ktleeranchalpacas.com Open in urlscan Pro
192.252.216.194 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://ktleeranchalpacas.com/
Submission: On December 27 via automatic, source openphish (December 27th 2022, 1:07:10 am UTC) — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 192.252.216.194, located in United States and belongs to PERFORMIVE, US. The main domain is ktleeranchalpacas.com.

This is the only time ktleeranchalpacas.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BPER Banca (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	192.252.216.194 192.252.216.194	46562 (PERFORMIVE) (PERFORMIVE)
1	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2

7 192.252.216.194 (United States)

ASN46562 (PERFORMIVE, US)
PTR: web1.cygnusnet.com

ktleeranchalpacas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	ktleeranchalpacas.com ktleeranchalpacas.com	240 KB
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 1135	4 KB
8	2

	Domain	Requested by
7	ktleeranchalpacas.com	ktleeranchalpacas.com
1	unpkg.com	ktleeranchalpacas.com
8	2

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-01` - `2023-06-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://ktleeranchalpacas.com/
Frame ID: C6A9A3453119B47F3A4344F9C90456B9
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Pure CSS (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+(?:([\d.])+/)?pure(?:-min)?\.css

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

13 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

244 kB
Transfer

254 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
ktleeranchalpacas.com/ 4 KB
4 KB 616ms
290ms Document
text/html 192.252.216.194
PERFORMIVE

General

Check archive.org

Show headers Download Go to

Full URL: http://ktleeranchalpacas.com/
Protocol: HTTP/1.1
Server: 192.252.216.194 , United States, ASN46562 (PERFORMIVE, US),
Reverse DNS: web1.cygnusnet.com
Software: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40 /
Resource Hash: 1cdcdef4d3914973e68b2fecd08623dc29f4a38f6cd03639770685ac68664f45

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 27 Dec 2022 01:07:05 GMT
Keep-Alive: timeout=2, max=100
Server: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40
Transfer-Encoding: chunked

GET
H/1.1 200
OK logo1.jpg
ktleeranchalpacas.com/ 14 KB
14 KB 111ms
111ms Image
image/jpeg 192.252.216.194
PERFORMIVE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ktleeranchalpacas.com/logo1.jpg
Requested by: Host: ktleeranchalpacas.com
URL: http://ktleeranchalpacas.com/
Protocol: HTTP/1.1
Server: 192.252.216.194 , United States, ASN46562 (PERFORMIVE, US),
Reverse DNS: web1.cygnusnet.com
Software: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40 /
Resource Hash: 5000659534ad5673ed8f0292fe8942fe248e552d4a05ce3d580ad8a9ec560a5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ktleeranchalpacas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Tue, 27 Dec 2022 01:07:05 GMT
Last-Modified: Wed, 23 Feb 2022 04:46:38 GMT
Server: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40
ETag: "6940786-372c-5d8a826a4e780"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 14124

GET
H2 200 pure-min.css
unpkg.com/purecss@2.0.5/build/ 16 KB
4 KB 41ms
23ms Stylesheet
text/css 2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/purecss@2.0.5/build/pure-min.css

Requested by

Host: ktleeranchalpacas.com
URL: http://ktleeranchalpacas.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d0b11cc95b046dabdab9a5bbe9c3035d2db1d7036e644acbb9e00b7c639f3f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ktleeranchalpacas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 27 Dec 2022 01:07:05 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 28999401
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01FT89X9FDEP81VX4K7A2EH37M
server: cloudflare
etag: W/"4195-XLNKX4yxaMYG7+jslQdUA8knpHQ"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 77fe28493d7a91f9-FRA

GET
H/1.1 200
OK jquery-latest.min.js Show response
ktleeranchalpacas.com/ 84 KB
84 KB 117ms
114ms Script
application/javascript 192.252.216.194
PERFORMIVE

General

Check archive.org

Show headers Download Go to

Full URL: http://ktleeranchalpacas.com/jquery-latest.min.js
Requested by: Host: ktleeranchalpacas.com
URL: http://ktleeranchalpacas.com/
Protocol: HTTP/1.1
Server: 192.252.216.194 , United States, ASN46562 (PERFORMIVE, US),
Reverse DNS: web1.cygnusnet.com
Software: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40 /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ktleeranchalpacas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Tue, 27 Dec 2022 01:07:05 GMT
Last-Modified: Wed, 27 Jan 2021 04:41:18 GMT
Server: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40
ETag: "694077d-14e4a-5b9da61c71780"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=99
Content-Length: 85578

GET
H/1.1 200
OK jquery.payform.min.js Show response
ktleeranchalpacas.com/ 16 KB
16 KB 213ms
106ms Script
application/javascript 192.252.216.194
PERFORMIVE

General

Check archive.org

Show headers Download Go to

Full URL: http://ktleeranchalpacas.com/jquery.payform.min.js
Requested by: Host: ktleeranchalpacas.com
URL: http://ktleeranchalpacas.com/
Protocol: HTTP/1.1
Server: 192.252.216.194 , United States, ASN46562 (PERFORMIVE, US),
Reverse DNS: web1.cygnusnet.com
Software: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40 /
Resource Hash: ddda7da0b1510e2f6916258890d06a64da32e94be54489117ff249f4630fd999

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ktleeranchalpacas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Tue, 27 Dec 2022 01:07:05 GMT
Last-Modified: Thu, 24 Jan 2019 05:57:24 GMT
Server: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40
ETag: "694077e-4001-5802de2697900"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 16385

GET
H/1.1 200
OK bperlogo.jpg
ktleeranchalpacas.com/ 15 KB
15 KB 214ms
106ms Image
image/jpeg 192.252.216.194
PERFORMIVE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ktleeranchalpacas.com/bperlogo.jpg
Requested by: Host: ktleeranchalpacas.com
URL: http://ktleeranchalpacas.com/
Protocol: HTTP/1.1
Server: 192.252.216.194 , United States, ASN46562 (PERFORMIVE, US),
Reverse DNS: web1.cygnusnet.com
Software: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40 /
Resource Hash: d9ae869c3dd00f983666dde345708c6939f7f9f2c40077524de594c7783a7951

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ktleeranchalpacas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Tue, 27 Dec 2022 01:07:05 GMT
Last-Modified: Wed, 23 Feb 2022 04:49:18 GMT
Server: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40
ETag: "694075e-3bab-5d8a8302e4f80"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 15275

GET
H/1.1 200
OK barra.jpg
ktleeranchalpacas.com/ 8 KB
8 KB 220ms
110ms Image
image/jpeg 192.252.216.194
PERFORMIVE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ktleeranchalpacas.com/barra.jpg
Requested by: Host: ktleeranchalpacas.com
URL: http://ktleeranchalpacas.com/
Protocol: HTTP/1.1
Server: 192.252.216.194 , United States, ASN46562 (PERFORMIVE, US),
Reverse DNS: web1.cygnusnet.com
Software: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40 /
Resource Hash: 4712e2649e9407f997c8708642b3f01a854b61f686d39b4f40979eef1219b2d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://ktleeranchalpacas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Tue, 27 Dec 2022 01:07:05 GMT
Last-Modified: Wed, 23 Feb 2022 04:51:08 GMT
Server: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40
ETag: "694075d-1f3f-5d8a836bcc700"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 7999

GET
H/1.1 200
OK unicredit-regular.otf
ktleeranchalpacas.com/fonts/ 98 KB
98 KB 234ms
118ms Font
font/otf 192.252.216.194
PERFORMIVE

General

Check archive.org

Show headers Download Go to

Full URL: http://ktleeranchalpacas.com/fonts/unicredit-regular.otf
Protocol: HTTP/1.1
Server: 192.252.216.194 , United States, ASN46562 (PERFORMIVE, US),
Reverse DNS: web1.cygnusnet.com
Software: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40 /
Resource Hash: fb3eee259238bb8f097a10f92ad30df49fe02fa3889ee4ee64407514840383a5

Request headers

Referer: http://ktleeranchalpacas.com/
Origin: http://ktleeranchalpacas.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Tue, 27 Dec 2022 01:07:08 GMT
Last-Modified: Tue, 22 Feb 2022 20:31:12 GMT
Server: Apache/2.4.54 (cPanel) OpenSSL/1.1.1s mod_bwlimited/1.4 PHP/5.6.40
ETag: "6940775-186c0-5d8a13ad62400"
Content-Type: font/otf
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=100
Content-Length: 100032

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BPER Banca (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ktleeranchalpacas.com/	1970-01-20 18:04:23	Name: COOKIE_KEY Value: 167210322580

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ktleeranchalpacas.com
unpkg.com
192.252.216.194
2606:4700::6810:7daf
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1cdcdef4d3914973e68b2fecd08623dc29f4a38f6cd03639770685ac68664f45
2d0b11cc95b046dabdab9a5bbe9c3035d2db1d7036e644acbb9e00b7c639f3f6
4712e2649e9407f997c8708642b3f01a854b61f686d39b4f40979eef1219b2d1
5000659534ad5673ed8f0292fe8942fe248e552d4a05ce3d580ad8a9ec560a5d
d9ae869c3dd00f983666dde345708c6939f7f9f2c40077524de594c7783a7951
ddda7da0b1510e2f6916258890d06a64da32e94be54489117ff249f4630fd999
fb3eee259238bb8f097a10f92ad30df49fe02fa3889ee4ee64407514840383a5

ktleeranchalpacas.com Open in urlscan Pro 192.252.216.194 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

8 Requests

13 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

244 kBTransfer

254 kBSize

1 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

ktleeranchalpacas.com Open in urlscan Pro
192.252.216.194 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

13 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

244 kB
Transfer

254 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!