vindvashnidevelopers.com Open in urlscan Pro
103.224.247.94 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075...
Submission: On May 31 via automatic, source phishtank (May 31st 2018, 5:10:47 am UTC)

Summary HTTP 29 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 29 HTTP transactions. The main IP is 103.224.247.94, located in India and belongs to WEBWERKS-AS Web Werks India Pvt Ltd, IN. The main domain is vindvashnidevelopers.com.

This is the only time vindvashnidevelopers.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NatWest (Banking)

Domain & IP information

	IP Address	AS Autonomous System
5	103.224.247.94 103.224.247.94	133295 (WEBWERKS-...) (WEBWERKS-AS Web Werks India Pvt Ltd)
1	155.136.80.213 155.136.80.213	21054 (RBSG-UK-A...) (RBSG-UK-AS Edinburgh)
29	3

5 103.224.247.94 (India)

ASN133295 (WEBWERKS-AS Web Werks India Pvt Ltd, IN)

vindvashnidevelopers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 155.136.80.213 (London, United Kingdom)

ASN21054 (RBSG-UK-AS Edinburgh, GB)

www.natwest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	vindvashnidevelopers.com vindvashnidevelopers.com	101 KB
1	natwest.com www.natwest.com	6 KB
0	nwolb.com Failed www.nwolb.com Failed
29	3

	Domain	Requested by
5	vindvashnidevelopers.com	vindvashnidevelopers.com
1	www.natwest.com	vindvashnidevelopers.com
0	www.nwolb.com Failed	vindvashnidevelopers.com
29	3

This site contains links to these domains. Also see Links.

Domain
www.nwolb.com
www.natwest.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075694a1fc6edf4e6dbfecd
Frame ID: 0AC57AB26C43647FC8A8D5FA02081139
Requests: 29 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

29
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

107 kB
Transfer

106 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nwolb.com/login.aspx
Title: Return to start of screen / Access key details

Search URL Search Domain Scan URL

URL: https://www.nwolb.com/Login.aspx
Title: LOG IN

Search URL Search Domain Scan URL

URL: http://www.natwest.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request a5px.html Show response vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/	19 KB 19 KB	146ms 146ms	Document text/html	103.224.247.94 WEBWERKS-AS Web W...
General Check archive.org Show headers Download Go to Full URL http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075694a1fc6edf4e6dbfecd Protocol HTTP/1.1 Server 103.224.247.94 , India, ASN133295 (WEBWERKS-AS Web Werks India Pvt Ltd, IN), Reverse DNS Software Apache / Resource Hash `a54c30b84606d3dbcab5dc304f6c51a319ddf3ca230bfacf0841d6d05776bb59` Request headers Host vindvashnidevelopers.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 0AC57AB26C43647FC8A8D5FA02081139 Response headers Date Thu, 31 May 2018 05:10:00 GMT Server Apache Last-Modified Mon, 11 Dec 2017 07:55:39 GMT Accept-Ranges bytes Content-Length 18952 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html
GET		master_new.css www.nwolb.com/Brands/	0 0

GET		datePicker.css www.nwolb.com/Brands/jq_styles/	0 0

GET H/1.1	200 OK	npc_new.css vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/inc/	36 KB 37 KB	421ms 421ms	Stylesheet text/css	103.224.247.94 WEBWERKS-AS Web W...
General Check archive.org Show headers Download Go to Full URL http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/inc/npc_new.css Requested by Host: vindvashnidevelopers.com URL: http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075694a1fc6edf4e6dbfecd Protocol HTTP/1.1 Server 103.224.247.94 , India, ASN133295 (WEBWERKS-AS Web Werks India Pvt Ltd, IN), Reverse DNS Software Apache / Resource Hash `ba004e1f088f44a5cc457c94b2dd11d9057a963c5433793ee0d52ca8ae52fbed` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host vindvashnidevelopers.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept text/css,/;q=0.1 Referer http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075694a1fc6edf4e6dbfecd Connection keep-alive Cache-Control no-cache Referer http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075694a1fc6edf4e6dbfecd User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Thu, 31 May 2018 05:10:00 GMT Last-Modified Mon, 11 Dec 2017 07:55:39 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 37189
GET		overlayPromptMaster.css www.nwolb.com/promptResources/templates/overlayTemplate/	0 0

GET		overlayPrompt.css www.nwolb.com/promptResources/templates/overlayTemplate/NPC/	0 0

GET		autoTab.js www.nwolb.com/Brands/	0 0

GET H/1.1	404 Not Found	Cookie set common.aspx vindvashnidevelopers.com/Brands/	0 0	808ms 664ms	Script text/html	103.224.247.94 WEBWERKS-AS Web W...
General Check archive.org Show headers Download Go to Full URL http://vindvashnidevelopers.com/Brands/common.aspx Requested by Host: vindvashnidevelopers.com URL: http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075694a1fc6edf4e6dbfecd Protocol HTTP/1.1 Server 103.224.247.94 , India, ASN133295 (WEBWERKS-AS Web Werks India Pvt Ltd, IN), Reverse DNS Software Apache / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host vindvashnidevelopers.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept / Referer http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075694a1fc6edf4e6dbfecd Connection keep-alive Cache-Control no-cache Referer http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075694a1fc6edf4e6dbfecd User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Pragma no-cache Date Thu, 31 May 2018 05:10:00 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Set-Cookie PHPSESSID=pef5j9np2fi9iuv40u4ehkn9n7; path=/ Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <http://vindvashnidevelopers.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=100 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET		uf.js www.nwolb.com/brands/NWB/javascript/	0 0

GET		mm.aspx www.nwolb.com/Brands/	0 0

GET		pa.js www.nwolb.com/brands/NWB/javascript/	0 0

GET		NPC_auralstyle.css www.nwolb.com/Brands/NWB/css/	0 0

GET		master_print.css www.nwolb.com/Brands/	0 0

GET		logo.png www.nwolb.com/brands/NWB/images/	0 0

GET		json2.js www.nwolb.com/Brands/RSA_js/	0 0

GET		fp_AA.js www.nwolb.com/Brands/RSA_js/	0 0

GET		AC_OETags.js www.nwolb.com/Brands/RSA_js/	0 0

GET		rsaHiddenInputFieldsjs.aspx www.nwolb.com/Brands/RSA_js/	0 0

GET		rsaDetectAndRunFlashObjectjs.aspx www.nwolb.com/Brands/RSA_js/	0 0

GET		LI5_tabA.gif www.nwolb.com/Brands/NWB/images/	0 0

GET		LI5_tabB.gif www.nwolb.com/Brands/NWB/images/	0 0

GET		error.gif www.nwolb.com/Brands/NWB/images/	0 0

GET H/1.1	200 OK	security.gif www.natwest.com/olb/banners/default/	6 KB 6 KB	37ms 34ms	Image image/gif	155.136.80.213 RBSG-UK-AS Edinburgh
General Check archive.org Show headers Download Go to Show image Full URL https://www.natwest.com/olb/banners/default/security.gif Requested by Host: vindvashnidevelopers.com URL: http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075694a1fc6edf4e6dbfecd Protocol HTTP/1.1 Server 155.136.80.213 London, United Kingdom, ASN21054 (RBSG-UK-AS Edinburgh, GB), Reverse DNS Software Microsoft-IIS/6.0 / ASP.NET Resource Hash `e3c202c787d4eef5e65ab55ba52edc7113255175d2615a674e59f19ff26bc6fe` Request headers Referer http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075694a1fc6edf4e6dbfecd User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers Date Thu, 31 May 2018 05:10:36 GMT Last-Modified Wed, 09 Aug 2017 05:23:01 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET ETag "368ca291cf10d31:0" Content-Type image/gif Accept-Ranges bytes Content-Length 6122
GET		white-lock.png www.nwolb.com/Brands/NWB/images/	0 0

GET H/1.1	200 OK	RNHouseSansW01-Regular.woff vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/inc/fonts/	22 KB 22 KB	143ms 142ms	Font font/woff	103.224.247.94 WEBWERKS-AS Web W...
General Check archive.org Show headers Download Go to Full URL http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/inc/fonts/RNHouseSansW01-Regular.woff Requested by Host: vindvashnidevelopers.com URL: http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075694a1fc6edf4e6dbfecd Protocol HTTP/1.1 Server 103.224.247.94 , India, ASN133295 (WEBWERKS-AS Web Werks India Pvt Ltd, IN), Reverse DNS Software Apache / Resource Hash `faec2bd1524ea1127fb1a6fa6f9cc3af135442f296c125851d9d2398c7d1368a` Request headers Pragma no-cache Origin http://vindvashnidevelopers.com Accept-Encoding gzip, deflate Host vindvashnidevelopers.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept / Referer http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/inc/npc_new.css Cookie PHPSESSID=pef5j9np2fi9iuv40u4ehkn9n7 Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Referer http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/inc/npc_new.css Origin http://vindvashnidevelopers.com Response headers Date Thu, 31 May 2018 05:10:01 GMT Last-Modified Mon, 11 Dec 2017 07:55:39 GMT Server Apache Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 22688
GET H/1.1	200 OK	RNHouseSansW01-Bold.woff vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/inc/fonts/	23 KB 23 KB	504ms 503ms	Font font/woff	103.224.247.94 WEBWERKS-AS Web W...
General Check archive.org Show headers Download Go to Full URL http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/inc/fonts/RNHouseSansW01-Bold.woff Requested by Host: vindvashnidevelopers.com URL: http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/a5px.html?refferent1d=;c4f8a46a4075694a1fc6edf4e6dbfecdc4f8a46a4075694a1fc6edf4e6dbfecd Protocol HTTP/1.1 Server 103.224.247.94 , India, ASN133295 (WEBWERKS-AS Web Werks India Pvt Ltd, IN), Reverse DNS Software Apache / Resource Hash `dbc1cad17ed91a5684d115f609df37622969737bc3a0db64c7e8b8c20b994e30` Request headers Pragma no-cache Origin http://vindvashnidevelopers.com Accept-Encoding gzip, deflate Host vindvashnidevelopers.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Accept / Referer http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/inc/npc_new.css Cookie PHPSESSID=pef5j9np2fi9iuv40u4ehkn9n7 Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Referer http://vindvashnidevelopers.com/wp-includes/js/natwest/nw0lb/inc/npc_new.css Origin http://vindvashnidevelopers.com Response headers Date Thu, 31 May 2018 05:10:01 GMT Last-Modified Mon, 11 Dec 2017 07:55:39 GMT Server Apache Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 23120
GET		footerBackground.png www.nwolb.com/Brands/NWB/images/backgrounds/	0 0

GET		arrow_left_white.gif www.nwolb.com/Brands/NWB/images/	0 0

GET		li5_outer_frame_top_curve.gif www.nwolb.com/Brands/NWB/images/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/master_new.css

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/jq_styles/datePicker.css

Domain: www.nwolb.com
URL: https://www.nwolb.com/promptResources/templates/overlayTemplate/overlayPromptMaster.css

Domain: www.nwolb.com
URL: https://www.nwolb.com/promptResources/templates/overlayTemplate/NPC/overlayPrompt.css

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/autoTab.js

Domain: www.nwolb.com
URL: https://www.nwolb.com/brands/NWB/javascript/uf.js

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/mm.aspx

Domain: www.nwolb.com
URL: https://www.nwolb.com/brands/NWB/javascript/pa.js

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/NWB/css/NPC_auralstyle.css

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/master_print.css

Domain: www.nwolb.com
URL: https://www.nwolb.com/brands/NWB/images/logo.png

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/RSA_js/json2.js

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/RSA_js/fp_AA.js

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/RSA_js/AC_OETags.js

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/RSA_js/rsaHiddenInputFieldsjs.aspx

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/RSA_js/rsaDetectAndRunFlashObjectjs.aspx

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/NWB/images/LI5_tabA.gif

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/NWB/images/LI5_tabB.gif

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/NWB/images/error.gif

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/NWB/images/white-lock.png

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/NWB/images/backgrounds/footerBackground.png

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/NWB/images/arrow_left_white.gif

Domain: www.nwolb.com
URL: https://www.nwolb.com/Brands/NWB/images/li5_outer_frame_top_curve.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NatWest (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Data function| nww

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			vindvashnidevelopers.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: pef5j9np2fi9iuv40u4ehkn9n7

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

vindvashnidevelopers.com
www.natwest.com
www.nwolb.com
www.nwolb.com
103.224.247.94
155.136.80.213
a54c30b84606d3dbcab5dc304f6c51a319ddf3ca230bfacf0841d6d05776bb59
ba004e1f088f44a5cc457c94b2dd11d9057a963c5433793ee0d52ca8ae52fbed
dbc1cad17ed91a5684d115f609df37622969737bc3a0db64c7e8b8c20b994e30
e3c202c787d4eef5e65ab55ba52edc7113255175d2615a674e59f19ff26bc6fe
faec2bd1524ea1127fb1a6fa6f9cc3af135442f296c125851d9d2398c7d1368a

vindvashnidevelopers.com Open in urlscan Pro 103.224.247.94 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

29 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

107 kBTransfer

106 kBSize

1 Cookies

3 Outgoing links

Redirected requests

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Indicators

vindvashnidevelopers.com Open in urlscan Pro
103.224.247.94 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

29
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

107 kB
Transfer

106 kB
Size

1
Cookies

29 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!