urlscan.io logo urlscan.io
SecurityTrails logo

kufnet-at.com Open in urlscan Pro
172.67.217.181  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://s-asktel.net/
Effective URL: https://kufnet-at.com/sasktel/
Submission: On April 10 via manual from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 172.67.217.181, located in United States and belongs to CLOUDFLARENET, US. The main domain is kufnet-at.com.
TLS certificate: Issued by GTS CA 1P5 on February 12th 2024. Valid for: 3 months.
This is the only time kufnet-at.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 172.67.166.147 13335 (CLOUDFLAR...)
1 6 172.67.217.181 13335 (CLOUDFLAR...)
6 3
Apex Domain
Subdomains		 Transfer
6 kufnet-at.com
kufnet-at.com
233 KB
1 s-asktel.net
s-asktel.net
609 B
6 2
Domain Requested by
6 kufnet-at.com 1 redirects s-asktel.net
kufnet-at.com
1 s-asktel.net
6 2

This site contains no links.

Subject Issuer Validity Valid
s-asktel.net
GTS CA 1P5		 2024-04-09 -
2024-07-08		 3 months crt.sh
kufnet-at.com
GTS CA 1P5		 2024-02-12 -
2024-05-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://kufnet-at.com/sasktel/
Frame ID: 13C8A5EB570867AC9FB0FF88FB04B28A
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login - Webmail 7.0

Page URL History Show full URLs

  1. http://s-asktel.net/ HTTP 307
    https://s-asktel.net/ Page URL
  2. https://kufnet-at.com/sasktel/ Page URL
  3. https://kufnet-at.com/cdn-cgi/phish-bypass?atok=lKltG6hGnOppBD2qZM.vxHAmWsFv1GZ5vQY0xuwpkdY-171278... HTTP 301
    https://kufnet-at.com/sasktel/ Page URL

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

438 kB
Transfer

564 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://s-asktel.net/ HTTP 307
    https://s-asktel.net/ Page URL
  2. https://kufnet-at.com/sasktel/ Page URL
  3. https://kufnet-at.com/cdn-cgi/phish-bypass?atok=lKltG6hGnOppBD2qZM.vxHAmWsFv1GZ5vQY0xuwpkdY-1712786933-0.0.1.1-%2Fsasktel%2F HTTP 301
    https://kufnet-at.com/sasktel/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://s-asktel.net/ HTTP 307
  • https://s-asktel.net/

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
s-asktel.net/
Redirect Chain
  • http://s-asktel.net/
  • https://s-asktel.net/
158 B
609 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s-asktel.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.166.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87260ed9ccf136d3-YYZ
content-encoding
br
content-type
text/html
date
Wed, 10 Apr 2024 22:08:53 GMT
last-modified
Wed, 10 Apr 2024 07:56:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VK1B4prnkbIzPbvfE96z2tjXIFKFuN%2FkZhG1OnN5VBZakaJ%2BzCN%2F2c7Ryxk%2FLjDk2bBoeQB%2FPMxmO6KwywR0uVCx9rV15tiDCHlvD%2BOUYDQ4%2FVYjASlfj7lYRvMzu2w%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding,User-Agent
x-accel-version
0.01

Redirect headers

Location
https://s-asktel.net/
Non-Authoritative-Reason
HttpsUpgrades
/
kufnet-at.com/sasktel/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kufnet-at.com/sasktel/
Requested by
Host: s-asktel.net
URL: https://s-asktel.net/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.217.181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f17896575defd748a9de0b3a3cdd2187ef5059f9ae59d612ba8b693b7c7b923c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://s-asktel.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-CA,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cf-ray
87260ede1e4f36fa-YYZ
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 10 Apr 2024 22:08:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t2ZXeDmXkVw%2B7jUcRoWS3%2FPydtvyyXvME5BL78mCzp2a6ObQtRdK8AJKUEPNTNE3i3IfbZkvTWhuMGl0%2FpMr1qtjHIUEL4Y0%2Fy7YNwtk7%2FgM2%2FYJ8oMKrr0Hs4hWxJ5o"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf.errors.css
kufnet-at.com/cdn-cgi/styles/ 		24 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://kufnet-at.com/cdn-cgi/styles/cf.errors.css
Requested by
Host: kufnet-at.com
URL: https://kufnet-at.com/sasktel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.217.181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://kufnet-at.com/sasktel/
accept-language
en-CA,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 22:08:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 03 Apr 2024 10:34:35 GMT
server
cloudflare
etag
W/"660d30bb-5e44"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
87260ede8f3b36fa-YYZ
expires
Thu, 11 Apr 2024 00:08:53 GMT
icon-exclamation.png
kufnet-at.com/cdn-cgi/images/ 		452 B
634 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kufnet-at.com/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: kufnet-at.com
URL: https://kufnet-at.com/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.217.181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://kufnet-at.com/cdn-cgi/styles/cf.errors.css
accept-language
en-CA,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 22:08:53 GMT
x-content-type-options
nosniff
last-modified
Wed, 03 Apr 2024 10:34:35 GMT
server
cloudflare
etag
"660d30bb-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
87260edecfb436fa-YYZ
content-length
452
expires
Thu, 11 Apr 2024 00:08:53 GMT
favicon.ico
kufnet-at.com/ 		315 B
643 B 		Other
General
Check archive.org
Download Go to
Full URL
https://kufnet-at.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.217.181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://kufnet-at.com/sasktel/
accept-language
en-CA,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 22:08:53 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9F3Fli%2FsaRaN5QhvYq8nE9sti%2BEmgfpFVApzETn7pSzU7opAx2rwdO%2FGFAKO5oKgHAQ3HNb0kWWiqkt4sSk%2Fk0QcdFl1ZGn8rYkWPLyG98Zxb%2BFnxA%2BbJViXkyLxwAKr"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
87260edefffc36fa-YYZ
alt-svc
h3=":443"; ma=86400
Primary Request /
kufnet-at.com/sasktel/
Redirect Chain
  • https://kufnet-at.com/cdn-cgi/phish-bypass?atok=lKltG6hGnOppBD2qZM.vxHAmWsFv1GZ5vQY0xuwpkdY-1712786933-0.0.1.1-%2Fsasktel%2F
  • https://kufnet-at.com/sasktel/
321 KB
225 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kufnet-at.com/sasktel/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.217.181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24979901c7bbecddc6679034720ff80479e9ad77471787c146505c06457edda5

Request headers

Referer
https://kufnet-at.com/sasktel/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-CA,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87260efe5cb736fa-YYZ
content-encoding
br
content-type
text/html
date
Wed, 10 Apr 2024 22:08:58 GMT
last-modified
Fri, 15 Apr 2022 22:48:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=180sEBRX5PqHI2ope1i5bROHo15JJovia8Hr1OmTb3l%2BK4lam9JiMzeC84QjzXgRsFgdAskT5jYJBpMaMMRy3ZHFlvN6hQz%2FZc24TFcVDNvjOc8MCJJ%2BbZuLGb%2FBPsaC"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding,User-Agent

Redirect headers

cache-control
private, no-cache
cf-ray
87260efe3c6c36fa-YYZ
content-length
167
content-type
text/html
date
Wed, 10 Apr 2024 22:08:58 GMT
location
https://kufnet-at.com/sasktel/
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
674852ebff68e1fd8cf1c52e3434636c321d6bef3753de5ea517fc7acb96aa12

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Request headers

Referer
Origin
https://kufnet-at.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
44bd6a90e60ed7e7ec74f7c13f68495f68c8de09de31cb0e1c2a1beb09d8ff1a

Request headers

Referer
Origin
https://kufnet-at.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
76bfcb74b352f2eabd2510fe089542f8613cb6feb09063a6230e94a045e81158

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
54b6139cd98570230f1158a82a97e2949960e554d9b1b22afdd214dd8ad5ca30

Request headers

Referer
Origin
https://kufnet-at.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
Origin
https://kufnet-at.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a658b5f3ec0fd27f3c1500b420b2ed4ff557f5ddb65fbc83c21eae5cadc97dfb

Request headers

Referer
Origin
https://kufnet-at.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

1 Cookies

Domain/Path Name / Value
.kufnet-at.com/ Name: __cf_mw_byp
Value: lKltG6hGnOppBD2qZM.vxHAmWsFv1GZ5vQY0xuwpkdY-1712786933-0.0.1.1-/sasktel/

2 Console Messages

Source Level URL
Text
network error URL: https://kufnet-at.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
recommendation verbose URL: https://kufnet-at.com/sasktel/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o