urlscan.io logo urlscan.io
SecurityTrails logo

halifaxaccess.com Open in urlscan Pro
179.43.187.177  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://halifaxaccess.com/
Effective URL: https://halifaxaccess.com/login
Submission: On August 14 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 21 HTTP transactions. The main IP is 179.43.187.177, located in Zurich, Switzerland and belongs to PLI-AS, PA. The main domain is halifaxaccess.com.
TLS certificate: Issued by R3 on August 13th 2021. Valid for: 3 months.
This is the only time halifaxaccess.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Halifax Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 3 179.43.187.177 51852 (PLI-AS)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
11 23.45.236.246 16625 (AKAMAI-AS)
1 2600:9000:21f... 16509 (AMAZON-02)
1 18.158.208.124 16509 (AMAZON-02)
2 2 142.250.185.198 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
21 7
3    179.43.187.177 (Zurich, Switzerland)

ASN51852 (PLI-AS, PA)
halifaxaccess.com
1    2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
11    23.45.236.246 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-236-246.deploy.static.akamaitechnologies.com
www.halifax-online.co.uk
1    2600:9000:21f3:5c00:e:a6e2:4f80:93a1 (United States)

ASN16509 (AMAZON-02, US)
bcdn-16c9d93d.halifax-online.co.uk
1    18.158.208.124 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-208-124.eu-central-1.compute.amazonaws.com
statse.webtrendslive.com
2    142.250.185.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net
ad-emea.doubleclick.net
1    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
Domain Requested by
11 www.halifax-online.co.uk halifaxaccess.com
www.halifax-online.co.uk
3 halifaxaccess.com 1 redirects halifaxaccess.com
2 ad-emea.doubleclick.net 2 redirects
1 adservice.google.de halifaxaccess.com
1 adservice.google.com 1 redirects
1 statse.webtrendslive.com halifaxaccess.com
1 bcdn-16c9d93d.halifax-online.co.uk halifaxaccess.com
1 code.jquery.com halifaxaccess.com
21 8

This site contains links to these domains. Also see Links.

Domain
www.halifax-online.co.uk
www.halifax.co.uk
Subject Issuer Validity Valid
halifaxaccess.com
R3		 2021-08-13 -
2021-11-11		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
GLZ-IB-LBG-DESKTOP-PROD-101.lloydsbanking.com
QuoVadis Europe EV SSL CA G1		 2020-09-09 -
2021-09-09		 a year crt.sh
bcdn-16c9d93d.lloydsbank.co.uk
QuoVadis Europe EV SSL CA G1		 2020-09-16 -
2021-09-16		 a year crt.sh
statse.webtrendslive.com
Entrust Certification Authority - L1K		 2020-10-01 -
2021-10-09		 a year crt.sh
*.google.de
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://halifaxaccess.com/login
Frame ID: 71D18A2DE07D9CB4829EFDD687079018
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://halifaxaccess.com/ HTTP 302
    https://halifaxaccess.com/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

21
Requests

81 %
HTTPS

50 %
IPv6

7
Domains

8
Subdomains

7
IPs

4
Countries

216 kB
Transfer

1248 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://halifaxaccess.com/ HTTP 302
    https://halifaxaccess.com/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • https://ad-emea.doubleclick.net/activity;src=2570593;type=dccon929;cat=dccon750;u=;ord=5472552895483.809 HTTP 302
  • https://ad-emea.doubleclick.net/activity;dc_pre=CP_WmLOtr_ICFZDUUQod7vIOnQ;src=2570593;type=dccon929;cat=dccon750;u=;ord=5472552895483.809 HTTP 302
  • https://adservice.google.com/ddm/fls/p/dc_pre=CP_WmLOtr_ICFZDUUQod7vIOnQ;src=2570593;type=dccon929;cat=dccon750;u=;ord=5472552895483.809;~oref=https://halifaxaccess.com/ HTTP 302
  • https://adservice.google.de/ddm/fls/p/dc_pre=CP_WmLOtr_ICFZDUUQod7vIOnQ;src=2570593;type=dccon929;cat=dccon750;u=;ord=5472552895483.809;~oref=https://halifaxaccess.com/

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set login
halifaxaccess.com/
Redirect Chain
  • https://halifaxaccess.com/
  • https://halifaxaccess.com/login
37 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://halifaxaccess.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
179.43.187.177 Zurich, Switzerland, ASN51852 (PLI-AS, PA),
Reverse DNS
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
c41b123f51afa2f842ddacf9b570b21e3ddfd4835428c952dcf5c9d10f4e5f30
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Host
halifaxaccess.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 14 Aug 2021 01:25:02 GMT
Server
Apache/2.4.41 (Ubuntu)
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff
Set-Cookie
AUTH_SYSTEM=nff0vo7idd2pa7iapgm4achusm; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Access-Control-Allow-Origin
*
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
6446
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Sat, 14 Aug 2021 01:25:02 GMT
Server
Apache/2.4.41 (Ubuntu)
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff
Upgrade
h2
Connection
Upgrade, Keep-Alive
Location
./login
Content-Length
0
Keep-Alive
timeout=5, max=100
Content-Type
text/html; charset=UTF-8
jquery-1.3.2.js
code.jquery.com/ 		118 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-1.3.2.js
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
233a5d16bee5a64bf3bc19abe3cc812a1e0619435f01c163f628773a469ff719

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 14 Aug 2021 01:25:02 GMT
content-encoding
gzip
last-modified
Fri, 24 Oct 2014 00:16:07 GMT
server
nginx
etag
W/"54499a47-1d72b"
vary
Accept-Encoding
x-hw
1628904302.dop109.fr8.t,1628904302.cds056.fr8.hc,1628904302.cds253.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
35125
sca_base.css
www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/style/ 		26 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/style/sca_base.css
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.236.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-236-246.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
eeb7c47a598d3e0d3c6ab4ec93c465bffc8df5a783c1b5aa7d416cebffc8ca54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 15 Jul 2021 10:47:40 GMT
X-Powered-By
Servlet/3.0
Vary
Accept-Encoding
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Sat, 14 Aug 2021 01:25:02 GMT
Connection
keep-alive
Accept-Ranges
none
Content-Type
text/css
Content-Length
6245
ETag
W/"WA227635601b0c3a5b"
Expires
Tue, 09 Aug 2022 02:45:49 GMT
scriptsnippet.jspf
www.halifax-online.co.uk/static/mobile/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/static/mobile/scriptsnippet.jspf
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.236.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-236-246.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
3cc2433e7b64fb7a48df98cfe49eb22fcf62496c5baaab72da6fe61bb2700675
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
Servlet/3.0
X-Frame-Options
SAMEORIGIN
Content-Language
en-US
Cache-Control
public, max-age=3600
Date
Sat, 14 Aug 2021 01:25:02 GMT
Connection
keep-alive
Content-Type
application/x-javascript;charset=UTF-8
Vary
Accept-Encoding
Content-Length
2448
X-XSS-Protection
1; mode=block
Expires
Sat, 14 Aug 2021 02:25:02 GMT
cdApi.js
www.halifax-online.co.uk/assets/lib/ 		518 B
971 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/assets/lib/cdApi.js
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.236.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-236-246.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
565fe82094015a603c34cf0dd4ba24741d09a7e6a6376a494bde54778dc195d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 15 Jul 2021 10:47:38 GMT
X-Powered-By
Servlet/3.0
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Sat, 14 Aug 2021 01:25:03 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
518
Expires
Sat, 13 Aug 2022 00:40:31 GMT
16c9d93d.js
bcdn-16c9d93d.halifax-online.co.uk/scripts/16c9d93d/ 		604 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bcdn-16c9d93d.halifax-online.co.uk/scripts/16c9d93d/16c9d93d.js
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:5c00:e:a6e2:4f80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
121250760cbef07c7cc8877a9346f1a211b659095a7d034a0a0a78bce70ed518

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 13 Aug 2021 03:39:35 GMT
content-encoding
gzip
last-modified
Sun, 11 Jul 2021 07:20:58 GMT
server
AmazonS3
age
78329
etag
"6d87c3aa97a0f4bf08f0c9125f78dd30"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 590590f04f79f692591f9db0e720a31d.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
115009
x-amz-cf-id
949tf_VmyKdBxGCB8cTcJJNDt85wG8A4syO2I72jza_sb53pEV22Ig==
app-banner-icon.png
www.halifax-online.co.uk/assets/HalifaxRetail/ngb/img/icons/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.halifax-online.co.uk/assets/HalifaxRetail/ngb/img/icons/app-banner-icon.png
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.236.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-236-246.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
7ef338a5cba6efb3d1c50e429564d288e9f1f0e46d556f159b09315b81adec2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 15 Jul 2021 10:47:38 GMT
X-Powered-By
Servlet/3.0
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Sat, 14 Aug 2021 01:25:03 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
4175
ETag
"WA8eb95524912d06ba"
Expires
Wed, 10 Aug 2022 21:24:07 GMT
m05img302a_NEW_KEY-1560967285.png
www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/lloydstsb2009/miscellaneous/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/lloydstsb2009/miscellaneous/m05img302a_NEW_KEY-1560967285.png
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.236.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-236-246.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
f85e240c8b11d9e892a7fa8d935fadbde95a213a97c94c8919e54feb036bceb5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 19 Jun 2019 18:15:24 GMT
X-Powered-By
Servlet/3.0
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Sat, 14 Aug 2021 01:25:03 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
1770
Expires
Thu, 31 Mar 2022 16:15:59 GMT
m01img505a_NEW_KEY-1560967266.png
www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/lloydstsb2009/miscellaneous/ 		436 B
876 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/lloydstsb2009/miscellaneous/m01img505a_NEW_KEY-1560967266.png
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.236.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-236-246.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
93f3f21aa286679fe50d6baf37d6394ec94e47195ea120cde3ca5a37eccb02ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 19 Jun 2019 18:15:24 GMT
X-Powered-By
Servlet/3.0
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Sat, 14 Aug 2021 01:25:03 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
436
Expires
Wed, 30 Mar 2022 22:03:26 GMT
p0400lnk502a_NEW_KEY-1560967298.png
www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/lloydstsb2009/miscellaneous/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/lloydstsb2009/miscellaneous/p0400lnk502a_NEW_KEY-1560967298.png
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.236.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-236-246.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
0c12911c7c0597585969a2400fd8e96946f12199207b124b5f926a27a418d685
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 19 Jun 2019 18:15:24 GMT
X-Powered-By
Servlet/3.0
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Sat, 14 Aug 2021 01:25:03 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
10488
Expires
Fri, 01 Apr 2022 08:02:17 GMT
global-auto-min210524.js
www.halifax-online.co.uk/unauth/assets/lib/mobile/ 		72 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/unauth/assets/lib/mobile/global-auto-min210524.js
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.236.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-236-246.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
2abca0b6ad20b7068d66c6700a4a6538532cc4e4e4ecd77b944a89661b3752b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 15 Jul 2021 10:47:42 GMT
X-Powered-By
Servlet/3.0
Vary
Accept-Encoding
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Sat, 14 Aug 2021 01:25:03 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
18948
ETag
"WA7c97c8f5293f10bb"
Expires
Fri, 12 Aug 2022 05:37:01 GMT
P04.00.04.js
www.halifax-online.co.uk/assets/webtrends/mobiledefault/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/assets/webtrends/mobiledefault/P04.00.04.js
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.236.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-236-246.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
1d9b6b596f1df72400db097b5e8c5a72e619b1043d8f3958c7db14b5292cd8bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 15 Jul 2021 10:47:38 GMT
X-Powered-By
Servlet/3.0
Vary
Accept-Encoding
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Sat, 14 Aug 2021 01:25:03 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
755
ETag
"WA0fd512fa0042c9fd"
Expires
Thu, 11 Aug 2022 02:38:36 GMT
mobileanalytics-min210524.js
www.halifax-online.co.uk/unauth/assets/lib/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/unauth/assets/lib/mobileanalytics-min210524.js
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.236.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-236-246.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
0f8b7c5244036715e19e8b16418178f0865762a4e16834d63197fd1a24edb29d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 15 Jul 2021 10:47:42 GMT
X-Powered-By
Servlet/3.0
Vary
Accept-Encoding
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Sat, 14 Aug 2021 01:25:03 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
8728
ETag
"WA667d0ebbc1015992"
Expires
Fri, 12 Aug 2022 05:37:01 GMT
authed.js
halifaxaccess.com//public/js/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://halifaxaccess.com//public/js/authed.js
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
179.43.187.177 Zurich, Switzerland, ASN51852 (PLI-AS, PA),
Reverse DNS
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
e0be801b43070ba7fe4d36a604eb829ba11501246c4f49c176c80dbdeb6a6d3b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
halifaxaccess.com
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://halifaxaccess.com/login
Cookie
AUTH_SYSTEM=nff0vo7idd2pa7iapgm4achusm
Connection
keep-alive
Referer
https://halifaxaccess.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 14 Aug 2021 01:25:03 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 13 Aug 2021 12:27:08 GMT
Server
Apache/2.4.41 (Ubuntu)
ETag
"e78-5c96ff84e7f00-gzip"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
Keep-Alive
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
923
Keep-Alive
timeout=5, max=98
chevron_right_primary_blue_sca.svg
www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/img/link_types/ 		1021 B
999 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/img/link_types/chevron_right_primary_blue_sca.svg
Requested by
Host: www.halifax-online.co.uk
URL: https://www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/style/sca_base.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.45.236.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-236-246.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
a0cd1c592435afce614c60e6a369a8f30337c49d5fde7c357c920dd808344f93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/style/sca_base.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 15 Jul 2021 10:47:40 GMT
X-Powered-By
Servlet/3.0
Vary
Accept-Encoding
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Sat, 14 Aug 2021 01:25:03 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/svg+xml
Content-Length
508
Expires
Thu, 11 Aug 2022 15:35:00 GMT
AgendaW01-Regular.woff
www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/fonts/ 		0
0
AgendaW01-Bold.woff
www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/fonts/ 		0
0
dcs.gif
statse.webtrendslive.com/dcs33ei9u10000kby9iq3fci2_2x7f/ 		67 B
175 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://statse.webtrendslive.com/dcs33ei9u10000kby9iq3fci2_2x7f/dcs.gif?&dcsdat=1628904303660&dcssip=halifaxaccess.com&dcsuri=/login&WT.ti=Halifax%20-%20Mobile%20Banking%20-%20Login&WT.sp=IB;mobilebanking&WT.cg_n=Mobile%20Banking&WT.cg_s=loginwithreglink&WT.si_x=0&WT.si_n=Logon&WT.tx_e=W3&WT.tx_n=App%20Download&WT.tz=2&WT.bh=3&WT.ul=en-US&WT.cd=24&WT.sr=1600x1200&WT.jo=No&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1600x1200&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=1&WT.es=halifaxaccess.com/login&WT.vt_f_a=2&WT.vt_f=2&SmartAppBannerSwitch=Y&SmartAppBanner=Y
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.158.208.124 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-208-124.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
cache-control
no-cache
expires
-1
date
Sat, 14 Aug 2021 01:25:04 GMT
content-length
67
content-type
image/gif
/
adservice.google.de/ddm/fls/p/dc_pre=CP_WmLOtr_ICFZDUUQod7vIOnQ;src=2570593;type=dccon929;cat=dccon750;u=;ord=5472552895483.809;~oref=https://halifaxaccess.com/
Redirect Chain
  • https://ad-emea.doubleclick.net/activity;src=2570593;type=dccon929;cat=dccon750;u=;ord=5472552895483.809?
  • https://ad-emea.doubleclick.net/activity;dc_pre=CP_WmLOtr_ICFZDUUQod7vIOnQ;src=2570593;type=dccon929;cat=dccon750;u=;ord=5472552895483.809?
  • https://adservice.google.com/ddm/fls/p/dc_pre=CP_WmLOtr_ICFZDUUQod7vIOnQ;src=2570593;type=dccon929;cat=dccon750;u=;ord=5472552895483.809;~oref=https://halifaxaccess.com/
  • https://adservice.google.de/ddm/fls/p/dc_pre=CP_WmLOtr_ICFZDUUQod7vIOnQ;src=2570593;type=dccon929;cat=dccon750;u=;ord=5472552895483.809;~oref=https://halifaxaccess.com/
42 B
798 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.de/ddm/fls/p/dc_pre=CP_WmLOtr_ICFZDUUQod7vIOnQ;src=2570593;type=dccon929;cat=dccon750;u=;ord=5472552895483.809;~oref=https://halifaxaccess.com/
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://halifaxaccess.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 14 Aug 2021 01:25:04 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 14 Aug 2021 01:25:04 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/html; charset=UTF-8
location
https://adservice.google.de/ddm/fls/p/dc_pre=CP_WmLOtr_ICFZDUUQod7vIOnQ;src=2570593;type=dccon929;cat=dccon750;u=;ord=5472552895483.809;~oref=https://halifaxaccess.com/
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
96ccd7f8-d96c-472e-aac0-7e12604f57b7
https://halifaxaccess.com/ 		165 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://halifaxaccess.com/96ccd7f8-d96c-472e-aac0-7e12604f57b7
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
25e521f17135f161c1f02f0555af227292ab009967c461380e3135c414f288e6

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
169098
509eaec6-6cea-475a-852a-ee9bfe0a55ac
https://halifaxaccess.com/ 		165 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://halifaxaccess.com/509eaec6-6cea-475a-852a-ee9bfe0a55ac
Requested by
Host: halifaxaccess.com
URL: https://halifaxaccess.com/login
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
25e521f17135f161c1f02f0555af227292ab009967c461380e3135c414f288e6

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
169098

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.halifax-online.co.uk
URL
https://www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/fonts/AgendaW01-Regular.woff
Domain
www.halifax-online.co.uk
URL
https://www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/fonts/AgendaW01-Bold.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Halifax Bank (Banking)

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| DI object| campaignScripts undefined| index function| downloadBCV2Onload function| showWebTrendForCancel function| showWebTrendForContinueApp object| _AP object| LBGM string| mobileType string| userAgent function| gotoTop function| addOption function| toggler function| Validatable object| LBG object| QuestionSelectors object| QuestionEvents object| QuestionState function| Question function| EmailQuestion function| QuestionManager function| Validation function| Class object| analyticsElementArray object| pageAnalyticsElementArray string| iosAbvSixTagValue string| iosBlwSixAndAndroidTagValue string| txtWtSiXTagValue string| txtWtTxETagValue function| webTrendsForSmartAppBanner function| webTrendsForMLPT function| PageAnalyticsElement string| txtWtTxNTagValue function| doubleclickConnector function| doubleclickConnector_setCookie function| doubleclickConnector_getCookie function| WebTrends function| dcsMultiTrack function| dcsDebug string| acct_id function| grabValue function| setAcctID function| checkAcctID object| LTSB function| bindOnLoadConfiguration function| construct function| init function| hideFirst object| _tag number| end string| value string| urlp object| cdApi object| cdwpb

5 Cookies

Domain/Path Name / Value
.halifaxaccess.com/ Name: cdContextId
Value: 2
.halifaxaccess.com/ Name: cdSNum
Value: 1628904303964-sjn0000612-d02cfb0a-586f-489e-bd44-077eb18cc38a
.halifaxaccess.com/ Name: bmuid
Value: 1628904303821-982C6B90-6AED-430D-BC6B-362B77094350
halifaxaccess.com/ Name: dcConnector
Value: true
halifaxaccess.com/ Name: AUTH_SYSTEM
Value: nff0vo7idd2pa7iapgm4achusm

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-emea.doubleclick.net
adservice.google.com
adservice.google.de
bcdn-16c9d93d.halifax-online.co.uk
code.jquery.com
halifaxaccess.com
statse.webtrendslive.com
www.halifax-online.co.uk
www.halifax-online.co.uk
142.250.185.198
179.43.187.177
18.158.208.124
2001:4de0:ac18::1:a:2a
23.45.236.246
2600:9000:21f3:5c00:e:a6e2:4f80:93a1
2a00:1450:4001:829::2002
2a00:1450:4001:831::2002
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
0c12911c7c0597585969a2400fd8e96946f12199207b124b5f926a27a418d685
0f8b7c5244036715e19e8b16418178f0865762a4e16834d63197fd1a24edb29d
121250760cbef07c7cc8877a9346f1a211b659095a7d034a0a0a78bce70ed518
1d9b6b596f1df72400db097b5e8c5a72e619b1043d8f3958c7db14b5292cd8bd
233a5d16bee5a64bf3bc19abe3cc812a1e0619435f01c163f628773a469ff719
25e521f17135f161c1f02f0555af227292ab009967c461380e3135c414f288e6
2abca0b6ad20b7068d66c6700a4a6538532cc4e4e4ecd77b944a89661b3752b7
3cc2433e7b64fb7a48df98cfe49eb22fcf62496c5baaab72da6fe61bb2700675
565fe82094015a603c34cf0dd4ba24741d09a7e6a6376a494bde54778dc195d3
7ef338a5cba6efb3d1c50e429564d288e9f1f0e46d556f159b09315b81adec2d
93f3f21aa286679fe50d6baf37d6394ec94e47195ea120cde3ca5a37eccb02ce
a0cd1c592435afce614c60e6a369a8f30337c49d5fde7c357c920dd808344f93
c41b123f51afa2f842ddacf9b570b21e3ddfd4835428c952dcf5c9d10f4e5f30
e0be801b43070ba7fe4d36a604eb829ba11501246c4f49c176c80dbdeb6a6d3b
eeb7c47a598d3e0d3c6ab4ec93c465bffc8df5a783c1b5aa7d416cebffc8ca54
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f85e240c8b11d9e892a7fa8d935fadbde95a213a97c94c8919e54feb036bceb5