ppl-customerservices-notice-ppl-com.gananayakresort.com
Open in
urlscan Pro
173.214.178.30
Malicious Activity!
Public Scan
Effective URL: https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country....
Submission: On March 12 via manual from IL
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on March 8th 2020. Valid for: 3 months.
This is the only time ppl-customerservices-notice-ppl-com.gananayakresort.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 9 | 173.214.178.30 173.214.178.30 | 395111 (KVCNET-2009) (KVCNET-2009) | |
2 | 23.210.248.108 23.210.248.108 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
3 | 23.196.234.107 23.196.234.107 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
9 | 3 |
ASN395111 (KVCNET-2009, US)
PTR: ok1111.kvchosting.com
servredpsrpv.leh.ind.in | |
ppl-customerservices-notice-ppl-com.gananayakresort.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-108.deploy.static.akamaitechnologies.com
cdn.livechatinc.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-196-234-107.deploy.static.akamaitechnologies.com
secure.livechatinc.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
gananayakresort.com
4 redirects
ppl-customerservices-notice-ppl-com.gananayakresort.com |
108 KB |
5 |
livechatinc.com
cdn.livechatinc.com secure.livechatinc.com |
75 KB |
1 |
leh.ind.in
1 redirects
servredpsrpv.leh.ind.in |
396 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
8 | ppl-customerservices-notice-ppl-com.gananayakresort.com |
4 redirects
ppl-customerservices-notice-ppl-com.gananayakresort.com
|
3 | secure.livechatinc.com |
cdn.livechatinc.com
|
2 | cdn.livechatinc.com |
ppl-customerservices-notice-ppl-com.gananayakresort.com
|
1 | servredpsrpv.leh.ind.in | 1 redirects |
9 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
gananayakresort.com Let's Encrypt Authority X3 |
2020-03-08 - 2020-06-06 |
3 months | crt.sh |
*.livechatinc.com DigiCert ECC Secure Server CA |
2019-02-10 - 2020-05-11 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE
Frame ID: B7AD92CF2A46E520982FEFD77613575E
Requests: 8 HTTP requests in this frame
Frame:
https://secure.livechatinc.com/licence/11778426/v2/open_chat.cgi?license=11778426&group=0&embedded=1&widget_version=3&unique_groups=0
Frame ID: D357A7428FB4D39D48D1D6254B8447C7
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://servredpsrpv.leh.ind.in/
HTTP 301
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp HTTP 301
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/ HTTP 302
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662 HTTP 301
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/ HTTP 302
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myacco... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
LiveChat (Live Chat) Expand
Detected patterns
- script /cdn\.livechatinc\.com\/.*tracking\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://servredpsrpv.leh.ind.in/
HTTP 301
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp HTTP 301
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/ HTTP 302
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662 HTTP 301
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/ HTTP 302
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/ Redirect Chain
|
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
L-Z118.css
ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/lib/css/ |
13 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/lib/js/ |
84 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kl_h4aXX6987PO.svg
ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/lib/img/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tracking.js
cdn.livechatinc.com/ |
215 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
get_dynamic_config.js
secure.livechatinc.com/licence/11778426/v2/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
get_static_config.0.10.1.1.87.12.11.7.1.2.1.2.17.js
secure.livechatinc.com/licence/11778426/v2/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
open_chat.cgi
secure.livechatinc.com/licence/11778426/v2/ Frame D357 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new_message.a37211a6.ogg
cdn.livechatinc.com/widget/static/media/ |
11 KB 12 KB |
Media
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| __lc number| __lc_inited object| AutoInvitation object| PersonalInvitation object| LC_API object| __lc_script_version function| __lc_data_942664 function| __lc_data_static_config1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.livechatinc.com/licence/11778426 | Name: __livechat Value: lc_all_invitation%3D0%26lc_auto_invites_shown%3D%26lc_chat_number%3D0%26lc_client_version%3D%26lc_goals_achieved%3D%26lc_integration_params%3D%26lc_lang%3Den%26lc_last_chat_start_time%3D0%26lc_last_conference_id%3D%26lc_last_operator_id%3D%26lc_last_operator_key%3D%26lc_last_operator_key_per_skill%3D%26lc_last_operator_per_skill%3D%26lc_last_visit%3D1584017198%26lc_nick%3D%26lc_ok_invitation%3D0%26lc_page_view%3D0%26lc_session%3DS1584017198.ecf27ed61a%26lc_visit_number%3D0%26mcid%3D%26mcid_done%3D0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.livechatinc.com
ppl-customerservices-notice-ppl-com.gananayakresort.com
secure.livechatinc.com
servredpsrpv.leh.ind.in
173.214.178.30
23.196.234.107
23.210.248.108
1bcda772b32139bbd18696ba5a08fc2da9731cecf88d6b904cb953107484f55f
1d0bdbe8013ddd58bf31229ea12bd42dfe6bf4cb022cc65d519a45a13c403b5d
2a1f1370eb7b24a307312112427dfd544fb838a8bef66babc936f5e870a22e52
6de6e5ca9f256c848aaf109b02609a17375a5cd4b61ea08a3d05bc283570c266
76eaddbbf1eef9210ea31f1312971ecf8a636c499315e19a21aa5ade1390aeaa
ae5c3619eb524ecf87b31d09dd5a306344093299c8cacecfe0a95d38f6b44656
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
f05bbfaa7ecf1ff50bcd3520fbc6977b9168f192938db59eb43404934c0a8fa3