www.natwestcustomerlogon.astronomiegitimi.net
Open in
urlscan Pro
151.80.215.49
Malicious Activity!
Public Scan
Submission: On March 17 via automatic, source phishtank
Summary
This is the only time www.natwestcustomerlogon.astronomiegitimi.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NatWest (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 151.80.215.49 151.80.215.49 | 16276 (OVH) (OVH) | |
13 | 1 |
ASN16276 (OVH, FR)
PTR: 49-215-80-151.ip.ovnora.net
www.natwestcustomerlogon.astronomiegitimi.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
astronomiegitimi.net
www.natwestcustomerlogon.astronomiegitimi.net |
96 KB |
13 | 1 |
Domain | Requested by | |
---|---|---|
13 | www.natwestcustomerlogon.astronomiegitimi.net |
www.natwestcustomerlogon.astronomiegitimi.net
|
13 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://www.natwestcustomerlogon.astronomiegitimi.net/login.php
Frame ID: 46FAF7335CA7F1577384F177EBC97A03
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
www.natwestcustomerlogon.astronomiegitimi.net/ |
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw1.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw3.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
32 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw2.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw8.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw7.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw5.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw6.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw18.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw9.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw10.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw20.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
777 B 1018 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NatWest (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| unhideBody0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.natwestcustomerlogon.astronomiegitimi.net
151.80.215.49
0368edab36442c716e26c2652c32deb823bddaf1540fe3a6a3b26269bcf25f2f
0461fb3ef8973230aef82b00c3659d23c2eee2c49a306d479f6c3cae8a5fa735
201118991837bcdffc11ab148a783852e5471293951c51b8d59d95da9668e027
49eda5f957f5e6e43b77b0c3e2195199f79e3166099c14273f7320858322783d
5a7e4b552c1f04030199458c91c5d1a6fb55cba49a8a39a1318f1f47fb1e2b17
5cabb21f2858139559b2d910abc1772e4c8edc53b8bc61f4164630c17dc53616
8a09aeeab39ebedb8ee3d24220a4d3c5098ff6272961054111384f54794f93d2
c4e3bdf894a76f8b1b0e834204218692e4ee285c7af9c4dae9b990319b8760d9
daa0da8c06a5dce9a436acb6d0e7f209ee7b43d6e52c3b297d277198e1f3f3d8
e03a958ed895d84ec154bc5259f540e250b65e89358ecd674fe9922a84daec2d
e31cb1f3f8fbdb47a49dd393a85c5e22e8a67fd4502944a63133efc51283b656
e807c27375307e741eac9299597510562ce44960316db8f469f3059030f406a7
f607a43f518aa4f5bc97f2fd62284901f8d0ba226eb512de382ce9dd34737618