEZJombxRcfA1w1
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681b:b47c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Aug 2019 00:29:39 GMT
content-encoding: br
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
cf-ray: 50c1b143ebf78c6e-VIE
link: <https://serveugandainitiative.org/wp-json/>; rel="https://api.w.org/"
x-ua-compatible: IE=edge

GET
H/1.1 200
OK jquery.cookie.js Show response
onlinebanking.nationwide.co.uk/Scripts/ 1 KB
2 KB 36ms
33ms Script
application/x-javascript 155.131.32.21

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.nationwide.co.uk/Scripts/jquery.cookie.js

Requested by

Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

155.131.32.21 , United Kingdom, ASN8698 (, GB),

Reverse DNS

Software

Resource Hash

4a488bdf1fa9ce48e8bfdb0691b271d45bd3caa83ccdec0257ab4b29f74a9de5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Secuirty-Policy-Report-Only: default-src *.nationwide.co.uk 'self'; connect-src *.nationwide.co.uk *.bing.com dpm.demdex.net 'self'; script-src 'unsafe-inline' *.nationwide.co.uk 'unsafe-eval'; style-src *.nationwide.co.uk 'unsafe-inline'; report-uri /csp-report
r: 56.0.56003.0
Connection: Keep-Alive
Content-Length: 601
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Mon, 26 Aug 2019 00:29:38 GMT
Date: Mon, 26 Aug 2019 00:29:37 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public, max-age=300
ETag: "D1FD028FC32DA4A2B7414C0E8B92EFDA"
Expires: Mon, 26 Aug 2019 00:34:38 GMT

GET
H/1.1 200
OK help.js Show response
onlinebanking.nationwide.co.uk/Scripts/ 2 KB
2 KB 39ms
37ms Script
application/x-javascript 155.131.32.21

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.nationwide.co.uk/Scripts/help.js

Requested by

Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

155.131.32.21 , United Kingdom, ASN8698 (, GB),

Reverse DNS

Software

Resource Hash

4a8933b4bd5e6872cfbbd0d27a09aec83e912edda66b3702bc650eb6174d93b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Secuirty-Policy-Report-Only: default-src *.nationwide.co.uk 'self'; connect-src *.nationwide.co.uk *.bing.com dpm.demdex.net 'self'; script-src 'unsafe-inline' *.nationwide.co.uk 'unsafe-eval'; style-src *.nationwide.co.uk 'unsafe-inline'; report-uri /csp-report
r: 56.0.56003.0
Connection: Keep-Alive
Content-Length: 752
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Mon, 26 Aug 2019 00:29:38 GMT
Date: Mon, 26 Aug 2019 00:29:38 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public, max-age=300
ETag: "DD72D8E321B723E1F2DA719ACCAD782A"
Expires: Mon, 26 Aug 2019 00:34:38 GMT

GET
H/1.1 200
OK Login.js Show response
onlinebanking.nationwide.co.uk/AccessManagement/AccessManagement/Scripts/ 4 KB
3 KB 43ms
41ms Script
application/x-javascript 155.131.32.21

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.nationwide.co.uk/AccessManagement/AccessManagement/Scripts/Login.js

Requested by

Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

155.131.32.21 , United Kingdom, ASN8698 (, GB),

Reverse DNS

Software

Resource Hash

42f7e970c86a15440f7e44e8f6df143abcfb9aece0811505ea53970f7dfd2dd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Secuirty-Policy-Report-Only: default-src *.nationwide.co.uk 'self'; connect-src *.nationwide.co.uk *.bing.com dpm.demdex.net 'self'; script-src 'unsafe-inline' *.nationwide.co.uk 'unsafe-eval'; style-src *.nationwide.co.uk 'unsafe-inline'; report-uri /csp-report
r: 56.0.56003.0
Connection: Keep-Alive
Content-Length: 1602
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Mon, 26 Aug 2019 00:29:38 GMT
Date: Mon, 26 Aug 2019 00:29:38 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public, max-age=300
ETag: "E4206A6645405091854F152B8515B40D"
Expires: Mon, 26 Aug 2019 00:34:38 GMT

GET
H/1.1 200
OK EUCookieDirective.js Show response
onlinebanking.nationwide.co.uk/AccessManagement/AccessManagement/Scripts/ 209 B
1 KB 39ms
37ms Script
application/x-javascript 155.131.32.21

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.nationwide.co.uk/AccessManagement/AccessManagement/Scripts/EUCookieDirective.js

Requested by

Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

155.131.32.21 , United Kingdom, ASN8698 (, GB),

Reverse DNS

Software

Resource Hash

f1756453897bd3df8ea62f6436131f2d4ed6b7c7881bc4d3f29ae51758074abc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Referrer-Policy: same-origin
Last-Modified: Mon, 26 Aug 2019 00:29:38 GMT
ETag: "97099C7CA88FEDFEC322C71590132BBB"
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public, max-age=300
Date: Mon, 26 Aug 2019 00:29:38 GMT
Content-Secuirty-Policy-Report-Only: default-src *.nationwide.co.uk 'self'; connect-src *.nationwide.co.uk *.bing.com dpm.demdex.net 'self'; script-src 'unsafe-inline' *.nationwide.co.uk 'unsafe-eval'; style-src *.nationwide.co.uk 'unsafe-inline'; report-uri /csp-report
X-Content-Type-Options: nosniff
r: 56.0.56003.0
Content-Length: 209
X-XSS-Protection: 1; mode=block
Expires: Mon, 26 Aug 2019 00:34:38 GMT

GET
H/1.1 200
OK ServiceAvailabilityServiceMessage.js Show response
onlinebanking.nationwide.co.uk/AccessManagement/AccessManagement/Scripts/ 2 KB
2 KB 71ms
31ms Script
application/x-javascript 155.131.32.21

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.nationwide.co.uk/AccessManagement/AccessManagement/Scripts/ServiceAvailabilityServiceMessage.js

Requested by

Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

155.131.32.21 , United Kingdom, ASN8698 (, GB),

Reverse DNS

Software

Resource Hash

c6164642f386cfa0495b5644c28d71d47c0c8ee2a45a873924d264814f783c88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Secuirty-Policy-Report-Only: default-src *.nationwide.co.uk 'self'; connect-src *.nationwide.co.uk *.bing.com dpm.demdex.net 'self'; script-src 'unsafe-inline' *.nationwide.co.uk 'unsafe-eval'; style-src *.nationwide.co.uk 'unsafe-inline'; report-uri /csp-report
r: 56.0.56003.0
Connection: Keep-Alive
Content-Length: 445
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Mon, 26 Aug 2019 00:29:38 GMT
Date: Mon, 26 Aug 2019 00:29:37 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public, max-age=300
ETag: "B743A3AE80FCD36809DB466A6A5A20BD"
Expires: Mon, 26 Aug 2019 00:34:38 GMT

GET
H/1.1 200
OK CustomSmartBanner.js Show response
onlinebanking.nationwide.co.uk/AccessManagement/AccessManagement/Scripts/ 4 KB
2 KB 32ms
31ms Script
application/x-javascript 155.131.32.21

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.nationwide.co.uk/AccessManagement/AccessManagement/Scripts/CustomSmartBanner.js

Requested by

Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

155.131.32.21 , United Kingdom, ASN8698 (, GB),

Reverse DNS

Software

Resource Hash

f12fbfa4f4c72ca8aac74a20c4783512b2325d6f6c44c7af24354df60645de96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Secuirty-Policy-Report-Only: default-src *.nationwide.co.uk 'self'; connect-src *.nationwide.co.uk *.bing.com dpm.demdex.net 'self'; script-src 'unsafe-inline' *.nationwide.co.uk 'unsafe-eval'; style-src *.nationwide.co.uk 'unsafe-inline'; report-uri /csp-report
r: 56.0.56003.0
Connection: Keep-Alive
Content-Length: 860
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Mon, 26 Aug 2019 00:29:38 GMT
Date: Mon, 26 Aug 2019 00:29:38 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public, max-age=300
ETag: "BA4C7590D9EE3CE6FF49B56C26D2AB44"
Expires: Mon, 26 Aug 2019 00:34:38 GMT

GET
H/1.1 200
OK SplashPageAnalytics.js Show response
onlinebanking.nationwide.co.uk/AccessManagement/AccessManagement/Scripts/ 2 KB
2 KB 31ms
31ms Script
application/x-javascript 155.131.32.21

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.nationwide.co.uk/AccessManagement/AccessManagement/Scripts/SplashPageAnalytics.js

Requested by

Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

155.131.32.21 , United Kingdom, ASN8698 (, GB),

Reverse DNS

Software

Resource Hash

e7ecb597c300359a945e12057da111d4ef161179f2d2df2579b145bd1350d2c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Secuirty-Policy-Report-Only: default-src *.nationwide.co.uk 'self'; connect-src *.nationwide.co.uk *.bing.com dpm.demdex.net 'self'; script-src 'unsafe-inline' *.nationwide.co.uk 'unsafe-eval'; style-src *.nationwide.co.uk 'unsafe-inline'; report-uri /csp-report
r: 56.0.56003.0
Connection: Keep-Alive
Content-Length: 444
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
Last-Modified: Mon, 26 Aug 2019 00:29:38 GMT
Date: Mon, 26 Aug 2019 00:29:38 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public, max-age=300
ETag: "6C08F415C82C1D97554D093BC85A8DCD"
Expires: Mon, 26 Aug 2019 00:34:38 GMT

GET nbs-medium-webfont-woff.woff
onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/fonts/ 0
0

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=1.7.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1566779378449
https://dpm.demdex.net/id/rd?d_visid_ver=1.7.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1566779378449

219 B
987 B

37ms
37ms

XHR
application/json

34.253.55.79
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id/rd?d_visid_ver=1.7.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1566779378449
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.55.79 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-253-55-79.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6b5a5bfda85b061489859bca408ae353a3941e74e2a09ba9f601221f3d9296ea

Request headers

Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v041-018c338ef.edge-irl1.demdex.com 5.58.1.20190812093348 3ms (+1ms)
Pragma: no-cache
X-TID: lmu8HpSXTdE=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://serveugandainitiative.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 219
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Access-Control-Allow-Origin: https://serveugandainitiative.org
X-TID: /jdCCmicSF4=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=1.7.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1566779378449
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK NW_160x45.png
onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/img/ 2 KB
3 KB 60ms
51ms Image
image/png 155.131.32.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/img/NW_160x45.png
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 155.131.32.21 , United Kingdom, ASN8698 (, GB),
Reverse DNS
Software: /
Resource Hash: 892ef25d857dbb17c3310310338578e0e19772646435a540fdc717b47979b13b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/internet-bank.ashx?timestamp=20171011170622
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 26 Aug 2019 00:29:37 GMT
Last-Modified: Thu, 15 Dec 2016 11:13:50 GMT
ETag: 8e4c95423f11471381ca9c08c8176e50
Content-Type: image/png
Cache-Control: public
r: 8.1.2.0
Content-Length: 2226
Expires: Mon, 26 Aug 2019 00:31:38 GMT

GET
H/1.1 200
OK loading-graphic-white.png
onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/img/ 1 KB
2 KB 51ms
51ms Image
image/png 155.131.32.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/img/loading-graphic-white.png
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 155.131.32.21 , United Kingdom, ASN8698 (, GB),
Reverse DNS
Software: /
Resource Hash: f06722cdec025dcab10f4fab41dfd79ffe6a8888d7c7a9ce5efeb86a1170a38b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/internet-bank.ashx?timestamp=20171011170622
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 26 Aug 2019 00:29:37 GMT
Last-Modified: Thu, 15 Dec 2016 11:13:47 GMT
ETag: 1a94f459148d41a190a03eddf666aeab
Content-Type: image/png
Cache-Control: public
r: 8.1.2.0
Content-Length: 1247
Expires: Mon, 26 Aug 2019 00:31:38 GMT

GET
H/1.1 200
OK loading-graphic.png
onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/img/ 2 KB
3 KB 39ms
39ms Image
image/png 155.131.32.21

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/img/loading-graphic.png
Requested by: Host: serveugandainitiative.org
URL: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 155.131.32.21 , United Kingdom, ASN8698 (, GB),
Reverse DNS
Software: /
Resource Hash: ac07fbf105019336ea0feec19e3ea9ec28557b2748de0a790be3213884bff45c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/internet-bank.ashx?timestamp=20171011170622
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 26 Aug 2019 00:29:37 GMT
Last-Modified: Thu, 28 Apr 2016 09:38:39 GMT
ETag: 0461eb19771046ec8d434c0fc6db589e
Content-Type: image/png
Cache-Control: public
r: 8.1.2.0
Content-Length: 1936
Expires: Mon, 26 Aug 2019 00:31:38 GMT

GET nbs-bold-webfont-woff.woff
onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/fonts/ 0
0

GET NBS-Icons-woff.woff
onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/fonts/ 0
0

GET nbs-medium-webfont-ttf.ttf
onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/fonts/ 0
0

GET
H/1.1 200
OK id Show response
smetrics.nationwide.co.uk/ 90 B
766 B 119ms
22ms XHR
application/x-javascript 63.140.40.27
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://smetrics.nationwide.co.uk/id?d_visid_ver=1.7.0&d_fieldgroup=A&mcorgid=1D4334B852784A2D0A490D44%40AdobeOrg&mid=54436641421659173983017105160426873420&ts=1566779378613
Requested by: Host: onlinebanking.nationwide.co.uk
URL: https://onlinebanking.nationwide.co.uk/Scripts/app.master.head.js?v=S8Mn63VWm68eNyT9k8qymq_92Evo55TP7watStV-mAQ1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.140.40.27 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS: nationwide.co.uk.ssl.d2.sc.omtrdc.net
Software: Omniture DC /
Resource Hash: ea32d852e66ecf667281b0bcfb6403524ebe7051d767a372f0213bc6e4f20acd

Request headers

Sec-Fetch-Mode: cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Mon, 26 Aug 2019 00:29:38 GMT
Server: Omniture DC
xserver: www7146
Vary: Origin
X-C: ms-6.9.1
P3P: CP="This is not a P3P policy"
Access-Control-Allow-Origin: https://serveugandainitiative.org
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/x-javascript
Keep-Alive: timeout=15
Content-Length: 90

GET nbs-bold-webfont-ttf.ttf
onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/fonts/ 0
0

GET NBS-Icons-ttf.ttf
onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/fonts/ 0
0

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 219 B
987 B 36ms
35ms XHR
application/json 34.253.55.79
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id?d_visid_ver=1.7.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&d_mid=54436641421659173983017105160426873420&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%012EB193F905310425-6000019240000E21&ts=1566779378737
Requested by: Host: onlinebanking.nationwide.co.uk
URL: https://onlinebanking.nationwide.co.uk/Scripts/app.master.head.js?v=S8Mn63VWm68eNyT9k8qymq_92Evo55TP7watStV-mAQ1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.55.79 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-253-55-79.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b91d465baf0aa3082eaacd4b240c01975e1ee1310238e732acc3eb6ba1d4050b

Request headers

Sec-Fetch-Mode: cors
Referer: https://serveugandainitiative.org/wordpress/wp-content/upgrade/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v041-0e0e5157e.edge-irl1.demdex.com 5.58.1.20190812093348 5ms (+0ms)
Pragma: no-cache
X-TID: kdjkg4pgSWk=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://serveugandainitiative.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 219
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: onlinebanking.nationwide.co.uk
URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/fonts/nbs-medium-webfont-woff.woff

Domain: onlinebanking.nationwide.co.uk
URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/fonts/nbs-bold-webfont-woff.woff

Domain: onlinebanking.nationwide.co.uk
URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/fonts/NBS-Icons-woff.woff

Domain: onlinebanking.nationwide.co.uk
URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/fonts/nbs-medium-webfont-ttf.ttf

Domain: onlinebanking.nationwide.co.uk
URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/fonts/nbs-bold-webfont-ttf.ttf

Domain: onlinebanking.nationwide.co.uk
URL: https://onlinebanking.nationwide.co.uk/cms/~/media/Files/InternetBanking/fonts/NBS-Icons-ttf.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nationwide Bank (Banking)

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
serveugandainitiative.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 76123d593b4f002960247d1ea2daac43
serveugandainitiative.org/	1969-12-31 23:59:59	Name: AMCVS_1D4334B852784A2D0A490D44%40AdobeOrg Value: 1
serveugandainitiative.org/	1970-01-19 20:45:37	Name: AMCV_1D4334B852784A2D0A490D44%40AdobeOrg Value: -179204249%7CMCIDTS%7C18135%7CMCMID%7C54436641421659173983017105160426873420%7CMCAAMLH-1567384178%7C6%7CMCAAMB-1567384178%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1566786578s%7CNONE%7CMCAID%7C2EB193F905310425-6000019240000E21
.serveugandainitiative.org/	1970-01-19 03:13:01	Name: mbox Value: check#true#1566779439\|session#9e2fdcbfa065465a8351458dc9f74eac#1566781239
.serveugandainitiative.org/	1970-01-19 11:58:35	Name: __cfduid Value: d26a62fcbd86522f5fc6138449c8a733f1566779376

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dpm.demdex.net
onlinebanking.nationwide.co.uk
serveugandainitiative.org
smetrics.nationwide.co.uk
onlinebanking.nationwide.co.uk
155.131.32.21
2606:4700:30::681b:b47c
34.253.55.79
63.140.40.27
1ae4fa654fe6f05b911a1490eb7e3fa7cafd913bb9501f245b4b5e1af6e7052e
2102b0eaa9cf9c8f0ebb190346ebf3d191c99f36173cef5fdec30523fccda19f
3e76108f4a25c59ca111562c826a1a4011d6f25c33cacbca1c72b13b9b33d221
42f7e970c86a15440f7e44e8f6df143abcfb9aece0811505ea53970f7dfd2dd0
4a488bdf1fa9ce48e8bfdb0691b271d45bd3caa83ccdec0257ab4b29f74a9de5
4a8933b4bd5e6872cfbbd0d27a09aec83e912edda66b3702bc650eb6174d93b9
65a99b820d3f50fc3159c1cd6acde26c7a87bf1e1a22c617ed39ec11289044d6
6b5a5bfda85b061489859bca408ae353a3941e74e2a09ba9f601221f3d9296ea
892ef25d857dbb17c3310310338578e0e19772646435a540fdc717b47979b13b
9b08f580df0077bea43c55c19312b9a8ffb33b767944159cde379115216ffb35
ac07fbf105019336ea0feec19e3ea9ec28557b2748de0a790be3213884bff45c
b32634b414f7ec3171ce9d176f2c989d7a91748d6f5c8c1da16b392ef433718e
b91d465baf0aa3082eaacd4b240c01975e1ee1310238e732acc3eb6ba1d4050b
c6164642f386cfa0495b5644c28d71d47c0c8ee2a45a873924d264814f783c88
e7ecb597c300359a945e12057da111d4ef161179f2d2df2579b145bd1350d2c7
ea32d852e66ecf667281b0bcfb6403524ebe7051d767a372f0213bc6e4f20acd
f06722cdec025dcab10f4fab41dfd79ffe6a8888d7c7a9ce5efeb86a1170a38b
f12fbfa4f4c72ca8aac74a20c4783512b2325d6f6c44c7af24354df60645de96
f1756453897bd3df8ea62f6436131f2d4ed6b7c7881bc4d3f29ae51758074abc
f421d382398e4d447622b2e02e490ded348fd358ce4da8a74ba43e602c7a6753
f65524fbd00ec3ab3a6c666fb5ae933625b05fd5cf2065ca52ca7227e1fa2281
f7d4dfeaa15f884eeda3f03839d140badd1548fdf60990c8ae46c7d513ca579b

serveugandainitiative.org Open in urlscan Pro 2606:4700:30::681b:b47c Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

31 Requests

81 %HTTPS

25 %IPv6

3 Domains

4 Subdomains

5 IPs

3 Countries

199 kBTransfer

394 kBSize

5 Cookies

18 Outgoing links

Page URL History

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

77 JavaScript Global Variables

5 Cookies

serveugandainitiative.org Open in urlscan Pro
2606:4700:30::681b:b47c Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

81 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

199 kB
Transfer

394 kB
Size

5
Cookies

31 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!