dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login.php?&sessionid=f066c4adb2048ac01caf6e9cf8fac0bb&securessl=true
13.66.226.80200 OK 643 B URL User Request GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login.php?&sessionid=f066c4adb2048ac01caf6e9cf8fac0bb&securessl=true
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type HTML document, ASCII text
Hash d18073cccfb51073c7396acbdbfa32f1
d2ce017b291bb37e2c0885f1bc8d65ba3919b230
1170c4dcd75aa4be6e54f2ecce07403f56f30fc36db02ac34d2a0f4e1edf8c5f
Analyzer Verdict Alert OpenPhish phishing NatWest Personal Banking
Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login.php?&sessionid=f066c4adb2048ac01caf6e9cf8fac0bb&securessl=true HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 643
Content-Type: text/html; charset=utf-8
Date: Fri, 29 Mar 2024 00:02:37 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
Set-Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3;Path=/;HttpOnly;Secure;Domain=dmca-blog.azurewebsites.net
ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3;Path=/;HttpOnly;SameSite=None;Secure;Domain=dmca-blog.azurewebsites.net
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.30, ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
13.66.226.80200 OK 7.0 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login.php?&sessionid=f066c4adb2048ac01caf6e9cf8fac0bb&securessl=true
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (543)
Hash 97aa45dc262418b0f53c3a9e84a908ac
a69cce0c18235c75dcba9c7a6a331f80ada94878
530ccda0ee7591153bb7b5fe19cfd17ae20d4c99f1d358d4daf1226ae2848acd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/login.php HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login.php?&sessionid=f066c4adb2048ac01caf6e9cf8fac0bb&securessl=true
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: frame
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 7004
Content-Type: text/html; charset=utf-8
Date: Fri, 29 Mar 2024 00:02:37 GMT
Server: Microsoft-IIS/10.0
Content-Encoding: gzip
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.30, ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/favicon.ico
13.66.226.80200 OK 2.2 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/favicon.ico
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login.php?&sessionid=f066c4adb2048ac01caf6e9cf8fac0bb&securessl=true
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel
Hash d0ab1861f850d4514edaa1696b3b5ce2
8fbdfef1335ccf858072297caef21e1925a44d11
9bbf91204e8022d01c859c92c1d9218ac4859de521548856534b48ac2e7849a8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/favicon.ico HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login.php?&sessionid=f066c4adb2048ac01caf6e9cf8fac0bb&securessl=true
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 2238
Content-Type: image/x-icon
Date: Fri, 29 Mar 2024 00:02:37 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "48a016a1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:58 GMT
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/master.css
13.66.226.80200 OK 29 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/master.css
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type Unicode text, UTF-8 (with BOM) text, with very long lines (572), with CRLF line terminators
Hash 69113886d1ed06ef39f72056bcd95f2b
9e505b9fab7b97d0c3226e51ab85a66e94310cf4
16f897d87bfce9188443a91e9da8080c918cccab762c09e66de776fa0452d829
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/master.css HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 28919
Content-Type: text/css
Date: Fri, 29 Mar 2024 00:02:37 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "806b1ca1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:59 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/master_mobile.css
13.66.226.80200 OK 5.3 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/master_mobile.css
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type ASCII text, with CRLF line terminators
Hash e3c125a225575a14b914a3e4cb3c13f2
a3e07af2a75b7fe4c20df990b00dfe827a1edf02
8d19ce7511c97d861471b938de9d7a3375599c0326f5ea6d72a362ebbded1bcd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/master_mobile.css HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 5269
Content-Type: text/css
Date: Fri, 29 Mar 2024 00:02:37 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "0d583a0603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:58 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/overlayPromptMaster.css
13.66.226.80200 OK 716 B URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/overlayPromptMaster.css
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type ASCII text, with CRLF line terminators
Hash a584c6aa591fd1477ac50c9abd09410e
7615d67cf6cb4556a7abf44e9e009a7d234487f6
643d4d52a1a24515822f6a30683f901bb5dd16c251d88caece27ab2713457272
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/overlayPromptMaster.css HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 716
Content-Type: text/css
Date: Fri, 29 Mar 2024 00:02:37 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "965027a1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:59 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/npc.css
13.66.226.80200 OK 9.5 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/npc.css
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type ASCII text, with very long lines (487), with CRLF line terminators
Hash c8e6883aac71998669f8f00b515e675d
5511db5288c547fe345019a167fc2f64a4f9e5eb
6ef50f168430fe859b5ee6aae7fa42302e739147f9837f573b0e45447914d073
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/npc.css HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 9468
Content-Type: text/css
Date: Fri, 29 Mar 2024 00:02:37 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "806b1ca1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:59 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/overlayPrompt.css
13.66.226.80200 OK 181 B URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/overlayPrompt.css
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type ASCII text, with CRLF line terminators
Hash 82a1b6373fa17d314053cb7173954338
7e2ba5b991ccf1c31c1f1070f74124bc30a1f97d
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/overlayPrompt.css HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 181
Content-Type: text/css
Date: Fri, 29 Mar 2024 00:02:37 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "82219a1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:58 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/datePicker.css
13.66.226.80200 OK 948 B URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/datePicker.css
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type ASCII text, with CRLF line terminators
Hash 6cd52f8aebec5bee2639a3be6dac08e0
4a21d60e51148a0a6ac82c318899bb5b0f48b2be
14714f651128eff786763144294b0e7c67529d317ac5371632bbf8fb659866ff
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/datePicker.css HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 948
Content-Type: text/css
Date: Fri, 29 Mar 2024 00:02:37 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "84db11a1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:58 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/loginWithCardPAN.js
13.66.226.80200 OK 9.4 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/loginWithCardPAN.js
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (7339), with CRLF, LF line terminators
Hash b22a09a86eae85d164c147ca32882fe4
a6c277c86be58cc0bee6bf06f7ca13d6dd6a7f22
2079fe09bfad43b2d2197de976ee9835a37e63fa2d4e79276a0e96a63b31226f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/loginWithCardPAN.js HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 9353
Content-Type: application/x-javascript
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "0364a93f169da1:0"
Last-Modified: Wed, 28 Feb 2024 02:55:24 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/ScriptCombiner.js
13.66.226.80200 OK 43 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/ScriptCombiner.js
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type JavaScript source, ASCII text, with very long lines (32077)
Hash c49702ea1de9e549d41cefb7133190f5
53faa48bb34beda06461ab7f9c4d5bb7b10277a1
a4be1b4af52af469066b98c83fb129ad5a29098e701ba4621a20cbe0c2b878c4
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/ScriptCombiner.js HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 42701
Content-Type: application/x-javascript
Date: Fri, 29 Mar 2024 00:02:37 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "0364a93f169da1:0"
Last-Modified: Wed, 28 Feb 2024 02:55:24 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/error-marker.png
13.66.226.80200 OK 1.1 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/error-marker.png
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced
Hash 50f1540b40bf348f927c3ed21aba72b3
b8c94013139462b49a2422ba947a7a8fede3552e
27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/error-marker.png HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1090
Content-Type: image/png
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "3fc71da1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:59 GMT
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/master_print.css
13.66.226.80200 OK 1.8 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/master_print.css
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type ASCII text, with very long lines (313), with CRLF line terminators
Hash d62653f24aaa1cb90f933e2647c58704
05422866e209bd835499c555b2a25bc0c9d3bf43
1acd7d03edc5d90866fd012355c352efbb02f38c9334cffd4a9f321b4d713491
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/master_print.css HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1836
Content-Type: text/css
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "806b1ca1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:59 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/LI5_tabA.gif
13.66.226.80200 OK 1.5 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/LI5_tabA.gif
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type GIF image data, version 89a, 125 x 30
Hash 78d5aea1d55841ea1819e8248af7a50a
0fe48b762acdc04b4db5e95cdd4261f13d64b0ea
23d5df83d5a429e895043a5ce3b11b682e3d0b182d1032b89b0596de272f1a7e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/LI5_tabA.gif HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1507
Content-Type: image/gif
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "e6641ba1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:58 GMT
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/logo.png
13.66.226.80200 OK 3.1 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/logo.png
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type PNG image data, 120 x 20, 8-bit/color RGBA, non-interlaced
Hash 2c481b8feebf44c63680aefc647122f8
73613b8da391e12443dcbc756c0fe48e31fe620a
917942589e5b140755ee83bb4720ca9c1bbf7705f44f51a78ba1ffa635420c50
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/logo.png HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 3053
Content-Type: image/png
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "e6641ba1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:58 GMT
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/LI5_tabB.gif
13.66.226.80200 OK 1.6 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/LI5_tabB.gif
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type GIF image data, version 89a, 157 x 30
Hash de5dc956e0753cda419179f5552803cc
5a767c94378111ff6333492c78d2453192dcfe51
e4a1b9628a61642629299077aa8074e3ee6b280d397efa0d7220c7b09efe8522
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/LI5_tabB.gif HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1627
Content-Type: image/gif
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "c73d14a1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:58 GMT
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/NPC_auralstyle.css
13.66.226.80200 OK 407 B URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/NPC_auralstyle.css
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type ASCII text, with CRLF line terminators
Hash 93e9cd4fd7b13643ea235b7f289b5bc7
3dab859078ae2ce3aee283c287c2577a7bd1d28c
04c45c81e1298e703f3bde9cec27446450294330ae06bd24c9f9343b264462e9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/NPC_auralstyle.css HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 407
Content-Type: text/css
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Content-Encoding: gzip
ETag: "69ee24a1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:59 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/RNHouseSansW03-Regular.woff
13.66.226.80404 Not Found 103 B URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/RNHouseSansW03-Regular.woff
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type ASCII text, with no line terminators
Hash 96c5637e1eb8f8f8c34172f2d23eafc6
2a416f86c3c9e26f9c34bf1f8b1bb5daa46e86f9
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/RNHouseSansW03-Regular.woff HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/npc.css
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/RNHouseSansW03-Bold.woff
13.66.226.80404 Not Found 103 B URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/RNHouseSansW03-Bold.woff
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type ASCII text, with no line terminators
Hash 96c5637e1eb8f8f8c34172f2d23eafc6
2a416f86c3c9e26f9c34bf1f8b1bb5daa46e86f9
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/RNHouseSansW03-Bold.woff HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/npc.css
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/alert.png
13.66.226.80200 OK 1.3 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/alert.png
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type PNG image data, 23 x 23, 8-bit/color RGBA, non-interlaced
Hash e241d9fa36691df1570c90cd00bae60e
4a7def0bd5dc0f82ee22a9617a2b4c396bc2ea8c
d6f01bdb67a342b50dacb894a4cc585dbe700da9dd373886ade1480113972cc1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/alert.png HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/npc.css
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1305
Content-Type: image/png
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "965027a1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:59 GMT
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/white-lock.png
13.66.226.80200 OK 285 B URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/white-lock.png
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
Hash 4a3360fb538fcc33db66e22afbd18715
112eca49dcfede70854283a7c51fba6e8a96a4df
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/white-lock.png HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/npc.css
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 285
Content-Type: image/png
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "e6641ba1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:58 GMT
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/radio-normal.png
13.66.226.80200 OK 1.3 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/radio-normal.png
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type PNG image data, 32 x 32, 8-bit/color RGBA, interlaced
Hash e2dc7e58fe2e02e222d3a14b1fc5650d
580597e94f267ea7f868f5302839287f393a05dc
1ec277d20cb0b2b9d72322f3cc32d988435978a6a8f72b28e0f8ac8b1bf17a72
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/radio-normal.png HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/npc.css
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 1317
Content-Type: image/png
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "48a016a1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:58 GMT
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/down-chevron.png
13.66.226.80200 OK 295 B URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/down-chevron.png
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type PNG image data, 13 x 8, 8-bit/color RGBA, non-interlaced
Hash 5d1201e574de6bb2d10db83ade0d098d
b28bb6abd4cf048f7cebe0ee459c3511c0a22df7
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/down-chevron.png HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/npc.css
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 295
Content-Type: image/png
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "69ee24a1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:59 GMT
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/right-chevron.png
13.66.226.80200 OK 314 B URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/right-chevron.png
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type PNG image data, 8 x 13, 8-bit/color RGBA, non-interlaced
Hash c8cf50a763fe261c3ba16f7790d9f903
0b96bcc0bd81d91d0365e847de939eeaefff7db0
8580c2293c3da84700196ef73b13efbd37130887317f497a6bf75583956aac13
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/right-chevron.png HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/npc.css
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 314
Content-Type: image/png
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "82219a1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:58 GMT
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/security.gif
13.66.226.80200 OK 6.1 kB URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/security.gif
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type GIF image data, version 89a, 543 x 86
Hash 98c7b877a2c1dd40ba0b2b78277342b1
246fcc589473a1efe6536821a4fb0010bf4530ee
e3c202c787d4eef5e65ab55ba52edc7113255175d2615a674e59f19ff26bc6fe
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/login_files/security.gif HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 6122
Content-Type: image/gif
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
ETag: "82219a1603dda1:0"
Last-Modified: Tue, 02 Jan 2024 09:46:58 GMT
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/fonts/RNHouseSansW03-Regular.ttf
13.66.226.80404 Not Found 103 B URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/fonts/RNHouseSansW03-Regular.ttf
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type ASCII text, with no line terminators
Hash 96c5637e1eb8f8f8c34172f2d23eafc6
2a416f86c3c9e26f9c34bf1f8b1bb5daa46e86f9
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/fonts/RNHouseSansW03-Regular.ttf HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/npc.css
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/fonts/RNHouseSansW03-Bold.ttf
13.66.226.80404 Not Found 103 B URL GET HTTP/1.1 dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/fonts/RNHouseSansW03-Bold.ttf
IP 13.66.226.80:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/login.php
Certificate IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint86:73:F1:14:E5:8B:53:D7:62:DF:08:F8:48:D9:25:29:0C:7D:44:7F
ValidityWed, 13 Mar 2024 01:33:09 GMT - Sat, 08 Mar 2025 01:33:09 GMT
File type ASCII text, with no line terminators
Hash 96c5637e1eb8f8f8c34172f2d23eafc6
2a416f86c3c9e26f9c34bf1f8b1bb5daa46e86f9
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /wp-content/nunu/natwest3/mobile/fonts/RNHouseSansW03-Bold.ttf HTTP/1.1
Host: dmca-blog.azurewebsites.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dmca-blog.azurewebsites.net/wp-content/nunu/natwest3/mobile/login_files/npc.css
Cookie: ARRAffinity=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3; ARRAffinitySameSite=5c3b3eeb308eb53980891741456831fd17b082f53c89f03c9c9dcc2d905209a3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Date: Fri, 29 Mar 2024 00:02:38 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET