urlscan.io logo urlscan.io
SecurityTrails logo

worldwateralliance.net Open in urlscan Pro
192.163.223.75  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://gesare.net/plugins/content/8924892/
Effective URL: https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhM...
Submission: On April 17 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 22 HTTP transactions. The main IP is 192.163.223.75, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is worldwateralliance.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 1st 2020. Valid for: 3 months.
This is the only time worldwateralliance.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Tesco Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 205.144.171.15 7296 (ALCHEMYNET)
1 52.239.130.132 8075 (MICROSOFT...)
1 2 192.163.223.75 46606 (UNIFIEDLA...)
5 107.162.141.31 55002 (DEFENSE-NET)
6 18.197.253.20 16509 (AMAZON-02)
22 6
1    205.144.171.15 (Fort Worth, United States)

ASN7296 (ALCHEMYNET, US)
PTR: 205-144-171-15.alchemy.net
gesare.net
1    52.239.130.132 (Sydney, Australia)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
jdh7823hui.blob.core.windows.net
2    192.163.223.75 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: server.thisismylifeplan.com
worldwateralliance.net
5    107.162.141.31 (United States)

ASN55002 (DEFENSE-NET, US)
identity.tescobank.com
6    18.197.253.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
nexus.ensighten.com
Domain Requested by
6 nexus.ensighten.com worldwateralliance.net
nexus.ensighten.com
5 identity.tescobank.com worldwateralliance.net
2 worldwateralliance.net 1 redirects
1 jdh7823hui.blob.core.windows.net
1 gesare.net
22 5

This site contains links to these domains. Also see Links.

Domain
www.tescobank.com
Subject Issuer Validity Valid
*.blob.core.windows.net
Microsoft IT TLS CA 5		 2020-04-04 -
2022-04-04		 2 years crt.sh
worldwateralliance.net
Let's Encrypt Authority X3		 2020-03-01 -
2020-05-30		 3 months crt.sh
identity.tescobank.com
Entrust Certification Authority - L1M		 2019-07-15 -
2021-07-15		 2 years crt.sh
nexus.ensighten.com
DigiCert SHA2 Secure Server CA		 2019-10-03 -
2020-10-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
Frame ID: 75DA7222D339BAC02FD8DECE7999BDEC
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://gesare.net/plugins/content/8924892/ Page URL
  2. https://jdh7823hui.blob.core.windows.net/hger674uywej/AbV.html Page URL
  3. https://worldwateralliance.net/wp-content/upgrade/98438924/t3/ HTTP 302
    https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPw... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /\/\/nexus\.ensighten\.com\//i

Page Statistics

22
Requests

59 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

659 kB
Transfer

881 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://gesare.net/plugins/content/8924892/ Page URL
  2. https://jdh7823hui.blob.core.windows.net/hger674uywej/AbV.html Page URL
  3. https://worldwateralliance.net/wp-content/upgrade/98438924/t3/ HTTP 302
    https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
gesare.net/plugins/content/8924892/ 		142 B
580 B 		Document
General
Check archive.org
Download Go to
Full URL
http://gesare.net/plugins/content/8924892/
Protocol
HTTP/1.1
Server
205.144.171.15 Fort Worth, United States, ASN7296 (ALCHEMYNET, US),
Reverse DNS
205-144-171-15.alchemy.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
fb3a88f761c9fcbcf81c654ebab80ea692cd0f0abb8bdab664ec2ad7aa8e7585

Request headers

Host
gesare.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control
max-age=31536000
Content-Type
text/html
Content-Encoding
gzip
Last-Modified
Fri, 17 Apr 2020 09:51:16 GMT
Accept-Ranges
bytes
ETag
"04290bc9d14d61:0"
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Date
Fri, 17 Apr 2020 20:19:37 GMT
Content-Length
253
AbV.html
jdh7823hui.blob.core.windows.net/hger674uywej/ 		142 B
545 B 		Document
General
Check archive.org
Download Go to
Full URL
https://jdh7823hui.blob.core.windows.net/hger674uywej/AbV.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.130.132 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
2b462abfd66d375262e48b2df6666e98d06cc5ff715bbd08813aa30c5525a50a

Request headers

Host
jdh7823hui.blob.core.windows.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://gesare.net/plugins/content/8924892/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://gesare.net/plugins/content/8924892/

Response headers

Content-Length
142
Content-Type
text/html
Content-MD5
NApZWQDvfAKy3FFZGfz5Qw==
Last-Modified
Fri, 17 Apr 2020 09:58:17 GMT
ETag
0x8D7E2B5D9FD355C
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id
c459dce7-d01e-002b-33f5-1489d5000000
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 17 Apr 2020 20:19:38 GMT
Primary Request adapter2ping.php
worldwateralliance.net/wp-content/upgrade/98438924/t3/
Redirect Chain
  • https://worldwateralliance.net/wp-content/upgrade/98438924/t3/
  • https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhh...
26 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
192.163.223.75 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.thisismylifeplan.com
Software
Apache /
Resource Hash
11c39ec0b3a9ece007529784a5a50b22c2dd5ca129c0fd4a927009a3b9232881

Request headers

Host
worldwateralliance.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://jdh7823hui.blob.core.windows.net/hger674uywej/AbV.html
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://jdh7823hui.blob.core.windows.net/hger674uywej/AbV.html

Response headers

Date
Fri, 17 Apr 2020 20:19:54 GMT
Server
Apache
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Fri, 17 Apr 2020 20:19:52 GMT
Server
Apache
Location
adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
main.css
identity.tescobank.com/afm/responsive-assets/css/ 		67 KB
68 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://identity.tescobank.com/afm/responsive-assets/css/main.css
Requested by
Host: worldwateralliance.net
URL: https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.141.31 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
f2253a711311f0d5387774ef1ee55d55ed9be6ac57377cddcdf8493d3e736c76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 17 Apr 2020 20:19:44 GMT
Via
1.1 fra1-bit16
Last-Modified
Tue, 21 Jan 2020 15:13:20 GMT
X-Frame-Options
DENY
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Content-Type
text/css
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
68802
X-XSS-Protection
1; mode=block
main-head.js
identity.tescobank.com/afm/responsive-assets/js/ 		6 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://identity.tescobank.com/afm/responsive-assets/js/main-head.js
Requested by
Host: worldwateralliance.net
URL: https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.141.31 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
8d35b501f26f589c0d80acd752cf6c0831f7aaf1d8c70323fb0d808a56dec854
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 17 Apr 2020 20:19:44 GMT
Via
1.1 fra1-bit16
Last-Modified
Tue, 21 Jan 2020 15:13:20 GMT
X-Frame-Options
DENY
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Content-Type
application/javascript
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5842
X-XSS-Protection
1; mode=block
Bootstrap.js
nexus.ensighten.com/tescobank/brochureware/ 		122 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/tescobank/brochureware/Bootstrap.js
Requested by
Host: worldwateralliance.net
URL: https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
fe24f31b3154797b12cb01c67f83a6302f754db6a9635b5a83f3828e1f09edeb

Request headers

Referer
https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 17 Apr 2020 20:19:44 GMT
content-encoding
gzip
last-modified
Thu, 16 Apr 2020 10:01:15 GMT
server
nginx
etag
W/"5e982ceb-1e9ec"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=300
vendors~app~main.js
identity.tescobank.com/afm/responsive-assets/js/ 		239 KB
240 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://identity.tescobank.com/afm/responsive-assets/js/vendors~app~main.js
Requested by
Host: worldwateralliance.net
URL: https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.141.31 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
4dc3aaaf31da69ff314bcc5a11a10b2f06c937a9d6720ae3a35fd19c3194ad9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 17 Apr 2020 20:19:44 GMT
Via
1.1 fra1-bit16
Last-Modified
Tue, 21 Jan 2020 15:13:20 GMT
X-Frame-Options
DENY
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Content-Type
application/javascript
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
244350
X-XSS-Protection
1; mode=block
vendors~main.js
identity.tescobank.com/afm/responsive-assets/js/ 		141 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://identity.tescobank.com/afm/responsive-assets/js/vendors~main.js
Requested by
Host: worldwateralliance.net
URL: https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.141.31 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
b8cbd7b1fdfd6b3dbb2afbe011061ce54384d398bc21859ed4ec63d12557f37b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 17 Apr 2020 20:19:44 GMT
Via
1.1 fra1-bit16
Last-Modified
Tue, 21 Jan 2020 15:13:20 GMT
X-Frame-Options
DENY
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Content-Type
application/javascript
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
144238
X-XSS-Protection
1; mode=block
main.js
identity.tescobank.com/afm/responsive-assets/js/ 		96 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://identity.tescobank.com/afm/responsive-assets/js/main.js
Requested by
Host: worldwateralliance.net
URL: https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.141.31 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
51c83ab8103e75b44e03c31026f454974a489371514edea82845c89773d3ff52
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 17 Apr 2020 20:19:44 GMT
Via
1.1 fra1-bit16
Last-Modified
Tue, 21 Jan 2020 15:13:20 GMT
X-Frame-Options
DENY
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Content-Type
application/javascript
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
98030
X-XSS-Protection
1; mode=block
Bootstrap.js
nexus.ensighten.com/tescobank/privacy/ 		169 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/tescobank/privacy/Bootstrap.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tescobank/brochureware/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
960b7b281877907095a8e1f2a08d7f2f8f2f199cf32b809fb69f34ae9dcb2b54

Request headers

Referer
https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Fri, 17 Apr 2020 20:19:45 GMT
content-encoding
gzip
last-modified
Tue, 17 Mar 2020 11:42:52 GMT
server
nginx
etag
W/"5e70b7bc-2a5be"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=300
serverComponent.php
nexus.ensighten.com/tescobank/brochureware/ 		480 B
622 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/tescobank/brochureware/serverComponent.php?r=762646.379616618&ClientID=746&PageID=https%3A%2F%2Fworldwateralliance.net%2Fwp-content%2Fupgrade%2F98438924%2Ft3%2Fadapter2ping.php%3FSNAD%3DQwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn%26tms_env%3Dprod%26document_referrer%3Dnon_OMG
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tescobank/brochureware/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6c66b21de92070cce44d0599759fca7cf18e8fb51163acaa3747f356b402c4a5

Request headers

Referer
https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 17 Apr 2020 20:19:45 GMT
cache-control
no-cache, no-store
server
nginx
content-type
text/javascript
content-length
480
expires
Fri, 17 Apr 2020 20:19:44 GMT
e.gif
nexus.ensighten.com/error/ 		0
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nexus.ensighten.com/error/e.gif?msg=Cannot%20read%20property%20%27getItem%27%20of%20null&lnn=-1&fn=&cid=746&client=tescobank&publishPath=privacy&rid=3199580&did=542402&errorName=TypeError
Requested by
Host: worldwateralliance.net
URL: https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
date
Fri, 17 Apr 2020 20:19:45 GMT
cache-control
no-cache, no-store
server
nginx
expires
Fri, 17 Apr 2020 20:19:44 GMT
TESCOModern-Regular-web.woff2
identity.tescobank.com/afm/responsive-assets/font/TescoModern/ 		0
0
TESCOModern-Bold-web.woff2
identity.tescobank.com/afm/responsive-assets/font/TescoModern/ 		0
0
TESCOModern-Light-web.woff2
identity.tescobank.com/afm/responsive-assets/font/TescoModern/ 		0
0
TESCOModern-Medium-web.woff2
identity.tescobank.com/afm/responsive-assets/font/TescoModern/ 		0
0
3937a5c9251b77351bfbf114b449cbe5.js
nexus.ensighten.com/tescobank/brochureware/code/ 		8 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/tescobank/brochureware/code/3937a5c9251b77351bfbf114b449cbe5.js?conditionId0=423155
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tescobank/brochureware/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1dd88c1b04ca599e174b2b0f463063a0a499a8d8d08a11a8b1fdf72b79bf6d3e

Request headers

Referer
https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 17 Apr 2020 20:19:45 GMT
content-encoding
gzip
last-modified
Tue, 07 May 2019 09:54:28 GMT
server
nginx
etag
W/"5cd155d4-1e51"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
bf24749f05f98389d148459b60206b5d.js
nexus.ensighten.com/tescobank/brochureware/code/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/tescobank/brochureware/code/bf24749f05f98389d148459b60206b5d.js?conditionId0=348657
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tescobank/brochureware/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cd3de1e24553013f7dd10f06194d8984462367456ad3bd31cf7c4604ba6935a1

Request headers

Referer
https://worldwateralliance.net/wp-content/upgrade/98438924/t3/adapter2ping.php?SNAD=QwoOxDRqyM1GBIkSaczZCPwOLkhJxKvnhUcOx3f6QhMrZ7kajTaWJGKv12eyMKV4F8Scb8j1p6tpdOzxHKtrqeWrhb04WW8B41Of97hydLXrzxYhhsIIHFaYQa2M6aoabcqljITxtRY2oXkGq2o7Hy5yI7kPiIZuVqPe8IMBAKEYIYF813fJClhktCaLl9fgz4vHNhjn2XmKW1TY58HHuZ2XBcJXmYdV3IDR0Wf2UBNRDGPJPxqjwth8G052ZjY22CT2z85tKSloza7oHyHe2ZmIZsKYLJ1NlUQU3VoOOJdn
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 17 Apr 2020 20:19:45 GMT
content-encoding
gzip
last-modified
Tue, 07 May 2019 09:54:28 GMT
server
nginx
etag
W/"5cd155d4-1bf9"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
TESCOModern-Regular-web.woff
identity.tescobank.com/afm/responsive-assets/font/TescoModern/ 		0
0
TESCOModern-Bold-web.woff
identity.tescobank.com/afm/responsive-assets/font/TescoModern/ 		0
0
TESCOModern-Light-web.woff
identity.tescobank.com/afm/responsive-assets/font/TescoModern/ 		0
0
TESCOModern-Medium-web.woff
identity.tescobank.com/afm/responsive-assets/font/TescoModern/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
identity.tescobank.com
URL
https://identity.tescobank.com/afm/responsive-assets/font/TescoModern/TESCOModern-Regular-web.woff2
Domain
identity.tescobank.com
URL
https://identity.tescobank.com/afm/responsive-assets/font/TescoModern/TESCOModern-Bold-web.woff2
Domain
identity.tescobank.com
URL
https://identity.tescobank.com/afm/responsive-assets/font/TescoModern/TESCOModern-Light-web.woff2
Domain
identity.tescobank.com
URL
https://identity.tescobank.com/afm/responsive-assets/font/TescoModern/TESCOModern-Medium-web.woff2
Domain
identity.tescobank.com
URL
https://identity.tescobank.com/afm/responsive-assets/font/TescoModern/TESCOModern-Regular-web.woff
Domain
identity.tescobank.com
URL
https://identity.tescobank.com/afm/responsive-assets/font/TescoModern/TESCOModern-Bold-web.woff
Domain
identity.tescobank.com
URL
https://identity.tescobank.com/afm/responsive-assets/font/TescoModern/TESCOModern-Light-web.woff
Domain
identity.tescobank.com
URL
https://identity.tescobank.com/afm/responsive-assets/font/TescoModern/TESCOModern-Medium-web.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tesco Bank (Banking)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| Modernizr object| ensBootstraps object| Bootstrapper function| $data function| $getData number| _delay function| _log object| _enslog string| key string| k object| ensPrivacyBootstrap string| alwaysServePrivacy object| ensClientConfig object| ensLogger boolean| ensBrowserSupported object| cookieManager object| webpackJsonp object| regeneratorRuntime object| tbp function| $ function| jQuery object| TB function| injectPrivacyModal

0 Cookies