peruanatravel.com
Open in
urlscan Pro
51.161.15.114
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On May 05 via api from GB
Summary
This is the only time peruanatravel.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Suntrust (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 51.161.15.114 51.161.15.114 | 16276 (OVH) (OVH) | |
1 | 167.181.46.242 167.181.46.242 | 25959 (SUNTRUST) (SUNTRUST) | |
9 | 3 |
ASN25959 (SUNTRUST, US)
PTR: www.oauth.suntrust.com
login.onlinebanking.suntrust.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
peruanatravel.com
peruanatravel.com |
200 KB |
1 |
suntrust.com
login.onlinebanking.suntrust.com |
77 KB |
9 | 2 |
Domain | Requested by | |
---|---|---|
8 | peruanatravel.com |
peruanatravel.com
|
1 | login.onlinebanking.suntrust.com |
peruanatravel.com
|
9 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.onlinebanking.suntrust.com DigiCert SHA2 Secure Server CA |
2019-06-06 - 2020-09-27 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://peruanatravel.com/nbt/sms.html
Frame ID: C9BE90C97DE1BA75B329D64D5B654EAA
Requests: 10 HTTP requests in this frame
Frame:
http://peruanatravel.com/nbt/sms_files/dest5.html
Frame ID: 121CC9C858FFE7520142BDD2264930C2
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
sms.html
peruanatravel.com/nbt/ |
159 KB 159 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.915dc6f7a89c9d6859e8.css
peruanatravel.com/nbt/sms_files/ |
15 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
peruanatravel.com/nbt/ |
18 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
peruanatravel.com/nbt/sms_files/ Frame 121C |
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
suntrust-img-sprite.acb6d3e68c48c2b70453.png
login.onlinebanking.suntrust.com/olb/dist/ |
76 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fs_albert-webfont.9f15d8cb81d8cbf3ed54.woff
peruanatravel.com/nbt/sms_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fs_albert_web-regular.0e41d89dd1b608bb60c7.ttf
peruanatravel.com/nbt/sms_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fs_albert-webfont.8d09e8367de12af210fa.ttf
peruanatravel.com/nbt/sms_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fs_albert_web-regular.29e0e1e2b3465062ab46.woff
peruanatravel.com/nbt/sms_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Suntrust (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.onlinebanking.suntrust.com
peruanatravel.com
167.181.46.242
51.161.15.114
3a0a3d81ed13cbc24eaa1b5714c1bc29d57792b26452a9887e1fe3d3bff25d81
4254abde5abae8c9c52b741364d9b7d32eed1ffbeb6f18c7a36d2ddb003b0b03
72a01ca0dd2f72570e26ed0e2fcb2e8d691c878ff3419170810c387ca6a68ab9
78bea018350b8cd970d5944ab1f8cc8408778271119eb5a007f5589e2e4df2ec
7a02610ede55f98ef6303d56bffd757f066a08b894c1136ead65e87d61ecfbb3
8355236c32e9396733d0b39df8726ee727a2e7e250d96f127f0664224949343b
bc6fe09d0f4d476f51fb63a231142cb285cc54777ca7e04e83537191ee292918