![](/screenshots/f85b951d-3483-4ed8-8215-bc70d9edd87b.png)
kelpsharingdrive.hopto.org
Open in
urlscan Pro
107.180.0.182
Malicious Activity!
Public Scan
Effective URL: https://kelpsharingdrive.hopto.org/main.html?accessToFile=granted&fileAccess=22880&encryptedCookie=c9a2dc60218c202bbab4f92b291e9c08...
Submission: On May 09 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 9th 2020. Valid for: 3 months.
This is the only time kelpsharingdrive.hopto.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 13 | 107.180.0.182 107.180.0.182 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
3 | 23.43.123.196 23.43.123.196 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
15 | 2 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-107-180-0-182.ip.secureserver.net
kelpsharingdrive.hopto.org |
ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-43-123-196.deploy.static.akamaitechnologies.com
static2.sharepointonline.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
hopto.org
1 redirects
kelpsharingdrive.hopto.org |
191 KB |
3 |
sharepointonline.com
static2.sharepointonline.com |
100 KB |
15 | 2 |
Domain | Requested by | |
---|---|---|
13 | kelpsharingdrive.hopto.org |
1 redirects
kelpsharingdrive.hopto.org
|
3 | static2.sharepointonline.com |
kelpsharingdrive.hopto.org
|
15 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
kelpsharingdrive.hopto.org Let's Encrypt Authority X3 |
2020-05-09 - 2020-08-07 |
3 months | crt.sh |
*.sharepointonline.com Microsoft IT TLS CA 4 |
2019-09-06 - 2021-09-06 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://kelpsharingdrive.hopto.org/main.html?accessToFile=granted&fileAccess=22880&encryptedCookie=c9a2dc60218c202bbab4f92b291e9c08&u=94600254878e94bd54ebfb210b2d9646&connecting=3d8a89892407a763432637717e74747e&phaseAccess=feb127f45f26354378303a239d1075b7&p=4c8e43c7bf7226fa0dc814c710a9bad0
Frame ID: 21A3704FDD160E256A39D575A33BAE08
Requests: 15 HTTP requests in this frame
Screenshot
![](/screenshots/f85b951d-3483-4ed8-8215-bc70d9edd87b.png)
Page URL History Show full URLs
-
https://kelpsharingdrive.hopto.org/
HTTP 302
https://kelpsharingdrive.hopto.org/main.html?accessToFile=granted&fileAccess=22880&encryptedCookie=c9a2dc60218c... Page URL
Detected technologies
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://kelpsharingdrive.hopto.org/
HTTP 302
https://kelpsharingdrive.hopto.org/main.html?accessToFile=granted&fileAccess=22880&encryptedCookie=c9a2dc60218c202bbab4f92b291e9c08&u=94600254878e94bd54ebfb210b2d9646&connecting=3d8a89892407a763432637717e74747e&phaseAccess=feb127f45f26354378303a239d1075b7&p=4c8e43c7bf7226fa0dc814c710a9bad0 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
main.html
kelpsharingdrive.hopto.org/ Redirect Chain
|
75 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sharepoint.png
kelpsharingdrive.hopto.org/images/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
plus.png
kelpsharingdrive.hopto.org/images/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1driveLogo.png
kelpsharingdrive.hopto.org/images/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
office365.png
kelpsharingdrive.hopto.org/images/ |
31 KB 31 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow.png
kelpsharingdrive.hopto.org/images/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotmail.jpg
kelpsharingdrive.hopto.org/images/ |
24 KB 24 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AolLogo.png
kelpsharingdrive.hopto.org/images/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo.jpg
kelpsharingdrive.hopto.org/images/ |
23 KB 23 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email.jpg
kelpsharingdrive.hopto.org/images/ |
21 KB 21 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft.svg
kelpsharingdrive.hopto.org/images/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
grid.svg
kelpsharingdrive.hopto.org/images/ |
117 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
segoeui-regular.woff2
static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/ |
35 KB 36 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
segoeui-bold.woff2
static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/ |
32 KB 33 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
segoeui-semibold.woff2
static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/ |
31 KB 32 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
kelpsharingdrive.hopto.org
static2.sharepointonline.com
107.180.0.182
23.43.123.196
164341b86af40c7091b70746ce79497104a8482d8182c9182761ca8e5f506137
22e7ac6e00b3f7463f2c89c577877ed717686d6f219614c890317d86560c413d
2ab2f46cc0148f1ebb34da7a984b8a8b71b4881f52485ed14246739d5c694c69
31294a82aa60635289f8f091a1aa70109794994e8019b3b0ff503ac9b84dd445
406c4becf83ab8f58c783155e96cf0b075a4915daad184758ffc87305affbef5
4305077b3a5eb93ad83197ad9e451c5b28d0fdd119ac66800ead10d86268e17f
4ac80353f9770621066a63538d41a5dfa8c0045aa4db8fe5a59cddaa9ab85bcb
7656956121e73a9736826d3993d648b2b488460bb0190df712c9979c21f2ae6a
76c0751bb7080046bb2ff1705e4dbef292677531f4935cfa2bc9ee4695d3cb12
94ef87ee295c67526205d67124f404e246226105e939e14c435a20c29a956f49
b969b1aa3b409b8202efff694c7dea9a23872681a447fb3d48f964bfb810ab62
c599144a6ee494d56d4622e7cc57873a3ba7b3413e525f3e3b4aa7d8298aa2ec
d55ee7b68557c67d943361d04c437f989c13c8cd0e3144cad4ce876bd5ebc6a3
d6b7e036b0f282ef6acde352f5419cc847aeb2d876a253f79b2327f6000b3dbe
df40c793ff83e8430ecd526f3d2fe49485c5b6e5767f55afc70b1823acfc6095