check-newpayee-halfax.com
urlscan Pro

162.0.215.180 Malicious Activity!

Go To Report Rescan

Submitted URL:
http://check-newpayee-halfax.com/
Effective URL:
http://check-newpayee-halfax.com/Login.php
Submission: On January 14 via automatic, source openphish (January 14th 2021, 1:29:16 am)

Summary HTTP 8 Links 13 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 162.0.215.180, located in Canada and belongs to NAMECHEAP-NET, US. The main domain is check-newpayee-halfax.com.

This is the only time check-newpayee-halfax.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Halifax Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 9	162.0.215.180 162.0.215.180		22612 (NAMECHEAP...) (NAMECHEAP-NET)
8	1

9 162.0.215.180 (Canada) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: business110-3.web-hosting.com

check-newpayee-halfax.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Domain Subdomains	Transfer
9	check-newpayee-halfax.com 1 redirects	159 KB
8	1

	Domain	Requested by
9	check-newpayee-halfax.com	1 redirects check-newpayee-halfax.com
8	1

This site contains links to these domains. Also see Links.

Domain
www.halifax-online.co.uk
www.halifax.co.uk

Subject / Issuer	Validity	Valid

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Website

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Stats

0
Requests

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

13 Outgoing links

These are links going to different origins than the main page. For each link, only the first name is shown.

https://www.halifax-online.co.uk/personal/a/mobile/mobile_help/login/COOKIE_POLICY
Title: Cookie Policy
https://www.halifax-online.co.uk/personal/a/mobile/mobile_help/login/REMEMBER_ME
Title: Remember my User ID
https://www.halifax-online.co.uk/ib-access/cwa/forgotten-details/index.html
Title: Forgotten your sign-in details?
https://www.halifax.co.uk/savings/?WT.ac=lon/public/navigation/ban/r2pr/savs/s/rt/HxSavRbdBn
Title:
https://www.halifax.co.uk/loans/?WT.ac=lon/public/navigation/ban/r2pr/loan/s/rl/Hxloancalc
Title:
https://www.halifax-online.co.uk/personal/a/useradmin/mobile/registration/selectaccounttyperegistration.jsp?mobile=true
Title: Register for Internet Banking
https://www.halifax-online.co.uk/personal/logon/login.jsp?mobile=false
Title: Go to desktop site
https://www.halifax-online.co.uk/personal/a/mobile/mobile_help/login/HELP
Title: Help
https://www.halifax-online.co.uk/personal/a/mobile/mobile_help/login/SECURITY
Title: Security
https://www.halifax-online.co.uk/personal/a/mobile/mobile_help/login/CONTACT_US
Title: Contact us
https://www.halifax-online.co.uk/personal/a/mobile/mobile_help/login/MOBILE_BANKING
Title: Mobile Banking
https://www.halifax-online.co.uk/personal/a/mobile/mobile_help/login/LEGAL
Title: Legal
http://www.halifax.co.uk/fscs/

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

http://check-newpayee-halfax.com/
http://check-newpayee-halfax.com/Login.php

91 KB
13 KB

164ms
164ms

Document
text/html

162.0.215.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

http://check-newpayee-halfax.com/Login.php

Protocol

HTTP/1.1

Server

162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business110-3.web-hosting.com

Software

Apache / PHP/7.2.34

Resource Hash

b74ff1234f834f60c2aa3cff4e8d68a70fff13f6838da50e2c445fff841c7dab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: check-newpayee-halfax.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:29:16 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Referrer-Policy: no-referrer-when-downgrade

Redirect headers

Date: Thu, 14 Jan 2021 01:29:16 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
location: Login.php
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Referrer-Policy: no-referrer-when-downgrade

GET
H/1.1 200
OK base-auto-min200526.css
/files/css 87 KB
17 KB 175ms
163ms Stylesheet
text/css 162.0.215.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

http://check-newpayee-halfax.com/files/css/base-auto-min200526.css

Requested by

Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/Login.php

Protocol

HTTP/1.1

Server

162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business110-3.web-hosting.com

Software

Apache /

Resource Hash

f1a08e104670da21abd4338136ac8bdcd388c2886e41d11ced35cb2da6b52ddb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://check-newpayee-halfax.com/Login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:29:16 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 11 Jul 2020 22:16:02 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 16477
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK jquery.js Show response
/files/js 266 KB
77 KB 759ms
741ms Script
application/javascript 162.0.215.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

http://check-newpayee-halfax.com/files/js/jquery.js

Requested by

Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/Login.php

Protocol

HTTP/1.1

Server

162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business110-3.web-hosting.com

Software

Apache /

Resource Hash

84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://check-newpayee-halfax.com/Login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:29:17 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 24 Aug 2019 13:25:18 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK Halifax-logo-1432115232.gif
/files/img 6 KB
6 KB 162ms
162ms Image
image/gif 162.0.215.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://check-newpayee-halfax.com/files/img/Halifax-logo-1432115232.gif

Requested by

Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/Login.php

Protocol

HTTP/1.1

Server

162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business110-3.web-hosting.com

Software

Apache /

Resource Hash

52f775c52a7a465d35c60169d86f01b09c6ac17d80b0ecb6c7301e17c0394fe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://check-newpayee-halfax.com/Login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:29:17 GMT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 09 Jul 2020 07:31:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Accept-Ranges: bytes
Content-Length: 6106
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK padlock-secure-NGB-1432115235.gif
/files/img 204 B
604 B 162ms
162ms Image
image/gif 162.0.215.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://check-newpayee-halfax.com/files/img/padlock-secure-NGB-1432115235.gif

Requested by

Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/Login.php

Protocol

HTTP/1.1

Server

162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business110-3.web-hosting.com

Software

Apache /

Resource Hash

a32d4cb0261b95eae669b741ad8938ad02057d0e0c1cc1638f9cd493a00274de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://check-newpayee-halfax.com/Login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:29:17 GMT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 09 Jul 2020 07:31:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Accept-Ranges: bytes
Content-Length: 204
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK savings_newstyle-1593009617.png
/files/img 11 KB
11 KB 162ms
162ms Image
image/png 162.0.215.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://check-newpayee-halfax.com/files/img/savings_newstyle-1593009617.png

Requested by

Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/Login.php

Protocol

HTTP/1.1

Server

162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business110-3.web-hosting.com

Software

Apache /

Resource Hash

a919a7fbb66564472a3a5e890ff7b563563d5d5fa68ead3ea40388051caf6738

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://check-newpayee-halfax.com/Login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:29:18 GMT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 09 Jul 2020 07:31:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Accept-Ranges: bytes
Content-Length: 10893
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK fscs-ngb-logon-banner-V2-1459783745.png
/files/img 33 KB
33 KB 1859ms
1859ms Image
image/png 162.0.215.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://check-newpayee-halfax.com/files/img/fscs-ngb-logon-banner-V2-1459783745.png

Requested by

Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/Login.php

Protocol

HTTP/1.1

Server

162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business110-3.web-hosting.com

Software

Apache /

Resource Hash

ef18a59ce2fac55baba361d886d7835b66d2e8ecf485c3a4f59dd06fd819aa3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://check-newpayee-halfax.com/Login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:29:18 GMT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 09 Jul 2020 07:31:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Accept-Ranges: bytes
Content-Length: 33434
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK chevron_right_white.png
/files/img 1 KB
1 KB 616ms
616ms Image
image/png 162.0.215.180
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://check-newpayee-halfax.com/files/img/chevron_right_white.png

Requested by

Host: check-newpayee-halfax.com
URL: http://check-newpayee-halfax.com/files/css/base-auto-min200526.css

Protocol

HTTP/1.1

Server

162.0.215.180 , Canada, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

business110-3.web-hosting.com

Software

Apache /

Resource Hash

e3cd0d68d226d95c5901c2a6ce9fe33f60531a25f777d0734fa2a61bd0964ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://check-newpayee-halfax.com/files/css/base-auto-min200526.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:29:18 GMT
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 10 Jul 2020 00:40:28 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
Accept-Ranges: bytes
Content-Length: 1098
X-Content-Type-Options: nosniff

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 0

http://check-newpayee-halfax.com/
http://check-newpayee-halfax.com/Login.php

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Halifax Bank (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

check-newpayee-halfax.com
162.0.215.180
52f775c52a7a465d35c60169d86f01b09c6ac17d80b0ecb6c7301e17c0394fe4
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
a32d4cb0261b95eae669b741ad8938ad02057d0e0c1cc1638f9cd493a00274de
a919a7fbb66564472a3a5e890ff7b563563d5d5fa68ead3ea40388051caf6738
b74ff1234f834f60c2aa3cff4e8d68a70fff13f6838da50e2c445fff841c7dab
e3cd0d68d226d95c5901c2a6ce9fe33f60531a25f777d0734fa2a61bd0964ef8
ef18a59ce2fac55baba361d886d7835b66d2e8ecf485c3a4f59dd06fd819aa3f
f1a08e104670da21abd4338136ac8bdcd388c2886e41d11ced35cb2da6b52ddb

check-newpayee-halfax.com urlscan Pro 162.0.215.180 Malicious Activity!

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Stats

0 Requests

0 %HTTPS

0 %IPv6

0 Domains

0 Subdomains

0 IPs

0 Countries

0 kBTransfer

0 kBSize

0 Cookies

13 Outgoing links

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect requests

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

check-newpayee-halfax.com
urlscan Pro

162.0.215.180 Malicious Activity!

Screenshot
Live screenshot

Full Image

0
Requests

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!