urlscan.io logo urlscan.io
SecurityTrails logo

halifaxplc.co.uk Open in urlscan Pro
185.61.152.64  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://halifaxplc.co.uk/
Effective URL: http://halifaxplc.co.uk/mobile.php
Submission: On November 30 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 6 countries across 10 domains to perform 28 HTTP transactions. The main IP is 185.61.152.64, located in United Kingdom and belongs to NAMECHEAP-NET, US. The main domain is halifaxplc.co.uk.
This is the only time halifaxplc.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Halifax Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 5 185.61.152.64 22612 (NAMECHEAP...)
13 104.111.249.254 16625 (AKAMAI-AS)
3 23.8.6.251 20940 (AKAMAI-ASN1)
1 2600:9000:219... 16509 (AMAZON-02)
1 2 18.156.98.77 16509 (AMAZON-02)
1 1 172.217.18.102 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 34.242.67.216 16509 (AMAZON-02)
1 178.249.101.23 11054 (LIVEPERSON)
2 15.237.136.106 16509 (AMAZON-02)
28 10
5    185.61.152.64 (United Kingdom)

ASN22612 (NAMECHEAP-NET, US)
PTR: premium18-2.web-hosting.com
halifaxplc.co.uk
13    104.111.249.254 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-249-254.deploy.static.akamaitechnologies.com
www.halifax-online.co.uk
3    23.8.6.251 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-8-6-251.deploy.static.akamaitechnologies.com
tags.tiqcdn.com
1    2600:9000:2190:a600:e:a6e2:4f80:93a1 (United States)

ASN16509 (AMAZON-02, US)
bcdn-16c9d93d.halifax-online.co.uk
2    18.156.98.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-98-77.eu-central-1.compute.amazonaws.com
statse.webtrendslive.com
1    172.217.18.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f6.1e100.net
ad-emea.doubleclick.net
2    2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
adservice.google.de
1    34.242.67.216 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-67-216.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    178.249.101.23 (Netherlands)

ASN11054 (LIVEPERSON, US)
lptag.liveperson.net
2    15.237.136.106 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-237-136-106.eu-west-3.compute.amazonaws.com
lloydsbankinggroup.d3.sc.omtrdc.net
Domain Requested by
13 www.halifax-online.co.uk halifaxplc.co.uk
www.halifax-online.co.uk
5 halifaxplc.co.uk 1 redirects halifaxplc.co.uk
www.halifax-online.co.uk
3 tags.tiqcdn.com www.halifax-online.co.uk
tags.tiqcdn.com
2 lloydsbankinggroup.d3.sc.omtrdc.net www.halifax-online.co.uk
2 statse.webtrendslive.com 1 redirects halifaxplc.co.uk
1 lptag.liveperson.net tags.tiqcdn.com
1 dpm.demdex.net www.halifax-online.co.uk
1 adservice.google.de halifaxplc.co.uk
1 adservice.google.com 1 redirects
1 ad-emea.doubleclick.net 1 redirects
1 bcdn-16c9d93d.halifax-online.co.uk halifaxplc.co.uk
28 11

This site contains links to these domains. Also see Links.

Domain
www.halifax-online.co.uk
www.halifax.co.uk
Subject Issuer Validity Valid
GLZ-IB-LBG-DESKTOP-PROD-101.lloydsbanking.com
QuoVadis Europe EV SSL CA G1		 2020-09-09 -
2021-09-09		 a year crt.sh
bcdn-16c9d93d.lloydsbank.co.uk
QuoVadis Europe EV SSL CA G1		 2020-09-16 -
2021-09-16		 a year crt.sh
statse.webtrendslive.com
Entrust Certification Authority - L1K		 2020-10-01 -
2021-10-09		 a year crt.sh
*.google.com
GTS CA 1O1		 2020-11-03 -
2021-01-26		 3 months crt.sh
*.liveperson.net
Sectigo RSA Organization Validation Secure Server CA		 2020-05-30 -
2022-05-30		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://halifaxplc.co.uk/mobile.php
Frame ID: D8D3B14565197DD2EE40ED4ED919BBD2
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://halifaxplc.co.uk/ HTTP 302
    http://halifaxplc.co.uk/mobile.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /^https?:\/\/lptag\.liveperson\.net\/tag\/tag\.js/i
Overall confidence: 100%
Detected patterns
  • script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

Page Statistics

28
Requests

61 %
HTTPS

20 %
IPv6

10
Domains

11
Subdomains

10
IPs

6
Countries

471 kB
Transfer

1915 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://halifaxplc.co.uk/ HTTP 302
    http://halifaxplc.co.uk/mobile.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • http://statse.webtrendslive.com/dcs33ei9u10000kby9iq3fci2_2x7f/dcs.gif?&dcsdat=1606736385362&dcssip=halifaxplc.co.uk&dcsuri=/mobile.php&WT.ti=Halifax%20-%20Mobile%20Banking%20-%20Login&WT.sp=IB;mobilebanking&WT.cg_n=Mobile%20Banking&WT.cg_s=loginwithreglink&WT.si_x=1&WT.si_n=Logon&WT.tz=1&WT.bh=12&WT.ul=en-US&WT.cd=24&WT.sr=1600x1200&WT.jo=No&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1600x1200&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=halifaxplc.co.uk/mobile.php&WT.vt_f_a=2&WT.vt_f=2&hasTealium=1 HTTP 301
  • https://statse.webtrendslive.com/dcs33ei9u10000kby9iq3fci2_2x7f/dcs.gif?&dcsdat=1606736385362&dcssip=halifaxplc.co.uk&dcsuri=/mobile.php&WT.ti=Halifax%20-%20Mobile%20Banking%20-%20Login&WT.sp=IB;mobilebanking&WT.cg_n=Mobile%20Banking&WT.cg_s=loginwithreglink&WT.si_x=1&WT.si_n=Logon&WT.tz=1&WT.bh=12&WT.ul=en-US&WT.cd=24&WT.sr=1600x1200&WT.jo=No&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1600x1200&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=halifaxplc.co.uk/mobile.php&WT.vt_f_a=2&WT.vt_f=2&hasTealium=1
Request Chain 18
  • http://ad-emea.doubleclick.net/activity;src=2570593;type=dccon929;cat=dccon750;u=;ord=3794754416978.241 HTTP 302
  • https://adservice.google.com/ddm/fls/p/src=2570593;type=dccon929;cat=dccon750;u=;ord=3794754416978.241;~oref=http://halifaxplc.co.uk/mobile.php HTTP 302
  • https://adservice.google.de/ddm/fls/p/src=2570593;type=dccon929;cat=dccon750;u=;ord=3794754416978.241;~oref=http://halifaxplc.co.uk/mobile.php

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request mobile.php
halifaxplc.co.uk/
Redirect Chain
  • http://halifaxplc.co.uk/
  • http://halifaxplc.co.uk/mobile.php
23 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Server
185.61.152.64 , United Kingdom, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium18-2.web-hosting.com
Software
Apache / PHP/7.2.34
Resource Hash
03280e4cafca70060384d50dc8ea09a4d1f32dfb0a977b46a9cfa292b0c82337

Request headers

Host
halifaxplc.co.uk
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date
Mon, 30 Nov 2020 11:39:44 GMT
Server
Apache
X-Powered-By
PHP/7.2.34
Accept-Ranges
none
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
5038
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Mon, 30 Nov 2020 11:39:44 GMT
Server
Apache
X-Powered-By
PHP/7.2.34
Location
/mobile.php
Content-Length
0
Content-Type
text/html; charset=UTF-8
utag-1584445422.js
www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/assets/insight-tagging/ 		331 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/assets/insight-tagging/utag-1584445422.js
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
1398adf2a27f501144db6152713464777fa31beca33a509192e699c409beb658
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Mar 2020 14:14:34 GMT
X-Powered-By
Servlet/3.0
Vary
Accept-Encoding
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Mon, 30 Nov 2020 11:39:44 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
114783
Expires
Sat, 13 Nov 2021 10:08:35 GMT
base-auto-min200818.css
www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/style/ 		87 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/style/base-auto-min200818.css
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
4b574ffdcf65e417ddafa42ec4ba9abe940e98577dae9d6131959837d704a1ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 16 Oct 2020 11:22:04 GMT
X-Powered-By
Servlet/3.0
Vary
Accept-Encoding
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Mon, 30 Nov 2020 11:39:44 GMT
Connection
keep-alive
Accept-Ranges
none
Content-Type
text/css
Content-Length
19671
Expires
Tue, 30 Nov 2021 01:25:03 GMT
scriptsnippet.jspf
www.halifax-online.co.uk/static/mobile/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/static/mobile/scriptsnippet.jspf
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
64c97092f2f679faa9e15dce873132127cf73e18012bbf5e084648aa3838c8c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
Servlet/3.0
X-Frame-Options
SAMEORIGIN
Content-Language
en-US
Cache-Control
public, max-age=3600
Date
Mon, 30 Nov 2020 11:39:44 GMT
Connection
keep-alive
Content-Type
application/x-javascript;charset=UTF-8
Vary
Accept-Encoding
Content-Length
2449
X-XSS-Protection
1; mode=block
Expires
Mon, 30 Nov 2020 12:39:44 GMT
adrum-4.2.2.js
www.halifax-online.co.uk/assets/lib/ 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/assets/lib/adrum-4.2.2.js
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
ad9a26f295dc18cac3e6e5b1a3423e92d0764acf3d34d74fe4ff2a9898dbbb0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 16 Oct 2020 11:22:02 GMT
X-Powered-By
Servlet/3.0
Vary
Accept-Encoding
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Mon, 30 Nov 2020 11:39:44 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
12431
Expires
Sun, 28 Nov 2021 20:22:23 GMT
cdApi.js
www.halifax-online.co.uk/assets/lib/ 		518 B
971 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/assets/lib/cdApi.js
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
565fe82094015a603c34cf0dd4ba24741d09a7e6a6376a494bde54778dc195d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Fri, 16 Oct 2020 11:22:02 GMT
X-Powered-By
Servlet/3.0
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Mon, 30 Nov 2020 11:39:45 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
518
Expires
Mon, 29 Nov 2021 09:25:36 GMT
Halifax-logo-1432115232.gif
www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/mobile/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/mobile/Halifax-logo-1432115232.gif
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
52f775c52a7a465d35c60169d86f01b09c6ac17d80b0ecb6c7301e17c0394fe4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Fri, 22 May 2015 14:53:53 GMT
X-Powered-By
Servlet/3.0
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Mon, 30 Nov 2020 11:39:45 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
6106
Expires
Fri, 12 Nov 2021 14:13:01 GMT
padlock-secure-NGB-1432115235.gif
www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/mobile/ 		204 B
644 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/mobile/padlock-secure-NGB-1432115235.gif
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
a32d4cb0261b95eae669b741ad8938ad02057d0e0c1cc1638f9cd493a00274de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Fri, 22 May 2015 14:53:53 GMT
X-Powered-By
Servlet/3.0
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Mon, 30 Nov 2020 11:39:45 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
204
Expires
Thu, 04 Nov 2021 14:19:36 GMT
personalloan2020-1596800979.png
www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/marketing/Login_Page_Tiles/Mobile/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/marketing/Login_Page_Tiles/Mobile/personalloan2020-1596800979.png
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
3c8bf60e7a3bc9b946b2f6ab29e073819b0f5478656b6b092c6eb1a0c59e3fab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Mon, 10 Aug 2020 10:08:49 GMT
X-Powered-By
Servlet/3.0
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Mon, 30 Nov 2020 11:39:45 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
6275
Expires
Sat, 13 Nov 2021 06:32:54 GMT
fscs-ngb-logon-banner-V2-1459783745.png
www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/lloydstsb2009/miscellaneous/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/media/images/lloydstsb2009/miscellaneous/fscs-ngb-logon-banner-V2-1459783745.png
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
ef18a59ce2fac55baba361d886d7835b66d2e8ecf485c3a4f59dd06fd819aa3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Mon, 25 Apr 2016 23:18:55 GMT
X-Powered-By
Servlet/3.0
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Mon, 30 Nov 2020 11:39:45 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
33434
Expires
Sat, 13 Nov 2021 06:37:50 GMT
global-auto-min200818.js
www.halifax-online.co.uk/unauth/assets/lib/mobile/ 		72 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/unauth/assets/lib/mobile/global-auto-min200818.js
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
28984820406d301f18e5051eceffc7938139ed6bac9c433668452d155f9d7a53
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 16 Oct 2020 11:22:06 GMT
X-Powered-By
Servlet/3.0
Vary
Accept-Encoding
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Mon, 30 Nov 2020 11:39:44 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
18886
Expires
Tue, 30 Nov 2021 01:25:04 GMT
P04.00.04.js
www.halifax-online.co.uk/assets/webtrends/mobiledefault/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/assets/webtrends/mobiledefault/P04.00.04.js
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
1d9b6b596f1df72400db097b5e8c5a72e619b1043d8f3958c7db14b5292cd8bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 16 Oct 2020 11:22:02 GMT
X-Powered-By
Servlet/3.0
Vary
Accept-Encoding
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Mon, 30 Nov 2020 11:39:45 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
755
ETag
"WA0fd512fa0042c9fd"
Expires
Sun, 28 Nov 2021 19:12:39 GMT
mobileanalytics-min200818.js
www.halifax-online.co.uk/unauth/assets/lib/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.halifax-online.co.uk/unauth/assets/lib/mobileanalytics-min200818.js
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
0f8b7c5244036715e19e8b16418178f0865762a4e16834d63197fd1a24edb29d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 16 Oct 2020 11:22:06 GMT
X-Powered-By
Servlet/3.0
Vary
Accept-Encoding
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Mon, 30 Nov 2020 11:39:45 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
8728
Expires
Sun, 28 Nov 2021 21:45:13 GMT
4ad184b9ui258e914b1ca5ee239fae
halifaxplc.co.uk/bundles/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://halifaxplc.co.uk/bundles/4ad184b9ui258e914b1ca5ee239fae
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Server
185.61.152.64 , United Kingdom, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium18-2.web-hosting.com
Software
Apache /
Resource Hash

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date
Mon, 30 Nov 2020 11:39:45 GMT
Server
Apache
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
utag.js
tags.tiqcdn.com/utag/lbg/main/prod/ 		546 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://tags.tiqcdn.com/utag/lbg/main/prod/utag.js
Requested by
Host: www.halifax-online.co.uk
URL: https://www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/assets/insight-tagging/utag-1584445422.js
Protocol
HTTP/1.1
Server
23.8.6.251 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a23-8-6-251.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
914c4d39458f42e2785b786d61a22654e82a352a38b1fcfa99a869c3dc122509

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date
Mon, 30 Nov 2020 11:39:45 GMT
Content-Encoding
gzip
Last-Modified
Thu, 26 Nov 2020 13:31:27 GMT
Server
AkamaiNetStorage
ETag
"8c6ada9d565f2aa5cb807fc45c14894f:1606397486.957654"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=300
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
Expires
Mon, 30 Nov 2020 11:44:45 GMT
16c9d93d.js
bcdn-16c9d93d.halifax-online.co.uk/scripts/16c9d93d/ 		565 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bcdn-16c9d93d.halifax-online.co.uk/scripts/16c9d93d/16c9d93d.js
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:a600:e:a6e2:4f80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1656ff1781115ff03b2f588d9e4051836d531bccdb347ad53eacdc016677539e

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date
Mon, 30 Nov 2020 00:55:14 GMT
content-encoding
gzip
last-modified
Sun, 11 Oct 2020 08:03:46 GMT
server
AmazonS3
age
38672
etag
"4ab82644b11a023ed3e228d4adb6ce2c"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 08c5e904e2f0226b2d9c1417f32b12f2.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
content-length
108013
x-amz-cf-id
E7TyhXGI2oe8-LDwoSFHUePVxX6b9jD5qPWiRDoR4tG0aJmAYzh7aQ==
chevron_right_white.png
www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/img/link_types/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/img/link_types/chevron_right_white.png
Requested by
Host: www.halifax-online.co.uk
URL: https://www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/style/base-auto-min200818.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.254 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-254.deploy.static.akamaitechnologies.com
Software
/ Servlet/3.0
Resource Hash
e3cd0d68d226d95c5901c2a6ce9fe33f60531a25f777d0734fa2a61bd0964ef8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.halifax-online.co.uk/unauth/assets/HalifaxRetail/ngb/style/base-auto-min200818.css
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Fri, 16 Oct 2020 11:22:04 GMT
X-Powered-By
Servlet/3.0
Content-Language
en-US
Cache-Control
public, max-age=31536000, s-maxage=14400
Date
Mon, 30 Nov 2020 11:39:45 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
1098
ETag
"WA43d65ddf344e2e8c"
Expires
Fri, 26 Nov 2021 19:17:21 GMT
4ad184b9ui258e914b1ca5ee239fae
halifaxplc.co.uk/bundles/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://halifaxplc.co.uk/bundles/4ad184b9ui258e914b1ca5ee239fae
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
HTTP/1.1
Server
185.61.152.64 , United Kingdom, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium18-2.web-hosting.com
Software
Apache /
Resource Hash

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date
Mon, 30 Nov 2020 11:39:45 GMT
Server
Apache
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
dcs.gif
statse.webtrendslive.com/dcs33ei9u10000kby9iq3fci2_2x7f/
Redirect Chain
  • http://statse.webtrendslive.com/dcs33ei9u10000kby9iq3fci2_2x7f/dcs.gif?&dcsdat=1606736385362&dcssip=halifaxplc.co.uk&dcsuri=/mobile.php&WT.ti=Halifax%20-%20Mobile%20Banking%20-%20Login&WT.sp=IB;mob...
  • https://statse.webtrendslive.com/dcs33ei9u10000kby9iq3fci2_2x7f/dcs.gif?&dcsdat=1606736385362&dcssip=halifaxplc.co.uk&dcsuri=/mobile.php&WT.ti=Halifax%20-%20Mobile%20Banking%20-%20Login&WT.sp=IB;mo...
67 B
175 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://statse.webtrendslive.com/dcs33ei9u10000kby9iq3fci2_2x7f/dcs.gif?&dcsdat=1606736385362&dcssip=halifaxplc.co.uk&dcsuri=/mobile.php&WT.ti=Halifax%20-%20Mobile%20Banking%20-%20Login&WT.sp=IB;mobilebanking&WT.cg_n=Mobile%20Banking&WT.cg_s=loginwithreglink&WT.si_x=1&WT.si_n=Logon&WT.tz=1&WT.bh=12&WT.ul=en-US&WT.cd=24&WT.sr=1600x1200&WT.jo=No&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1600x1200&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=halifaxplc.co.uk/mobile.php&WT.vt_f_a=2&WT.vt_f=2&hasTealium=1
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
18.156.98.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-98-77.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
cache-control
no-cache
expires
-1
date
Mon, 30 Nov 2020 11:39:45 GMT
content-length
67
content-type
image/gif

Redirect headers

Location
https://statse.webtrendslive.com/dcs33ei9u10000kby9iq3fci2_2x7f/dcs.gif?&dcsdat=1606736385362&dcssip=halifaxplc.co.uk&dcsuri=/mobile.php&WT.ti=Halifax%20-%20Mobile%20Banking%20-%20Login&WT.sp=IB;mobilebanking&WT.cg_n=Mobile%20Banking&WT.cg_s=loginwithreglink&WT.si_x=1&WT.si_n=Logon&WT.tz=1&WT.bh=12&WT.ul=en-US&WT.cd=24&WT.sr=1600x1200&WT.jo=No&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1600x1200&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=halifaxplc.co.uk/mobile.php&WT.vt_f_a=2&WT.vt_f=2&hasTealium=1
Date
Mon, 30 Nov 2020 11:39:45 GMT
Connection
close
Content-Length
769
Content-Type
text/html; charset=UTF-8
mobile.php
adservice.google.de/ddm/fls/p/src=2570593;type=dccon929;cat=dccon750;u=;ord=3794754416978.241;~oref=http://halifaxplc.co.uk/
Redirect Chain
  • http://ad-emea.doubleclick.net/activity;src=2570593;type=dccon929;cat=dccon750;u=;ord=3794754416978.241?
  • https://adservice.google.com/ddm/fls/p/src=2570593;type=dccon929;cat=dccon750;u=;ord=3794754416978.241;~oref=http://halifaxplc.co.uk/mobile.php
  • https://adservice.google.de/ddm/fls/p/src=2570593;type=dccon929;cat=dccon750;u=;ord=3794754416978.241;~oref=http://halifaxplc.co.uk/mobile.php
42 B
118 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.de/ddm/fls/p/src=2570593;type=dccon929;cat=dccon750;u=;ord=3794754416978.241;~oref=http://halifaxplc.co.uk/mobile.php
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

pragma
no-cache
date
Mon, 30 Nov 2020 11:39:45 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 30 Nov 2020 11:39:45 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/html; charset=UTF-8
location
https://adservice.google.de/ddm/fls/p/src=2570593;type=dccon929;cat=dccon750;u=;ord=3794754416978.241;~oref=http://halifaxplc.co.uk/mobile.php
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
356 B 		Script
General
Check archive.org
Download Go to
Full URL
http://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=lbg/main/202011261330&cb=1606736385460
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/lbg/main/prod/utag.js
Protocol
HTTP/1.1
Server
23.8.6.251 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a23-8-6-251.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date
Mon, 30 Nov 2020 11:39:45 GMT
Last-Modified
Thu, 14 Apr 2016 16:57:51 GMT
Server
AkamaiNetStorage
ETag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
Content-Type
application/x-javascript
Cache-Control
max-age=600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2
Expires
Mon, 30 Nov 2020 11:49:45 GMT
ee9b3870-f508-4ce1-8eec-67da741e671b
http://halifaxplc.co.uk/ 		161 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:http://halifaxplc.co.uk/ee9b3870-f508-4ce1-8eec-67da741e671b
Requested by
Host: halifaxplc.co.uk
URL: http://halifaxplc.co.uk/mobile.php
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f2a6c9f1c61fcdf3879c8dff26e9f5c62eb1ba98f4be5cf8ba1307f2a9723688

Request headers

Referer
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Content-Length
165046
adrum-ext.62d0e08d9f229ec0e2a347c4a03b777b.js
halifaxplc.co.uk/assets/lib// 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://halifaxplc.co.uk/assets/lib//adrum-ext.62d0e08d9f229ec0e2a347c4a03b777b.js
Requested by
Host: www.halifax-online.co.uk
URL: https://www.halifax-online.co.uk/assets/lib/adrum-4.2.2.js
Protocol
HTTP/1.1
Server
185.61.152.64 , United Kingdom, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium18-2.web-hosting.com
Software
Apache /
Resource Hash

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date
Mon, 30 Nov 2020 11:39:45 GMT
Server
Apache
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
id
dpm.demdex.net/ 		227 B
985 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://dpm.demdex.net/id?d_visid_ver=3.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=230D643E5A2550980A495DB6%40AdobeOrg&d_nsid=0&ts=1606736387142
Requested by
Host: www.halifax-online.co.uk
URL: https://www.halifax-online.co.uk/assets/lib/adrum-4.2.2.js
Protocol
HTTP/1.1
Server
34.242.67.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-242-67-216.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4af58b494669b8e42c55bcabc1852de38445d60073fa0e9a641d223862b4cb01

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v086-020781a86.edge-irl1.demdex.com 5.80.1.20201111130852 2ms (+1ms)
Pragma
no-cache
X-TID
hrPuAV/5RNw=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
http://halifaxplc.co.uk
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
227
Expires
Thu, 01 Jan 1970 00:00:00 GMT
utag.1072.js
tags.tiqcdn.com/utag/lbg/main/prod/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://tags.tiqcdn.com/utag/lbg/main/prod/utag.1072.js?utv=ut4.46.202011261331
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/lbg/main/prod/utag.js
Protocol
HTTP/1.1
Server
23.8.6.251 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a23-8-6-251.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
18b7aff6dc0ec499604cce789e6fede02843de9e2a14ecd9527416424973adae

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

Date
Mon, 30 Nov 2020 11:39:47 GMT
Content-Encoding
gzip
Last-Modified
Tue, 19 May 2020 13:45:02 GMT
Server
AkamaiNetStorage
ETag
"9a06272e8499ad12b51ef395261c21b7:1589895902.994873"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=1296000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4087
Expires
Tue, 15 Dec 2020 11:39:47 GMT
tag.js
lptag.liveperson.net/tag/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/tag/tag.js?site=49955747
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/lbg/main/prod/utag.1072.js?utv=ut4.46.202011261331
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date
Mon, 30 Nov 2020 11:39:47 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
text/plain
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
id
lloydsbankinggroup.d3.sc.omtrdc.net/ 		2 B
489 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://lloydsbankinggroup.d3.sc.omtrdc.net/id?d_visid_ver=3.3.0&d_fieldgroup=A&mcorgid=230D643E5A2550980A495DB6%40AdobeOrg&mid=44259780048831936250768452388523115253&ts=1606736387246
Requested by
Host: www.halifax-online.co.uk
URL: https://www.halifax-online.co.uk/assets/lib/adrum-4.2.2.js
Protocol
HTTP/1.1
Server
15.237.136.106 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-136-106.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 30 Nov 2020 11:39:47 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-f7bfdfcfd-6247c
vary
Origin
x-c
master-1404.I1e61f9.M0-468
p3p
CP="This is not a P3P policy"
access-control-allow-origin
http://halifaxplc.co.uk
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
2
x-xss-protection
1; mode=block
s13137135850295
lloydsbankinggroup.d3.sc.omtrdc.net/b/ss/lloydsbankinggroupprod/1/JS-2.10.0/ 		43 B
600 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://lloydsbankinggroup.d3.sc.omtrdc.net/b/ss/lloydsbankinggroupprod/1/JS-2.10.0/s13137135850295?AQB=1&ndh=1&pf=1&t=30%2F10%2F2020%2012%3A39%3A47%201%20-60&sdid=7A9175E6B96D63C0-7E86F3887F6946AD&mid=44259780048831936250768452388523115253&aamlh=6&ce=UTF-8&cdp=3&fpCookieDomainPeriods=3&pageName=Halifax-Division-mobile-mobile-php&g=http%3A%2F%2Fhalifaxplc.co.uk%2Fmobile.php&cc=GBP&events=event601%3D1%2Cevent602%3D3%2Cevent603%3D4%2Cevent1%3D1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=Halifax-Division-mobile-mobile-php&v1=Halifax-Division-mobile-mobile-php&c2=%2Fmobile.php&v2=%2Fmobile.php&v3=halifaxplc.co.uk&c7=Web&v7=Web&c8=Primary%20Authentication&v10=Page%20Load&v11=Halifax&c12=1606736387138&v12=halifaxplc.co.uk&c13=ki4hcyte&v13=%2Fmobile.php&c16=Log%20On&c21=log%20on.primary%20authentication.application&v21=Application%20Journey&c22=none.none&v22=Servicing&c23=page%20load.none.none&v26=mobile&v28=Service&v29=Authentication&v30=Online%20Banking&c36=D%3Dsdid&c37=D%3Dmid&c40=81092AC&c41=2D9FE33&c42=0A0A1C&v55=No%20Consent&v56=No%20Consent&v57=No%20Consent&v60=Unauth&v71=Application&c72=894%3B928%3B929&c73=782%3B851%3B862%3B899%3B1213%3B1326%3B1340%3B1370%3B0&c74=2&v81=Log%20On&v82=Authentication&v84=1&v85=Primary%20Authentication&v97=Online%20Banking&v98=Username%20and%20Password&v142=teamsite%2F20200312100616%2F202011261331&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=230D643E5A2550980A495DB6%40AdobeOrg&AQE=1
Protocol
HTTP/1.1
Server
15.237.136.106 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-136-106.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://halifaxplc.co.uk/mobile.php
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date
Mon, 30 Nov 2020 11:39:47 GMT
x-content-type-options
nosniff
x-c
master-1404.I1e61f9.M0-468
p3p
CP="This is not a P3P policy"
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 01 Dec 2020 11:39:47 GMT
server
jag
xserver
anedge-f7bfdfcfd-vmq64
etag
3450440117814394880-4621685237754259105
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Sun, 29 Nov 2020 11:39:47 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Halifax Bank (Banking)

138 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated object| utag_data function| targetPageParams string| TealiumVersion function| printAnalyticsLog object| clova2 object| clova3 object| clova3EventQueue function| setImmediate function| clearImmediate object| utag_dataEmpty object| utag_cfg_ovrd function| runAppDynamics object| clovaAcquire function| setAnalyticsVariables function| triggerAnalyticsPageEvent boolean| loadBot object| DI object| campaignScripts undefined| index number| adrum-start-time object| ADRUM function| downloadBCV2Onload function| showWebTrendForCancel function| showWebTrendForContinueApp object| _AP function| $ object| LBGM string| mobileType string| userAgent function| gotoTop function| addOption function| Validatable object| LBG object| QuestionSelectors object| QuestionEvents object| QuestionState function| Question function| EmailQuestion function| QuestionManager function| Validation function| Class object| cdApi object| analyticsElementArray object| pageAnalyticsElementArray string| iosAbvSixTagValue string| iosBlwSixAndAndroidTagValue string| txtWtSiXTagValue string| txtWtTxETagValue function| webTrendsForSmartAppBanner function| webTrendsForMLPT function| PageAnalyticsElement function| doubleclickConnector function| doubleclickConnector_setCookie function| doubleclickConnector_getCookie object| WebTrends function| dcsMultiTrack function| dcsDebug string| acct_id function| grabValue function| setAcctID function| checkAcctID object| LTSB function| bindOnLoadConfiguration function| construct function| init object| _cf object| _tag number| end string| value string| urlp boolean| utag_condload boolean| isValidJson undefined| windowNameFix function| eligibleByDomain function| getEnvironmentFromScriptLocation function| eligibleByEnvironment function| ineligibleByDevice function| ineligibleByPath function| exemptionPages function| getGMTTimeInOneHour function| getGMTTimeAnHourAgo function| getGMTTimeInNinetyDays function| getParentDomain function| getBrand function| debugLog object| utag object| _gaq object| pageTracker function| e object| s function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_ActivityMap undefined| n object| bOU object| aOU function| OU_new function| giveMeQ function| stitchCookies function| useQS function| isJsonString function| optInNoPrompt function| deleteCookie function| inheritNoPrompt function| showPrompt function| consentsCaptured function| writeSeenBeforeCookie function| writefirstSessionCookie function| seenBeforeCookieCaptured function| firstSessionCookieCaptured boolean| __tealium_twc_switch boolean| allowPartialMatch boolean| __tealium_privacy function| fixWTCookies number| analytics_event_count object| analytics_event_log boolean| waitingforngaconstants string| journeyProduct string| productSubGroup function| Visitor object| s_c_il number| s_c_in number| s_objectID number| s_giq function| webtrendsAsyncInit object| Webtrends object| LBGAnalytics object| cdwpb function| tealium_liveperson_lib object| lpTag number| webchateventinterval object| s_i_lloydsbankinggroupprod

6 Cookies

Domain/Path Name / Value
.halifaxplc.co.uk/ Name: cdContextId
Value: 1
.halifaxplc.co.uk/ Name: utag_main
Value: v_id:017618f39566001e17d9e5616f4d00070002206800b08$_sn:1$_se:1$_ss:1$_st:1606738185382$ses_id:1606736385382%3Bexp-session$_pn:1%3Bexp-session
halifaxplc.co.uk/ Name: dcConnector
Value: true
.halifaxplc.co.uk/ Name: OPTOUTMULTI
Value: 0:0%7Cc1:1%7Cc3:1%7Cc5:1%7Cc4:1%7Cc2:1
.halifaxplc.co.uk/ Name: bmuid
Value: 1606736385497-3A26DD67-3B79-4F5E-B4BA-7CA4B270D758
.halifaxplc.co.uk/ Name: lbgcookiedomainparent
Value: true

2 Console Messages

Source Level URL
Text
console-api log URL: https://www.halifax-online.co.uk/wps/wcm/connect/content_halifax_personal_banking/assets/assets/insight-tagging/utag-1584445422.js(Line 25)
Message:
WTOLoadRuleundefined
console-api log URL: http://tags.tiqcdn.com/utag/lbg/main/prod/utag.1072.js?utv=ut4.46.202011261331(Line 14)
Message:
Attaching Webchat Event Handlers

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-emea.doubleclick.net
adservice.google.com
adservice.google.de
bcdn-16c9d93d.halifax-online.co.uk
dpm.demdex.net
halifaxplc.co.uk
lloydsbankinggroup.d3.sc.omtrdc.net
lptag.liveperson.net
statse.webtrendslive.com
tags.tiqcdn.com
www.halifax-online.co.uk
104.111.249.254
15.237.136.106
172.217.18.102
178.249.101.23
18.156.98.77
185.61.152.64
23.8.6.251
2600:9000:2190:a600:e:a6e2:4f80:93a1
2a00:1450:4001:825::2002
34.242.67.216
03280e4cafca70060384d50dc8ea09a4d1f32dfb0a977b46a9cfa292b0c82337
09d46019c7a75b96187202c3c8412182f27c413a9c3661857923dc8e94e91b7b
0f8b7c5244036715e19e8b16418178f0865762a4e16834d63197fd1a24edb29d
1398adf2a27f501144db6152713464777fa31beca33a509192e699c409beb658
1656ff1781115ff03b2f588d9e4051836d531bccdb347ad53eacdc016677539e
18b7aff6dc0ec499604cce789e6fede02843de9e2a14ecd9527416424973adae
1d9b6b596f1df72400db097b5e8c5a72e619b1043d8f3958c7db14b5292cd8bd
28984820406d301f18e5051eceffc7938139ed6bac9c433668452d155f9d7a53
3c8bf60e7a3bc9b946b2f6ab29e073819b0f5478656b6b092c6eb1a0c59e3fab
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4af58b494669b8e42c55bcabc1852de38445d60073fa0e9a641d223862b4cb01
4b574ffdcf65e417ddafa42ec4ba9abe940e98577dae9d6131959837d704a1ea
52f775c52a7a465d35c60169d86f01b09c6ac17d80b0ecb6c7301e17c0394fe4
565fe82094015a603c34cf0dd4ba24741d09a7e6a6376a494bde54778dc195d3
64c97092f2f679faa9e15dce873132127cf73e18012bbf5e084648aa3838c8c0
914c4d39458f42e2785b786d61a22654e82a352a38b1fcfa99a869c3dc122509
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a32d4cb0261b95eae669b741ad8938ad02057d0e0c1cc1638f9cd493a00274de
ad9a26f295dc18cac3e6e5b1a3423e92d0764acf3d34d74fe4ff2a9898dbbb0a
e3cd0d68d226d95c5901c2a6ce9fe33f60531a25f777d0734fa2a61bd0964ef8
ef18a59ce2fac55baba361d886d7835b66d2e8ecf485c3a4f59dd06fd819aa3f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2a6c9f1c61fcdf3879c8dff26e9f5c62eb1ba98f4be5cf8ba1307f2a9723688