www.naturalgoldllc.com Open in urlscan Pro
66.35.109.2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://intelia.nc/1
Effective URL:
https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglh...
Submission: On October 24 via manual (October 24th 2017, 8:56:35 am UTC) from IE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 10 HTTP transactions. The main IP is 66.35.109.2, located in Aberdeen, United States and belongs to N-V-C - Northern Valley Communications LLC, US. The main domain is www.naturalgoldllc.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 12th 2017. Valid for: 3 months.

This is the only time www.naturalgoldllc.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Santander (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3 3	103.250.232.64 103.250.232.64	45179 (SITEHOST-...) (SITEHOST-AS-AP SiteHost New Zealand)
1 1	195.88.252.66 195.88.252.66	49238 (DRWEB-AS) (DRWEB-AS)
1 11	66.35.109.2 66.35.109.2	14955 (N-V-C) (N-V-C - Northern Valley Communications LLC)
10	2

3 103.250.232.64 (Penrose, New Zealand) 3 redirects

ASN45179 (SITEHOST-AS-AP SiteHost New Zealand, NZ)
PTR: 103-250-232-64.cloud.webslice.co.nz

intelia.nc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.intelia.nc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.88.252.66 (Russian Federation) 1 redirects

ASN49238 (DRWEB-AS, RU)
PTR: drw2.dev.drweb.com

drw.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 66.35.109.2 (Aberdeen, United States) 1 redirects

ASN14955 (N-V-C - Northern Valley Communications LLC, US)
PTR: host10.portalwebhosting.com

www.naturalgoldllc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	naturalgoldllc.com 1 redirects www.naturalgoldllc.com	190 KB
3	intelia.nc 3 redirects intelia.nc www.intelia.nc	894 B
1	drw.sh 1 redirects drw.sh	138 B
10	3

	Domain	Requested by
11	www.naturalgoldllc.com	1 redirects www.naturalgoldllc.com
2	www.intelia.nc	2 redirects
1	drw.sh	1 redirects
1	intelia.nc	1 redirects
10	4

This site contains no links.

Subject Issuer	Validity	Valid
naturalgoldllc.com cPanel, Inc. Certification Authority	`2017-09-12` - `2017-12-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8
Frame ID: 15504.1
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://intelia.nc/1 HTTP 301
http://www.intelia.nc/1 HTTP 301
http://www.intelia.nc/1/ HTTP 302
https://drw.sh/pmixjr HTTP 302
https://www.naturalgoldllc.com///1 HTTP 301
https://www.naturalgoldllc.com/1/ Page URL
https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQ... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

2
IPs

3
Countries

190 kB
Transfer

216 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://intelia.nc/1 HTTP 301
http://www.intelia.nc/1 HTTP 301
http://www.intelia.nc/1/ HTTP 302
https://drw.sh/pmixjr HTTP 302
https://www.naturalgoldllc.com///1 HTTP 301
https://www.naturalgoldllc.com/1/ Page URL
https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://intelia.nc/1 HTTP 301
http://www.intelia.nc/1 HTTP 301
http://www.intelia.nc/1/ HTTP 302
https://drw.sh/pmixjr HTTP 302
https://www.naturalgoldllc.com///1 HTTP 301
https://www.naturalgoldllc.com/1/

10 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Cookie set / Show response www.naturalgoldllc.com/1/ Redirect Chain http://intelia.nc/1 http://www.intelia.nc/1 http://www.intelia.nc/1/ https://drw.sh/pmixjr https://www.naturalgoldllc.com///1 https://www.naturalgoldllc.com/1/	229 B 235 B	215ms 215ms	Document text/html	66.35.109.2 Northern Valley C...
General Check archive.org Show headers Download Go to Full URL https://www.naturalgoldllc.com/1/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.35.109.2 Aberdeen, United States, ASN14955 (N-V-C - Northern Valley Communications LLC, US), Reverse DNS host10.portalwebhosting.com Software Apache / Resource Hash `36c2cccb3698aa4fa146b99fad51d3377681993b7b9839e52d8bdcca5c596588` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.naturalgoldllc.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Connection keep-alive User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Response headers Pragma no-cache Date Tue, 24 Oct 2017 08:56:23 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Set-Cookie PHPSESSID=a0te2o52mqeuhuogfh5lvfsqs0; path=/ Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection Keep-Alive Keep-Alive timeout=5, max=99 Expires Thu, 19 Nov 1981 08:52:00 GMT Redirect headers Date Tue, 24 Oct 2017 08:56:23 GMT Server Apache Content-Type text/html; charset=iso-8859-1 Location https://www.naturalgoldllc.com/1/ Cache-Control max-age=1209600 Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 241 Expires Tue, 07 Nov 2017 08:56:23 GMT
GET H/1.1	200 OK	Primary Request Login.php Show response www.naturalgoldllc.com/1/	41 KB 41 KB	193ms 187ms	Document text/html	66.35.109.2 Northern Valley C...
General Check archive.org Show headers Download Go to Full URL https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Requested by Host: www.naturalgoldllc.com URL: https://www.naturalgoldllc.com/1/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.35.109.2 Aberdeen, United States, ASN14955 (N-V-C - Northern Valley Communications LLC, US), Reverse DNS host10.portalwebhosting.com Software Apache / Resource Hash `5c9cd34417b7cf4b379b79ccfb7c7dc7ed1db4831d7570b09bd5d5d0f24d8fe0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.naturalgoldllc.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer https://www.naturalgoldllc.com/1/ Cookie PHPSESSID=a0te2o52mqeuhuogfh5lvfsqs0 Connection keep-alive Cache-Control no-cache Upgrade-Insecure-Requests 1 Referer https://www.naturalgoldllc.com/1/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Response headers Pragma no-cache Date Tue, 24 Oct 2017 08:56:23 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection Keep-Alive Keep-Alive timeout=5, max=98 Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H/1.1	200 OK	main.css www.naturalgoldllc.com/1/assets/css/	104 KB 104 KB	189ms 128ms	Stylesheet text/css	66.35.109.2 Northern Valley C...
General Check archive.org Show headers Download Go to Full URL https://www.naturalgoldllc.com/1/assets/css/main.css Requested by Host: www.naturalgoldllc.com URL: https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.35.109.2 Aberdeen, United States, ASN14955 (N-V-C - Northern Valley Communications LLC, US), Reverse DNS host10.portalwebhosting.com Software Apache / Resource Hash `b55a0911869a37b7d28b80dab20ccc3ff25fa11c4b42259f30ea75a1641a5ee4` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.naturalgoldllc.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Accept text/css,/;q=0.1 Referer https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Cookie PHPSESSID=a0te2o52mqeuhuogfh5lvfsqs0 Connection keep-alive Cache-Control no-cache Referer https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Response headers Date Tue, 24 Oct 2017 08:56:23 GMT Last-Modified Tue, 24 Oct 2017 05:32:55 GMT Server Apache Content-Type text/css Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 106941 Expires Tue, 07 Nov 2017 08:56:23 GMT
GET H/1.1	404 Not Found	hw0 www.naturalgoldllc.com/1/Login_files/	0 0	453ms 453ms	Script text/html	66.35.109.2 Northern Valley C...
General Check archive.org Show headers Download Go to Full URL https://www.naturalgoldllc.com/1/Login_files/hw0 Requested by Host: www.naturalgoldllc.com URL: https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.35.109.2 Aberdeen, United States, ASN14955 (N-V-C - Northern Valley Communications LLC, US), Reverse DNS host10.portalwebhosting.com Software Apache / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.naturalgoldllc.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Accept / Referer https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Cookie PHPSESSID=a0te2o52mqeuhuogfh5lvfsqs0 Connection keep-alive Cache-Control no-cache Referer https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Response headers Date Tue, 24 Oct 2017 08:56:23 GMT Last-Modified Tue, 24 Oct 2017 08:56:23 GMT Server Apache ETag "1508835383" Transfer-Encoding chunked Content-Language en X-Generator Drupal 7 (http://drupal.org) Cache-Control no-cache, must-revalidate, post-check=0, pre-check=0 Connection Keep-Alive Content-Type text/html; charset=utf-8 Keep-Alive timeout=5, max=97 Expires Sun, 19 Nov 1978 05:00:00 GMT
GET H/1.1	200 OK	ico_help.gif www.naturalgoldllc.com/1/assets/img/	834 B 834 B	129ms 128ms	Image image/gif	66.35.109.2 Northern Valley C...
General Check archive.org Show headers Download Go to Show image Full URL https://www.naturalgoldllc.com/1/assets/img/ico_help.gif Requested by Host: www.naturalgoldllc.com URL: https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.35.109.2 Aberdeen, United States, ASN14955 (N-V-C - Northern Valley Communications LLC, US), Reverse DNS host10.portalwebhosting.com Software Apache / Resource Hash `555c7c69be583638ac6885e8245cc9a3bcc14b131636180833954d7b997b9aa4` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.naturalgoldllc.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Cookie PHPSESSID=a0te2o52mqeuhuogfh5lvfsqs0 Connection keep-alive Cache-Control no-cache Referer https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Response headers Date Tue, 24 Oct 2017 08:56:24 GMT Last-Modified Tue, 24 Oct 2017 05:32:55 GMT Server Apache Content-Type image/gif Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 834 Expires Tue, 07 Nov 2017 08:56:24 GMT
GET DATA	200 OK	truncated /	26 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `19d199821490b6ebd7245be0d4b3fe3c5f65657b6a934a54de2504c77a6261f5` Request headers Response headers Access-Control-Allow-Origin * Content-Type image/png
GET H/1.1	200 OK	ico_lockSmallWhite.svg www.naturalgoldllc.com/1/assets/img/	1 KB 1 KB	127ms 127ms	Image image/svg+xml	66.35.109.2 Northern Valley C...
General Check archive.org Show headers Download Go to Show image Full URL https://www.naturalgoldllc.com/1/assets/img/ico_lockSmallWhite.svg Requested by Host: www.naturalgoldllc.com URL: https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.35.109.2 Aberdeen, United States, ASN14955 (N-V-C - Northern Valley Communications LLC, US), Reverse DNS host10.portalwebhosting.com Software Apache / Resource Hash `3ccf95af185c5424f2712eb833f77bbc7b34113e520cb8114d3beb28b8e6eebc` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.naturalgoldllc.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.naturalgoldllc.com/1/assets/css/main.css Cookie PHPSESSID=a0te2o52mqeuhuogfh5lvfsqs0 Connection keep-alive Cache-Control no-cache Referer https://www.naturalgoldllc.com/1/assets/css/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Response headers Date Tue, 24 Oct 2017 08:56:24 GMT Last-Modified Tue, 24 Oct 2017 05:32:55 GMT Server Apache Content-Type image/svg+xml Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1347 Expires Tue, 07 Nov 2017 08:56:24 GMT
GET H/1.1	200 OK	logo.svg www.naturalgoldllc.com/1/assets/img/	6 KB 6 KB	373ms 125ms	Image image/svg+xml	66.35.109.2 Northern Valley C...
General Check archive.org Show headers Download Go to Show image Full URL https://www.naturalgoldllc.com/1/assets/img/logo.svg Requested by Host: www.naturalgoldllc.com URL: https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.35.109.2 Aberdeen, United States, ASN14955 (N-V-C - Northern Valley Communications LLC, US), Reverse DNS host10.portalwebhosting.com Software Apache / Resource Hash `2d2e43923f37779a866c3f4769511065163657761f8d0bfb55a9101473c9de9c` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.naturalgoldllc.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.naturalgoldllc.com/1/assets/css/main.css Cookie PHPSESSID=a0te2o52mqeuhuogfh5lvfsqs0 Connection keep-alive Cache-Control no-cache Referer https://www.naturalgoldllc.com/1/assets/css/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Response headers Date Tue, 24 Oct 2017 08:56:24 GMT Last-Modified Tue, 24 Oct 2017 05:32:55 GMT Server Apache Content-Type image/svg+xml Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 6220 Expires Tue, 07 Nov 2017 08:56:24 GMT
GET H/1.1	200 OK	001.woff www.naturalgoldllc.com/1/assets/fonts/	20 KB 20 KB	251ms 128ms	Font application/font-woff	66.35.109.2 Northern Valley C...
General Check archive.org Show headers Download Go to Full URL https://www.naturalgoldllc.com/1/assets/fonts/001.woff Requested by Host: www.naturalgoldllc.com URL: https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.35.109.2 Aberdeen, United States, ASN14955 (N-V-C - Northern Valley Communications LLC, US), Reverse DNS host10.portalwebhosting.com Software Apache / Resource Hash `f7c3c00549fdb20fa48e7b87575ad272f0bf2aeb5165158fc5a7e4a7a628e0f5` Request headers Pragma no-cache Origin https://www.naturalgoldllc.com Accept-Encoding gzip, deflate Host www.naturalgoldllc.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Accept / Referer https://www.naturalgoldllc.com/1/assets/css/main.css Cookie PHPSESSID=a0te2o52mqeuhuogfh5lvfsqs0 Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Referer https://www.naturalgoldllc.com/1/assets/css/main.css Origin https://www.naturalgoldllc.com Response headers Date Tue, 24 Oct 2017 08:56:24 GMT Last-Modified Tue, 24 Oct 2017 05:32:55 GMT Server Apache Content-Type application/font-woff Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 20900 Expires Tue, 07 Nov 2017 08:56:24 GMT
GET H/1.1	200 OK	ico_help.svg www.naturalgoldllc.com/1/assets/img/	2 KB 2 KB	379ms 128ms	Image image/svg+xml	66.35.109.2 Northern Valley C...
General Check archive.org Show headers Download Go to Show image Full URL https://www.naturalgoldllc.com/1/assets/img/ico_help.svg Requested by Host: www.naturalgoldllc.com URL: https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.35.109.2 Aberdeen, United States, ASN14955 (N-V-C - Northern Valley Communications LLC, US), Reverse DNS host10.portalwebhosting.com Software Apache / Resource Hash `b4eb8dbf6c22c2aab173ffd8303bdcc9435558b1ba182cee3aff8e56007f70a1` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host www.naturalgoldllc.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* https://www.naturalgoldllc.com/1/assets/css/main.css Cookie PHPSESSID=a0te2o52mqeuhuogfh5lvfsqs0 Connection keep-alive Cache-Control no-cache Referer https://www.naturalgoldllc.com/1/assets/css/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Response headers Date Tue, 24 Oct 2017 08:56:24 GMT Last-Modified Tue, 24 Oct 2017 05:32:55 GMT Server Apache Content-Type image/svg+xml Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 1977 Expires Tue, 07 Nov 2017 08:56:24 GMT
GET H/1.1	200 OK	002.woff www.naturalgoldllc.com/1/assets/fonts/	14 KB 14 KB	252ms 126ms	Font application/font-woff	66.35.109.2 Northern Valley C...
General Check archive.org Show headers Download Go to Full URL https://www.naturalgoldllc.com/1/assets/fonts/002.woff Requested by Host: www.naturalgoldllc.com URL: https://www.naturalgoldllc.com/1/Login.php?sslchannel=true&form=AccountVerification&sessionid=oDlKhY5XCWixQt9jrQQocpCetWU3XDglhB6yzcvc9OK0hTjJJa7WzKa3G46EIn00Z6yyj4LtSvtapNU8 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.35.109.2 Aberdeen, United States, ASN14955 (N-V-C - Northern Valley Communications LLC, US), Reverse DNS host10.portalwebhosting.com Software Apache / Resource Hash `d0e4af782fbda59555e0477a23be08bac76f32490724128b5ec80272a640daf1` Request headers Pragma no-cache Origin https://www.naturalgoldllc.com Accept-Encoding gzip, deflate Host www.naturalgoldllc.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Accept / Referer https://www.naturalgoldllc.com/1/assets/css/main.css Cookie PHPSESSID=a0te2o52mqeuhuogfh5lvfsqs0 Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/62.0.3202.62 Safari/537.36 Referer https://www.naturalgoldllc.com/1/assets/css/main.css Origin https://www.naturalgoldllc.com Response headers Date Tue, 24 Oct 2017 08:56:24 GMT Last-Modified Tue, 24 Oct 2017 05:32:55 GMT Server Apache Content-Type application/font-woff Cache-Control max-age=1209600 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 14516 Expires Tue, 07 Nov 2017 08:56:24 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Santander (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.naturalgoldllc.com/	1970-01-01 00:00:00	Name: PHPSESSID Value: a0te2o52mqeuhuogfh5lvfsqs0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

drw.sh
intelia.nc
www.intelia.nc
www.naturalgoldllc.com
103.250.232.64
195.88.252.66
66.35.109.2
19d199821490b6ebd7245be0d4b3fe3c5f65657b6a934a54de2504c77a6261f5
2d2e43923f37779a866c3f4769511065163657761f8d0bfb55a9101473c9de9c
36c2cccb3698aa4fa146b99fad51d3377681993b7b9839e52d8bdcca5c596588
3ccf95af185c5424f2712eb833f77bbc7b34113e520cb8114d3beb28b8e6eebc
555c7c69be583638ac6885e8245cc9a3bcc14b131636180833954d7b997b9aa4
5c9cd34417b7cf4b379b79ccfb7c7dc7ed1db4831d7570b09bd5d5d0f24d8fe0
b4eb8dbf6c22c2aab173ffd8303bdcc9435558b1ba182cee3aff8e56007f70a1
b55a0911869a37b7d28b80dab20ccc3ff25fa11c4b42259f30ea75a1641a5ee4
d0e4af782fbda59555e0477a23be08bac76f32490724128b5ec80272a640daf1
f7c3c00549fdb20fa48e7b87575ad272f0bf2aeb5165158fc5a7e4a7a628e0f5

www.naturalgoldllc.com Open in urlscan Pro 66.35.109.2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

2 IPs

3 Countries

190 kBTransfer

216 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

www.naturalgoldllc.com Open in urlscan Pro
66.35.109.2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

2
IPs

3
Countries

190 kB
Transfer

216 kB
Size

1
Cookies

10 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!