www.natwestcustomerlogon.astronomiegitimi.net Open in urlscan Pro
151.80.215.49 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php
Submission: On March 14 via automatic, source openphish (March 14th 2018, 3:51:03 am UTC)

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 151.80.215.49, located in Italy and belongs to OVH, FR. The main domain is www.natwestcustomerlogon.astronomiegitimi.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 12th 2018. Valid for: 3 months.

This is the only time www.natwestcustomerlogon.astronomiegitimi.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
12	151.80.215.49 151.80.215.49	16276 (OVH) (OVH)
1	54.148.84.95 54.148.84.95	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
13	2

12 151.80.215.49 (Italy)

ASN16276 (OVH, FR)
PTR: 49-215-80-151.ip.ovnora.net

www.natwestcustomerlogon.astronomiegitimi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.148.84.95 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-84-95.us-west-2.compute.amazonaws.com

www.sitepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	astronomiegitimi.net www.natwestcustomerlogon.astronomiegitimi.net	76 KB
1	sitepoint.com www.sitepoint.com	6 KB
13	2

	Domain	Requested by
12	www.natwestcustomerlogon.astronomiegitimi.net	www.natwestcustomerlogon.astronomiegitimi.net
1	www.sitepoint.com	www.natwestcustomerlogon.astronomiegitimi.net
13	2

This site contains no links.

Subject Issuer	Validity	Valid
natwestcustomerlogon.astronomiegitimi.net Let's Encrypt Authority X3	`2018-03-12` - `2018-06-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php
Frame ID: 2F43E63B9D04A32E84CF8E1967BC5473
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

13
Requests

92 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

82 kB
Transfer

93 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request step2.php Show response www.natwestcustomerlogon.astronomiegitimi.net/	5 KB 2 KB	153ms 118ms	Document text/html	151.80.215.49 OVH
General Check archive.org Show headers Download Go to Full URL https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.80.215.49 , Italy, ASN16276 (OVH, FR), Reverse DNS 49-215-80-151.ip.ovnora.net Software Apache / Resource Hash `da807e92cb0b53a491fbc0246f9a84b63a107d5549de4f1e980f80626b5ce070` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.natwestcustomerlogon.astronomiegitimi.net Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 03:50:51 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 1434
GET H/1.1	200 OK	MaskedPassword.js Show response www.sitepoint.com/examples/password/MaskedPassword/	17 KB 6 KB	690ms 170ms	Script application/javascript	54.148.84.95 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://www.sitepoint.com/examples/password/MaskedPassword/MaskedPassword.js Requested by Host: www.natwestcustomerlogon.astronomiegitimi.net URL: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Server 54.148.84.95 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS ec2-54-148-84-95.us-west-2.compute.amazonaws.com Software Apache/2.2.22 (Debian) / Resource Hash `2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825` Request headers Referer https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 02:41:02 GMT Content-Encoding gzip X-Cache-Lookup HIT from ip-172-31-30-90.us-west-2.compute.internal:3128 Last-Modified Fri, 15 Oct 2010 00:03:45 GMT Server Apache/2.2.22 (Debian) Age 4190 ETag "680936-4208-4929c8f629a40" Vary Accept-Encoding X-Cache HIT from ip-172-31-30-90.us-west-2.compute.internal Content-Type application/javascript Accept-Ranges bytes Content-Length 5767
GET H/1.1	200 OK	nw12.png www.natwestcustomerlogon.astronomiegitimi.net/images/	13 KB 14 KB	32ms 31ms	Image image/png	151.80.215.49 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://www.natwestcustomerlogon.astronomiegitimi.net/images/nw12.png Requested by Host: www.natwestcustomerlogon.astronomiegitimi.net URL: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.80.215.49 , Italy, ASN16276 (OVH, FR), Reverse DNS 49-215-80-151.ip.ovnora.net Software Apache / Resource Hash `e7444b050bb0fd849ecd22caa842df4cf580cc20a942047e2f35e5c96d962316` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.natwestcustomerlogon.astronomiegitimi.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Connection keep-alive Cache-Control no-cache Referer https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 03:50:51 GMT Last-Modified Fri, 30 Jun 2017 22:07:58 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 13819
GET H/1.1	200 OK	nw11.png www.natwestcustomerlogon.astronomiegitimi.net/images/	13 KB 14 KB	32ms 31ms	Image image/png	151.80.215.49 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://www.natwestcustomerlogon.astronomiegitimi.net/images/nw11.png Requested by Host: www.natwestcustomerlogon.astronomiegitimi.net URL: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.80.215.49 , Italy, ASN16276 (OVH, FR), Reverse DNS 49-215-80-151.ip.ovnora.net Software Apache / Resource Hash `fb8aff857ed1a4a1d4f6da9d2d1012e71d6c189a6d0b821c75bab853e8e9768b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.natwestcustomerlogon.astronomiegitimi.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Connection keep-alive Cache-Control no-cache Referer https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 03:50:51 GMT Last-Modified Fri, 30 Jun 2017 22:04:12 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 13760
GET H/1.1	200 OK	nw1.png www.natwestcustomerlogon.astronomiegitimi.net/images/	17 KB 17 KB	31ms 31ms	Image image/png	151.80.215.49 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://www.natwestcustomerlogon.astronomiegitimi.net/images/nw1.png Requested by Host: www.natwestcustomerlogon.astronomiegitimi.net URL: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.80.215.49 , Italy, ASN16276 (OVH, FR), Reverse DNS 49-215-80-151.ip.ovnora.net Software Apache / Resource Hash `e03a958ed895d84ec154bc5259f540e250b65e89358ecd674fe9922a84daec2d` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.natwestcustomerlogon.astronomiegitimi.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Connection keep-alive Cache-Control no-cache Referer https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 03:50:51 GMT Last-Modified Tue, 14 Mar 2017 21:29:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 17350
GET H/1.1	200 OK	nw8.png www.natwestcustomerlogon.astronomiegitimi.net/images/	7 KB 7 KB	32ms 32ms	Image image/png	151.80.215.49 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://www.natwestcustomerlogon.astronomiegitimi.net/images/nw8.png Requested by Host: www.natwestcustomerlogon.astronomiegitimi.net URL: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.80.215.49 , Italy, ASN16276 (OVH, FR), Reverse DNS 49-215-80-151.ip.ovnora.net Software Apache / Resource Hash `201118991837bcdffc11ab148a783852e5471293951c51b8d59d95da9668e027` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.natwestcustomerlogon.astronomiegitimi.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Connection keep-alive Cache-Control no-cache Referer https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 03:50:51 GMT Last-Modified Tue, 14 Mar 2017 21:33:42 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 6773
GET H/1.1	200 OK	nw9.png www.natwestcustomerlogon.astronomiegitimi.net/images/	7 KB 7 KB	31ms 31ms	Image image/png	151.80.215.49 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://www.natwestcustomerlogon.astronomiegitimi.net/images/nw9.png Requested by Host: www.natwestcustomerlogon.astronomiegitimi.net URL: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.80.215.49 , Italy, ASN16276 (OVH, FR), Reverse DNS 49-215-80-151.ip.ovnora.net Software Apache / Resource Hash `e31cb1f3f8fbdb47a49dd393a85c5e22e8a67fd4502944a63133efc51283b656` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.natwestcustomerlogon.astronomiegitimi.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Connection keep-alive Cache-Control no-cache Referer https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 03:50:51 GMT Last-Modified Tue, 14 Mar 2017 21:34:24 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 7435
GET H/1.1	200 OK	nw20.png www.natwestcustomerlogon.astronomiegitimi.net/images/	3 KB 3 KB	31ms 31ms	Image image/png	151.80.215.49 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://www.natwestcustomerlogon.astronomiegitimi.net/images/nw20.png Requested by Host: www.natwestcustomerlogon.astronomiegitimi.net URL: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.80.215.49 , Italy, ASN16276 (OVH, FR), Reverse DNS 49-215-80-151.ip.ovnora.net Software Apache / Resource Hash `5cabb21f2858139559b2d910abc1772e4c8edc53b8bc61f4164630c17dc53616` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.natwestcustomerlogon.astronomiegitimi.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Connection keep-alive Cache-Control no-cache Referer https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 03:50:51 GMT Last-Modified Tue, 14 Mar 2017 22:07:32 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 2758
GET H/1.1	200 OK	nw10.png www.natwestcustomerlogon.astronomiegitimi.net/images/	7 KB 7 KB	29ms 29ms	Image image/png	151.80.215.49 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://www.natwestcustomerlogon.astronomiegitimi.net/images/nw10.png Requested by Host: www.natwestcustomerlogon.astronomiegitimi.net URL: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.80.215.49 , Italy, ASN16276 (OVH, FR), Reverse DNS 49-215-80-151.ip.ovnora.net Software Apache / Resource Hash `f607a43f518aa4f5bc97f2fd62284901f8d0ba226eb512de382ce9dd34737618` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.natwestcustomerlogon.astronomiegitimi.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Connection keep-alive Cache-Control no-cache Referer https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 03:50:51 GMT Last-Modified Tue, 14 Mar 2017 21:34:50 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 7238
GET H/1.1	200 OK	nw16.png www.natwestcustomerlogon.astronomiegitimi.net/images/	2 KB 2 KB	32ms 31ms	Image image/png	151.80.215.49 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://www.natwestcustomerlogon.astronomiegitimi.net/images/nw16.png Requested by Host: www.natwestcustomerlogon.astronomiegitimi.net URL: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.80.215.49 , Italy, ASN16276 (OVH, FR), Reverse DNS 49-215-80-151.ip.ovnora.net Software Apache / Resource Hash `562e34aabf015cf79a5483c024ab42e7fa5d71eaceb0857801fd290cb9afbe91` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.natwestcustomerlogon.astronomiegitimi.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Connection keep-alive Cache-Control no-cache Referer https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 03:50:51 GMT Last-Modified Tue, 14 Mar 2017 21:45:18 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 1571
GET H/1.1	200 OK	nw17.png www.natwestcustomerlogon.astronomiegitimi.net/images/	1 KB 2 KB	32ms 32ms	Image image/png	151.80.215.49 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://www.natwestcustomerlogon.astronomiegitimi.net/images/nw17.png Requested by Host: www.natwestcustomerlogon.astronomiegitimi.net URL: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.80.215.49 , Italy, ASN16276 (OVH, FR), Reverse DNS 49-215-80-151.ip.ovnora.net Software Apache / Resource Hash `6ed7bd6307fa59e0cf33997365f3c4b9951c2091d36680d90a6680a6b118e7f9` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.natwestcustomerlogon.astronomiegitimi.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Connection keep-alive Cache-Control no-cache Referer https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 03:50:51 GMT Last-Modified Tue, 14 Mar 2017 21:45:34 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91 Content-Length 1339
GET H/1.1	200 OK	back.png www.natwestcustomerlogon.astronomiegitimi.net/images/	907 B 1 KB	34ms 33ms	Image image/png	151.80.215.49 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://www.natwestcustomerlogon.astronomiegitimi.net/images/back.png Requested by Host: www.natwestcustomerlogon.astronomiegitimi.net URL: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.80.215.49 , Italy, ASN16276 (OVH, FR), Reverse DNS 49-215-80-151.ip.ovnora.net Software Apache / Resource Hash `a48d4eba1589465943028cd4876e6e4f3a8458963047746478d23ccdee0d97fe` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.natwestcustomerlogon.astronomiegitimi.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Connection keep-alive Cache-Control no-cache Referer https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 03:50:51 GMT Last-Modified Tue, 14 Mar 2017 21:46:30 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=90 Content-Length 907
GET H/1.1	200 OK	next.png www.natwestcustomerlogon.astronomiegitimi.net/images/	757 B 998 B	34ms 33ms	Image image/png	151.80.215.49 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://www.natwestcustomerlogon.astronomiegitimi.net/images/next.png Requested by Host: www.natwestcustomerlogon.astronomiegitimi.net URL: https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.80.215.49 , Italy, ASN16276 (OVH, FR), Reverse DNS 49-215-80-151.ip.ovnora.net Software Apache / Resource Hash `099a36123a54444eb5685476f72e972ac33066f821c57b11fd2b1780c6d80e1d` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.natwestcustomerlogon.astronomiegitimi.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php Connection keep-alive Cache-Control no-cache Referer https://www.natwestcustomerlogon.astronomiegitimi.net/step2.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Wed, 14 Mar 2018 03:50:51 GMT Last-Modified Tue, 14 Mar 2017 21:43:52 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=89 Content-Length 757

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| MaskedPassword function| unhideBody

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.natwestcustomerlogon.astronomiegitimi.net
www.sitepoint.com
151.80.215.49
54.148.84.95
099a36123a54444eb5685476f72e972ac33066f821c57b11fd2b1780c6d80e1d
201118991837bcdffc11ab148a783852e5471293951c51b8d59d95da9668e027
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
562e34aabf015cf79a5483c024ab42e7fa5d71eaceb0857801fd290cb9afbe91
5cabb21f2858139559b2d910abc1772e4c8edc53b8bc61f4164630c17dc53616
6ed7bd6307fa59e0cf33997365f3c4b9951c2091d36680d90a6680a6b118e7f9
a48d4eba1589465943028cd4876e6e4f3a8458963047746478d23ccdee0d97fe
da807e92cb0b53a491fbc0246f9a84b63a107d5549de4f1e980f80626b5ce070
e03a958ed895d84ec154bc5259f540e250b65e89358ecd674fe9922a84daec2d
e31cb1f3f8fbdb47a49dd393a85c5e22e8a67fd4502944a63133efc51283b656
e7444b050bb0fd849ecd22caa842df4cf580cc20a942047e2f35e5c96d962316
f607a43f518aa4f5bc97f2fd62284901f8d0ba226eb512de382ce9dd34737618
fb8aff857ed1a4a1d4f6da9d2d1012e71d6c189a6d0b821c75bab853e8e9768b

www.natwestcustomerlogon.astronomiegitimi.net Open in urlscan Pro 151.80.215.49 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

13 Requests

92 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

82 kBTransfer

93 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

www.natwestcustomerlogon.astronomiegitimi.net Open in urlscan Pro
151.80.215.49 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

92 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

82 kB
Transfer

93 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!