natwonline.weibamg.com
Open in
urlscan Pro
172.167.8.228
Malicious Activity!
Public Scan
Effective URL: https://natwonline.weibamg.com/~/Login.php
Submission: On February 06 via api from BE — Scanned from DE
Summary
TLS certificate: Issued by R3 on February 1st 2024. Valid for: 3 months.
This is the only time natwonline.weibamg.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NatWest (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3034::ac43:83af | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 18 | 172.167.8.228 172.167.8.228 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
17 | 1 |
ASN13335 (CLOUDFLARENET, US)
natweonline-scheduled-1057-cluster.a-kunz.workers.dev |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
natwonline.weibamg.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
weibamg.com
1 redirects
natwonline.weibamg.com |
206 KB |
1 |
workers.dev
1 redirects
natweonline-scheduled-1057-cluster.a-kunz.workers.dev |
532 B |
17 | 2 |
Domain | Requested by | |
---|---|---|
18 | natwonline.weibamg.com |
1 redirects
natwonline.weibamg.com
|
1 | natweonline-scheduled-1057-cluster.a-kunz.workers.dev | 1 redirects |
17 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.nwolb.com |
www.natwest.com |
personal.natwest.com |
onetrust.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
natwonline.weibamg.com R3 |
2024-02-01 - 2024-05-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://natwonline.weibamg.com/~/Login.php
Frame ID: 3EFB268ABA0E97147C4D4CC415D6EEA2
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Log in to Online Banking Back ButtonSearch IconFilter IconArrowPage URL History Show full URLs
-
http://natweonline-scheduled-1057-cluster.a-kunz.workers.dev/proxy?modify&proxyUrl=https://example.com
HTTP 307
https://natweonline-scheduled-1057-cluster.a-kunz.workers.dev/proxy?modify&proxyUrl=https://example.com HTTP 301
https://natwonline.weibamg.com/~/ HTTP 302
https://natwonline.weibamg.com/~/Login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
23 Outgoing links
These are links going to different origins than the main page.
Title: Return to start of screen / Access key details
Search URL Search Domain Scan URL
Title: Skip to Menu
Search URL Search Domain Scan URL
Title: Skip to main content
Search URL Search Domain Scan URL
Title: Premier
Search URL Search Domain Scan URL
Title: Business
Search URL Search Domain Scan URL
Title: Corporate
Search URL Search Domain Scan URL
Title: International
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Products
Search URL Search Domain Scan URL
Title: Support
Search URL Search Domain Scan URL
Title: Life Moments
Search URL Search Domain Scan URL
Title: Show me how to…
Search URL Search Domain Scan URL
Title: Log in
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Forgotten your customer number?
Search URL Search Domain Scan URL
Title: Sign up here
Search URL Search Domain Scan URL
Title: Legal Info
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: View Privacy Notice
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://natweonline-scheduled-1057-cluster.a-kunz.workers.dev/proxy?modify&proxyUrl=https://example.com
HTTP 307
https://natweonline-scheduled-1057-cluster.a-kunz.workers.dev/proxy?modify&proxyUrl=https://example.com HTTP 301
https://natwonline.weibamg.com/~/ HTTP 302
https://natwonline.weibamg.com/~/Login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Login.php
natwonline.weibamg.com/~/ Redirect Chain
|
242 KB 35 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
master.css
natwonline.weibamg.com/~/files/css/ |
238 KB 41 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
npc.css
natwonline.weibamg.com/~/files/css/ |
50 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overlayPromptMaster.css
natwonline.weibamg.com/~/files/css/ |
1 KB 555 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overlayPrompt.css
natwonline.weibamg.com/~/files/css/ |
76 B 162 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
natwonline.weibamg.com/~/files/js/ |
266 KB 72 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
n-w-logo.svg
natwonline.weibamg.com/~/files/img/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nw-security-banner-vishing-194x443.gif
natwonline.weibamg.com/~/files/img/ |
14 KB 14 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
FSCS_Protected_Logo.png
natwonline.weibamg.com/~/files/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
error-marker.png
natwonline.weibamg.com/~/files/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
white-lock.png
natwonline.weibamg.com/~/files/img/ |
285 B 350 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
li5_outer_frame_top_curve.gif
natwonline.weibamg.com/~/files/images/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
radio-normal.png
natwonline.weibamg.com/~/files/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
combined-shape.png
natwonline.weibamg.com/~/files/img/ |
359 B 424 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
check-box.png
natwonline.weibamg.com/~/files/img/ |
157 B 222 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
down-chevron.png
natwonline.weibamg.com/~/files/img/ |
295 B 360 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
RNHouseSansW05-Regular.woff2
natwonline.weibamg.com/~/files/fonts/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NatWest (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
natweonline-scheduled-1057-cluster.a-kunz.workers.dev
natwonline.weibamg.com
172.167.8.228
2606:4700:3034::ac43:83af
1874716feea55f2c8fff862289e086743a68a296735e09ed842014ed61ec183e
1aea65aeda4e39957158bacd84556ed7a77ab468265e2a163265b346b7f60965
1ec277d20cb0b2b9d72322f3cc32d988435978a6a8f72b28e0f8ac8b1bf17a72
27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005
42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79
668faa210a0e0cabb9aa13a1a6ad4e3b22b0f9cad90c43694ba37a8a4714b0e6
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
921919edc79f2308d85d418be2158ee2f4c8ad418be5e5d15aa27dc1c0c4061f
9be8b2c42ad2d6f7327f62a7d03995a5a4615770154941d59493473186e5140c
b219825ac314d72c5e00b184dc8a4216a2fded34a5259ec133d3bc6fd8a11260
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082
e6d03fb291fdf6036e3e04726f771d360b19353c35f10549b263e50e1f07a420
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d