ppl-customerservices-notice-ppl-com.gananayakresort.com Open in urlscan Pro
173.214.178.30 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://servredpsrpv.leh.ind.in/
Effective URL:
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country....
Submission: On March 12 via manual (March 12th 2020, 12:46:59 pm UTC) from IL

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 173.214.178.30, located in Edmond, United States and belongs to KVCNET-2009, US. The main domain is ppl-customerservices-notice-ppl-com.gananayakresort.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 8th 2020. Valid for: 3 months.

This is the only time ppl-customerservices-notice-ppl-com.gananayakresort.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
5 9	173.214.178.30 173.214.178.30	395111 (KVCNET-2009) (KVCNET-2009)
2	23.210.248.108 23.210.248.108	16625 (AKAMAI-AS) (AKAMAI-AS)
3	23.196.234.107 23.196.234.107	16625 (AKAMAI-AS) (AKAMAI-AS)
9	3

9 173.214.178.30 (Edmond, United States) 5 redirects

ASN395111 (KVCNET-2009, US)
PTR: ok1111.kvchosting.com

servredpsrpv.leh.ind.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ppl-customerservices-notice-ppl-com.gananayakresort.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.210.248.108 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-108.deploy.static.akamaitechnologies.com

cdn.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.196.234.107 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-196-234-107.deploy.static.akamaitechnologies.com

secure.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	gananayakresort.com 4 redirects ppl-customerservices-notice-ppl-com.gananayakresort.com	108 KB
5	livechatinc.com cdn.livechatinc.com secure.livechatinc.com	75 KB
1	leh.ind.in 1 redirects servredpsrpv.leh.ind.in	396 B
9	3

	Domain	Requested by
8	ppl-customerservices-notice-ppl-com.gananayakresort.com	4 redirects ppl-customerservices-notice-ppl-com.gananayakresort.com
3	secure.livechatinc.com	cdn.livechatinc.com
2	cdn.livechatinc.com	ppl-customerservices-notice-ppl-com.gananayakresort.com
1	servredpsrpv.leh.ind.in	1 redirects
9	4

This site contains no links.

Subject Issuer	Validity	Valid
gananayakresort.com Let's Encrypt Authority X3	`2020-03-08` - `2020-06-06`	3 months	crt.sh
*.livechatinc.com DigiCert ECC Secure Server CA	`2019-02-10` - `2020-05-11`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE
Frame ID: B7AD92CF2A46E520982FEFD77613575E
Requests: 8 HTTP requests in this frame

Frame: https://secure.livechatinc.com/licence/11778426/v2/open_chat.cgi?license=11778426&group=0&embedded=1&widget_version=3&unique_groups=0
Frame ID: D357A7428FB4D39D48D1D6254B8447C7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://servredpsrpv.leh.ind.in/ HTTP 301
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp HTTP 301
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/ HTTP 302
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662 HTTP 301
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/ HTTP 302
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myacco... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

LiveChat (Live Chat) Expand

Overall confidence: 100%
Detected patterns

script /cdn\.livechatinc\.com\/.*tracking\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

180 kB
Transfer

341 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://servredpsrpv.leh.ind.in/ HTTP 301
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp HTTP 301
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/ HTTP 302
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662 HTTP 301
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/ HTTP 302
https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/ Redirect Chain http://servredpsrpv.leh.ind.in/ https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/ https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662 https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/ https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE	7 KB 3 KB	247ms 246ms	Document text/html	173.214.178.30 KVCNET-2009
General Check archive.org Show headers Download Go to Full URL https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 173.214.178.30 Edmond, United States, ASN395111 (KVCNET-2009, US), Reverse DNS ok1111.kvchosting.com Software Apache/2.4.41 / Resource Hash `76eaddbbf1eef9210ea31f1312971ecf8a636c499315e19a21aa5ade1390aeaa` Request headers Host ppl-customerservices-notice-ppl-com.gananayakresort.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept-Encoding gzip, deflate, br Accept-Language en-US Cookie PHPSESSID=e890290188a1e4da60f30042f4cb6fbb Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 12 Mar 2020 12:46:37 GMT Server Apache/2.4.41 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate max-age=0, no-cache, proxy-revalidate Pragma no-cache X-Mod-Pagespeed 1.13.35.2-0 Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 2487 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=utf-8 Redirect headers Date Thu, 12 Mar 2020 12:46:36 GMT Server Apache/2.4.41 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate max-age=172800, private, proxy-revalidate Pragma no-cache LOCATION myaccount/signin/?country.x=DE&locale.x=en_DE Vary User-Agent Keep-Alive timeout=5, max=97 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	L-Z118.css ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/lib/css/	13 KB 13 KB	167ms 165ms	Stylesheet text/css	173.214.178.30 KVCNET-2009
General Check archive.org Show headers Download Go to Full URL https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/lib/css/L-Z118.css Requested by Host: ppl-customerservices-notice-ppl-com.gananayakresort.com URL: https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 173.214.178.30 Edmond, United States, ASN395111 (KVCNET-2009, US), Reverse DNS ok1111.kvchosting.com Software Apache/2.4.41 / Resource Hash `1bcda772b32139bbd18696ba5a08fc2da9731cecf88d6b904cb953107484f55f` Request headers Referer https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Date Thu, 12 Mar 2020 12:46:37 GMT Last-Modified Thu, 12 Mar 2020 12:46:36 GMT Server Apache/2.4.41 Vary User-Agent,Accept-Encoding Content-Type text/css Cache-Control max-age=172800, proxy-revalidate Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 13106 Expires Thu, 19 Mar 2020 12:46:37 GMT
GET H/1.1	200 OK	jquery.js Show response ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/lib/js/	84 KB 85 KB	167ms 166ms	Script application/javascript	173.214.178.30 KVCNET-2009
General Check archive.org Show headers Download Go to Full URL https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/lib/js/jquery.js Requested by Host: ppl-customerservices-notice-ppl-com.gananayakresort.com URL: https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 173.214.178.30 Edmond, United States, ASN395111 (KVCNET-2009, US), Reverse DNS ok1111.kvchosting.com Software Apache/2.4.41 / Resource Hash `2a1f1370eb7b24a307312112427dfd544fb838a8bef66babc936f5e870a22e52` Request headers Referer https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Thu, 12 Mar 2020 12:46:37 GMT Last-Modified Thu, 12 Mar 2020 12:46:36 GMT Server Apache/2.4.41 Vary User-Agent,Accept-Encoding Content-Type application/javascript Cache-Control max-age=172800, proxy-revalidate Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 86343 Expires Thu, 19 Mar 2020 12:46:37 GMT
GET H/1.1	200 OK	kl_h4aXX6987PO.svg ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/lib/img/	5 KB 5 KB	156ms 156ms	Image image/svg+xml	173.214.178.30 KVCNET-2009
General Check archive.org Show headers Download Go to Show image Full URL https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/lib/img/kl_h4aXX6987PO.svg Requested by Host: ppl-customerservices-notice-ppl-com.gananayakresort.com URL: https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 173.214.178.30 Edmond, United States, ASN395111 (KVCNET-2009, US), Reverse DNS ok1111.kvchosting.com Software Apache/2.4.41 / Resource Hash `b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5` Request headers Referer https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/lib/css/L-Z118.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Thu, 12 Mar 2020 12:46:37 GMT Last-Modified Thu, 12 Mar 2020 12:46:36 GMT Server Apache/2.4.41 Vary User-Agent Content-Type image/svg+xml Cache-Control max-age=864000, s-maxage=10 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 4945 Expires Sun, 22 Mar 2020 12:46:37 GMT
GET H/1.1	200 OK	tracking.js Show response cdn.livechatinc.com/	215 KB 59 KB	70ms 13ms	Script application/javascript	23.210.248.108 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://cdn.livechatinc.com/tracking.js Requested by Host: ppl-customerservices-notice-ppl-com.gananayakresort.com URL: https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 23.210.248.108 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-210-248-108.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash `ae5c3619eb524ecf87b31d09dd5a306344093299c8cacecfe0a95d38f6b44656` Request headers Referer https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers x-amz-version-id gCM.WmF2uj2Rc0gf4Iz3c7O1up6ywvob Content-Encoding gzip Last-Modified Thu, 12 Mar 2020 08:44:29 GMT Server AmazonS3 X-Amz-Cf-Pop FRA50-C1 Date Thu, 12 Mar 2020 12:46:37 GMT Vary Accept-Encoding Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=28800 Connection keep-alive Content-Length 59913 X-Amz-Cf-Id PE5zcFcnwASl34muwHBLUdkl9DnXeJlLC9ViJMQ2kwvlhUpdPwggOw== Expires Thu, 12 Mar 2020 20:46:37 GMT
GET H/1.1	200 OK	get_dynamic_config.js Show response secure.livechatinc.com/licence/11778426/v2/	1 KB 2 KB	521ms 495ms	Script application/javascript	23.196.234.107 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://secure.livechatinc.com/licence/11778426/v2/get_dynamic_config.js?t=1584017197881&referrer=&url=https%3A%2F%2Fppl-customerservices-notice-ppl-com.gananayakresort.com%2Flogspash%2Fdshaboard%2Fsignpsp%2Fcasesp%2Fcustomer_center%2Fcustomer-IDPP00C662%2Fmyaccount%2Fsignin%2F%3Fcountry.x%3DDE%26locale.x%3Den_DE&params=&channel_type=code&jsonp=__lc_data_942664 Requested by Host: cdn.livechatinc.com URL: https://cdn.livechatinc.com/tracking.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 23.196.234.107 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-196-234-107.deploy.static.akamaitechnologies.com Software / Resource Hash `f05bbfaa7ecf1ff50bcd3520fbc6977b9168f192938db59eb43404934c0a8fa3` Request headers Referer https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Pragma no-cache Date Thu, 12 Mar 2020 12:46:38 GMT Content-Encoding gzip Vary Accept-Encoding Content-Type application/javascript; charset=UTF-8 Access-Control-Expose-Headers X-RateLimit-Remaining, X-RateLimit-Reset Cache-Control max-age=0, no-cache, no-store X-RateLimit-Reset 1584017203 X-RateLimit-Remaining 4999 Connection keep-alive Content-Length 531 Expires Thu, 12 Mar 2020 12:46:38 GMT
GET H/1.1	200 OK	get_static_config.0.10.1.1.87.12.11.7.1.2.1.2.17.js Show response secure.livechatinc.com/licence/11778426/v2/	4 KB 2 KB	197ms 197ms	Script application/javascript	23.196.234.107 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://secure.livechatinc.com/licence/11778426/v2/get_static_config.0.10.1.1.87.12.11.7.1.2.1.2.17.js?&jsonp=__lc_data_static_config Requested by Host: cdn.livechatinc.com URL: https://cdn.livechatinc.com/tracking.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 23.196.234.107 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-196-234-107.deploy.static.akamaitechnologies.com Software / Resource Hash `6de6e5ca9f256c848aaf109b02609a17375a5cd4b61ea08a3d05bc283570c266` Request headers Referer https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Thu, 12 Mar 2020 12:46:38 GMT Content-Encoding gzip Vary Accept-Encoding Access-Control-Allow-Methods GET, HEAD, OPTIONS, POST Content-Type application/javascript; charset=UTF-8 Access-Control-Allow-Origin https://api.chat.io Access-Control-Expose-Headers location Cache-Control public, max-age=600 Access-Control-Allow-Credentials true Access-Control-Max-Age 86400 Connection keep-alive Access-Control-Allow-Headers origin, x-requested-with, content-type, accept Content-Length 1706 Expires Thu, 12 Mar 2020 12:56:38 GMT
GET H/1.1	200 OK	open_chat.cgi secure.livechatinc.com/licence/11778426/v2/ Frame D357	0 0	127ms 127ms	Document text/html	23.196.234.107 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://secure.livechatinc.com/licence/11778426/v2/open_chat.cgi?license=11778426&group=0&embedded=1&widget_version=3&unique_groups=0 Requested by Host: cdn.livechatinc.com URL: https://cdn.livechatinc.com/tracking.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 23.196.234.107 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-196-234-107.deploy.static.akamaitechnologies.com Software / Resource Hash Request headers Host secure.livechatinc.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest iframe Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Referer https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE Accept-Encoding gzip, deflate, br Accept-Language en-US Cookie __livechat=lc_all_invitation%3D0%26lc_auto_invites_shown%3D%26lc_chat_number%3D0%26lc_client_version%3D%26lc_goals_achieved%3D%26lc_integration_params%3D%26lc_lang%3Den%26lc_last_chat_start_time%3D0%26lc_last_conference_id%3D%26lc_last_operator_id%3D%26lc_last_operator_key%3D%26lc_last_operator_key_per_skill%3D%26lc_last_operator_per_skill%3D%26lc_last_visit%3D1584017198%26lc_nick%3D%26lc_ok_invitation%3D0%26lc_page_view%3D0%26lc_session%3DS1584017198.ecf27ed61a%26lc_visit_number%3D0%26mcid%3D%26mcid_done%3D0 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest iframe Referer https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE Response headers Content-Type text/html; charset=utf-8 Vary Accept-Encoding Content-Encoding gzip Expires Thu, 12 Mar 2020 12:46:38 GMT Cache-Control max-age=0, no-cache, no-store Pragma no-cache Date Thu, 12 Mar 2020 12:46:38 GMT Content-Length 1501 Connection keep-alive
GET H/1.1	206 Partial Content	new_message.a37211a6.ogg cdn.livechatinc.com/widget/static/media/	11 KB 12 KB	8ms 7ms	Media application/octet-stream	23.210.248.108 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://cdn.livechatinc.com/widget/static/media/new_message.a37211a6.ogg Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 23.210.248.108 , Netherlands, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-210-248-108.deploy.static.akamaitechnologies.com Software AmazonS3 / Resource Hash `1d0bdbe8013ddd58bf31229ea12bd42dfe6bf4cb022cc65d519a45a13c403b5d` Request headers Referer https://ppl-customerservices-notice-ppl-com.gananayakresort.com/logspash/dshaboard/signpsp/casesp/customer_center/customer-IDPP00C662/myaccount/signin/?country.x=DE&locale.x=en_DE Sec-Fetch-Dest audio Accept-Encoding identity;q=1, ;q=0 User-Agent* Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Range bytes=0- Response headers x-amz-version-id zRdEy7iD0zUuwnU_iwMvYg5i5CX4xJxN Last-Modified Thu, 27 Jun 2019 11:06:23 GMT Server AmazonS3 X-Amz-Cf-Pop FRA53-C1 ETag "a37211a6cfcda45352d5abcff1e446bb" Content-Type application/octet-stream Content-Range bytes 0-11403/11404 Cache-Control max-age=31536000 Date Thu, 12 Mar 2020 12:46:39 GMT Connection keep-alive Accept-Ranges bytes Access-Control-Allow-Origin * Content-Length 11404 X-Amz-Cf-Id KkHBfAT3my9xEMzowpNekVwwNNdbpCoZlNSNzozzSpjNHQJsNHPKNQ== Expires Fri, 12 Mar 2021 12:46:39 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.livechatinc.com/licence/11778426	1970-01-20 11:00:17	Name: __livechat Value: lc_all_invitation%3D0%26lc_auto_invites_shown%3D%26lc_chat_number%3D0%26lc_client_version%3D%26lc_goals_achieved%3D%26lc_integration_params%3D%26lc_lang%3Den%26lc_last_chat_start_time%3D0%26lc_last_conference_id%3D%26lc_last_operator_id%3D%26lc_last_operator_key%3D%26lc_last_operator_key_per_skill%3D%26lc_last_operator_per_skill%3D%26lc_last_visit%3D1584017198%26lc_nick%3D%26lc_ok_invitation%3D0%26lc_page_view%3D0%26lc_session%3DS1584017198.ecf27ed61a%26lc_visit_number%3D0%26mcid%3D%26mcid_done%3D0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.livechatinc.com
ppl-customerservices-notice-ppl-com.gananayakresort.com
secure.livechatinc.com
servredpsrpv.leh.ind.in
173.214.178.30
23.196.234.107
23.210.248.108
1bcda772b32139bbd18696ba5a08fc2da9731cecf88d6b904cb953107484f55f
1d0bdbe8013ddd58bf31229ea12bd42dfe6bf4cb022cc65d519a45a13c403b5d
2a1f1370eb7b24a307312112427dfd544fb838a8bef66babc936f5e870a22e52
6de6e5ca9f256c848aaf109b02609a17375a5cd4b61ea08a3d05bc283570c266
76eaddbbf1eef9210ea31f1312971ecf8a636c499315e19a21aa5ade1390aeaa
ae5c3619eb524ecf87b31d09dd5a306344093299c8cacecfe0a95d38f6b44656
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
f05bbfaa7ecf1ff50bcd3520fbc6977b9168f192938db59eb43404934c0a8fa3

ppl-customerservices-notice-ppl-com.gananayakresort.com Open in urlscan Pro 173.214.178.30 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

180 kBTransfer

341 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

1 Cookies

Indicators

ppl-customerservices-notice-ppl-com.gananayakresort.com Open in urlscan Pro
173.214.178.30 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

180 kB
Transfer

341 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!