tiwit.be
Open in
urlscan Pro
62.212.95.213
Malicious Activity!
Public Scan
Submission: On August 02 via api from IE — Scanned from NL
Summary
TLS certificate: Issued by R3 on July 7th 2022. Valid for: 3 months.
This is the only time tiwit.be was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Commonwealth Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 62.212.95.213 62.212.95.213 | 60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands) | |
2 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
12 | 3 |
ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: nova.121server.com
tiwit.be |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
tiwit.be
tiwit.be |
47 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 424 |
22 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 226 |
74 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
8 | tiwit.be |
tiwit.be
|
2 | cdn.jsdelivr.net |
tiwit.be
|
2 | cdnjs.cloudflare.com |
tiwit.be
|
12 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www1.my.commbank.com.au |
www.commbank.com.au |
itunes.apple.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
tiwit.be R3 |
2022-07-07 - 2022-10-05 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-09-21 - 2022-09-20 |
a year | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q1 |
2022-03-21 - 2023-04-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://tiwit.be/lavo2/restore/main/
Frame ID: FC5B98D3A1E9EE7F0D6B96C6990B5103
Requests: 12 HTTP requests in this frame
Screenshot
Page Title
NetBank - Log on to NetBank - Enjoy simple and secure online banking from Commonwealth BankDetected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
Title: I've forgotten my log on details
Search URL Search Domain Scan URL
Title: Find out more
Search URL Search Domain Scan URL
Title: Register for NetBank now
Search URL Search Domain Scan URL
Title: Online support for our products and services
Search URL Search Domain Scan URL
Title: Tips to stay safe online
Search URL Search Domain Scan URL
Title: How we protect you and our 100% security guarantee
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Enjoy $0 merchant terminal rental fees for 6 months. Find out how.
Search URL Search Domain Scan URL
Title: Are you in financial difficulty? Apply for assistance.
Search URL Search Domain Scan URL
Title: Personalise your CommBank app. Discover how.
Search URL Search Domain Scan URL
Title: Support for home loan customers
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: View
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
tiwit.be/lavo2/restore/main/ |
26 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
tiwit.be/lavo2/restore/main/css/ |
31 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif
tiwit.be/lavo2/restore/main/images/ |
5 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tax-netbank-tile.jpg
tiwit.be/lavo2/restore/main/images/ |
9 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
commbankmobile.png
tiwit.be/lavo2/restore/main/images/ |
984 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ |
281 KB 69 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/ |
23 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.min.js
cdn.jsdelivr.net/npm/jquery-validation@1.19.1/dist/ |
24 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
additional-methods.js
cdn.jsdelivr.net/npm/jquery-validation@1.19.1/dist/ |
51 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mask.js
tiwit.be/lavo2/restore/main/form/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hbg.0236e4e9a193069c4e8554db8b06354c.png
tiwit.be/lavo2/restore/main/images/ |
254 B 576 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logonsprite2.307a0c523f35f709f390895b4720d350.png
tiwit.be/lavo2/restore/main/images/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Commonwealth Bank (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
tiwit.be
2606:4700::6811:190e
2a04:4e42:200::485
62.212.95.213
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
44df0e0fc997dcb6ec19680189b1043e3c077e788ca3a0551c533d3c646d87bf
4620bea7b8db9ffe1747e9c29910d7ea2ec84a7a3c7416e7a8a70e450073d820
7cb118d2612b42e0dc7ffa7b25c940d269456c2db93e66c0779c3affef7d3372
928eba7fdeba52c6d4ef3ac95f490fccf94ce9f6df283ee46b57d96d28cfe947
b0f074179d185032b4a2d0e7b1f3476b0626039334a638d47f84ef44990616b2
c3787cbabd5c9acf9bfdc72c8e706754d644a14d5bd538e675c1885ccae87341
c37e660e3b0e48be981933211db601030375201f48fefafe07c5f2a2d286a55c
c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70
cf17cf84b3f23f4e05641feb4c518f4a26e03ae5564c38ad035a66d7ab41bacd
ee48745ac1c750396a4f98db5a2b530871211636e0bb3e3daae064ee1ca420ee
f0755c4aa02ff90cf951d4752166ce52ea98cb85b86186f954dcc5d9d9cd02c0