peruanatravel.com Open in urlscan Pro
51.161.15.114 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://peruanatravel.com/nbt/sms.html
Submission Tags: @ipnigh
Submission: On May 05 via api (May 5th 2020, 1:09:27 am UTC) from GB

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 51.161.15.114, located in Canada and belongs to OVH, FR. The main domain is peruanatravel.com.

This is the only time peruanatravel.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Suntrust (Banking)

Domain & IP information

	IP Address	AS Autonomous System
8	51.161.15.114 51.161.15.114	16276 (OVH) (OVH)
1	167.181.46.242 167.181.46.242	25959 (SUNTRUST) (SUNTRUST)
9	3

8 51.161.15.114 (Canada)

ASN16276 (OVH, FR)
PTR: sha.gnservername.net

peruanatravel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 167.181.46.242 (United States)

ASN25959 (SUNTRUST, US)
PTR: www.oauth.suntrust.com

login.onlinebanking.suntrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	peruanatravel.com peruanatravel.com	200 KB
1	suntrust.com login.onlinebanking.suntrust.com	77 KB
9	2

	Domain	Requested by
8	peruanatravel.com	peruanatravel.com
1	login.onlinebanking.suntrust.com	peruanatravel.com
9	2

This site contains no links.

Subject Issuer	Validity	Valid
login.onlinebanking.suntrust.com DigiCert SHA2 Secure Server CA	`2019-06-06` - `2020-09-27`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://peruanatravel.com/nbt/sms.html
Frame ID: C9BE90C97DE1BA75B329D64D5B654EAA
Requests: 10 HTTP requests in this frame

Frame: http://peruanatravel.com/nbt/sms_files/dest5.html
Frame ID: 121CC9C858FFE7520142BDD2264930C2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

9
Requests

11 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

277 kB
Transfer

279 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request sms.html Show response
peruanatravel.com/nbt/ 159 KB
159 KB 320ms
291ms Document
text/html 51.161.15.114
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://peruanatravel.com/nbt/sms.html
Protocol: HTTP/1.1
Server: 51.161.15.114 , Canada, ASN16276 (OVH, FR),
Reverse DNS: sha.gnservername.net
Software: Apache /
Resource Hash: 3a0a3d81ed13cbc24eaa1b5714c1bc29d57792b26452a9887e1fe3d3bff25d81

Request headers

Host: peruanatravel.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 01:08:50 GMT
Server: Apache
Last-Modified: Wed, 29 Apr 2020 22:23:52 GMT
Accept-Ranges: bytes
Content-Length: 162816
Keep-Alive: timeout=50, max=200
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1 200
OK styles.915dc6f7a89c9d6859e8.css
peruanatravel.com/nbt/sms_files/ 15 KB
15 KB 352ms
324ms Stylesheet
text/css 51.161.15.114
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://peruanatravel.com/nbt/sms_files/styles.915dc6f7a89c9d6859e8.css
Requested by: Host: peruanatravel.com
URL: http://peruanatravel.com/nbt/sms.html
Protocol: HTTP/1.1
Server: 51.161.15.114 , Canada, ASN16276 (OVH, FR),
Reverse DNS: sha.gnservername.net
Software: Apache /
Resource Hash: 4254abde5abae8c9c52b741364d9b7d32eed1ffbeb6f18c7a36d2ddb003b0b03

Request headers

Referer: http://peruanatravel.com/nbt/sms.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 01:08:50 GMT
Last-Modified: Thu, 05 Dec 2019 21:58:04 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=50, max=200
Content-Length: 14990

GET
H/1.1 200
OK logo.png
peruanatravel.com/nbt/ 18 KB
19 KB 160ms
160ms Image
image/png 51.161.15.114
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://peruanatravel.com/nbt/logo.png
Requested by: Host: peruanatravel.com
URL: http://peruanatravel.com/nbt/sms.html
Protocol: HTTP/1.1
Server: 51.161.15.114 , Canada, ASN16276 (OVH, FR),
Reverse DNS: sha.gnservername.net
Software: Apache /
Resource Hash: 8355236c32e9396733d0b39df8726ee727a2e7e250d96f127f0664224949343b

Request headers

Referer: http://peruanatravel.com/nbt/sms.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 05 May 2020 01:08:51 GMT
Last-Modified: Wed, 29 Apr 2020 20:29:40 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=50, max=199
Content-Length: 18882

GET
H/1.1 200
OK dest5.html Show response
peruanatravel.com/nbt/sms_files/ Frame 121C 7 KB
7 KB 311ms
288ms Document
text/html 51.161.15.114
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://peruanatravel.com/nbt/sms_files/dest5.html
Requested by: Host: peruanatravel.com
URL: http://peruanatravel.com/nbt/sms.html
Protocol: HTTP/1.1
Server: 51.161.15.114 , Canada, ASN16276 (OVH, FR),
Reverse DNS: sha.gnservername.net
Software: Apache /
Resource Hash: 7a02610ede55f98ef6303d56bffd757f066a08b894c1136ead65e87d61ecfbb3

Request headers

Host: peruanatravel.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://peruanatravel.com/nbt/sms.html
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://peruanatravel.com/nbt/sms.html

Response headers

Date: Tue, 05 May 2020 01:08:51 GMT
Server: Apache
Last-Modified: Thu, 05 Dec 2019 21:58:04 GMT
Accept-Ranges: bytes
Content-Length: 7328
Keep-Alive: timeout=50, max=200
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1 200
OK suntrust-img-sprite.acb6d3e68c48c2b70453.png
login.onlinebanking.suntrust.com/olb/dist/ 76 KB
77 KB 956ms
430ms Image
image/png 167.181.46.242
SUNTRUST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.onlinebanking.suntrust.com/olb/dist/suntrust-img-sprite.acb6d3e68c48c2b70453.png

Requested by

Host: peruanatravel.com
URL: http://peruanatravel.com/nbt/sms.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_GCM

Server

167.181.46.242 , United States, ASN25959 (SUNTRUST, US),

Reverse DNS

www.oauth.suntrust.com

Software

Resource Hash

78bea018350b8cd970d5944ab1f8cc8408778271119eb5a007f5589e2e4df2ec

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://.suntrust.com https://.liveperson.net http://.liveperson.net https://fls.doubleclick.net https://www.googleadservices.com https://suntrustbanksinc.demdex.net https://nexus.ensighten.com https://dpm.demdex.net https://.lpsnmedia.net 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://.suntrust.com https://googleads.g.doubleclick.net https://www.google.com https://fast.suntrustbanksinc.demdex.net https://suntrustbanksinc.demdex.net https://.lpsnmedia.net https://*.liveperson.net https://secure.opinionlab.com
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

Referer: http://peruanatravel.com/nbt/sms.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Last-Modified: Tue, 10 Mar 2020 12:00:19 GMT
ETag: "d9d56478d3f6d51:0"
X-Frame-Options: DENY
Content-Type: image/png
Date: Tue, 05 May 2020 01:09:05 GMT
Content-Security-Policy: script-src 'self' https://*.suntrust.com https://*.liveperson.net http://*.liveperson.net https://fls.doubleclick.net https://www.googleadservices.com https://suntrustbanksinc.demdex.net https://nexus.ensighten.com https://dpm.demdex.net https://*.lpsnmedia.net 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.suntrust.com https://googleads.g.doubleclick.net https://www.google.com https://fast.suntrustbanksinc.demdex.net https://suntrustbanksinc.demdex.net https://*.lpsnmedia.net https://*.liveperson.net https://secure.opinionlab.com
Accept-Ranges: bytes
Content-Length: 77401

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72a01ca0dd2f72570e26ed0e2fcb2e8d691c878ff3419170810c387ca6a68ab9

Request headers

Referer: http://peruanatravel.com/nbt/sms.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc6fe09d0f4d476f51fb63a231142cb285cc54777ca7e04e83537191ee292918

Request headers

Referer: http://peruanatravel.com/nbt/sms.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 404
Not Found fs_albert-webfont.9f15d8cb81d8cbf3ed54.woff
peruanatravel.com/nbt/sms_files/ 0
0 860ms
860ms Font
text/html 51.161.15.114
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://peruanatravel.com/nbt/sms_files/fs_albert-webfont.9f15d8cb81d8cbf3ed54.woff
Requested by: Host: peruanatravel.com
URL: http://peruanatravel.com/nbt/sms.html
Protocol: HTTP/1.1
Server: 51.161.15.114 , Canada, ASN16276 (OVH, FR),
Reverse DNS: sha.gnservername.net
Software: Apache /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://peruanatravel.com/nbt/sms_files/styles.915dc6f7a89c9d6859e8.css
Origin: http://peruanatravel.com

Response headers

Date: Tue, 05 May 2020 01:08:51 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-transform, no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
X-UA-Compatible: IE=edge
Connection: Keep-Alive
Link: <https://peruanatravel.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=50, max=199
Expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H/1.1 404
Not Found fs_albert_web-regular.0e41d89dd1b608bb60c7.ttf
peruanatravel.com/nbt/sms_files/ 0
0 961ms
960ms Font
text/html 51.161.15.114
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://peruanatravel.com/nbt/sms_files/fs_albert_web-regular.0e41d89dd1b608bb60c7.ttf
Requested by: Host: peruanatravel.com
URL: http://peruanatravel.com/nbt/sms.html
Protocol: HTTP/1.1
Server: 51.161.15.114 , Canada, ASN16276 (OVH, FR),
Reverse DNS: sha.gnservername.net
Software: Apache /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://peruanatravel.com/nbt/sms_files/styles.915dc6f7a89c9d6859e8.css
Origin: http://peruanatravel.com

Response headers

Date: Tue, 05 May 2020 01:08:51 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-transform, no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
X-UA-Compatible: IE=edge
Connection: Keep-Alive
Link: <https://peruanatravel.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=50, max=200
Expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H/1.1 404
Not Found fs_albert-webfont.8d09e8367de12af210fa.ttf
peruanatravel.com/nbt/sms_files/ 0
0 816ms
780ms Font
text/html 51.161.15.114
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://peruanatravel.com/nbt/sms_files/fs_albert-webfont.8d09e8367de12af210fa.ttf
Requested by: Host: peruanatravel.com
URL: http://peruanatravel.com/nbt/sms.html
Protocol: HTTP/1.1
Server: 51.161.15.114 , Canada, ASN16276 (OVH, FR),
Reverse DNS: sha.gnservername.net
Software: Apache /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://peruanatravel.com/nbt/sms_files/styles.915dc6f7a89c9d6859e8.css
Origin: http://peruanatravel.com

Response headers

Date: Tue, 05 May 2020 01:08:52 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-transform, no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
X-UA-Compatible: IE=edge
Connection: Keep-Alive
Link: <https://peruanatravel.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=50, max=199
Expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H/1.1 404
Not Found fs_albert_web-regular.29e0e1e2b3465062ab46.woff
peruanatravel.com/nbt/sms_files/ 0
0 914ms
913ms Font
text/html 51.161.15.114
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://peruanatravel.com/nbt/sms_files/fs_albert_web-regular.29e0e1e2b3465062ab46.woff
Requested by: Host: peruanatravel.com
URL: http://peruanatravel.com/nbt/sms.html
Protocol: HTTP/1.1
Server: 51.161.15.114 , Canada, ASN16276 (OVH, FR),
Reverse DNS: sha.gnservername.net
Software: Apache /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://peruanatravel.com/nbt/sms_files/styles.915dc6f7a89c9d6859e8.css
Origin: http://peruanatravel.com

Response headers

Date: Tue, 05 May 2020 01:08:52 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-transform, no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
X-UA-Compatible: IE=edge
Connection: Keep-Alive
Link: <https://peruanatravel.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=50, max=198
Expires: Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Suntrust (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.onlinebanking.suntrust.com
peruanatravel.com
167.181.46.242
51.161.15.114
3a0a3d81ed13cbc24eaa1b5714c1bc29d57792b26452a9887e1fe3d3bff25d81
4254abde5abae8c9c52b741364d9b7d32eed1ffbeb6f18c7a36d2ddb003b0b03
72a01ca0dd2f72570e26ed0e2fcb2e8d691c878ff3419170810c387ca6a68ab9
78bea018350b8cd970d5944ab1f8cc8408778271119eb5a007f5589e2e4df2ec
7a02610ede55f98ef6303d56bffd757f066a08b894c1136ead65e87d61ecfbb3
8355236c32e9396733d0b39df8726ee727a2e7e250d96f127f0664224949343b
bc6fe09d0f4d476f51fb63a231142cb285cc54777ca7e04e83537191ee292918

peruanatravel.com Open in urlscan Pro 51.161.15.114 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

11 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

277 kBTransfer

279 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

peruanatravel.com Open in urlscan Pro
51.161.15.114 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

11 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

277 kB
Transfer

279 kB
Size

0
Cookies

9 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!