halifaxaccess.com
Open in
urlscan Pro
179.43.187.177
Malicious Activity!
Public Scan
Effective URL: https://halifaxaccess.com/login
Submission: On August 18 via automatic, source phishtank
Summary
TLS certificate: Issued by R3 on August 13th 2021. Valid for: 3 months.
This is the only time halifaxaccess.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Halifax Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 179.43.187.177 179.43.187.177 | 51852 (PLI-AS) (PLI-AS) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
11 | 23.45.236.246 23.45.236.246 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 2600:9000:21f... 2600:9000:21f3:b600:e:a6e2:4f80:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.156.98.77 18.156.98.77 | 16509 (AMAZON-02) (AMAZON-02) | |
2 2 | 142.250.184.230 142.250.184.230 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:830::2002 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::2002 | 15169 (GOOGLE) (GOOGLE) | |
21 | 7 |
ASN16625 (AKAMAI-AS, US)
PTR: a23-45-236-246.deploy.static.akamaitechnologies.com
www.halifax-online.co.uk |
ASN16509 (AMAZON-02, US)
bcdn-16c9d93d.halifax-online.co.uk |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-98-77.eu-central-1.compute.amazonaws.com
statse.webtrendslive.com |
ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f6.1e100.net
ad-emea.doubleclick.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
halifax-online.co.uk
www.halifax-online.co.uk bcdn-16c9d93d.halifax-online.co.uk |
173 KB |
3 |
halifaxaccess.com
1 redirects
halifaxaccess.com |
9 KB |
2 |
doubleclick.net
2 redirects
ad-emea.doubleclick.net |
662 B |
1 |
google.de
adservice.google.de |
798 B |
1 |
google.com
1 redirects
adservice.google.com |
594 B |
1 |
webtrendslive.com
statse.webtrendslive.com |
175 B |
1 |
jquery.com
code.jquery.com |
35 KB |
21 | 7 |
Domain | Requested by | |
---|---|---|
11 | www.halifax-online.co.uk |
halifaxaccess.com
www.halifax-online.co.uk |
3 | halifaxaccess.com |
1 redirects
halifaxaccess.com
|
2 | ad-emea.doubleclick.net | 2 redirects |
1 | adservice.google.de |
halifaxaccess.com
|
1 | adservice.google.com | 1 redirects |
1 | statse.webtrendslive.com |
halifaxaccess.com
|
1 | bcdn-16c9d93d.halifax-online.co.uk |
halifaxaccess.com
|
1 | code.jquery.com |
halifaxaccess.com
|
21 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.halifax-online.co.uk |
www.halifax.co.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
halifaxaccess.com R3 |
2021-08-13 - 2021-11-11 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
GLZ-IB-LBG-DESKTOP-PROD-101.lloydsbanking.com QuoVadis Europe EV SSL CA G1 |
2020-09-09 - 2021-09-09 |
a year | crt.sh |
bcdn-16c9d93d.lloydsbank.co.uk QuoVadis Europe EV SSL CA G1 |
2020-09-16 - 2021-09-16 |
a year | crt.sh |
statse.webtrendslive.com Entrust Certification Authority - L1K |
2020-10-01 - 2021-10-09 |
a year | crt.sh |
*.google.de GTS CA 1C3 |
2021-07-12 - 2021-10-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://halifaxaccess.com/login
Frame ID: 9D50184DB5229BB14EBDF62444DB497D
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://halifaxaccess.com/
HTTP 302
https://halifaxaccess.com/login Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
Title: Cookie Policy
Search URL Search Domain Scan URL
Title: Remember my User ID
Search URL Search Domain Scan URL
Title: Forgotten your sign-in details?
Search URL Search Domain Scan URL
Title: Register for Internet Banking
Search URL Search Domain Scan URL
Title: Go to desktop site
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Mobile Banking
Search URL Search Domain Scan URL
Title: Legal
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://halifaxaccess.com/
HTTP 302
https://halifaxaccess.com/login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 19- https://ad-emea.doubleclick.net/activity;src=2570593;type=dccon929;cat=dccon750;u=;ord=619457390630.3491 HTTP 302
- https://ad-emea.doubleclick.net/activity;dc_pre=CMCug6PSufICFcHV3godULEG1w;src=2570593;type=dccon929;cat=dccon750;u=;ord=619457390630.3491 HTTP 302
- https://adservice.google.com/ddm/fls/p/dc_pre=CMCug6PSufICFcHV3godULEG1w;src=2570593;type=dccon929;cat=dccon750;u=;ord=619457390630.3491;~oref=https://halifaxaccess.com/ HTTP 302
- https://adservice.google.de/ddm/fls/p/dc_pre=CMCug6PSufICFcHV3godULEG1w;src=2570593;type=dccon929;cat=dccon750;u=;ord=619457390630.3491;~oref=https://halifaxaccess.com/
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
login
halifaxaccess.com/ Redirect Chain
|
37 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.3.2.js
code.jquery.com/ |
118 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sca_base.css
www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/style/ |
26 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scriptsnippet.jspf
www.halifax-online.co.uk/static/mobile/ |
9 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cdApi.js
www.halifax-online.co.uk/assets/lib/ |
518 B 971 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
16c9d93d.js
bcdn-16c9d93d.halifax-online.co.uk/scripts/16c9d93d/ |
604 KB 113 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app-banner-icon.png
www.halifax-online.co.uk/assets/HalifaxRetail/ngb/img/icons/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m05img302a_NEW_KEY-1560967285.png
www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/lloydstsb2009/miscellaneous/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m01img505a_NEW_KEY-1560967266.png
www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/lloydstsb2009/miscellaneous/ |
436 B 876 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
p0400lnk502a_NEW_KEY-1560967298.png
www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/lloydstsb2009/miscellaneous/ |
10 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global-auto-min210524.js
www.halifax-online.co.uk/unauth/assets/lib/mobile/ |
72 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
P04.00.04.js
www.halifax-online.co.uk/assets/webtrends/mobiledefault/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobileanalytics-min210524.js
www.halifax-online.co.uk/unauth/assets/lib/ |
26 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authed.js
halifaxaccess.com//public/js/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chevron_right_primary_blue_sca.svg
www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/img/link_types/ |
1021 B 999 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
AgendaW01-Regular.woff
www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
AgendaW01-Bold.woff
www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
e4c836e9-1161-42ce-8ce0-c3184e951855
https://halifaxaccess.com/ |
165 KB 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
578bed4e-fa03-4d32-93d6-c6b975349e7e
https://halifaxaccess.com/ |
165 KB 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dcs.gif
statse.webtrendslive.com/dcs33ei9u10000kby9iq3fci2_2x7f/ |
67 B 175 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
adservice.google.de/ddm/fls/p/dc_pre=CMCug6PSufICFcHV3godULEG1w;src=2570593;type=dccon929;cat=dccon750;u=;ord=619457390630.3491;~oref=https://halifaxaccess.com/ Redirect Chain
|
42 B 798 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.halifax-online.co.uk
- URL
- https://www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/fonts/AgendaW01-Regular.woff
- Domain
- www.halifax-online.co.uk
- URL
- https://www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/fonts/AgendaW01-Bold.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Halifax Bank (Banking)67 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| DI object| campaignScripts undefined| index function| downloadBCV2Onload function| showWebTrendForCancel function| showWebTrendForContinueApp object| _AP object| LBGM string| mobileType string| userAgent function| gotoTop function| addOption function| toggler function| Validatable object| LBG object| QuestionSelectors object| QuestionEvents object| QuestionState function| Question function| EmailQuestion function| QuestionManager function| Validation function| Class object| analyticsElementArray object| pageAnalyticsElementArray string| iosAbvSixTagValue string| iosBlwSixAndAndroidTagValue string| txtWtSiXTagValue string| txtWtTxETagValue function| webTrendsForSmartAppBanner function| webTrendsForMLPT function| PageAnalyticsElement string| txtWtTxNTagValue object| cdApi object| cdwpb function| doubleclickConnector function| doubleclickConnector_setCookie function| doubleclickConnector_getCookie function| WebTrends function| dcsMultiTrack function| dcsDebug string| acct_id function| grabValue function| setAcctID function| checkAcctID object| LTSB function| bindOnLoadConfiguration function| construct function| init function| hideFirst object| _tag number| end string| value string| urlp5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.halifaxaccess.com/ | Name: cdContextId Value: 2 |
|
.halifaxaccess.com/ | Name: cdSNum Value: 1629257799404-sjn0000280-26a94eed-8e35-4103-9df7-374bd45f24f9 |
|
halifaxaccess.com/ | Name: dcConnector Value: true |
|
.halifaxaccess.com/ | Name: bmuid Value: 1629257799220-6CCCF319-BB62-4BB6-ADAF-3C02AB097B05 |
|
halifaxaccess.com/ | Name: AUTH_SYSTEM Value: hup9ifqi77p5fhoiciftcljq92 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ad-emea.doubleclick.net
adservice.google.com
adservice.google.de
bcdn-16c9d93d.halifax-online.co.uk
code.jquery.com
halifaxaccess.com
statse.webtrendslive.com
www.halifax-online.co.uk
www.halifax-online.co.uk
142.250.184.230
179.43.187.177
18.156.98.77
2001:4de0:ac18::1:a:1b
23.45.236.246
2600:9000:21f3:b600:e:a6e2:4f80:93a1
2a00:1450:4001:828::2002
2a00:1450:4001:830::2002
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
0c12911c7c0597585969a2400fd8e96946f12199207b124b5f926a27a418d685
0f8b7c5244036715e19e8b16418178f0865762a4e16834d63197fd1a24edb29d
121250760cbef07c7cc8877a9346f1a211b659095a7d034a0a0a78bce70ed518
1d9b6b596f1df72400db097b5e8c5a72e619b1043d8f3958c7db14b5292cd8bd
233a5d16bee5a64bf3bc19abe3cc812a1e0619435f01c163f628773a469ff719
25e521f17135f161c1f02f0555af227292ab009967c461380e3135c414f288e6
2abca0b6ad20b7068d66c6700a4a6538532cc4e4e4ecd77b944a89661b3752b7
3cc2433e7b64fb7a48df98cfe49eb22fcf62496c5baaab72da6fe61bb2700675
565fe82094015a603c34cf0dd4ba24741d09a7e6a6376a494bde54778dc195d3
7ef338a5cba6efb3d1c50e429564d288e9f1f0e46d556f159b09315b81adec2d
86f36c4c647106453a11a7570906eecd097976f540dcbc7f568e4db2c9a2ac93
93f3f21aa286679fe50d6baf37d6394ec94e47195ea120cde3ca5a37eccb02ce
a0cd1c592435afce614c60e6a369a8f30337c49d5fde7c357c920dd808344f93
e0be801b43070ba7fe4d36a604eb829ba11501246c4f49c176c80dbdeb6a6d3b
eeb7c47a598d3e0d3c6ab4ec93c465bffc8df5a783c1b5aa7d416cebffc8ca54
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f85e240c8b11d9e892a7fa8d935fadbde95a213a97c94c8919e54feb036bceb5