peruanatravel.com Open in urlscan Pro
51.161.15.114 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nbt-banks.com/
Effective URL:
https://peruanatravel.com/nbt/
Submission: On May 02 via api (May 2nd 2020, 3:08:21 pm UTC) from DE

Summary HTTP 19 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 19 HTTP transactions. The main IP is 51.161.15.114, located in Canada and belongs to OVH, FR. The main domain is peruanatravel.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 25th 2020. Valid for: 3 months.

This is the only time peruanatravel.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Suntrust (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.64.119.168 192.64.119.168	22612 (NAMECHEAP...) (NAMECHEAP-NET)
19	51.161.15.114 51.161.15.114	16276 (OVH) (OVH)
19	2

1 192.64.119.168 (Los Angeles, United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)

nbt-banks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 51.161.15.114 (Canada)

ASN16276 (OVH, FR)
PTR: sha.gnservername.net

peruanatravel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	peruanatravel.com peruanatravel.com	2 MB
1	nbt-banks.com 1 redirects nbt-banks.com	248 B
19	2

	Domain	Requested by
19	peruanatravel.com	peruanatravel.com
1	nbt-banks.com	1 redirects
19	2

This site contains links to these domains. Also see Links.

Domain
onupmovement.suntrust.com

Subject Issuer	Validity	Valid
peruanatravel.com cPanel, Inc. Certification Authority	`2020-02-25` - `2020-05-25`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://peruanatravel.com/nbt/
Frame ID: 6360797780A510DFB7F593A55B767C02
Requests: 20 HTTP requests in this frame

Frame: https://peruanatravel.com/nbt/index_files/dest5.html
Frame ID: 215A292D0602B21E47294123620E2E42
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://nbt-banks.com/ HTTP 301
https://peruanatravel.com/nbt/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1616 kB
Transfer

1714 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://onupmovement.suntrust.com/onup-movement/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nbt-banks.com/ HTTP 301
https://peruanatravel.com/nbt/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response peruanatravel.com/nbt/ Redirect Chain http://nbt-banks.com/ https://peruanatravel.com/nbt/	55 KB 22 KB	448ms 176ms	Document text/html	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `81e1e4d0081b3ec5590fcc715a1118e3a6e5df01b660c4bc5dde1b9dfc27635d` Request headers Host peruanatravel.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Server Apache Content-Encoding gzip Vary Accept-Encoding Keep-Alive timeout=50, max=200 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Server nginx Date Sat, 02 May 2020 15:07:50 GMT Content-Type text/html; charset=utf-8 Content-Length 65 Connection keep-alive Location https://peruanatravel.com/nbt/ X-Served-By Namecheap URL Forward
GET H/1.1	200 OK	s72308023492660 Show response peruanatravel.com/nbt/index_files/	5 KB 5 KB	347ms 115ms	Script text/plain	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/s72308023492660 Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `918c8b86bf2895ebcc7d15f9ee4b82cd2a2f45abcde4a34a2d40ce5e4de8a6bb` Request headers Referer https://peruanatravel.com/nbt/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Last-Modified Thu, 05 Dec 2019 21:57:08 GMT Server Apache Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=50, max=200 Content-Length 5365
GET H/1.1	200 OK	f48b60f8ce302cc9c9bb8d5f9e69e21a.js.download Show response peruanatravel.com/nbt/index_files/	44 KB 45 KB	350ms 116ms	Script application/javascript	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/f48b60f8ce302cc9c9bb8d5f9e69e21a.js.download Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `fc045a1b39debbd292842cd520aea7802b0dc7acf9b755cfc4bcaf01f89e99c1` Request headers Referer https://peruanatravel.com/nbt/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Last-Modified Thu, 05 Dec 2019 21:57:08 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=50, max=200 Content-Length 45319
GET H/1.1	200 OK	275a75f8354869c16dcdb1629c680ff7.js.download Show response peruanatravel.com/nbt/index_files/	19 KB 19 KB	357ms 119ms	Script application/javascript	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/275a75f8354869c16dcdb1629c680ff7.js.download Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `ae054a55797c163ebfb56ee64f821d8ebe765994cf624e831358874a1609e0f0` Request headers Referer https://peruanatravel.com/nbt/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Last-Modified Thu, 05 Dec 2019 21:57:08 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=50, max=200 Content-Length 19288
GET H/1.1	200 OK	serverComponent.php Show response peruanatravel.com/nbt/index_files/	520 B 567 B	263ms 133ms	Script text/html	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/serverComponent.php Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `08c4a9d53e72e49ee786d4487adc72c202a782de34c73142ab229cc2d23f6b2c` Request headers Referer https://peruanatravel.com/nbt/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection Keep-Alive Keep-Alive timeout=50, max=198
GET H/1.1	200 OK	cp_common.js.download Show response peruanatravel.com/nbt/index_files/	175 KB 176 KB	340ms 112ms	Script application/javascript	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/cp_common.js.download Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `f7689eee9cd66139448a3fb0f40529202c7d46434ec8779be39a5ebfac38819a` Request headers Referer https://peruanatravel.com/nbt/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Last-Modified Thu, 05 Dec 2019 21:57:10 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=50, max=200 Content-Length 179518
GET H/1.1	200 OK	styles.915dc6f7a89c9d6859e8.css peruanatravel.com/nbt/index_files/	15 KB 15 KB	128ms 113ms	Stylesheet text/css	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/styles.915dc6f7a89c9d6859e8.css Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `4254abde5abae8c9c52b741364d9b7d32eed1ffbeb6f18c7a36d2ddb003b0b03` Request headers Referer https://peruanatravel.com/nbt/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Last-Modified Thu, 05 Dec 2019 21:57:10 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=50, max=199 Content-Length 14990
GET H/1.1	200 OK	logo.png peruanatravel.com/nbt/	18 KB 19 KB	115ms 115ms	Image image/png	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://peruanatravel.com/nbt/logo.png Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `8355236c32e9396733d0b39df8726ee727a2e7e250d96f127f0664224949343b` Request headers Referer https://peruanatravel.com/nbt/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Last-Modified Wed, 29 Apr 2020 20:29:40 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=50, max=199 Content-Length 18882
GET H/1.1	200 OK	runtime.7d6aba6a1596ee0b757c.js.download Show response peruanatravel.com/nbt/index_files/	1 KB 1 KB	216ms 115ms	Script application/javascript	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/runtime.7d6aba6a1596ee0b757c.js.download Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `99331a4f60f0bb9b7424ce41cde77ea06e3e6808c14bc655a151591b9225060f` Request headers Referer https://peruanatravel.com/nbt/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Last-Modified Thu, 05 Dec 2019 21:57:10 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=50, max=200 Content-Length 1069
GET H/1.1	200 OK	polyfills.5bf38b25ff7d96d5f532.js.download Show response peruanatravel.com/nbt/index_files/	107 KB 108 KB	112ms 112ms	Script application/javascript	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/polyfills.5bf38b25ff7d96d5f532.js.download Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `a16e4cf91044b333c7d49bc879161a7f91e388369b549e1115bc9979bb684d37` Request headers Referer https://peruanatravel.com/nbt/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Last-Modified Thu, 05 Dec 2019 21:57:10 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=50, max=197 Content-Length 109847
GET H/1.1	200 OK	scripts.9eff4552f9b452ec78e0.js.download Show response peruanatravel.com/nbt/index_files/	195 KB 196 KB	115ms 115ms	Script application/javascript	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/scripts.9eff4552f9b452ec78e0.js.download Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `5c0c5bd17aa14e7788f740ec7e009b8e91113345fa1c2b53a3582f4e2ca509b4` Request headers Referer https://peruanatravel.com/nbt/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Last-Modified Thu, 05 Dec 2019 21:57:10 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=50, max=199 Content-Length 200168
GET H/1.1	200 OK	vendor.b6e1c45e63a4a0bb129c.js.download Show response peruanatravel.com/nbt/index_files/	541 KB 541 KB	114ms 114ms	Script application/javascript	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/vendor.b6e1c45e63a4a0bb129c.js.download Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `22a6ca8253e36b498be2d3c9eda427008c9ee6479bd22a530fe9284f37e05f00` Request headers Referer https://peruanatravel.com/nbt/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Last-Modified Thu, 05 Dec 2019 21:57:10 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=50, max=199 Content-Length 553518
GET H/1.1	200 OK	main.4d96d849e09143a39b5f.js.download Show response peruanatravel.com/nbt/index_files/	442 KB 442 KB	119ms 119ms	Script application/javascript	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/main.4d96d849e09143a39b5f.js.download Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `34d91e271c5ad8a0a7051815ed599ac15483380ad8dc0ed19508653e456dbe2c` Request headers Referer https://peruanatravel.com/nbt/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:51 GMT Last-Modified Thu, 05 Dec 2019 21:57:10 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=50, max=199 Content-Length 452514
GET H/1.1	404 Not Found	fs_albert-webfont.9f15d8cb81d8cbf3ed54.woff peruanatravel.com/nbt/index_files/	0 0	987ms 986ms	Font text/html	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/fs_albert-webfont.9f15d8cb81d8cbf3ed54.woff Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://peruanatravel.com/nbt/index_files/styles.915dc6f7a89c9d6859e8.css Origin https://peruanatravel.com Response headers Date Sat, 02 May 2020 15:07:52 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Cache-Control no-transform, no-cache, no-store, must-revalidate Transfer-Encoding chunked X-UA-Compatible IE=edge Connection Keep-Alive Link <https://peruanatravel.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=50, max=198 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `72a01ca0dd2f72570e26ed0e2fcb2e8d691c878ff3419170810c387ca6a68ab9` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bc6fe09d0f4d476f51fb63a231142cb285cc54777ca7e04e83537191ee292918` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	404 Not Found	fs_albert-bold-webfont.d46fe14537798ac2f2d0.woff peruanatravel.com/nbt/index_files/	0 0	889ms 889ms	Font text/html	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/fs_albert-bold-webfont.d46fe14537798ac2f2d0.woff Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://peruanatravel.com/nbt/index_files/styles.915dc6f7a89c9d6859e8.css Origin https://peruanatravel.com Response headers Date Sat, 02 May 2020 15:07:52 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Cache-Control no-transform, no-cache, no-store, must-revalidate Transfer-Encoding chunked X-UA-Compatible IE=edge Connection Keep-Alive Link <https://peruanatravel.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=50, max=199 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	config.json Show response peruanatravel.com/nbt/config/	84 KB 20 KB	743ms 742ms	XHR text/html	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/config/config.json?_=1588432072190 Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/index_files/polyfills.5bf38b25ff7d96d5f532.js.download Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `f2ef008a7f71b4f95d6e9c370754da3bdac141934347dfc1f0c34cbf2f9bf634` Request headers Accept application/json, text/javascript, /; q=0.01 Referer https://peruanatravel.com/nbt/ X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sat, 02 May 2020 15:07:52 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Cache-Control no-transform, no-cache, no-store, must-revalidate Transfer-Encoding chunked X-UA-Compatible IE=edge Connection Keep-Alive Link <https://peruanatravel.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=50, max=198 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	dest5.html Show response peruanatravel.com/nbt/index_files/ Frame 215A	7 KB 7 KB	118ms 118ms	Document text/html	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/dest5.html Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash `db8b87f2f587d00e5e0ad7304e30617e5d653ff87467330cd904d0ebab377702` Request headers Host peruanatravel.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site same-origin Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://peruanatravel.com/nbt/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://peruanatravel.com/nbt/ Response headers Date Sat, 02 May 2020 15:07:52 GMT Server Apache Last-Modified Thu, 05 Dec 2019 21:57:10 GMT Accept-Ranges bytes Content-Length 7341 Keep-Alive timeout=50, max=198 Connection Keep-Alive Content-Type text/html
GET H/1.1	404 Not Found	fs_albert-bold-webfont.e43a5c44dd83c0be15f4.ttf peruanatravel.com/nbt/index_files/	0 0	740ms 740ms	Font text/html	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/fs_albert-bold-webfont.e43a5c44dd83c0be15f4.ttf Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://peruanatravel.com/nbt/index_files/styles.915dc6f7a89c9d6859e8.css Origin https://peruanatravel.com Response headers Date Sat, 02 May 2020 15:07:53 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Cache-Control no-transform, no-cache, no-store, must-revalidate Transfer-Encoding chunked X-UA-Compatible IE=edge Connection Keep-Alive Link <https://peruanatravel.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=50, max=197 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	fs_albert-webfont.8d09e8367de12af210fa.ttf peruanatravel.com/nbt/index_files/	0 0	731ms 731ms	Font text/html	51.161.15.114 OVH
General Check archive.org Show headers Download Go to Full URL https://peruanatravel.com/nbt/index_files/fs_albert-webfont.8d09e8367de12af210fa.ttf Requested by Host: peruanatravel.com URL: https://peruanatravel.com/nbt/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 51.161.15.114 , Canada, ASN16276 (OVH, FR), Reverse DNS sha.gnservername.net Software Apache / Resource Hash Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://peruanatravel.com/nbt/index_files/styles.915dc6f7a89c9d6859e8.css Origin https://peruanatravel.com Response headers Date Sat, 02 May 2020 15:07:53 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Cache-Control no-transform, no-cache, no-store, must-revalidate Transfer-Encoding chunked X-UA-Compatible IE=edge Connection Keep-Alive Link <https://peruanatravel.com/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=50, max=198 Expires Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Suntrust (Banking)

241 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nbt-banks.com
peruanatravel.com
192.64.119.168
51.161.15.114
08c4a9d53e72e49ee786d4487adc72c202a782de34c73142ab229cc2d23f6b2c
22a6ca8253e36b498be2d3c9eda427008c9ee6479bd22a530fe9284f37e05f00
34d91e271c5ad8a0a7051815ed599ac15483380ad8dc0ed19508653e456dbe2c
4254abde5abae8c9c52b741364d9b7d32eed1ffbeb6f18c7a36d2ddb003b0b03
5c0c5bd17aa14e7788f740ec7e009b8e91113345fa1c2b53a3582f4e2ca509b4
72a01ca0dd2f72570e26ed0e2fcb2e8d691c878ff3419170810c387ca6a68ab9
81e1e4d0081b3ec5590fcc715a1118e3a6e5df01b660c4bc5dde1b9dfc27635d
8355236c32e9396733d0b39df8726ee727a2e7e250d96f127f0664224949343b
918c8b86bf2895ebcc7d15f9ee4b82cd2a2f45abcde4a34a2d40ce5e4de8a6bb
99331a4f60f0bb9b7424ce41cde77ea06e3e6808c14bc655a151591b9225060f
a16e4cf91044b333c7d49bc879161a7f91e388369b549e1115bc9979bb684d37
ae054a55797c163ebfb56ee64f821d8ebe765994cf624e831358874a1609e0f0
bc6fe09d0f4d476f51fb63a231142cb285cc54777ca7e04e83537191ee292918
db8b87f2f587d00e5e0ad7304e30617e5d653ff87467330cd904d0ebab377702
f2ef008a7f71b4f95d6e9c370754da3bdac141934347dfc1f0c34cbf2f9bf634
f7689eee9cd66139448a3fb0f40529202c7d46434ec8779be39a5ebfac38819a
fc045a1b39debbd292842cd520aea7802b0dc7acf9b755cfc4bcaf01f89e99c1

peruanatravel.com Open in urlscan Pro 51.161.15.114 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

1616 kBTransfer

1714 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

241 JavaScript Global Variables

0 Cookies

Indicators

peruanatravel.com Open in urlscan Pro
51.161.15.114 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1616 kB
Transfer

1714 kB
Size

0
Cookies

19 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!