deny-application-access.com
Open in
urlscan Pro
162.0.209.241
Malicious Activity!
Public Scan
Effective URL: https://deny-application-access.com/lgin.jsp.php?VT.ac=Account/Activation&t_cookie=LVZUKW58379Z9PZTKIJ3XD2V4A2OEZ5C5F4T1BW0BG1VPO69K40
Submission: On January 11 via automatic, source phishtank
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 8th 2021. Valid for: a year.
This is the only time deny-application-access.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Lloyds (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 14 | 162.0.209.241 162.0.209.241 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
13 | 1 |
ASN22612 (NAMECHEAP-NET, US)
PTR: business99-4.web-hosting.com
deny-application-access.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
deny-application-access.com
1 redirects
deny-application-access.com |
196 KB |
13 | 1 |
Domain | Requested by | |
---|---|---|
14 | deny-application-access.com |
1 redirects
deny-application-access.com
|
13 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
deny-application-access.com Sectigo RSA Domain Validation Secure Server CA |
2021-01-08 - 2022-01-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://deny-application-access.com/lgin.jsp.php?VT.ac=Account/Activation&t_cookie=LVZUKW58379Z9PZTKIJ3XD2V4A2OEZ5C5F4T1BW0BG1VPO69K40
Frame ID: 2D9F8F1A9EC2BD65C03A852AA1BB19E8
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://deny-application-access.com/
HTTP 301
https://deny-application-access.com/ Page URL
- https://deny-application-access.com/lgin.jsp.php?VT.ac=Account/Activation&t_cookie=LVZUKW58379Z9PZTKIJ3XD2V4A2OE... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://deny-application-access.com/
HTTP 301
https://deny-application-access.com/ Page URL
- https://deny-application-access.com/lgin.jsp.php?VT.ac=Account/Activation&t_cookie=LVZUKW58379Z9PZTKIJ3XD2V4A2OEZ5C5F4T1BW0BG1VPO69K40 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://deny-application-access.com/ HTTP 301
- https://deny-application-access.com/
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
deny-application-access.com/ Redirect Chain
|
220 B 734 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
lgin.jsp.php
deny-application-access.com/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
deny-application-access.com/receipts/ |
85 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
caller.js
deny-application-access.com/receipts/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mobile_logo.png
deny-application-access.com/receipts/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
deny-application-access.com/receipts/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
err1.png
deny-application-access.com/receipts/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lloyds_bank_jack-regularWEB.woff
deny-application-access.com/receipts/ |
63 KB 63 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lloyds_bank_jack-lightWEB.woff
deny-application-access.com/receipts/ |
69 KB 69 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lloyds_bank_jack-mediumWEB.woff
deny-application-access.com/receipts/ |
31 KB 31 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
out.php
deny-application-access.com/connect/ |
0 312 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
out.php
deny-application-access.com/connect/ |
0 312 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
out.php
deny-application-access.com/connect/ |
0 312 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Lloyds (Banking)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| callerConnect function| callerAuth function| ranodmize number| action function| UHmlHP function| dyTmhLQJII1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
deny-application-access.com/ | Name: PHPSESSID Value: a851f454caab0041213ebebf31832e21 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
deny-application-access.com
162.0.209.241
07951109150b3a36372d8e9d5cb3d371f429f6ec6df02178483f235a3be68045
723e2f6ca8cc6783c5d8ffd3124318240838ac41df4977fbf2d6b0a0ed22a31f
7dd7cf44e2aa94fd6b014f057bb0fc124d15671f67538b87d1c502183d9ee2a1
991a121de8faf40ccce7ee09da5d5058a6a9fc0f116da0ae6661937d564718fe
9e6eda2bbb5bdf12576c5735f1a26df1654c5701f3c5df3c15ca1e42f579864b
cb8f0e9c683b45323c6f6fb0ac3dfa5c3b98792dae92ac7003eafa3e33f54d77
cba5c34d8867f986c18209bceb10a0afb5c515ef800045a99ee6a57c5caf982d
d60a6761863388fedcdd013441def41b3ce324bc2e14c5908f3dc7cd865bf829
d94b45399a9842e43a27838ef3fc9240bb7b1205378b16fb543d836256d9ad36
debe0b900e726ab6e7efc8d220111979c4b74aab9a8e377d314d720d00eb298f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855