Submitted URL: http://check-newpayee-halfax.com/
Effective URL: http://check-newpayee-halfax.com/Login.php
Submission: On January 14 via automatic, source openphish

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 162.0.215.180, located in Canada and belongs to NAMECHEAP-NET, US. The main domain is check-newpayee-halfax.com.
This is the only time check-newpayee-halfax.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Halifax Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 9 162.0.215.180 22612 (NAMECHEAP...)
8 1
Domain
Subdomains
Transfer
9 check-newpayee-halfax.com
159 KB
8 1
Domain Requested by
9 check-newpayee-halfax.com 1 redirects check-newpayee-halfax.com
8 1

This site contains links to these domains. Also see Links.

Domain
www.halifax-online.co.uk
www.halifax.co.uk
Subject / Issuer Validity Valid

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i


Stats

0
Requests

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Login.php

Redirect Chain
  • http://check-newpayee-halfax.com/
  • http://check-newpayee-halfax.com/Login.php
91 KB
13 KB
Document
General
Full URL
http://check-newpayee-halfax.com/Login.php
Protocol
HTTP/1.1
Server
162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business110-3.web-hosting.com
Software
Apache / PHP/7.2.34
Resource Hash
b74ff1234f834f60c2aa3cff4e8d68a70fff13f6838da50e2c445fff841c7dab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
check-newpayee-halfax.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:29:16 GMT
Server
Apache
X-Powered-By
PHP/7.2.34
Vary
Accept-Encoding
Content-Encoding
gzip
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Referrer-Policy
no-referrer-when-downgrade

Redirect headers

Date
Thu, 14 Jan 2021 01:29:16 GMT
Server
Apache
X-Powered-By
PHP/7.2.34
location
Login.php
Content-Length
0
Content-Type
text/html; charset=UTF-8
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Referrer-Policy
no-referrer-when-downgrade
base-auto-min200526.css
/files/css
87 KB
17 KB
Stylesheet
General
Full URL
http://check-newpayee-halfax.com/files/css/base-auto-min200526.css
Requested by
Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/Login.php
Protocol
HTTP/1.1
Server
162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business110-3.web-hosting.com
Software
Apache /
Resource Hash
f1a08e104670da21abd4338136ac8bdcd388c2886e41d11ced35cb2da6b52ddb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://check-newpayee-halfax.com/Login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:29:16 GMT
Content-Encoding
gzip
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Sat, 11 Jul 2020 22:16:02 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-XSS-Protection
1; mode=block
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
16477
X-Content-Type-Options
nosniff
jquery.js
/files/js
266 KB
77 KB
Script
General
Full URL
http://check-newpayee-halfax.com/files/js/jquery.js
Requested by
Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/Login.php
Protocol
HTTP/1.1
Server
162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business110-3.web-hosting.com
Software
Apache /
Resource Hash
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://check-newpayee-halfax.com/Login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:29:17 GMT
Content-Encoding
gzip
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Sat, 24 Aug 2019 13:25:18 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1; mode=block
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
Halifax-logo-1432115232.gif
/files/img
6 KB
6 KB
Image
General
Full URL
http://check-newpayee-halfax.com/files/img/Halifax-logo-1432115232.gif
Requested by
Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/Login.php
Protocol
HTTP/1.1
Server
162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business110-3.web-hosting.com
Software
Apache /
Resource Hash
52f775c52a7a465d35c60169d86f01b09c6ac17d80b0ecb6c7301e17c0394fe4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://check-newpayee-halfax.com/Login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:29:17 GMT
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Thu, 09 Jul 2020 07:31:08 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
X-XSS-Protection
1; mode=block
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Accept-Ranges
bytes
Content-Length
6106
X-Content-Type-Options
nosniff
padlock-secure-NGB-1432115235.gif
/files/img
204 B
604 B
Image
General
Full URL
http://check-newpayee-halfax.com/files/img/padlock-secure-NGB-1432115235.gif
Requested by
Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/Login.php
Protocol
HTTP/1.1
Server
162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business110-3.web-hosting.com
Software
Apache /
Resource Hash
a32d4cb0261b95eae669b741ad8938ad02057d0e0c1cc1638f9cd493a00274de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://check-newpayee-halfax.com/Login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:29:17 GMT
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Thu, 09 Jul 2020 07:31:08 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
X-XSS-Protection
1; mode=block
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Accept-Ranges
bytes
Content-Length
204
X-Content-Type-Options
nosniff
savings_newstyle-1593009617.png
/files/img
11 KB
11 KB
Image
General
Full URL
http://check-newpayee-halfax.com/files/img/savings_newstyle-1593009617.png
Requested by
Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/Login.php
Protocol
HTTP/1.1
Server
162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business110-3.web-hosting.com
Software
Apache /
Resource Hash
a919a7fbb66564472a3a5e890ff7b563563d5d5fa68ead3ea40388051caf6738
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://check-newpayee-halfax.com/Login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:29:18 GMT
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Thu, 09 Jul 2020 07:31:08 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
X-XSS-Protection
1; mode=block
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Accept-Ranges
bytes
Content-Length
10893
X-Content-Type-Options
nosniff
fscs-ngb-logon-banner-V2-1459783745.png
/files/img
33 KB
33 KB
Image
General
Full URL
http://check-newpayee-halfax.com/files/img/fscs-ngb-logon-banner-V2-1459783745.png
Requested by
Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/Login.php
Protocol
HTTP/1.1
Server
162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business110-3.web-hosting.com
Software
Apache /
Resource Hash
ef18a59ce2fac55baba361d886d7835b66d2e8ecf485c3a4f59dd06fd819aa3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://check-newpayee-halfax.com/Login.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:29:18 GMT
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Thu, 09 Jul 2020 07:31:08 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
X-XSS-Protection
1; mode=block
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Accept-Ranges
bytes
Content-Length
33434
X-Content-Type-Options
nosniff
chevron_right_white.png
/files/img
1 KB
1 KB
Image
General
Full URL
http://check-newpayee-halfax.com/files/img/chevron_right_white.png
Requested by
Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/files/css/base-auto-min200526.css
Protocol
HTTP/1.1
Server
162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business110-3.web-hosting.com
Software
Apache /
Resource Hash
e3cd0d68d226d95c5901c2a6ce9fe33f60531a25f777d0734fa2a61bd0964ef8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://check-newpayee-halfax.com/files/css/base-auto-min200526.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:29:18 GMT
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 10 Jul 2020 00:40:28 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
X-XSS-Protection
1; mode=block
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Accept-Ranges
bytes
Content-Length
1098
X-Content-Type-Options
nosniff

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 0
  • http://check-newpayee-halfax.com/
  • http://check-newpayee-halfax.com/Login.php

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Halifax Bank (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block