kufnet-at.com
Open in
urlscan Pro
172.67.217.181
Malicious Activity!
Public Scan
Effective URL: https://kufnet-at.com/sasktel/
Submission: On April 10 via manual from US — Scanned from CA
Summary
TLS certificate: Issued by GTS CA 1P5 on February 12th 2024. Valid for: 3 months.
This is the only time kufnet-at.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 172.67.166.147 172.67.166.147 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 6 | 172.67.217.181 172.67.217.181 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
kufnet-at.com
1 redirects
kufnet-at.com |
233 KB |
1 |
s-asktel.net
s-asktel.net |
609 B |
6 | 2 |
Domain | Requested by | |
---|---|---|
6 | kufnet-at.com |
1 redirects
s-asktel.net
kufnet-at.com |
1 | s-asktel.net | |
6 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
s-asktel.net GTS CA 1P5 |
2024-04-09 - 2024-07-08 |
3 months | crt.sh |
kufnet-at.com GTS CA 1P5 |
2024-02-12 - 2024-05-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://kufnet-at.com/sasktel/
Frame ID: 13C8A5EB570867AC9FB0FF88FB04B28A
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Login - Webmail 7.0Page URL History Show full URLs
-
http://s-asktel.net/
HTTP 307
https://s-asktel.net/ Page URL
- https://kufnet-at.com/sasktel/ Page URL
-
https://kufnet-at.com/cdn-cgi/phish-bypass?atok=lKltG6hGnOppBD2qZM.vxHAmWsFv1GZ5vQY0xuwpkdY-171278...
HTTP 301
https://kufnet-at.com/sasktel/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://s-asktel.net/
HTTP 307
https://s-asktel.net/ Page URL
- https://kufnet-at.com/sasktel/ Page URL
-
https://kufnet-at.com/cdn-cgi/phish-bypass?atok=lKltG6hGnOppBD2qZM.vxHAmWsFv1GZ5vQY0xuwpkdY-1712786933-0.0.1.1-%2Fsasktel%2F
HTTP 301
https://kufnet-at.com/sasktel/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://s-asktel.net/ HTTP 307
- https://s-asktel.net/
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
s-asktel.net/ Redirect Chain
|
158 B 609 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
kufnet-at.com/sasktel/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cf.errors.css
kufnet-at.com/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
kufnet-at.com/cdn-cgi/images/ |
452 B 634 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
kufnet-at.com/ |
315 B 643 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
kufnet-at.com/sasktel/ Redirect Chain
|
321 KB 225 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
23 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
46 KB 46 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
47 KB 47 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
75 KB 75 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
12 KB 12 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 01 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.kufnet-at.com/ | Name: __cf_mw_byp Value: lKltG6hGnOppBD2qZM.vxHAmWsFv1GZ5vQY0xuwpkdY-1712786933-0.0.1.1-/sasktel/ |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
kufnet-at.com
s-asktel.net
172.67.166.147
172.67.217.181
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
24979901c7bbecddc6679034720ff80479e9ad77471787c146505c06457edda5
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
44bd6a90e60ed7e7ec74f7c13f68495f68c8de09de31cb0e1c2a1beb09d8ff1a
54b6139cd98570230f1158a82a97e2949960e554d9b1b22afdd214dd8ad5ca30
674852ebff68e1fd8cf1c52e3434636c321d6bef3753de5ea517fc7acb96aa12
76bfcb74b352f2eabd2510fe089542f8613cb6feb09063a6230e94a045e81158
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
a658b5f3ec0fd27f3c1500b420b2ed4ff557f5ddb65fbc83c21eae5cadc97dfb
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f17896575defd748a9de0b3a3cdd2187ef5059f9ae59d612ba8b693b7c7b923c