sekg-dith.com
Open in
urlscan Pro
151.106.107.214
Malicious Activity!
Public Scan
Effective URL: https://sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/app/signin
Submission: On March 09 via manual from US
Summary
TLS certificate: Issued by R3 on February 21st 2021. Valid for: 3 months.
This is the only time sekg-dith.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2402:ee80:59:... 2402:ee80:59:2::136 | 132647 (IDNIC-PAN...) (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia) | |
3 9 | 151.106.107.214 151.106.107.214 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
1 | 2606:4700:303... 2606:4700:3030::6815:5ce5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 15 | 2.16.186.155 2.16.186.155 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a00:1450:400... 2a00:1450:4001:82b::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:827::2003 | 15169 (GOOGLE) (GOOGLE) | |
5 | 95.101.27.83 95.101.27.83 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
29 | 6 |
ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID)
s.id |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-155.deploy.static.akamaitechnologies.com
cdn.livechatinc.com | |
api.livechatinc.com | |
secure.livechatinc.com | |
accounts.livechatinc.com | |
queue.livechatinc.com |
ASN20940 (AKAMAI-ASN1, NL)
cdn.livechat-files.com | |
cdn.livechat-static.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
livechatinc.com
1 redirects
cdn.livechatinc.com api.livechatinc.com secure.livechatinc.com accounts.livechatinc.com queue.livechatinc.com |
356 KB |
9 |
sekg-dith.com
3 redirects
sekg-dith.com |
129 KB |
4 |
livechat-files.com
cdn.livechat-files.com |
20 KB |
2 |
gstatic.com
fonts.gstatic.com |
32 KB |
1 |
livechat-static.com
cdn.livechat-static.com |
365 KB |
1 |
googleapis.com
fonts.googleapis.com |
818 B |
1 |
js-codes.com
js-codes.com |
2 KB |
1 |
s.id
1 redirects
s.id |
777 B |
29 | 8 |
Domain | Requested by | |
---|---|---|
9 | sekg-dith.com |
3 redirects
sekg-dith.com
|
8 | cdn.livechatinc.com |
sekg-dith.com
secure.livechatinc.com |
4 | cdn.livechat-files.com |
cdn.livechatinc.com
|
2 | accounts.livechatinc.com |
1 redirects
cdn.livechatinc.com
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | secure.livechatinc.com |
cdn.livechatinc.com
|
2 | api.livechatinc.com |
cdn.livechatinc.com
|
1 | queue.livechatinc.com |
cdn.livechatinc.com
|
1 | cdn.livechat-static.com | |
1 | fonts.googleapis.com |
secure.livechatinc.com
|
1 | js-codes.com |
sekg-dith.com
|
1 | s.id | 1 redirects |
29 | 12 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sekg-dith.com R3 |
2021-02-21 - 2021-05-22 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-03 - 2021-08-03 |
a year | crt.sh |
livechat.com DigiCert Secure Site ECC CA-1 |
2020-07-16 - 2021-07-16 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-02-17 - 2021-05-12 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2021-02-23 - 2021-05-18 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/app/signin
Frame ID: C84C7000C490F1A4826D50938829F292
Requests: 13 HTTP requests in this frame
Frame:
https://secure.livechatinc.com/licence/12661356/v2/open_chat.cgi?license=12661356&group=0&embedded=1&widget_version=3&unique_groups=0&localization_improvement=1
Frame ID: 927A3160C10439EF32F058903F581657
Requests: 15 HTTP requests in this frame
Frame:
https://accounts.livechatinc.com/static/postmessage.html
Frame ID: 9FC92C87F6600CD5D0000085434B2FE7
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://s.id/yIATV
HTTP 301
https://sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince HTTP 301
https://sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/ HTTP 302
https://sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/app/index HTTP 302
https://sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/app/signin Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://s.id/yIATV
HTTP 301
https://sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince HTTP 301
https://sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/ HTTP 302
https://sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/app/index HTTP 302
https://sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/app/signin Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 16- https://accounts.livechatinc.com/customer?license_id=12661356&flow=button&response_type=token&client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5&redirect_uri=https%3A%2F%2Fsecure.livechatinc.com%2Flicence%2F12661356%2Fv2%2Fopen_chat.cgi&post_message_uri=https%3A%2F%2Fsecure.livechatinc.com%2Flicence%2F12661356%2Fv2%2Fopen_chat.cgi&state=%40livechat%2Fcustomer-auth HTTP 302
- https://accounts.livechatinc.com/static/postmessage.html
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
signin
sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/app/ Redirect Chain
|
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin.css
sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/app/lib/styles/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/app/lib/js/ |
85 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr.min.js
js-codes.com/modernizr/2.9.0/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_official.svg
sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/app/lib/pics/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p_small_regular.woff
sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/app/lib/fonts/ |
46 KB 46 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p_small_light.woff
sekg-dith.com/wp-includes/fonts/sqkol/.nknol/CLEANPrince/app/lib/fonts/ |
46 KB 46 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tracking.js
cdn.livechatinc.com/ |
81 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get_dynamic_configuration
api.livechatinc.com/v3.3/customer/action/ |
258 B 501 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get_configuration
api.livechatinc.com/v3.3/customer/action/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open_chat.cgi
secure.livechatinc.com/licence/12661356/v2/ Frame 927A |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
localization.en.0.f18dd4d9fb0b965b3781bba9707f6877_d437563c7d1e5863992354f5905f29e4.js
secure.livechatinc.com/licence/12661356/v2/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ Frame 927A |
5 KB 818 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7.76ea489c.chunk.js
cdn.livechatinc.com/widget/static/js/ Frame 927A |
361 KB 115 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iframe.3172a766.chunk.js
cdn.livechatinc.com/widget/static/js/ Frame 927A |
361 KB 103 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v11/ Frame 927A |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
fonts.gstatic.com/s/notosans/v11/ Frame 927A |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
postmessage.html
accounts.livechatinc.com/static/ Frame 9FC9 Redirect Chain
|
553 B 493 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
cdn.livechatinc.com/cloud/ |
28 KB 28 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
greeting.0fe41ebb.chunk.js
cdn.livechatinc.com/widget/static/js/ Frame 927A |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
616536c9a01889a0ec35e5225f2df64e.jpeg
cdn.livechat-files.com/api/file/lc/img/12661356/ Frame 927A |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new_message.a37211a6.ogg
cdn.livechatinc.com/widget/static/media/ |
11 KB 11 KB |
Media
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
handwave.gif
cdn.livechat-static.com/api/file/lc/img/rich-greetings/ Frame 927A |
364 KB 365 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
logs
queue.livechatinc.com/ Frame 927A |
965 B 911 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.719cfe5d.chunk.js
cdn.livechatinc.com/widget/static/js/ Frame 927A |
67 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-view.e108d2fc.chunk.js
cdn.livechatinc.com/widget/static/js/ Frame 927A |
126 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
616536c9a01889a0ec35e5225f2df64e.jpeg
cdn.livechat-files.com/api/file/lc/img/12661356/ Frame 927A |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
616536c9a01889a0ec35e5225f2df64e.jpeg
cdn.livechat-files.com/api/file/lc/img/12661356/ Frame 927A |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
616536c9a01889a0ec35e5225f2df64e.jpeg
cdn.livechat-files.com/api/file/lc/img/12661356/ Frame 927A |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| html5 object| Modernizr object| __lc object| LiveChatWidget boolean| __lc_inited object| LC_API1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
sekg-dith.com/ | Name: PHPSESSID Value: ff14e4ab9c74e4a3da1f0cc59cb05fce |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.livechatinc.com
api.livechatinc.com
cdn.livechat-files.com
cdn.livechat-static.com
cdn.livechatinc.com
fonts.googleapis.com
fonts.gstatic.com
js-codes.com
queue.livechatinc.com
s.id
secure.livechatinc.com
sekg-dith.com
151.106.107.214
2.16.186.155
2402:ee80:59:2::136
2606:4700:3030::6815:5ce5
2a00:1450:4001:827::2003
2a00:1450:4001:82b::200a
95.101.27.83
0b0cfdfe02b35f788148c95f1d088e07f9d3d311d00f61656bab5b2c7bbddf51
13017666fcc8737fa64c7becded92b2b1836a61f0a425f73b57a2139034570cf
14fd587bd2c48ccea1112c7b29514b13e3a7e8cf17034ab1dba90261a3c0a312
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
169d80197c2d5f173ea03b0ffd54adc068c7d7c457b709bacf61eca1a5ef2f3f
176a2510bcfdeafb54dab7aeeb53c2b10569a168618c48c619637471210939b2
186f350c18cd78e9b3032039dc1c28cd1e5a83f87165f9ef4f7e3927e61bd7a0
1d0bdbe8013ddd58bf31229ea12bd42dfe6bf4cb022cc65d519a45a13c403b5d
468cd8fa71a965fb24fc04793dae15f387deb56db13535c1a9b129ea3bad2de9
4a9f53c02752e79270686f1b2a3616b86d3af1ea2a288f2977e34b1141d552ec
7cb6c118ec3898ea3cf8db6f9d26f49cbe1ed8475e269b78d8162307b648b1ae
843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab
8beec539128cea621e511cd54f21a0d17ff891a16a0ebd7a98a3e4fbc00bd0e5
992c9cb6774a8d6fa85792279d33b9109fef2f871fdf8e79adad3da56179a4b2
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
a9afafd03001404329b0871e17c22112067e61c6e2c3e85a6e1389423ecf13e8
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
b23c0b83a601504ebc54a84623a2ae2b7cdf7208892499597401af735b35a832
b273e4755e77a1ad5fcacb5a92b6b9ee55d8f1f17233d67e728301bc5e8de5b1
b3346728205df430ac3768b32e299916cfa2c40ac074936f11e00ad01742bb3a
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
c07b13ec2089770823f573b35ff50d9bd6ced063dfeacb90802227e85831995f
cbd9c108f5c8fb6b4b6e3951af342ffad044770f453a1c9340447eee7713a033
d368f73655941321fa294f8c0f5d63f0a6caaab3dccac499800b4e2e49358a51
f87c303d9ad5f9e6863fdaa5c07a0c9b712ae1a17abddaf2109c825937d11f17
fd818bbb69ccd1ae2b05a9b2ed2919e9ecd8ddb6172b7dfcd310ad83413ba8f4