urlscan.io logo urlscan.io
SecurityTrails logo

businesstrading-sa.com Open in urlscan Pro
192.254.235.237  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Submission: On August 06 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 33 HTTP transactions. The main IP is 192.254.235.237, located in Houston, United States and belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US. The main domain is businesstrading-sa.com.
This is the only time businesstrading-sa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NatWest (Banking)

Domain & IP information

IP Address AS Autonomous System
9 192.254.235.237 46606 (UNIFIEDLA...)
19 38 155.136.22.4 21054 (RBSG-UK-A...)
33 3
Apex Domain
Subdomains		 Transfer
38 nwolb.com
www.nwolb.com
online.nwolb.com Failed
chat.nwolb.com Failed
259 KB
9 businesstrading-sa.com
businesstrading-sa.com
59 KB
33 2
Domain Requested by
38 www.nwolb.com 19 redirects businesstrading-sa.com
9 businesstrading-sa.com businesstrading-sa.com
0 chat.nwolb.com Failed www.nwolb.com
0 online.nwolb.com Failed businesstrading-sa.com
www.nwolb.com
33 4

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Frame ID: BBB17496DD9FC4512CCFE675FF749ECB
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

33
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

3
IPs

2
Countries

310 kB
Transfer

340 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www.nwolb.com/Brands/master.css HTTP 307
  • https://www.nwolb.com/Brands/master.css
Request Chain 1
  • https://www.nwolb.com/Brands/jq_styles/datePicker.css HTTP 307
  • https://www.nwolb.com/Brands/jq_styles/datePicker.css
Request Chain 3
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/overlayPromptMaster.css HTTP 307
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/overlayPromptMaster.css
Request Chain 4
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css HTTP 307
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css
Request Chain 7
  • https://www.nwolb.com/brands/NWB/javascript/uf.js HTTP 307
  • https://www.nwolb.com/brands/NWB/javascript/uf.js
Request Chain 9
  • https://www.nwolb.com/brands/NWB/javascript/cco.js HTTP 307
  • https://www.nwolb.com/brands/NWB/javascript/cco.js
Request Chain 12
  • https://www.nwolb.com/brands/NWB/javascript/pa.js HTTP 307
  • https://www.nwolb.com/brands/NWB/javascript/pa.js
Request Chain 13
  • https://www.nwolb.com/brands/NWB/images/logo.png HTTP 307
  • https://www.nwolb.com/brands/NWB/images/logo.png
Request Chain 14
  • https://www.nwolb.com/Brands/RSA_js/json2.js HTTP 307
  • https://www.nwolb.com/Brands/RSA_js/json2.js
Request Chain 15
  • https://www.nwolb.com/Brands/RSA_js/fp_AA.js HTTP 307
  • https://www.nwolb.com/Brands/RSA_js/fp_AA.js
Request Chain 16
  • https://www.nwolb.com/Brands/RSA_js/AC_OETags.js HTTP 307
  • https://www.nwolb.com/Brands/RSA_js/AC_OETags.js
Request Chain 17
  • https://www.nwolb.com/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx HTTP 307
  • https://www.nwolb.com/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx
Request Chain 18
  • https://www.nwolb.com/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx HTTP 307
  • https://www.nwolb.com/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx
Request Chain 19
  • https://www.nwolb.com/Brands/NWB/images/error.gif HTTP 307
  • https://www.nwolb.com/Brands/NWB/images/error.gif
Request Chain 20
  • https://www.nwolb.com/Brands/NWB/css/NPC_auralstyle.css HTTP 307
  • https://www.nwolb.com/Brands/NWB/css/NPC_auralstyle.css
Request Chain 21
  • https://www.nwolb.com/Brands/master_print.css HTTP 307
  • https://www.nwolb.com/Brands/master_print.css
Request Chain 27
  • https://www.nwolb.com/Brands/NWB/images/white-lock.png HTTP 307
  • https://www.nwolb.com/Brands/NWB/images/white-lock.png
Request Chain 30
  • https://www.nwolb.com/Brands/NWB/images/backgrounds/footerBackground.png HTTP 307
  • https://www.nwolb.com/Brands/NWB/images/backgrounds/footerBackground.png
Request Chain 31
  • https://www.nwolb.com/Brands/NWB/images/down_chevron_purple_transparent.gif HTTP 307
  • https://www.nwolb.com/Brands/NWB/images/down_chevron_purple_transparent.gif

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request l0g11n4.php
businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/ 		19 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
192.254.235.237 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash
edb61d454078c7b1e6f1de1662543604209ec954e6f905a7efed79e6d164f8f2

Request headers

Host
businesstrading-sa.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
BBB17496DD9FC4512CCFE675FF749ECB

Response headers

Server
nginx/1.14.0
Date
Mon, 06 Aug 2018 09:51:52 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip
master.css
www.nwolb.com/Brands/
Redirect Chain
  • https://www.nwolb.com/Brands/master.css
  • https://www.nwolb.com/Brands/master.css
157 KB
158 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/master.css
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
393621a7440c90b59a8d680b1df57756590868055d3097d1bd91b99ea3e45ee8
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 22 May 2018 13:58:30 GMT
ETag
"07cff6d4f1d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
161104
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/master.css
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
datePicker.css
www.nwolb.com/Brands/jq_styles/
Redirect Chain
  • https://www.nwolb.com/Brands/jq_styles/datePicker.css
  • https://www.nwolb.com/Brands/jq_styles/datePicker.css
2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/jq_styles/datePicker.css
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
14714f651128eff786763144294b0e7c67529d317ac5371632bbf8fb659866ff
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:42 GMT
ETag
"08ba2d011ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
2384
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/jq_styles/datePicker.css
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
npc_new.css
businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/ 		36 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/npc_new.css
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
192.254.235.237 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash
ba004e1f088f44a5cc457c94b2dd11d9057a963c5433793ee0d52ca8ae52fbed

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
businesstrading-sa.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Connection
keep-alive
Cache-Control
no-cache
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:52 GMT
Content-Encoding
gzip
Last-Modified
Fri, 20 Nov 2015 02:36:28 GMT
Server
nginx/1.14.0
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/css
overlayPromptMaster.css
www.nwolb.com/promptResources/templates/overlayTemplate/
Redirect Chain
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/overlayPromptMaster.css
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/overlayPromptMaster.css
2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/promptResources/templates/overlayTemplate/overlayPromptMaster.css
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
643d4d52a1a24515822f6a30683f901bb5dd16c251d88caece27ab2713457272
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:50 GMT
ETag
"03f67d511ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
1538
X-XSS-Protection
1; mode=block

Redirect headers

Location
/promptResources/templates/overlayTemplate/overlayPromptMaster.css
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
overlayPrompt.css
www.nwolb.com/promptResources/templates/overlayTemplate/NPC/
Redirect Chain
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css
  • https://www.nwolb.com/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css
76 B
809 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:50 GMT
ETag
"03f67d511ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
76
X-XSS-Protection
1; mode=block

Redirect headers

Location
/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
autoTab.js
businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/Brands/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/Brands/autoTab.js
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
192.254.235.237 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
businesstrading-sa.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Connection
keep-alive
Cache-Control
no-cache
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Aug 2016 00:32:57 GMT
Server
nginx/1.14.0
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html
common.aspx
businesstrading-sa.com/Brands/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://businesstrading-sa.com/Brands/common.aspx
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
192.254.235.237 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
businesstrading-sa.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Connection
keep-alive
Cache-Control
no-cache
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Aug 2016 00:32:57 GMT
Server
nginx/1.14.0
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html
uf.js
www.nwolb.com/brands/NWB/javascript/
Redirect Chain
  • https://www.nwolb.com/brands/NWB/javascript/uf.js
  • https://www.nwolb.com/brands/NWB/javascript/uf.js
300 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/brands/NWB/javascript/uf.js
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
a38958b32ba95fee237f93b7ee6b7d79a3f44991b91140bb26c00b50986449fc
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:34 GMT
ETag
"0d7ddcb11ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
300
X-XSS-Protection
1; mode=block

Redirect headers

Location
/brands/NWB/javascript/uf.js
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
align.js
online.nwolb.com/92121272/ 		0
0
cco.js
www.nwolb.com/brands/NWB/javascript/
Redirect Chain
  • https://www.nwolb.com/brands/NWB/javascript/cco.js
  • https://www.nwolb.com/brands/NWB/javascript/cco.js
297 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/brands/NWB/javascript/cco.js
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
b2b4b6846b6b9a6a452e4cefd94ccc4c1ea10a7321e293a18d0189f11ffd2a73
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:34 GMT
ETag
"0d7ddcb11ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
297
X-XSS-Protection
1; mode=block

Redirect headers

Location
/brands/NWB/javascript/cco.js
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
cc.js
online.nwolb.com/92121272/ 		0
0
mm.aspx
businesstrading-sa.com/Brands/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://businesstrading-sa.com/Brands/mm.aspx
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
192.254.235.237 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
businesstrading-sa.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Connection
keep-alive
Cache-Control
no-cache
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Aug 2016 00:32:57 GMT
Server
nginx/1.14.0
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html
pa.js
www.nwolb.com/brands/NWB/javascript/
Redirect Chain
  • https://www.nwolb.com/brands/NWB/javascript/pa.js
  • https://www.nwolb.com/brands/NWB/javascript/pa.js
333 B
886 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/brands/NWB/javascript/pa.js
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
c9e4522e86885da59438d09c797f1c443d96254544e1e17d01f4af1757bbf1d7
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:34 GMT
ETag
"0d7ddcb11ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
333
X-XSS-Protection
1; mode=block

Redirect headers

Location
/brands/NWB/javascript/pa.js
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
logo.png
www.nwolb.com/brands/NWB/images/
Redirect Chain
  • https://www.nwolb.com/brands/NWB/images/logo.png
  • https://www.nwolb.com/brands/NWB/images/logo.png
3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nwolb.com/brands/NWB/images/logo.png
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
917942589e5b140755ee83bb4720ca9c1bbf7705f44f51a78ba1ffa635420c50
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:34 GMT
ETag
"0d7ddcb11ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
3053
X-XSS-Protection
1; mode=block

Redirect headers

Location
/brands/NWB/images/logo.png
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
json2.js
www.nwolb.com/Brands/RSA_js/
Redirect Chain
  • https://www.nwolb.com/Brands/RSA_js/json2.js
  • https://www.nwolb.com/Brands/RSA_js/json2.js
18 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/RSA_js/json2.js
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
e50cc902a05bb6110e91fe68ca2ddc4514ff5f750eb5bc7a5bed41ab03ef805c
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:22 GMT
ETag
"0c9b6c411ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
18014
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/RSA_js/json2.js
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
fp_AA.js
www.nwolb.com/Brands/RSA_js/
Redirect Chain
  • https://www.nwolb.com/Brands/RSA_js/fp_AA.js
  • https://www.nwolb.com/Brands/RSA_js/fp_AA.js
36 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/RSA_js/fp_AA.js
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
97426436d894e8f402ad4d5fc6c3653edec6dc5bcf752a5e24af0b5e47d037e0
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:22 GMT
ETag
"0c9b6c411ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
36568
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/RSA_js/fp_AA.js
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
AC_OETags.js
www.nwolb.com/Brands/RSA_js/
Redirect Chain
  • https://www.nwolb.com/Brands/RSA_js/AC_OETags.js
  • https://www.nwolb.com/Brands/RSA_js/AC_OETags.js
8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/RSA_js/AC_OETags.js
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
63b78589ca0305eca8f18cdf0e73f17cebfc346b2f0d7cd6824e90cee70a66d9
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:22 GMT
ETag
"0c9b6c411ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
7812
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/RSA_js/AC_OETags.js
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
rsaHiddenInputFieldsjs.aspx
www.nwolb.com/Brands/RSA_js/
Redirect Chain
  • https://www.nwolb.com/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx
  • https://www.nwolb.com/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx
1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
0b3814286eb706aea1103ccddf0abcaf0e2c9ccd1e2ed228d7ce0a951a230bba
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:52 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript; charset=utf-8
Cache-Control
private
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Length
1223
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
rsaDetectAndRunFlashObjectjs.aspx
www.nwolb.com/Brands/RSA_js/
Redirect Chain
  • https://www.nwolb.com/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx
  • https://www.nwolb.com/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx
979 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
16878183d3c4205deaefa1341df748978683e066350f5c6466285c2a9e90aa43
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:52 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript; charset=utf-8
Cache-Control
private
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Length
979
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
error.gif
www.nwolb.com/Brands/NWB/images/
Redirect Chain
  • https://www.nwolb.com/Brands/NWB/images/error.gif
  • https://www.nwolb.com/Brands/NWB/images/error.gif
111 B
683 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nwolb.com/Brands/NWB/images/error.gif
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
48827d7cb1ec7b7d7eacf3d9a8285aa25a006511a29da0223da8b919b903042b
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:32 GMT
ETag
"0aaacca11ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
111
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/NWB/images/error.gif
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
NPC_auralstyle.css
www.nwolb.com/Brands/NWB/css/
Redirect Chain
  • https://www.nwolb.com/Brands/NWB/css/NPC_auralstyle.css
  • https://www.nwolb.com/Brands/NWB/css/NPC_auralstyle.css
515 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/NWB/css/NPC_auralstyle.css
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
04c45c81e1298e703f3bde9cec27446450294330ae06bd24c9f9343b264462e9
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:34 GMT
ETag
"0d7ddcb11ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
515
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/NWB/css/NPC_auralstyle.css
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
master_print.css
www.nwolb.com/Brands/
Redirect Chain
  • https://www.nwolb.com/Brands/master_print.css
  • https://www.nwolb.com/Brands/master_print.css
6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nwolb.com/Brands/master_print.css
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
12cfa7590808502c9f0d4884851103148158174989fbdacc2497458f61bffbc0
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 24 May 2018 12:35:04 GMT
ETag
"08cd3a35bf3d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
5915
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/master_print.css
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
common.aspx
businesstrading-sa.com/Brands/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://businesstrading-sa.com/Brands/common.aspx
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
192.254.235.237 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
businesstrading-sa.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Connection
keep-alive
Cache-Control
no-cache
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Aug 2016 00:32:57 GMT
Server
nginx/1.14.0
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html
align.js
online.nwolb.com/92121272/ 		0
0
cc.js
online.nwolb.com/92121272/ 		0
0
mm.aspx
businesstrading-sa.com/Brands/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://businesstrading-sa.com/Brands/mm.aspx
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
192.254.235.237 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
businesstrading-sa.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Connection
keep-alive
Cache-Control
no-cache
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Aug 2016 00:32:57 GMT
Server
nginx/1.14.0
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html
bottom.js
chat.nwolb.com/nwbpwebassets/ 		0
0
white-lock.png
www.nwolb.com/Brands/NWB/images/
Redirect Chain
  • https://www.nwolb.com/Brands/NWB/images/white-lock.png
  • https://www.nwolb.com/Brands/NWB/images/white-lock.png
285 B
857 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nwolb.com/Brands/NWB/images/white-lock.png
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/npc_new.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:32 GMT
ETag
"0aaacca11ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
285
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/NWB/images/white-lock.png
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
RNHouseSansW01-Regular.woff
businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/fonts/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/fonts/RNHouseSansW01-Regular.woff
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
192.254.235.237 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash
faec2bd1524ea1127fb1a6fa6f9cc3af135442f296c125851d9d2398c7d1368a

Request headers

Pragma
no-cache
Origin
http://businesstrading-sa.com
Accept-Encoding
gzip, deflate
Host
businesstrading-sa.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/npc_new.css
Connection
keep-alive
Cache-Control
no-cache
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/npc_new.css
Origin
http://businesstrading-sa.com

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
Last-Modified
Fri, 20 Nov 2015 02:27:24 GMT
Server
nginx/1.14.0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22688
Content-Type
application/x-font-woff
RNHouseSansW01-Bold.woff
businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/fonts/RNHouseSansW01-Bold.woff
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
192.254.235.237 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash
dbc1cad17ed91a5684d115f609df37622969737bc3a0db64c7e8b8c20b994e30

Request headers

Pragma
no-cache
Origin
http://businesstrading-sa.com
Accept-Encoding
gzip, deflate
Host
businesstrading-sa.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/npc_new.css
Connection
keep-alive
Cache-Control
no-cache
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/npc_new.css
Origin
http://businesstrading-sa.com

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
Last-Modified
Fri, 20 Nov 2015 02:26:26 GMT
Server
nginx/1.14.0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
23120
Content-Type
application/x-font-woff
footerBackground.png
www.nwolb.com/Brands/NWB/images/backgrounds/
Redirect Chain
  • https://www.nwolb.com/Brands/NWB/images/backgrounds/footerBackground.png
  • https://www.nwolb.com/Brands/NWB/images/backgrounds/footerBackground.png
4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nwolb.com/Brands/NWB/images/backgrounds/footerBackground.png
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
682df64974058b47f875e3e8c904ad1b28325a9b37e30b0735b7bd057b61be9a
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/npc_new.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:28 GMT
ETag
"0504ac811ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
4167
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/NWB/images/backgrounds/footerBackground.png
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html
down_chevron_purple_transparent.gif
www.nwolb.com/Brands/NWB/images/
Redirect Chain
  • https://www.nwolb.com/Brands/NWB/images/down_chevron_purple_transparent.gif
  • https://www.nwolb.com/Brands/NWB/images/down_chevron_purple_transparent.gif
843 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nwolb.com/Brands/NWB/images/down_chevron_purple_transparent.gif
Requested by
Host: businesstrading-sa.com
URL: http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/l0g11n4.php?r3=0983294528309402CFBF5&
Protocol
HTTP/1.1
Server
155.136.22.4 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB),
Reverse DNS
Software
/
Resource Hash
58ac97186d61e424878863f9cb1258c1f04eb1016f6ab11359f97994b758955c
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://businesstrading-sa.com/login/personal/nwbank/verify/WaL0eHW/1/npc_new.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 06 Aug 2018 09:51:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 27 Apr 2018 10:23:32 GMT
ETag
"0aaacca11ded31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
max-age=900
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
843
X-XSS-Protection
1; mode=block

Redirect headers

Location
/Brands/NWB/images/down_chevron_purple_transparent.gif
Cache-Control
no-store, must-revalidate, no-cache, max-age=0
P3P
CP="{}"
Content-Length
0
Content-Type
text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
online.nwolb.com
URL
https://online.nwolb.com/92121272/align.js
Domain
online.nwolb.com
URL
https://online.nwolb.com/92121272/cc.js
Domain
online.nwolb.com
URL
http://online.nwolb.com/92121272/align.js
Domain
online.nwolb.com
URL
http://online.nwolb.com/92121272/cc.js
Domain
chat.nwolb.com
URL
http://chat.nwolb.com/nwbpwebassets/bottom.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NatWest (Banking)

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| nww function| Hashtable function| startsWith function| DomDataCollection function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| Timer function| getRandomPort object| ProxyCollector function| BlackberryLocationCollector function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint string| HTML5 string| BLACKBERRY string| UNDEFINED string| GEO_LOCATION_DEFAULT_STRUCT object| geoLocator boolean| geoLocatorStatus function| detectDeviceCollectionAPIMode function| init function| startCollection function| stopCollection function| getGeolocationStruct function| HTML5LocationCollector object| UIEventCollector function| UIEvent function| InteractionElement function| UIElementList function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| convertTimestampToGMT function| getTimestampInMillis function| debug function| forceIE89Synchronicity boolean| isIE boolean| isWin boolean| isOpera function| ControlVersion function| GetSwfVer function| DetectFlashVer function| AC_AddExtension function| AC_Generateobj function| AC_FL_RunContent function| AC_GetArgs string| xForwardIpAddress

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

businesstrading-sa.com
chat.nwolb.com
online.nwolb.com
www.nwolb.com
chat.nwolb.com
online.nwolb.com
155.136.22.4
192.254.235.237
04c45c81e1298e703f3bde9cec27446450294330ae06bd24c9f9343b264462e9
0b3814286eb706aea1103ccddf0abcaf0e2c9ccd1e2ed228d7ce0a951a230bba
12cfa7590808502c9f0d4884851103148158174989fbdacc2497458f61bffbc0
14714f651128eff786763144294b0e7c67529d317ac5371632bbf8fb659866ff
16878183d3c4205deaefa1341df748978683e066350f5c6466285c2a9e90aa43
393621a7440c90b59a8d680b1df57756590868055d3097d1bd91b99ea3e45ee8
48827d7cb1ec7b7d7eacf3d9a8285aa25a006511a29da0223da8b919b903042b
58ac97186d61e424878863f9cb1258c1f04eb1016f6ab11359f97994b758955c
63b78589ca0305eca8f18cdf0e73f17cebfc346b2f0d7cd6824e90cee70a66d9
643d4d52a1a24515822f6a30683f901bb5dd16c251d88caece27ab2713457272
682df64974058b47f875e3e8c904ad1b28325a9b37e30b0735b7bd057b61be9a
917942589e5b140755ee83bb4720ca9c1bbf7705f44f51a78ba1ffa635420c50
97426436d894e8f402ad4d5fc6c3653edec6dc5bcf752a5e24af0b5e47d037e0
a38958b32ba95fee237f93b7ee6b7d79a3f44991b91140bb26c00b50986449fc
b2b4b6846b6b9a6a452e4cefd94ccc4c1ea10a7321e293a18d0189f11ffd2a73
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
ba004e1f088f44a5cc457c94b2dd11d9057a963c5433793ee0d52ca8ae52fbed
c9e4522e86885da59438d09c797f1c443d96254544e1e17d01f4af1757bbf1d7
dbc1cad17ed91a5684d115f609df37622969737bc3a0db64c7e8b8c20b994e30
e50cc902a05bb6110e91fe68ca2ddc4514ff5f750eb5bc7a5bed41ab03ef805c
edb61d454078c7b1e6f1de1662543604209ec954e6f905a7efed79e6d164f8f2
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee
faec2bd1524ea1127fb1a6fa6f9cc3af135442f296c125851d9d2398c7d1368a