![](/screenshots/b08ea56a-27cf-4a2c-92f6-6de740575c60.png)
www.natwestcustomerlogon.astronomiegitimi.net
Open in
urlscan Pro
151.80.215.49
Malicious Activity!
Public Scan
Submission: On March 14 via automatic, source openphish
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on March 12th 2018. Valid for: 3 months.
This is the only time www.natwestcustomerlogon.astronomiegitimi.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 151.80.215.49 151.80.215.49 | 16276 (OVH) (OVH) | |
1 | 54.148.84.95 54.148.84.95 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
13 | 2 |
ASN16276 (OVH, FR)
PTR: 49-215-80-151.ip.ovnora.net
www.natwestcustomerlogon.astronomiegitimi.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com
www.sitepoint.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
astronomiegitimi.net
www.natwestcustomerlogon.astronomiegitimi.net |
76 KB |
1 |
sitepoint.com
www.sitepoint.com |
6 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
12 | www.natwestcustomerlogon.astronomiegitimi.net |
www.natwestcustomerlogon.astronomiegitimi.net
|
1 | www.sitepoint.com |
www.natwestcustomerlogon.astronomiegitimi.net
|
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
natwestcustomerlogon.astronomiegitimi.net Let's Encrypt Authority X3 |
2018-03-12 - 2018-06-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php
Frame ID: 2F43E63B9D04A32E84CF8E1967BC5473
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
step2.php
www.natwestcustomerlogon.astronomiegitimi.net/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MaskedPassword.js
www.sitepoint.com/examples/password/MaskedPassword/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw12.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw11.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw1.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw8.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw9.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw20.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw10.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw16.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nw17.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
back.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
907 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
next.png
www.natwestcustomerlogon.astronomiegitimi.net/images/ |
757 B 998 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| MaskedPassword function| unhideBody0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.natwestcustomerlogon.astronomiegitimi.net
www.sitepoint.com
151.80.215.49
54.148.84.95
099a36123a54444eb5685476f72e972ac33066f821c57b11fd2b1780c6d80e1d
201118991837bcdffc11ab148a783852e5471293951c51b8d59d95da9668e027
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
562e34aabf015cf79a5483c024ab42e7fa5d71eaceb0857801fd290cb9afbe91
5cabb21f2858139559b2d910abc1772e4c8edc53b8bc61f4164630c17dc53616
6ed7bd6307fa59e0cf33997365f3c4b9951c2091d36680d90a6680a6b118e7f9
a48d4eba1589465943028cd4876e6e4f3a8458963047746478d23ccdee0d97fe
da807e92cb0b53a491fbc0246f9a84b63a107d5549de4f1e980f80626b5ce070
e03a958ed895d84ec154bc5259f540e250b65e89358ecd674fe9922a84daec2d
e31cb1f3f8fbdb47a49dd393a85c5e22e8a67fd4502944a63133efc51283b656
e7444b050bb0fd849ecd22caa842df4cf580cc20a942047e2f35e5c96d962316
f607a43f518aa4f5bc97f2fd62284901f8d0ba226eb512de382ce9dd34737618
fb8aff857ed1a4a1d4f6da9d2d1012e71d6c189a6d0b821c75bab853e8e9768b