urlscan.io logo urlscan.io
SecurityTrails logo

sec-nat-west-uk.com Open in urlscan Pro
91.215.85.14  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://sec-nat-west-uk.com/apppass/
Effective URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Submission Tags: @ecarlesi threat #phishing #natwest Search All
Submission: On October 18 via api from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 27 HTTP transactions. The main IP is 91.215.85.14, located in Russian Federation and belongs to PROSPERO-AS, RU. The main domain is sec-nat-west-uk.com.
TLS certificate: Issued by R3 on October 17th 2023. Valid for: 3 months.
This is the only time sec-nat-west-uk.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NatWest (Banking)

Domain & IP information

IP Address AS Autonomous System
1 22 91.215.85.14 200593 (PROSPERO-AS)
1 63.140.62.22 15224 (OMNITURE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 178.249.96.144 11054 (LIVEPERSON)
1 2a04:4e42:200... 54113 (FASTLY)
27 6
22    91.215.85.14 (Russian Federation)

ASN200593 (PROSPERO-AS, RU)
sec-nat-west-uk.com
1    63.140.62.22 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-22.data.adobedc.net
sc.natwest.com
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
2    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    178.249.96.144 (United States)

ASN11054 (LIVEPERSON, US)
PTR: lo-prun.liveperson.net
server.lon.liveperson.net
1    2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
Apex Domain
Subdomains		 Transfer
22 sec-nat-west-uk.com
sec-nat-west-uk.com
157 KB
2 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 405
61 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 925
24 KB
1 liveperson.net
server.lon.liveperson.net — Cisco Umbrella Rank: 117887
2 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1183
5 KB
1 natwest.com
sc.natwest.com — Cisco Umbrella Rank: 46067
3 KB
27 6
Domain Requested by
22 sec-nat-west-uk.com 1 redirects sec-nat-west-uk.com
2 ajax.googleapis.com sec-nat-west-uk.com
1 code.jquery.com sec-nat-west-uk.com
1 server.lon.liveperson.net sec-nat-west-uk.com
1 maxcdn.bootstrapcdn.com sec-nat-west-uk.com
1 sc.natwest.com sec-nat-west-uk.com
27 6

This site contains links to these domains. Also see Links.

Domain
www.nwolb.com
www.natwest.com
personal.natwest.com
Subject Issuer Validity Valid
*.sec-nat-west-uk.com
R3		 2023-10-17 -
2024-01-15		 3 months crt.sh
sc.natwest.com
COMODO RSA Organization Validation Secure Server CA		 2023-04-24 -
2024-05-24		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-09-28 -
2023-12-21		 3 months crt.sh
*.lon.liveperson.net
Sectigo RSA Organization Validation Secure Server CA		 2023-07-18 -
2024-07-17		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sec-nat-west-uk.com/apppass/web/Login.php
Frame ID: 1B3BEDCE13E1AAC44F89653D45FFFDA6
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in to Online Banking

Page URL History Show full URLs

  1. https://sec-nat-west-uk.com/apppass/ HTTP 302
    https://sec-nat-west-uk.com/apppass/web/Login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

27
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

252 kB
Transfer

708 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://sec-nat-west-uk.com/apppass/ HTTP 302
    https://sec-nat-west-uk.com/apppass/web/Login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login.php
sec-nat-west-uk.com/apppass/web/
Redirect Chain
  • https://sec-nat-west-uk.com/apppass/
  • https://sec-nat-west-uk.com/apppass/web/Login.php
46 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
f50853b509356e6bd1a2d2b3daa448efb053c300e1cbec4f7ad514d7fa18f7e4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
br
content-length
8775
content-type
text/html; charset=UTF-8
date
Wed, 18 Oct 2023 07:31:10 GMT
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 18 Oct 2023 07:31:10 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
web/Login.php
pragma
no-cache
s05410317064856
sc.natwest.com/b/ss/rbsglobretailprod/10/JS-2.17.0-LAUN/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.natwest.com/b/ss/rbsglobretailprod/10/JS-2.17.0-LAUN/s05410317064856?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=24%2F6%2F2020%2016%3A49%3A34%205%20-120&d.&nsid=0&jsonv=1&.d&sdid=073BF32A890AA090-06C79FED4E95D492&mid=24833925503878875662112414369780850131&aamlh=6&ce=UTF-8&cdp=2&pageName=OLB%3AOnline-Banking%3ELogin%3EIndex%3ELi5&g=www.nwolb.com%2Flogin.aspx&c.&cm.&ssf=0&.cm&.c&cc=GBP&ch=NW%3EOLB&server=eBanking&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=D%3Dch&v2=PERSONAL&v3=LOGIN&v4=D%3Dv3&c5=www.nwolb.com&v5=NatWest&c6=www.nwolb.com%2Flogin.aspx&v9=24833925503878875662112414369780850131&c16=LOGIN&v20=C0001%3D1%2CC0009%3D1%2CC0003%3D1%2CC0002%3D1%2CC0004%3D1%2C&c25=AA%3A2.17.0%7CAT%3A63%7CECID%3A4.5.2%7CAAM%3A4.5.2%7CLAUNCH%3A2020-07-16T13%3A41%3A00Z%7CTS%3Asc.natwest.com&v25=OLB%C2%A0-%C2%A0Login&v29=OLB%3AOnline-Banking%3ELogin%3EIndex%3ELi5&v51=www.nwolb.com%2Flogin.aspx&v55=D%3DpageName&s=1920x1080&c=24&j=1.6&v=N&k=Y&bw=869&bh=969&mcorgid=C50417FE52CB33480A490D4C%40AdobeOrg&AQE=1
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.62.22 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
ip-63-140-62-22.data.adobedc.net
Software
jag /
Resource Hash
b7427b0b434a8f8bec92bf95f63890f94e8dc8d2f03128d757cb29dc4c9c9d0f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-aam-tid
hENHE3FGQdQ=
date
Wed, 18 Oct 2023 07:31:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy"
content-length
2377
x-xss-protection
1; mode=block
dcs
dcs-prod-irl1-2-v052-00ab583a6.edge-irl1.demdex.com 3 ms
pragma
no-cache
last-modified
Thu, 19 Oct 2023 07:31:10 GMT
server
jag
etag
3645598885705744384-4617798153100809593
vary
*
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Tue, 17 Oct 2023 07:31:10 GMT
master.css
sec-nat-west-uk.com/apppass/web/assets/natwest/css/ 		237 KB
43 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/master.css
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
8a70d5540612b97d322f0895b4b0f1f887f6b4f1d7048aa59b64b24caf08ed6d

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 07:31:10 GMT
content-encoding
br
last-modified
Thu, 17 Jun 2021 03:25:58 GMT
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
43443
expires
Wed, 25 Oct 2023 07:31:10 GMT
npc.css
sec-nat-west-uk.com/apppass/web/assets/natwest/css/ 		50 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
a0db40aa6fc77b3c91f831ad2d8b268d5a449e80a006c12072fba1e6d869e49f

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 07:31:10 GMT
content-encoding
br
last-modified
Thu, 17 Jun 2021 03:25:58 GMT
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
9749
expires
Wed, 25 Oct 2023 07:31:10 GMT
overlayPromptMaster.css
sec-nat-west-uk.com/apppass/web/assets/natwest/css/ 		1 KB
497 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/overlayPromptMaster.css
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 07:31:10 GMT
content-encoding
br
last-modified
Thu, 17 Jun 2021 03:25:58 GMT
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
465
expires
Wed, 25 Oct 2023 07:31:10 GMT
overlayPrompt.css
sec-nat-west-uk.com/apppass/web/assets/natwest/css/ 		76 B
105 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/overlayPrompt.css
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
text/css
date
Wed, 18 Oct 2023 07:31:10 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:25:58 GMT
accept-ranges
bytes
content-length
76
expires
Wed, 25 Oct 2023 07:31:10 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/ 		21 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 07:31:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
947
age
1133967
cdn-cachedat
07/16/2022 17:19:32
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:53 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"feda974a77ea5783b8be673f142b7c88"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
673df61a89ed1c75bd7d07837c3d5088
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
200
cf-ray
817f148878923c95-CDG
cdn-requestpullsuccess
True
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 10:19:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
76305
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Oct 2024 10:19:25 GMT
n-w-logo.svg
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/images/n-w-logo.svg
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
668faa210a0e0cabb9aa13a1a6ad4e3b22b0f9cad90c43694ba37a8a4714b0e6

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 07:31:10 GMT
content-encoding
br
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
1585
expires
Wed, 25 Oct 2023 07:31:10 GMT
WebResource.axd
sec-nat-west-uk.com/apppass/web/assets/natwest/misc/ 		23 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/misc/WebResource.axd
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 07:31:10 GMT
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
accept-ranges
bytes
content-length
23063
content-type
application/octet-stream
mm.js
sec-nat-west-uk.com/apppass/web/assets/natwest/js/ 		9 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/js/mm.js
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
59dbe70dc763565da5bb46c6834ae96b67921997158842b0355d2df19b816659

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 07:31:10 GMT
content-encoding
br
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
1692
expires
Wed, 25 Oct 2023 07:31:10 GMT
phising-banner.gif
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/images/phising-banner.gif
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
6e3f933ba8b1b151985088a0f787b3f8596768ef2c8256956c2cd05ee8b1bb55

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
image/gif
date
Wed, 18 Oct 2023 07:31:10 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
accept-ranges
bytes
content-length
14192
expires
Wed, 25 Oct 2023 07:31:10 GMT
FSCS_Protected_Logo.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/images/FSCS_Protected_Logo.png
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
image/png
date
Wed, 18 Oct 2023 07:31:10 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
accept-ranges
bytes
content-length
5679
expires
Wed, 25 Oct 2023 07:31:10 GMT
error-marker.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/images/error-marker.png
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
image/png
date
Wed, 18 Oct 2023 07:31:10 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
accept-ranges
bytes
content-length
1090
expires
Wed, 25 Oct 2023 07:31:10 GMT
RealtimeLogin.js
sec-nat-west-uk.com/apppass/web/assets/natwest/js/ 		3 KB
750 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/js/RealtimeLogin.js
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
8fed25d950a68b39c624682efca2ba8179aef53498ce62af94a999183a464cd6

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/Login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 07:31:10 GMT
content-encoding
br
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
729
expires
Wed, 25 Oct 2023 07:31:10 GMT
Tab-Image-blue.png
server.lon.liveperson.net/visitor/lpDC-LE2/39893241/resources/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://server.lon.liveperson.net/visitor/lpDC-LE2/39893241/resources/Tab-Image-blue.png
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.96.144 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-prun.liveperson.net
Software
ws /
Resource Hash
4edee80ccdd03893c5bd60db9324972dec63b9bc29979fddfdce0e0a89e06bed

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date
Wed, 18 Oct 2023 07:31:11 GMT
Last-Modified
Tue, 12 Sep 2023 09:29:31 GMT
Server
ws
ETag
"65002f7b-4f1"
Access-Control-Allow-Methods
GET, POST, PATCH
Content-Type
image/png
Access-Control-Expose-Headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
Access-Control-Allow-Credentials
true
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
Content-Length
1265
jquery-3.4.1.slim.min.js
code.jquery.com/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.4.1.slim.min.js
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a5ab2a00a0439854f8787a0dda775dea5377ef4905886505c938941d6854ee4f

Request headers

Referer
https://sec-nat-west-uk.com/
Origin
https://sec-nat-west-uk.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 07:31:11 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
2710470
x-cache
MISS, HIT
content-length
24328
x-served-by
cache-lga13626-LGA, cache-lcy-eglc8600054-LCY
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1697614271.005856,VS0,VE0
etag
W/"28feccc0-1157d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
0, 1521
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Mon, 16 Oct 2023 16:21:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
141003
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30774
x-xss-protection
0
last-modified
Mon, 13 May 2019 14:37:17 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 15 Oct 2024 16:21:07 GMT
white-lock.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ 		285 B
304 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/images/white-lock.png
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
image/png
date
Wed, 18 Oct 2023 07:31:10 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
accept-ranges
bytes
content-length
285
expires
Wed, 25 Oct 2023 07:31:10 GMT
RNHouseSansW05-Regular.woff2
sec-nat-west-uk.com/apppass/web/assets/natwest/fonts// 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/fonts//RNHouseSansW05-Regular.woff2
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/master.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
9be8b2c42ad2d6f7327f62a7d03995a5a4615770154941d59493473186e5140c

Request headers

Referer
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/master.css
Origin
https://sec-nat-west-uk.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
font/woff2
date
Wed, 18 Oct 2023 07:31:10 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
accept-ranges
bytes
content-length
21572
expires
Wed, 25 Oct 2023 07:31:10 GMT
li5_outer_frame_top_curve.gif
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ 		915 B
980 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/images/li5_outer_frame_top_curve.gif
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/master.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
34a696b824cb72b7bcbba9eca5d95f67292b7489c3ccd4b9c19dfd36c63c6793

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/master.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
image/gif
date
Wed, 18 Oct 2023 07:31:11 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
accept-ranges
bytes
content-length
915
expires
Wed, 25 Oct 2023 07:31:11 GMT
radio-selected.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/images/radio-selected.png
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
d81db57832f4742b67755f90f8c3d37735cb9f58dbb10e312f931343d27552c6

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
image/png
date
Wed, 18 Oct 2023 07:31:11 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
accept-ranges
bytes
content-length
1633
expires
Wed, 25 Oct 2023 07:31:11 GMT
combined-shape.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ 		359 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/images/combined-shape.png
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
image/png
date
Wed, 18 Oct 2023 07:31:11 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
accept-ranges
bytes
content-length
359
expires
Wed, 25 Oct 2023 07:31:11 GMT
radio-normal.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/images/radio-normal.png
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
1ec277d20cb0b2b9d72322f3cc32d988435978a6a8f72b28e0f8ac8b1bf17a72

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
image/png
date
Wed, 18 Oct 2023 07:31:11 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
accept-ranges
bytes
content-length
1317
expires
Wed, 25 Oct 2023 07:31:11 GMT
check-box.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ 		157 B
176 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/images/check-box.png
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
image/png
date
Wed, 18 Oct 2023 07:31:11 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
accept-ranges
bytes
content-length
157
expires
Wed, 25 Oct 2023 07:31:11 GMT
down-chevron.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ 		295 B
314 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/images/down-chevron.png
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/npc.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
image/png
date
Wed, 18 Oct 2023 07:31:11 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:26:00 GMT
accept-ranges
bytes
content-length
295
expires
Wed, 25 Oct 2023 07:31:11 GMT
RNHouseSansW05-Bold.woff2
sec-nat-west-uk.com/apppass/web/assets/natwest/fonts/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sec-nat-west-uk.com/apppass/web/assets/natwest/fonts/RNHouseSansW05-Bold.woff2
Requested by
Host: sec-nat-west-uk.com
URL: https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/master.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.215.85.14 , Russian Federation, ASN200593 (PROSPERO-AS, RU),
Reverse DNS
Software
/
Resource Hash
ce64c0d35d4ad8fd2fa79ecd45d6db37982940958b7f51448b697bad342ce55b

Request headers

Referer
https://sec-nat-west-uk.com/apppass/web/assets/natwest/css/master.css
Origin
https://sec-nat-west-uk.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type
font/woff2
date
Wed, 18 Oct 2023 07:31:11 GMT
cache-control
public, max-age=604800
last-modified
Thu, 17 Jun 2021 03:25:58 GMT
accept-ranges
bytes
content-length
22184
expires
Wed, 25 Oct 2023 07:31:11 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NatWest (Banking)

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY string| rowCollapsed string| rowExpanded function| setCursor function| emitTrackingCookie function| SplitTrackingPackage function| GetCookieValue function| emitInitialCountCookie object| panelForDisplay object| spanForClick object| nextButton function| toggleVisibility function| forDisplay function| postionNextButtonExpandablePanel function| postionLinksBeneathWizardButtonMobile function| postionExpandablePanelBeneathWizardButtonMobile function| radioSelection

1 Cookies

Domain/Path Name / Value
sec-nat-west-uk.com/ Name: PHPSESSID
Value: 2bab2d1cd354984698f4c70dc8e94913

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
code.jquery.com
maxcdn.bootstrapcdn.com
sc.natwest.com
sec-nat-west-uk.com
server.lon.liveperson.net
178.249.96.144
2606:4700::6812:acf
2a00:1450:4001:827::200a
2a04:4e42:200::649
63.140.62.22
91.215.85.14
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
1ec277d20cb0b2b9d72322f3cc32d988435978a6a8f72b28e0f8ac8b1bf17a72
27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005
34a696b824cb72b7bcbba9eca5d95f67292b7489c3ccd4b9c19dfd36c63c6793
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6
4edee80ccdd03893c5bd60db9324972dec63b9bc29979fddfdce0e0a89e06bed
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79
59dbe70dc763565da5bb46c6834ae96b67921997158842b0355d2df19b816659
668faa210a0e0cabb9aa13a1a6ad4e3b22b0f9cad90c43694ba37a8a4714b0e6
6e3f933ba8b1b151985088a0f787b3f8596768ef2c8256956c2cd05ee8b1bb55
8a70d5540612b97d322f0895b4b0f1f887f6b4f1d7048aa59b64b24caf08ed6d
8fed25d950a68b39c624682efca2ba8179aef53498ce62af94a999183a464cd6
9be8b2c42ad2d6f7327f62a7d03995a5a4615770154941d59493473186e5140c
a0db40aa6fc77b3c91f831ad2d8b268d5a449e80a006c12072fba1e6d869e49f
a5ab2a00a0439854f8787a0dda775dea5377ef4905886505c938941d6854ee4f
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
b7427b0b434a8f8bec92bf95f63890f94e8dc8d2f03128d757cb29dc4c9c9d0f
ce64c0d35d4ad8fd2fa79ecd45d6db37982940958b7f51448b697bad342ce55b
d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082
d81db57832f4742b67755f90f8c3d37735cb9f58dbb10e312f931343d27552c6
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d
f50853b509356e6bd1a2d2b3daa448efb053c300e1cbec4f7ad514d7fa18f7e4
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d