kelpiesinc.com
Open in
urlscan Pro
64.39.224.251
Malicious Activity!
Public Scan
URL:
http://kelpiesinc.com/login.php
Submission: On March 08 via api from US — Scanned from US
Submission: On March 08 via api from US — Scanned from US
Summary
This website contacted 3 IPs
in 1 countries
across 3 domains to perform 8 HTTP transactions.
The main IP is 64.39.224.251, located in
United States and
belongs to CDM, US.
The main domain is kelpiesinc.com.
This is the only time kelpiesinc.com was scanned on urlscan.io!
This is the only time kelpiesinc.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Dropbox (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 6 | 64.39.224.251 64.39.224.251 | 6428 (CDM) (CDM) | |
| 1 | 2607:f8b0:400... 2607:f8b0:4006:817::200a | 15169 (GOOGLE) (GOOGLE) | |
| 8 | 3 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 6 |
kelpiesinc.com
kelpiesinc.com |
226 KB |
| 1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 299 |
30 KB |
| 0 |
smallenvelop.com
Failed
smallenvelop.com Failed |
|
| 8 | 3 |
| Domain | Requested by | |
|---|---|---|
| 6 | kelpiesinc.com |
kelpiesinc.com
|
| 1 | ajax.googleapis.com |
kelpiesinc.com
|
| 0 | smallenvelop.com Failed |
kelpiesinc.com
|
| 8 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| upload.video.google.com GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://kelpiesinc.com/login.php
Frame ID: E9A19E42FDE7151C0C88C72B33FE8B8E
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Download Your FileDetected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
login.php
kelpiesinc.com/ |
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
d1.png
kelpiesinc.com/images/ |
51 KB 51 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
d2.png
kelpiesinc.com/images/ |
152 KB 152 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
d3.png
kelpiesinc.com/images/ |
351 B 592 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
d4.png
kelpiesinc.com/images/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
d5.png
kelpiesinc.com/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- smallenvelop.com
- URL
- https://smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Dropbox (Consumer)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
kelpiesinc.com
smallenvelop.com
smallenvelop.com
2607:f8b0:4006:817::200a
64.39.224.251
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0adef777026d9043119354a6a97e564701c50318a4377f73d619426286519205
7afde1d6afa132ca6e281ceef084dc18b98a52fe9f4c3361670b46e669760671
bd54eccf6308178cff684fb5bee6066af28a15590c5cd4314e47dd472c8f68b3
c599cdfc4cad8dfa58dfe456ba9072305508785f76accc7d9483b87382304bad
f1a498b0e40296fce6598ecab8178483bb8924dd4ef250574fbe71f905068af7
f74776b0da21993fb7796fbae40dbac81495200a28f21f3d6ea91589b94bcc8f