natwonline.weibamg.com Open in urlscan Pro
172.167.8.228  Malicious Activity! Public Scan

Submitted URL: http://natweonline-scheduled-1057-cluster.a-kunz.workers.dev/proxy?modify&proxyUrl=https://example.com
Effective URL: https://natwonline.weibamg.com/~/Login.php
Submission: On February 06 via api from BE — Scanned from DE

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 17 HTTP transactions. The main IP is 172.167.8.228, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is natwonline.weibamg.com.
TLS certificate: Issued by R3 on February 1st 2024. Valid for: 3 months.
This is the only time natwonline.weibamg.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NatWest (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 18 172.167.8.228 8075 (MICROSOFT...)
17 1
Apex Domain
Subdomains
Transfer
18 weibamg.com
natwonline.weibamg.com
206 KB
1 workers.dev
natweonline-scheduled-1057-cluster.a-kunz.workers.dev
532 B
17 2
Domain Requested by
18 natwonline.weibamg.com 1 redirects natwonline.weibamg.com
1 natweonline-scheduled-1057-cluster.a-kunz.workers.dev 1 redirects
17 2

This site contains links to these domains. Also see Links.

Domain
www.nwolb.com
www.natwest.com
personal.natwest.com
onetrust.com
Subject Issuer Validity Valid
natwonline.weibamg.com
R3
2024-02-01 -
2024-05-01
3 months crt.sh

This page contains 1 frames:

Primary Page: https://natwonline.weibamg.com/~/Login.php
Frame ID: 3EFB268ABA0E97147C4D4CC415D6EEA2
Requests: 17 HTTP requests in this frame

Screenshot

Page Title

Log in to Online Banking Back ButtonSearch IconFilter IconArrow

Page URL History Show full URLs

  1. http://natweonline-scheduled-1057-cluster.a-kunz.workers.dev/proxy?modify&proxyUrl=https://example.com HTTP 307
    https://natweonline-scheduled-1057-cluster.a-kunz.workers.dev/proxy?modify&proxyUrl=https://example.com HTTP 301
    https://natwonline.weibamg.com/~/ HTTP 302
    https://natwonline.weibamg.com/~/Login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

206 kB
Transfer

847 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://natweonline-scheduled-1057-cluster.a-kunz.workers.dev/proxy?modify&proxyUrl=https://example.com HTTP 307
    https://natweonline-scheduled-1057-cluster.a-kunz.workers.dev/proxy?modify&proxyUrl=https://example.com HTTP 301
    https://natwonline.weibamg.com/~/ HTTP 302
    https://natwonline.weibamg.com/~/Login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Login.php
natwonline.weibamg.com/~/
Redirect Chain
  • http://natweonline-scheduled-1057-cluster.a-kunz.workers.dev/proxy?modify&proxyUrl=https://example.com
  • https://natweonline-scheduled-1057-cluster.a-kunz.workers.dev/proxy?modify&proxyUrl=https://example.com
  • https://natwonline.weibamg.com/~/
  • https://natwonline.weibamg.com/~/Login.php
242 KB
35 KB
Document
General
Full URL
https://natwonline.weibamg.com/~/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
921919edc79f2308d85d418be2158ee2f4c8ad418be5e5d15aa27dc1c0c4061f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
gzip
content-length
35533
content-type
text/html; charset=UTF-8
date
Tue, 06 Feb 2024 23:51:27 GMT
server
LiteSpeed
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 06 Feb 2024 23:51:27 GMT
location
Login.php
server
LiteSpeed
master.css
natwonline.weibamg.com/~/files/css/
238 KB
41 KB
Stylesheet
General
Full URL
https://natwonline.weibamg.com/~/files/css/master.css
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
b219825ac314d72c5e00b184dc8a4216a2fded34a5259ec133d3bc6fd8a11260

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
content-encoding
br
last-modified
Wed, 19 Aug 2020 22:50:10 GMT
server
LiteSpeed
etag
"3b87d-5f3daca2-103196;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
41782
expires
Tue, 13 Feb 2024 23:51:27 GMT
npc.css
natwonline.weibamg.com/~/files/css/
50 KB
10 KB
Stylesheet
General
Full URL
https://natwonline.weibamg.com/~/files/css/npc.css
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
e6d03fb291fdf6036e3e04726f771d360b19353c35f10549b263e50e1f07a420

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
content-encoding
br
last-modified
Wed, 19 Aug 2020 22:50:04 GMT
server
LiteSpeed
etag
"c710-5f3dac9c-103197;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
9663
expires
Tue, 13 Feb 2024 23:51:27 GMT
overlayPromptMaster.css
natwonline.weibamg.com/~/files/css/
1 KB
555 B
Stylesheet
General
Full URL
https://natwonline.weibamg.com/~/files/css/overlayPromptMaster.css
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
content-encoding
br
last-modified
Wed, 19 Aug 2020 17:29:34 GMT
server
LiteSpeed
etag
"562-5f3d617e-103199;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
466
expires
Tue, 13 Feb 2024 23:51:27 GMT
overlayPrompt.css
natwonline.weibamg.com/~/files/css/
76 B
162 B
Stylesheet
General
Full URL
https://natwonline.weibamg.com/~/files/css/overlayPrompt.css
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
last-modified
Wed, 19 Aug 2020 17:29:34 GMT
server
LiteSpeed
etag
"4c-5f3d617e-103198;;;"
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
76
expires
Tue, 13 Feb 2024 23:51:27 GMT
jquery.js
natwonline.weibamg.com/~/files/js/
266 KB
72 KB
Script
General
Full URL
https://natwonline.weibamg.com/~/files/js/jquery.js
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
content-encoding
br
last-modified
Sat, 24 Aug 2019 09:25:18 GMT
server
LiteSpeed
etag
"42719-5d61027e-1031c4;br"
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
73807
n-w-logo.svg
natwonline.weibamg.com/~/files/img/
5 KB
2 KB
Image
General
Full URL
https://natwonline.weibamg.com/~/files/img/n-w-logo.svg
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
668faa210a0e0cabb9aa13a1a6ad4e3b22b0f9cad90c43694ba37a8a4714b0e6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
content-encoding
br
last-modified
Wed, 19 Aug 2020 17:41:22 GMT
server
LiteSpeed
etag
"130a-5f3d6442-1031b8;br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
1592
expires
Tue, 13 Feb 2024 23:51:27 GMT
nw-security-banner-vishing-194x443.gif
natwonline.weibamg.com/~/files/img/
14 KB
14 KB
Image
General
Full URL
https://natwonline.weibamg.com/~/files/img/nw-security-banner-vishing-194x443.gif
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
1aea65aeda4e39957158bacd84556ed7a77ab468265e2a163265b346b7f60965

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
last-modified
Wed, 19 Aug 2020 17:29:40 GMT
server
LiteSpeed
etag
"3827-5f3d6184-1031b9;;;"
content-type
image/gif
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
14375
expires
Tue, 13 Feb 2024 23:51:27 GMT
FSCS_Protected_Logo.png
natwonline.weibamg.com/~/files/img/
6 KB
6 KB
Image
General
Full URL
https://natwonline.weibamg.com/~/files/img/FSCS_Protected_Logo.png
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/Login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
last-modified
Wed, 19 Aug 2020 17:29:40 GMT
server
LiteSpeed
etag
"162f-5f3d6184-1031b4;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
5679
expires
Tue, 13 Feb 2024 23:51:27 GMT
error-marker.png
natwonline.weibamg.com/~/files/img/
1 KB
1 KB
Image
General
Full URL
https://natwonline.weibamg.com/~/files/img/error-marker.png
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/Login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
last-modified
Wed, 19 Aug 2020 17:29:40 GMT
server
LiteSpeed
etag
"442-5f3d6184-1031af;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
1090
expires
Tue, 13 Feb 2024 23:51:27 GMT
white-lock.png
natwonline.weibamg.com/~/files/img/
285 B
350 B
Image
General
Full URL
https://natwonline.weibamg.com/~/files/img/white-lock.png
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/files/css/npc.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/files/css/npc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
last-modified
Wed, 19 Aug 2020 17:40:48 GMT
server
LiteSpeed
etag
"11d-5f3d6420-1031bf;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
285
expires
Tue, 13 Feb 2024 23:51:27 GMT
li5_outer_frame_top_curve.gif
natwonline.weibamg.com/~/files/images/
1 KB
1 KB
Image
General
Full URL
https://natwonline.weibamg.com/~/files/images/li5_outer_frame_top_curve.gif
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/files/css/master.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
1874716feea55f2c8fff862289e086743a68a296735e09ed842014ed61ec183e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/files/css/master.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 06 Feb 2024 23:51:27 GMT
content-encoding
gzip
server
LiteSpeed
vary
Accept-Encoding
content-type
text/html
cache-control
private, no-cache, max-age=0
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
radio-normal.png
natwonline.weibamg.com/~/files/img/
1 KB
1 KB
Image
General
Full URL
https://natwonline.weibamg.com/~/files/img/radio-normal.png
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/files/css/npc.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
1ec277d20cb0b2b9d72322f3cc32d988435978a6a8f72b28e0f8ac8b1bf17a72

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/files/css/npc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
last-modified
Wed, 19 Aug 2020 17:43:46 GMT
server
LiteSpeed
etag
"525-5f3d64d2-1031ba;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
1317
expires
Tue, 13 Feb 2024 23:51:27 GMT
combined-shape.png
natwonline.weibamg.com/~/files/img/
359 B
424 B
Image
General
Full URL
https://natwonline.weibamg.com/~/files/img/combined-shape.png
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/files/css/npc.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/files/css/npc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
last-modified
Wed, 19 Aug 2020 19:51:30 GMT
server
LiteSpeed
etag
"167-5f3d82c2-1031ad;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
359
expires
Tue, 13 Feb 2024 23:51:27 GMT
check-box.png
natwonline.weibamg.com/~/files/img/
157 B
222 B
Image
General
Full URL
https://natwonline.weibamg.com/~/files/img/check-box.png
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/files/css/npc.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/files/css/npc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
last-modified
Wed, 19 Aug 2020 17:48:00 GMT
server
LiteSpeed
etag
"9d-5f3d65d0-1031ab;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
157
expires
Tue, 13 Feb 2024 23:51:27 GMT
down-chevron.png
natwonline.weibamg.com/~/files/img/
295 B
360 B
Image
General
Full URL
https://natwonline.weibamg.com/~/files/img/down-chevron.png
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/files/css/npc.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://natwonline.weibamg.com/~/files/css/npc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
last-modified
Wed, 19 Aug 2020 18:20:20 GMT
server
LiteSpeed
etag
"127-5f3d6d64-1031ae;;;"
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
295
expires
Tue, 13 Feb 2024 23:51:27 GMT
RNHouseSansW05-Regular.woff2
natwonline.weibamg.com/~/files/fonts/
21 KB
21 KB
Font
General
Full URL
https://natwonline.weibamg.com/~/files/fonts/RNHouseSansW05-Regular.woff2
Requested by
Host: natwonline.weibamg.com
URL: https://natwonline.weibamg.com/~/files/css/master.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.167.8.228 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
LiteSpeed /
Resource Hash
9be8b2c42ad2d6f7327f62a7d03995a5a4615770154941d59493473186e5140c

Request headers

Referer
https://natwonline.weibamg.com/~/files/css/master.css
Origin
https://natwonline.weibamg.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 23:51:27 GMT
last-modified
Wed, 19 Aug 2020 17:30:10 GMT
server
LiteSpeed
etag
"5444-5f3d61a2-10319d;;;"
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
21572
expires
Tue, 13 Feb 2024 23:51:27 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NatWest (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://natwonline.weibamg.com/~/files/images/li5_outer_frame_top_curve.gif
Message:
Failed to load resource: the server responded with a status of 404 ()