sec-nat-west-uk.com
Open in
urlscan Pro
91.215.85.14
Malicious Activity!
Public Scan
Effective URL: https://sec-nat-west-uk.com/apppass/web/Login.php
Submission Tags: @ecarlesi threat #phishing #natwest Search All
Submission: On October 18 via api from FR — Scanned from FR
Summary
TLS certificate: Issued by R3 on October 17th 2023. Valid for: 3 months.
This is the only time sec-nat-west-uk.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NatWest (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 22 | 91.215.85.14 91.215.85.14 | 200593 (PROSPERO-AS) (PROSPERO-AS) | |
1 | 63.140.62.22 63.140.62.22 | 15224 (OMNITURE) (OMNITURE) | |
1 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 178.249.96.144 178.249.96.144 | 11054 (LIVEPERSON) (LIVEPERSON) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
27 | 6 |
ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-22.data.adobedc.net
sc.natwest.com |
ASN11054 (LIVEPERSON, US)
PTR: lo-prun.liveperson.net
server.lon.liveperson.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
sec-nat-west-uk.com
1 redirects
sec-nat-west-uk.com |
157 KB |
2 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 405 |
61 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 925 |
24 KB |
1 |
liveperson.net
server.lon.liveperson.net — Cisco Umbrella Rank: 117887 |
2 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1183 |
5 KB |
1 |
natwest.com
sc.natwest.com — Cisco Umbrella Rank: 46067 |
3 KB |
27 | 6 |
Domain | Requested by | |
---|---|---|
22 | sec-nat-west-uk.com |
1 redirects
sec-nat-west-uk.com
|
2 | ajax.googleapis.com |
sec-nat-west-uk.com
|
1 | code.jquery.com |
sec-nat-west-uk.com
|
1 | server.lon.liveperson.net |
sec-nat-west-uk.com
|
1 | maxcdn.bootstrapcdn.com |
sec-nat-west-uk.com
|
1 | sc.natwest.com |
sec-nat-west-uk.com
|
27 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.nwolb.com |
www.natwest.com |
personal.natwest.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.sec-nat-west-uk.com R3 |
2023-10-17 - 2024-01-15 |
3 months | crt.sh |
sc.natwest.com COMODO RSA Organization Validation Secure Server CA |
2023-04-24 - 2024-05-24 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-09-28 - 2023-12-21 |
3 months | crt.sh |
*.lon.liveperson.net Sectigo RSA Organization Validation Secure Server CA |
2023-07-18 - 2024-07-17 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sec-nat-west-uk.com/apppass/web/Login.php
Frame ID: 1B3BEDCE13E1AAC44F89653D45FFFDA6
Requests: 27 HTTP requests in this frame
Screenshot
Page Title
Log in to Online BankingPage URL History Show full URLs
-
https://sec-nat-west-uk.com/apppass/
HTTP 302
https://sec-nat-west-uk.com/apppass/web/Login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
20 Outgoing links
These are links going to different origins than the main page.
Title: Return to start of screen / Access key details
Search URL Search Domain Scan URL
Title: Skip to Menu
Search URL Search Domain Scan URL
Title: Skip to main content
Search URL Search Domain Scan URL
Title: Premier
Search URL Search Domain Scan URL
Title: Business
Search URL Search Domain Scan URL
Title: Corporate
Search URL Search Domain Scan URL
Title: International
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Products
Search URL Search Domain Scan URL
Title: Support
Search URL Search Domain Scan URL
Title: Life Moments
Search URL Search Domain Scan URL
Title: Show me how to…
Search URL Search Domain Scan URL
Title: Log in
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Forgotten your customer number?
Search URL Search Domain Scan URL
Title: Legal Info
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://sec-nat-west-uk.com/apppass/
HTTP 302
https://sec-nat-west-uk.com/apppass/web/Login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Login.php
sec-nat-west-uk.com/apppass/web/ Redirect Chain
|
46 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s05410317064856
sc.natwest.com/b/ss/rbsglobretailprod/10/JS-2.17.0-LAUN/ |
2 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
master.css
sec-nat-west-uk.com/apppass/web/assets/natwest/css/ |
237 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
npc.css
sec-nat-west-uk.com/apppass/web/assets/natwest/css/ |
50 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overlayPromptMaster.css
sec-nat-west-uk.com/apppass/web/assets/natwest/css/ |
1 KB 497 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overlayPrompt.css
sec-nat-west-uk.com/apppass/web/assets/natwest/css/ |
76 B 105 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
n-w-logo.svg
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WebResource.axd
sec-nat-west-uk.com/apppass/web/assets/natwest/misc/ |
23 KB 23 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
mm.js
sec-nat-west-uk.com/apppass/web/assets/natwest/js/ |
9 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
phising-banner.gif
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ |
14 KB 14 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
FSCS_Protected_Logo.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
error-marker.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
RealtimeLogin.js
sec-nat-west-uk.com/apppass/web/assets/natwest/js/ |
3 KB 750 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Tab-Image-blue.png
server.lon.liveperson.net/visitor/lpDC-LE2/39893241/resources/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.slim.min.js
code.jquery.com/ |
69 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ |
86 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
white-lock.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ |
285 B 304 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
RNHouseSansW05-Regular.woff2
sec-nat-west-uk.com/apppass/web/assets/natwest/fonts// |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
li5_outer_frame_top_curve.gif
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ |
915 B 980 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
radio-selected.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
combined-shape.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ |
359 B 378 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
radio-normal.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
check-box.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ |
157 B 176 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
down-chevron.png
sec-nat-west-uk.com/apppass/web/assets/natwest/images/ |
295 B 314 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
RNHouseSansW05-Bold.woff2
sec-nat-west-uk.com/apppass/web/assets/natwest/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NatWest (Banking)57 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY string| rowCollapsed string| rowExpanded function| setCursor function| emitTrackingCookie function| SplitTrackingPackage function| GetCookieValue function| emitInitialCountCookie object| panelForDisplay object| spanForClick object| nextButton function| toggleVisibility function| forDisplay function| postionNextButtonExpandablePanel function| postionLinksBeneathWizardButtonMobile function| postionExpandablePanelBeneathWizardButtonMobile function| radioSelection1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
sec-nat-west-uk.com/ | Name: PHPSESSID Value: 2bab2d1cd354984698f4c70dc8e94913 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
code.jquery.com
maxcdn.bootstrapcdn.com
sc.natwest.com
sec-nat-west-uk.com
server.lon.liveperson.net
178.249.96.144
2606:4700::6812:acf
2a00:1450:4001:827::200a
2a04:4e42:200::649
63.140.62.22
91.215.85.14
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
1ec277d20cb0b2b9d72322f3cc32d988435978a6a8f72b28e0f8ac8b1bf17a72
27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005
34a696b824cb72b7bcbba9eca5d95f67292b7489c3ccd4b9c19dfd36c63c6793
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6
4edee80ccdd03893c5bd60db9324972dec63b9bc29979fddfdce0e0a89e06bed
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79
59dbe70dc763565da5bb46c6834ae96b67921997158842b0355d2df19b816659
668faa210a0e0cabb9aa13a1a6ad4e3b22b0f9cad90c43694ba37a8a4714b0e6
6e3f933ba8b1b151985088a0f787b3f8596768ef2c8256956c2cd05ee8b1bb55
8a70d5540612b97d322f0895b4b0f1f887f6b4f1d7048aa59b64b24caf08ed6d
8fed25d950a68b39c624682efca2ba8179aef53498ce62af94a999183a464cd6
9be8b2c42ad2d6f7327f62a7d03995a5a4615770154941d59493473186e5140c
a0db40aa6fc77b3c91f831ad2d8b268d5a449e80a006c12072fba1e6d869e49f
a5ab2a00a0439854f8787a0dda775dea5377ef4905886505c938941d6854ee4f
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
b7427b0b434a8f8bec92bf95f63890f94e8dc8d2f03128d757cb29dc4c9c9d0f
ce64c0d35d4ad8fd2fa79ecd45d6db37982940958b7f51448b697bad342ce55b
d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082
d81db57832f4742b67755f90f8c3d37735cb9f58dbb10e312f931343d27552c6
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d
f50853b509356e6bd1a2d2b3daa448efb053c300e1cbec4f7ad514d7fa18f7e4
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d