elegant-prong-river.glitch.me Open in urlscan Pro
52.71.118.120 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html
Submission: On March 07 via manual (March 7th 2022, 2:41:03 pm UTC) from GB — Scanned from GB

Summary HTTP 25 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 25 HTTP transactions. The main IP is 52.71.118.120, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is elegant-prong-river.glitch.me.
TLS certificate: Issued by Amazon on February 1st 2022. Valid for: a year.

This is the only time elegant-prong-river.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NatWest (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	52.71.118.120 52.71.118.120	14618 (AMAZON-AES) (AMAZON-AES)
18	51.83.52.225 51.83.52.225	16276 (OVH) (OVH)
25	3

1 52.71.118.120 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-118-120.compute-1.amazonaws.com

elegant-prong-river.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 51.83.52.225 (Lugo, Spain)

ASN16276 (OVH, FR)
PTR: com335.raiolanetworks.es

lambonadasdegalicia.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	lambonadasdegalicia.club lambonadasdegalicia.club	170 KB
1	glitch.me elegant-prong-river.glitch.me	42 KB
25	2

	Domain	Requested by
18	lambonadasdegalicia.club	elegant-prong-river.glitch.me lambonadasdegalicia.club
1	elegant-prong-river.glitch.me
25	2

This site contains no links.

Subject Issuer	Validity	Valid
glitch.com Amazon	`2022-02-01` - `2023-03-02`	a year	crt.sh
*.lambonadasdegalicia.club R3	`2022-01-31` - `2022-05-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html
Frame ID: 673AF086DBC6E82C4E2A3EBB136172C2
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in to Online Banking

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

76 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

211 kB
Transfer

676 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request qiv.html Show response elegant-prong-river.glitch.me/	41 KB 42 KB	550ms 176ms	Document text/html	52.71.118.120 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.71.118.120 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-71-118-120.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `ffc07afd9b939d99c423135b3efeb6817f069d76aca363ecb6edf1aaba47b049` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language en-GB,en;q=0.9 Response headers date Mon, 07 Mar 2022 14:40:58 GMT content-type text/html; charset=utf-8 content-length 42294 x-amz-id-2 NF6MalVk5fhCjuevETwxvgnYDE17pQKm5+MKG52vjgas0J7gIj0SIL4c67lZ05bUsDboR+aDuPU= x-amz-request-id GZGKRNQBDK7JQX4S last-modified Sat, 05 Mar 2022 10:48:26 GMT etag "1e58c5a1a917e8b0440c5eb5ea2faf20" cache-control no-cache x-amz-version-id k5Ehgsl7.qtmr_I5qt.bIPECUuWssuMn accept-ranges bytes server AmazonS3
GET H2	200	master.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	223 KB 40 KB	209ms 61ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/master.css Requested by Host: elegant-prong-river.glitch.me URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `7960e821069d9da7073b2f14ee920bb25084cd2ab79ccad46f735772ae3d0f3b` Request headers Accept-Language en-GB,en;q=0.9 Referer https://elegant-prong-river.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:58 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "37d6e-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 40925 expires Tue, 07 Mar 2023 14:40:58 GMT
GET H2	200	master_mobile.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	47 KB 11 KB	330ms 183ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/master_mobile.css Requested by Host: elegant-prong-river.glitch.me URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `762a7161fafb519ada43534e1e4aa7fd8f5ae402d21cdbb3aff8ff569b29ad6a` Request headers Accept-Language en-GB,en;q=0.9 Referer https://elegant-prong-river.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:58 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "bc61-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 11336 expires Tue, 07 Mar 2023 14:40:58 GMT
GET H2	200	npc.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	46 KB 9 KB	330ms 184ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css Requested by Host: elegant-prong-river.glitch.me URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `b618b1630fe11a6fee0232601cc91ac7e7cd56ec8d4ab7353846e493d8764778` Request headers Accept-Language en-GB,en;q=0.9 Referer https://elegant-prong-river.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:58 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "b8de-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes content-length 9296 expires Tue, 07 Mar 2023 14:40:58 GMT
GET H2	200	overlayPromptMaster.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	1 KB 515 B	331ms 184ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/overlayPromptMaster.css Requested by Host: elegant-prong-river.glitch.me URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6` Request headers Accept-Language en-GB,en;q=0.9 Referer https://elegant-prong-river.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:58 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "562-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes content-length 465 expires Tue, 07 Mar 2023 14:40:58 GMT
GET H2	200	overlayPrompt.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	76 B 123 B	330ms 184ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/overlayPrompt.css Requested by Host: elegant-prong-river.glitch.me URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee` Request headers Accept-Language en-GB,en;q=0.9 Referer https://elegant-prong-river.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:58 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "4c-5f3baf5a-0;;;" content-type text/css cache-control public, max-age=31536000 accept-ranges bytes content-length 76 expires Tue, 07 Mar 2023 14:40:58 GMT
GET H2	200	font-awesome.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	21 KB 5 KB	330ms 184ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/font-awesome.css Requested by Host: elegant-prong-river.glitch.me URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `043d64ad39164b2b6d031cbaf82d44542b3904b814ffb4ae9738f0953e32f143` Request headers Accept-Language en-GB,en;q=0.9 Referer https://elegant-prong-river.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:58 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "55b3-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes content-length 4725 expires Tue, 07 Mar 2023 14:40:58 GMT
GET H2	200	panel-defaults.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	9 KB 2 KB	330ms 184ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/panel-defaults.css Requested by Host: elegant-prong-river.glitch.me URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `258b07e0e514a4714099f1f345a3333f7338589e19413a06ccd319e7436d3e4b` Request headers Accept-Language en-GB,en;q=0.9 Referer https://elegant-prong-river.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:58 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "2545-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes content-length 1801 expires Tue, 07 Mar 2023 14:40:58 GMT
GET H2	200	main.css lambonadasdegalicia.club/wp-includes/IXR/na/media/	2 KB 569 B	331ms 185ms	Stylesheet text/css	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/main.css Requested by Host: elegant-prong-river.glitch.me URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `81f2ad4f142602793f02bfd7c8da05a126127a3711516bbb7c967a0c510bbb41` Request headers Accept-Language en-GB,en;q=0.9 Referer https://elegant-prong-river.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:58 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "925-5f3baf5a-0;br" vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes content-length 519 expires Tue, 07 Mar 2023 14:40:58 GMT
GET H2	200	jquery-2.2.3.js Show response lambonadasdegalicia.club/wp-includes/IXR/na/media/	253 KB 73 KB	330ms 185ms	Script application/x-javascript	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/jquery-2.2.3.js Requested by Host: elegant-prong-river.glitch.me URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `95a5d6b46c9da70a89f0903e5fdc769a2c266a22a19fcb5598e5448a044db4fe` Request headers Accept-Language en-GB,en;q=0.9 Referer https://elegant-prong-river.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:58 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "3f258-5f3baf5a-0;br" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=31536000 accept-ranges bytes content-length 74654 expires Tue, 07 Mar 2023 14:40:58 GMT
GET H2	200	n-w-logo.svg lambonadasdegalicia.club/wp-includes/IXR/na/media/	5 KB 2 KB	62ms 61ms	Image image/svg+xml	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/n-w-logo.svg Requested by Host: elegant-prong-river.glitch.me URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `8d667d58aa56215b23d233ade3af0c7f6b7962c75410d6c103e0c324e4e958ca` Request headers Accept-Language en-GB,en;q=0.9 Referer https://elegant-prong-river.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:58 GMT content-encoding br referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "1308-5f3baf5a-0;br" vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=31536000 accept-ranges bytes content-length 1582 expires Tue, 07 Mar 2023 14:40:58 GMT
GET H2	200	plogo.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	6 KB 6 KB	62ms 62ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/plogo.png Requested by Host: elegant-prong-river.glitch.me URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d` Request headers Accept-Language en-GB,en;q=0.9 Referer https://elegant-prong-river.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:59 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "162f-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 5679 expires Tue, 07 Mar 2023 14:40:59 GMT
GET H2	200	error-marker.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	1 KB 1 KB	61ms 61ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/error-marker.png Requested by Host: elegant-prong-river.glitch.me URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005` Request headers Accept-Language en-GB,en;q=0.9 Referer https://elegant-prong-river.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:59 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "442-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 1090 expires Tue, 07 Mar 2023 14:40:59 GMT
GET H2	200	white-lock.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	285 B 334 B	63ms 63ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/white-lock.png Requested by Host: lambonadasdegalicia.club URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2` Request headers Accept-Language en-GB,en;q=0.9 Referer https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:59 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "11d-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 285 expires Tue, 07 Mar 2023 14:40:59 GMT
GET H2	200	li5_outer_frame_top_curve.gif lambonadasdegalicia.club/wp-includes/IXR/na/media/	17 KB 17 KB	64ms 64ms	Image image/gif	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/li5_outer_frame_top_curve.gif Requested by Host: lambonadasdegalicia.club URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/master.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language en-GB,en;q=0.9 Referer https://lambonadasdegalicia.club/wp-includes/IXR/na/media/master.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:59 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "4484-5f3baf5a-0;;;" content-type image/gif cache-control public, max-age=31536000 accept-ranges bytes content-length 17540 expires Tue, 07 Mar 2023 14:40:59 GMT
GET H2	200	radio-selected.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	2 KB 2 KB	64ms 63ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/radio-selected.png Requested by Host: lambonadasdegalicia.club URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `d81db57832f4742b67755f90f8c3d37735cb9f58dbb10e312f931343d27552c6` Request headers Accept-Language en-GB,en;q=0.9 Referer https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:59 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "661-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 1633 expires Tue, 07 Mar 2023 14:40:59 GMT
GET		RNHouseSansW05-Regular.woff2 lambonadasdegalicia.club/wp-includes/IXR/na/media/	0 0

GET		RNHouseSansW05-Bold.woff2 lambonadasdegalicia.club/wp-includes/IXR/na/media/	0 0

GET H2	200	check-box.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	157 B 205 B	62ms 61ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/check-box.png Requested by Host: lambonadasdegalicia.club URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082` Request headers Accept-Language en-GB,en;q=0.9 Referer https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:59 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "9d-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 157 expires Tue, 07 Mar 2023 14:40:59 GMT
GET H2	200	down-chevron.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	295 B 344 B	61ms 61ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/down-chevron.png Requested by Host: lambonadasdegalicia.club URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79` Request headers Accept-Language en-GB,en;q=0.9 Referer https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:59 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "127-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 295 expires Tue, 07 Mar 2023 14:40:59 GMT
GET H2	200	combined-shape.png lambonadasdegalicia.club/wp-includes/IXR/na/media/	359 B 408 B	62ms 61ms	Image image/png	51.83.52.225 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://lambonadasdegalicia.club/wp-includes/IXR/na/media/combined-shape.png Requested by Host: lambonadasdegalicia.club URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.83.52.225 Lugo, Spain, ASN16276 (OVH, FR), Reverse DNS com335.raiolanetworks.es Software / Resource Hash `d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814` Request headers Accept-Language en-GB,en;q=0.9 Referer https://lambonadasdegalicia.club/wp-includes/IXR/na/media/npc.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Mon, 07 Mar 2022 14:40:59 GMT referrer-policy no-referrer-when-downgrade last-modified Tue, 18 Aug 2020 10:37:14 GMT etag "167-5f3baf5a-0;;;" content-type image/png cache-control public, max-age=31536000 accept-ranges bytes content-length 359 expires Tue, 07 Mar 2023 14:40:59 GMT
GET		RNHouseSansW05-Regular.woff lambonadasdegalicia.club/wp-includes/IXR/na/media/	0 0

GET		RNHouseSansW05-Bold.woff lambonadasdegalicia.club/wp-includes/IXR/na/media/	0 0

GET		RNHouseSansW05-Regular.ttf lambonadasdegalicia.club/wp-includes/IXR/na/media/	0 0

GET		RNHouseSansW05-Bold.ttf lambonadasdegalicia.club/wp-includes/IXR/na/media/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lambonadasdegalicia.club
URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff2

Domain: lambonadasdegalicia.club
URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff2

Domain: lambonadasdegalicia.club
URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff

Domain: lambonadasdegalicia.club
URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff

Domain: lambonadasdegalicia.club
URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.ttf

Domain: lambonadasdegalicia.club
URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NatWest (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Message: Access to font at 'https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff2' from origin 'https://elegant-prong-river.glitch.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Message: Access to font at 'https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff2' from origin 'https://elegant-prong-river.glitch.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Message: Access to font at 'https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff' from origin 'https://elegant-prong-river.glitch.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Message: Access to font at 'https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff' from origin 'https://elegant-prong-river.glitch.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Message: Access to font at 'https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.ttf' from origin 'https://elegant-prong-river.glitch.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://elegant-prong-river.glitch.me/qiv.html?/NAT_WEST_Customer.verification/error.html Message: Access to font at 'https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.ttf' from origin 'https://elegant-prong-river.glitch.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://lambonadasdegalicia.club/wp-includes/IXR/na/media/RNHouseSansW05-Bold.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

elegant-prong-river.glitch.me
lambonadasdegalicia.club
lambonadasdegalicia.club
51.83.52.225
52.71.118.120
043d64ad39164b2b6d031cbaf82d44542b3904b814ffb4ae9738f0953e32f143
258b07e0e514a4714099f1f345a3333f7338589e19413a06ccd319e7436d3e4b
27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005
42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79
762a7161fafb519ada43534e1e4aa7fd8f5ae402d21cdbb3aff8ff569b29ad6a
7960e821069d9da7073b2f14ee920bb25084cd2ab79ccad46f735772ae3d0f3b
81f2ad4f142602793f02bfd7c8da05a126127a3711516bbb7c967a0c510bbb41
8d667d58aa56215b23d233ade3af0c7f6b7962c75410d6c103e0c324e4e958ca
95a5d6b46c9da70a89f0903e5fdc769a2c266a22a19fcb5598e5448a044db4fe
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
b618b1630fe11a6fee0232601cc91ac7e7cd56ec8d4ab7353846e493d8764778
d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082
d81db57832f4742b67755f90f8c3d37735cb9f58dbb10e312f931343d27552c6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d
ffc07afd9b939d99c423135b3efeb6817f069d76aca363ecb6edf1aaba47b049

elegant-prong-river.glitch.me Open in urlscan Pro 52.71.118.120 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

25 Requests

76 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

211 kBTransfer

676 kBSize

0 Cookies

0 Outgoing links

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

12 Console Messages

Indicators

elegant-prong-river.glitch.me Open in urlscan Pro
52.71.118.120 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

76 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

211 kB
Transfer

676 kB
Size

0
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!