rtudd.cat
Open in
urlscan Pro
35.208.201.23
Malicious Activity!
Public Scan
Effective URL: https://rtudd.cat/oozox/app/signin
Submission: On July 08 via manual from US
Summary
TLS certificate: Issued by R3 on June 3rd 2021. Valid for: 3 months.
This is the only time rtudd.cat was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 45.64.104.223 45.64.104.223 | 132335 (NETWORK-L...) (NETWORK-LEAPSWITCH-IN LeapSwitch Networks Pvt Ltd) | |
2 8 | 35.208.201.23 35.208.201.23 | 19527 (GOOGLE-2) (GOOGLE-2) | |
1 | 2606:4700:303... 2606:4700:3030::6815:5ce5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 2.16.186.211 2.16.186.211 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 6 | 104.126.37.25 104.126.37.25 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:803::2003 | 15169 (GOOGLE) (GOOGLE) | |
23 | 6 |
ASN132335 (NETWORK-LEAPSWITCH-IN LeapSwitch Networks Pvt Ltd, IN)
avcoglobal.com |
ASN19527 (GOOGLE-2, US)
PTR: 23.201.208.35.bc.googleusercontent.com
rtudd.cat |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-211.deploy.static.akamaitechnologies.com
cdn.livechatinc.com | |
cdn.livechat-files.com | |
cdn.livechat-static.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-37-25.deploy.static.akamaitechnologies.com
api.livechatinc.com | |
secure.livechatinc.com | |
accounts.livechatinc.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
livechatinc.com
1 redirects
cdn.livechatinc.com api.livechatinc.com secure.livechatinc.com accounts.livechatinc.com |
275 KB |
8 |
rtudd.cat
2 redirects
rtudd.cat |
129 KB |
2 |
gstatic.com
fonts.gstatic.com |
32 KB |
1 |
livechat-static.com
cdn.livechat-static.com |
365 KB |
1 |
livechat-files.com
cdn.livechat-files.com |
5 KB |
1 |
googleapis.com
fonts.googleapis.com |
807 B |
1 |
js-codes.com
js-codes.com |
2 KB |
1 |
avcoglobal.com
1 redirects
avcoglobal.com |
230 B |
23 | 8 |
Domain | Requested by | |
---|---|---|
8 | rtudd.cat |
2 redirects
rtudd.cat
|
6 | cdn.livechatinc.com |
rtudd.cat
secure.livechatinc.com |
3 | api.livechatinc.com |
cdn.livechatinc.com
|
2 | accounts.livechatinc.com |
1 redirects
cdn.livechatinc.com
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | cdn.livechat-static.com | |
1 | cdn.livechat-files.com | |
1 | fonts.googleapis.com |
secure.livechatinc.com
|
1 | secure.livechatinc.com |
cdn.livechatinc.com
|
1 | js-codes.com |
rtudd.cat
|
1 | avcoglobal.com | 1 redirects |
23 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
rtudd.cat R3 |
2021-06-03 - 2021-09-01 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-03 - 2022-07-02 |
a year | crt.sh |
livechat.com DigiCert SHA2 Secure Server CA |
2021-04-20 - 2022-04-25 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-06-22 - 2021-09-14 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-06-22 - 2021-09-14 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://rtudd.cat/oozox/app/signin
Frame ID: D13D3F72ACC430EA1904CF6025DE3219
Requests: 12 HTTP requests in this frame
Frame:
https://secure.livechatinc.com/customer/action/open_chat?license_id=12947988&group=0&embedded=1&widget_version=3&unique_groups=0
Frame ID: A79064FED83B8E8560FC49AAC760210B
Requests: 10 HTTP requests in this frame
Frame:
https://accounts.livechatinc.com/static/postmessage.html
Frame ID: 9B54F2AFFB3F5C306CCBC4CF767C7219
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://avcoglobal.com/dursim29819
HTTP 301
https://rtudd.cat/oozox/app/signin HTTP 302
https://rtudd.cat/oozox/app/index.php HTTP 302
https://rtudd.cat/oozox/app/signin Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
LiveChat (Live Chat) Expand
Detected patterns
- script /cdn\.livechatinc\.com\/.*tracking\.js/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://avcoglobal.com/dursim29819
HTTP 301
https://rtudd.cat/oozox/app/signin HTTP 302
https://rtudd.cat/oozox/app/index.php HTTP 302
https://rtudd.cat/oozox/app/signin Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 17- https://accounts.livechatinc.com/customer?license_id=12947988&flow=button&response_type=token&client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5&redirect_uri=https%3A%2F%2Fsecure.livechatinc.com%2Fcustomer%2Faction%2Fopen_chat&post_message_uri=https%3A%2F%2Fsecure.livechatinc.com%2Fcustomer%2Faction%2Fopen_chat&state=%40livechat%2Fcustomer-auth HTTP 302
- https://accounts.livechatinc.com/static/postmessage.html
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
signin
rtudd.cat/oozox/app/ Redirect Chain
|
7 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin.css
rtudd.cat/oozox/app/lib/styles/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
rtudd.cat/oozox/app/lib/js/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr.min.js
js-codes.com/modernizr/2.9.0/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tracking.js
cdn.livechatinc.com/ |
85 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_official.svg
rtudd.cat/oozox/app/lib/pics/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p_small_regular.woff
rtudd.cat/oozox/app/lib/fonts/ |
46 KB 46 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p_small_light.woff
rtudd.cat/oozox/app/lib/fonts/ |
46 KB 46 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get_dynamic_configuration
api.livechatinc.com/v3.3/customer/action/ |
257 B 442 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get_configuration
api.livechatinc.com/v3.3/customer/action/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open_chat
secure.livechatinc.com/customer/action/ Frame A790 |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get_localization
api.livechatinc.com/v3.3/customer/action/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ Frame A790 |
5 KB 807 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.c5551093.chunk.js
cdn.livechatinc.com/widget/static/js/ Frame A790 |
377 KB 110 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0.88d54b4c.chunk.js
cdn.livechatinc.com/widget/static/js/ Frame A790 |
23 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iframe.abe1ef84.chunk.js
cdn.livechatinc.com/widget/static/js/ Frame A790 |
410 KB 108 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v12/ Frame A790 |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
fonts.gstatic.com/s/notosans/v12/ Frame A790 |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
postmessage.html
accounts.livechatinc.com/static/ Frame 9B54 Redirect Chain
|
553 B 493 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
greeting.6348669c.chunk.js
cdn.livechatinc.com/widget/static/js/ Frame A790 |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
53a7236a80e2cbf9749baf2026ddbf76.jpeg
cdn.livechat-files.com/api/file/lc/img/12947988/ Frame A790 |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new_message.34190d36.ogg
cdn.livechatinc.com/widget/static/media/ |
11 KB 11 KB |
Media
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
handwave.gif
cdn.livechat-static.com/api/file/lc/img/rich-greetings/ Frame A790 |
364 KB 365 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| html5 object| Modernizr object| __lc object| LiveChatWidget boolean| __lc_inited object| LC_API1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
rtudd.cat/ | Name: PHPSESSID Value: 6dd832f110ba34c30f832c6fcc36b4d3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.livechatinc.com
api.livechatinc.com
avcoglobal.com
cdn.livechat-files.com
cdn.livechat-static.com
cdn.livechatinc.com
fonts.googleapis.com
fonts.gstatic.com
js-codes.com
rtudd.cat
secure.livechatinc.com
104.126.37.25
2.16.186.211
2606:4700:3030::6815:5ce5
2a00:1450:4001:803::2003
2a00:1450:4001:82f::200a
35.208.201.23
45.64.104.223
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1d0bdbe8013ddd58bf31229ea12bd42dfe6bf4cb022cc65d519a45a13c403b5d
299f002a908a15968be878534247c58b43b6204eb9b9100b91225b54986fe40c
3f2296fc1af54692bd56501bf9156cae1da8028424f9dbf8b00e5f40b6c3a4d9
46c2abc7be31888f31bef79c79451d601460e8cd1379afb9d554fbae7b553a74
4a9f53c02752e79270686f1b2a3616b86d3af1ea2a288f2977e34b1141d552ec
5c43c6926e1df5e73920d165449008fcb897ac1dea4a84f88935a51def79733d
70eef99f016276772a27a6176e60dd2565d7acd70c3850e9cc9f8d240abe814d
74b4a28729201fae2dbb53b42592ee518a7343ed8bbb6508ee0844d4d1e0030b
7cb6c118ec3898ea3cf8db6f9d26f49cbe1ed8475e269b78d8162307b648b1ae
8103c9c446021644e3ff3727e1990d58524c0ea403768ee35a1c36074745f375
843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab
8beec539128cea621e511cd54f21a0d17ff891a16a0ebd7a98a3e4fbc00bd0e5
9256b01fb7d319df98ec487452eb1b475a327c483e83efc35207a8a3797ec979
9635c310f5b1283cfe4fb98e50229599fb8fe1842479c5a21356e6e16adc3c0b
992c9cb6774a8d6fa85792279d33b9109fef2f871fdf8e79adad3da56179a4b2
9e2b0f9853ce86860c896dfdcf62730062d8adaea111f4e04843beda3e97d2fc
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
b23c0b83a601504ebc54a84623a2ae2b7cdf7208892499597401af735b35a832
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
c9f46a0250bd4256adfbe2036267fea912522eaec1f38abb786749017db8ebe4
d368f73655941321fa294f8c0f5d63f0a6caaab3dccac499800b4e2e49358a51