behaves.natwestofshorebanking.com
Open in
urlscan Pro
188.227.107.14
Malicious Activity!
Public Scan
Effective URL: https://behaves.natwestofshorebanking.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvv...
Submission: On April 12 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on April 7th 2023. Valid for: 3 months.
This is the only time behaves.natwestofshorebanking.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 168.220.91.95 168.220.91.95 | 40509 (FLY) (FLY) | |
1 | 52.95.181.29 52.95.181.29 | 16509 (AMAZON-02) (AMAZON-02) | |
1 18 | 188.227.107.14 188.227.107.14 | 208951 (AS-ITGLOB...) (AS-ITGLOBALCOM ITGLOBAL.COM) | |
2 | 2603:1026:300... 2603:1026:3000:148::12 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
20 | 3 |
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.ap-northeast-3.amazonaws.com
09101963.s3.ap-northeast-3.amazonaws.com |
ASN208951 (AS-ITGLOBALCOM ITGLOBAL.COM, NL)
console-console.laguagesturdy.com | |
behaves.natwestofshorebanking.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
natwestofshorebanking.com
1 redirects
behaves.natwestofshorebanking.com |
968 KB |
2 |
live.com
login.live.com — Cisco Umbrella Rank: 98 |
2 KB |
1 |
laguagesturdy.com
console-console.laguagesturdy.com |
724 B |
1 |
amazonaws.com
09101963.s3.ap-northeast-3.amazonaws.com |
8 KB |
1 |
twtr.to
1 redirects
twtr.to |
2 KB |
20 | 5 |
Domain | Requested by | |
---|---|---|
17 | behaves.natwestofshorebanking.com |
1 redirects
09101963.s3.ap-northeast-3.amazonaws.com
behaves.natwestofshorebanking.com |
2 | login.live.com |
behaves.natwestofshorebanking.com
|
1 | console-console.laguagesturdy.com |
09101963.s3.ap-northeast-3.amazonaws.com
|
1 | 09101963.s3.ap-northeast-3.amazonaws.com | |
1 | twtr.to | 1 redirects |
20 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.ap-northeast-3.amazonaws.com Amazon |
2022-09-21 - 2023-08-29 |
a year | crt.sh |
console-console.laguagesturdy.com R3 |
2023-03-27 - 2023-06-25 |
3 months | crt.sh |
behaves.natwestofshorebanking.com R3 |
2023-04-07 - 2023-07-06 |
3 months | crt.sh |
login.live.com DigiCert SHA2 Secure Server CA |
2023-04-02 - 2024-04-02 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://behaves.natwestofshorebanking.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0&sso_reload=true
Frame ID: F4A3B6D89842DD1DE8078DFC6EE18197
Requests: 19 HTTP requests in this frame
Frame:
https://login.live.com/Me.htm?v=3
Frame ID: 53F93A34A27BCF9F1480E7DCA24B7624
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
-
https://twtr.to/k2gm
HTTP 301
https://09101963.s3.ap-northeast-3.amazonaws.com/%D0%BA%D0%BE%D1%88%D0%B8%D0%BA.html?response-content-disposition=inline&X-Am... Page URL
-
https://behaves.natwestofshorebanking.com/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2JlaGF2ZXMub...
HTTP 302
https://behaves.natwestofshorebanking.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f9376527... Page URL
- https://behaves.natwestofshorebanking.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f9376527... Page URL
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://twtr.to/k2gm
HTTP 301
https://09101963.s3.ap-northeast-3.amazonaws.com/%D0%BA%D0%BE%D1%88%D0%B8%D0%BA.html?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjENj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQCLFx%2Btcki9H6pYZ4NhFQracQyQ5pOg6DkkuQQLE1jbBQIgO1SZw%2FFjt%2BW600RU153lUX1HjFxTFnGYGPR7VtVq8Tcq7QIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARACGgwyMDE2ODU2MTg4MjYiDL6T4LCUdz4W8sminirBAjF7%2FZghZ0c6UeSDyG4vod8EC8wYxAJ29KkL%2FHg%2BNHd7jCahcT6rVld4QL0WnD3eTQUKhU8SODQv5Re%2FkW9RalWLmo0Ir978WFTw2dDg9rnafNAiWB4Z038fWYtxQdstf0Knzvej2goHnGlnbl73MUM%2Bfsre7fFI6tHuqfVKPC6yZZQhrh9hUECB4jrbAnKcuEl05eLQ0GFpmEHJ2KgwL0VzkpF%2FrLNVKSQ%2Fdqje3OFQ8VHJVqzu7HYfGkr7hd9arUFLpcosuXnIi72xkSejaVId4ZDPsDnS6e4H%2FZS1eHOq1xOtiPReIekKYvOP4xMLtl1PcyQf5BjDy6Qxx7CiWImF91t9NS46aSp8S2Rdv9JcUcBDUGMGTjCVbfX5pPDCmqHM4dksn%2BP0VrLTvFL02r0mZZ8FUCB3cl3DiLRVgFFHWzCsq9uhBjqzApj2XSUMHXv52FSB3C463ZEij6Zo30qyOpIASYlm7rR34E9t8lNTbgsS80nWEb4Blx2SuJIAkfpjAotMKl0dP3jwlh2mYpvSYz9lTRruDvQiHpiFK4ouxorW8D%2B0KCIuqr%2FA2PYfufkHvicBqslsIeH40lsB06b%2FJ3Z3zlsWnFG9sKxm1jxafABITmh9Q2IKwgVILKTL3xJQaj7UNSB1SfJHm7U%2BS653gZjUY4%2Bjk8Ntxd9mPS7zmYOOzuFr2vFrQ85qiT4IcYguiACulS%2B7S1BwAXoSEGqxFdg%2FNlmb2FcEZYK194U%2BDFjMrryQpxMkaqov5pmMnKhWvKBxa%2FyDyc9xd5nyhfHxhspYKVUEZ8YxiVLAGvz6M1WWKyzNMJnU4Ncg%2FoF1g3JPkursyb5s36Mt4fM%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20230412T160332Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAS55LGKCFFGSBFTWY%2F20230412%2Fap-northeast-3%2Fs3%2Faws4_request&X-Amz-Signature=b3f8f3e6ba7c93301a1c6556189edc96a1878507d90f8f42d0d4582c56125e21 Page URL
-
https://behaves.natwestofshorebanking.com/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2JlaGF2ZXMubmF0d2VzdG9mc2hvcmViYW5raW5nLmNvbSIsImRvbWFpbiI6ImJlaGF2ZXMubmF0d2VzdG9mc2hvcmViYW5raW5nLmNvbSIsImtleSI6IlhtRU14UHZvamVZWSIsInFyYyI6bnVsbCwiaWF0IjoxNjgxMzI2NzQ4LCJleHAiOjE2ODEzMjY4MDh9.zJ_itKu1m056x66F9eM66R_PK3t7z-jlpbWwsPoiKcc
HTTP 302
https://behaves.natwestofshorebanking.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0 Page URL
- https://behaves.natwestofshorebanking.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0&sso_reload=true Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://twtr.to/k2gm HTTP 301
- https://09101963.s3.ap-northeast-3.amazonaws.com/%D0%BA%D0%BE%D1%88%D0%B8%D0%BA.html?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjENj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQCLFx%2Btcki9H6pYZ4NhFQracQyQ5pOg6DkkuQQLE1jbBQIgO1SZw%2FFjt%2BW600RU153lUX1HjFxTFnGYGPR7VtVq8Tcq7QIIwf%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARACGgwyMDE2ODU2MTg4MjYiDL6T4LCUdz4W8sminirBAjF7%2FZghZ0c6UeSDyG4vod8EC8wYxAJ29KkL%2FHg%2BNHd7jCahcT6rVld4QL0WnD3eTQUKhU8SODQv5Re%2FkW9RalWLmo0Ir978WFTw2dDg9rnafNAiWB4Z038fWYtxQdstf0Knzvej2goHnGlnbl73MUM%2Bfsre7fFI6tHuqfVKPC6yZZQhrh9hUECB4jrbAnKcuEl05eLQ0GFpmEHJ2KgwL0VzkpF%2FrLNVKSQ%2Fdqje3OFQ8VHJVqzu7HYfGkr7hd9arUFLpcosuXnIi72xkSejaVId4ZDPsDnS6e4H%2FZS1eHOq1xOtiPReIekKYvOP4xMLtl1PcyQf5BjDy6Qxx7CiWImF91t9NS46aSp8S2Rdv9JcUcBDUGMGTjCVbfX5pPDCmqHM4dksn%2BP0VrLTvFL02r0mZZ8FUCB3cl3DiLRVgFFHWzCsq9uhBjqzApj2XSUMHXv52FSB3C463ZEij6Zo30qyOpIASYlm7rR34E9t8lNTbgsS80nWEb4Blx2SuJIAkfpjAotMKl0dP3jwlh2mYpvSYz9lTRruDvQiHpiFK4ouxorW8D%2B0KCIuqr%2FA2PYfufkHvicBqslsIeH40lsB06b%2FJ3Z3zlsWnFG9sKxm1jxafABITmh9Q2IKwgVILKTL3xJQaj7UNSB1SfJHm7U%2BS653gZjUY4%2Bjk8Ntxd9mPS7zmYOOzuFr2vFrQ85qiT4IcYguiACulS%2B7S1BwAXoSEGqxFdg%2FNlmb2FcEZYK194U%2BDFjMrryQpxMkaqov5pmMnKhWvKBxa%2FyDyc9xd5nyhfHxhspYKVUEZ8YxiVLAGvz6M1WWKyzNMJnU4Ncg%2FoF1g3JPkursyb5s36Mt4fM%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20230412T160332Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAS55LGKCFFGSBFTWY%2F20230412%2Fap-northeast-3%2Fs3%2Faws4_request&X-Amz-Signature=b3f8f3e6ba7c93301a1c6556189edc96a1878507d90f8f42d0d4582c56125e21
- https://behaves.natwestofshorebanking.com/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2JlaGF2ZXMubmF0d2VzdG9mc2hvcmViYW5raW5nLmNvbSIsImRvbWFpbiI6ImJlaGF2ZXMubmF0d2VzdG9mc2hvcmViYW5raW5nLmNvbSIsImtleSI6IlhtRU14UHZvamVZWSIsInFyYyI6bnVsbCwiaWF0IjoxNjgxMzI2NzQ4LCJleHAiOjE2ODEzMjY4MDh9.zJ_itKu1m056x66F9eM66R_PK3t7z-jlpbWwsPoiKcc HTTP 302
- https://behaves.natwestofshorebanking.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
%D0%BA%D0%BE%D1%88%D0%B8%D0%BA.html
09101963.s3.ap-northeast-3.amazonaws.com/ Redirect Chain
|
8 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
console-console.laguagesturdy.com/ |
354 B 724 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cwvjqtkbg
behaves.natwestofshorebanking.com/__//eqooqp/qcwvj2/x2.0/ Redirect Chain
|
153 KB 56 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
reportbssotelemetry
behaves.natwestofshorebanking.com/common/instrumentation/ |
265 B 2 KB |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
cwvjqtkbg
behaves.natwestofshorebanking.com/__//eqooqp/qcwvj2/x2.0/ |
202 KB 53 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ConvergedLogin_PCore_-744lsPEROI34IEVhVkOXg2.js
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/shared/1.0/content/js/ |
673 KB 673 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oneDs_641b1cf809bdc17b42ab.js
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/shared/1.0/content/js/ |
186 KB 60 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/ |
107 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min_dxlgfz8kx1amwm8vpguk7w2.css
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ |
0 20 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ux.converged.login.strings-en.min_9rx-kmbsmdm6rixjlx4bhq2.js
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ |
0 15 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec7.js
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
marching_ants_white_166de53471265253ab3a456defe6da23.gif
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2_bc3d32a696895f78c19df6c717586a5d.svg
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/shared/1.0/content/images/backgrounds/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
marching_ants_white_166de53471265253ab3a456defe6da23.gif
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ Frame 53F9 |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min_dxlgfz8kx1amwm8vpguk7w2.css
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ |
108 KB 20 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ux.converged.login.strings-en.min_9rx-kmbsmdm6rixjlx4bhq2.js
behaves.natwestofshorebanking.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ |
47 KB 14 KB |
Fetch
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_80e93b9a4cb13643afca boolean| __convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec714 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
twtr.to/ | Name: XSRF-TOKEN Value: eyJpdiI6IjhZWjJhcHUxbVRIeGV3Z1hMb01Jd0E9PSIsInZhbHVlIjoiUVpDTHMyeGU0NFFHcGdGSzFETzQ0R3pTbEdFb3RlTTg1S2svQ2lwYVNTd2lTcmkwOGJWVXVwemNvQ2NmMDBiSkJId3hJcWtXVC9pMkd6L1NmajllKzlSZjBnOGNmK3Z6UmZlUGllQm53c0ZJaDZvZnJIVWpVVHE1VXJNWVhiNlAiLCJtYWMiOiIyYzQwYjAwMDA1ZDhlNDkwMzk1MGU4NzhkNzY1NWMzYzYwOTc4NWIyOTU3NDM1NzkwNjU5OWY2OWNmMzYwYjM1IiwidGFnIjoiIn0%3D |
|
twtr.to/ | Name: tly_session Value: eyJpdiI6ImhKV2RaaVI3c2JqeXR2WW9vUVdYenc9PSIsInZhbHVlIjoiNnNQUVFhb1JiMnhNa0FVSWVxTTVZdDAvYmVHTERFd0h3U01SSThWUDhHdXFza09la29lZUxEeEJmNkQrWkh1YXc5a1dxZ3JFNmo2VXBNYTZhVm4zdW5raE0waWZVK1JlMW9HUnl0aHB3UitvRnVTTUNSbVdva3hLb2Z2cGFBZXIiLCJtYWMiOiI5NjEyNmExYjg5Y2QxNDUxOTU3YzQ5NzM1YjA4MDNkYTBkNjRmOTkxNTMyYzgwMzg0Mjc2YzE4YTQ2ZjYzNDFmIiwidGFnIjoiIn0%3D |
|
behaves.natwestofshorebanking.com/ | Name: qPdM Value: XmEMxPvojeYY |
|
behaves.natwestofshorebanking.com/ | Name: qPdM.sig Value: bBu8PL8MZXtqr8hZjA-gZoHC6_g |
|
behaves.natwestofshorebanking.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
behaves.natwestofshorebanking.com/ | Name: stsservicecookie Value: estsfd |
|
.behaves.natwestofshorebanking.com/ | Name: AADSSO Value: NA|NoExtension |
|
behaves.natwestofshorebanking.com/ | Name: SSOCOOKIEPULLED Value: 1 |
|
behaves.natwestofshorebanking.com/ | Name: buid Value: 0.AXMAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA.AQABAAEAAAD--DLA3VO7QrddgJg7WevrwmF1YHmyx0l7_9bMIz3ttSoToDz9U1WNlnLnt3uN7ecT9Q4uDdeqgIgeK-j5qAtwHxzfSdY6MXv-QspA0z_4VCjcNaaeiB29xmremED9fBkgAA |
|
.behaves.natwestofshorebanking.com/ | Name: esctx Value: PAQABAAEAAAD--DLA3VO7QrddgJg7WevraR6v1q2UkqEQC9k6Fq4vuw4tnGNiYVlww7rNzBuKrp8AA8hKgb3L33FSq2SWpnF7O9Hjt_IJJZFKgKnZDiHeo_uyLmIdoKJZ6iuzVqM21-ItTtuEWDyI2TASdHe3KY-u8QjJf_Db2mqkuDz1EN1j4RfSyX3kGkZXyIo_G6bS7M8FMYHl3OmT95M6_jTZ9tcSpUwbOmtABtrIlAoN7ovk2OX-BwKhPsxTrEWsZ6Vg8gQgAA |
|
behaves.natwestofshorebanking.com/ | Name: fpc Value: AqsYH71Cq4tBqEiz8QU_r3m8Ae7AAQAAAJz5yNsOAAAA |
|
.behaves.natwestofshorebanking.com/ | Name: brcap Value: 0 |
|
.login.live.com/ | Name: uaid Value: c46ff2068a494da7bb71df4bb1c684bb |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1681326750&co=2 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
09101963.s3.ap-northeast-3.amazonaws.com
behaves.natwestofshorebanking.com
console-console.laguagesturdy.com
login.live.com
twtr.to
168.220.91.95
188.227.107.14
2603:1026:3000:148::12
52.95.181.29
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
2db2f2ea915f4423171358be6337a68b5b3ed82c63bf3d02433ad4a5046c566a
3410242720de50b090d07a23aee2dad879b31d36f2615732962ec4cfa8a9d458
5f5fbee72883732799d75f6c08679ed8a6e769ae4f3afdcd3721103a481afa80
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
9fe0a5db692ff67c7cd88490a7412c379ae767708e2cf8847d9a915dd6f19141
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
c10e5843fa69d3df24f7fdf86726228cf6dc617aa34fac563f11c3db3dbda588
cc58721894324d6f6f53b7fe4cb0d08f923aa75e52506c0a58d29e4390b7cedd
d4fce084f10223110e52673f09b48ad9dcd8c54c82f4be56425e23760b026afa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f2d994bf9287f21d44abf7e3c5e90ac23f9e916531db125bc26ec7a8942a79c6
f36bbd8a2b786b236385b37cadc7b1fdc2b1d6842e8a531de09eea723d94c6c4