vdk.semperflorens.net Open in urlscan Pro
82.202.167.118  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request att.php Show response vdk.semperflorens.net/attc/	5 KB 2 KB	569ms 361ms	Document text/html	82.202.167.118 THEFIRST-AS
General Check archive.org Show headers Download Go to Full URL http://vdk.semperflorens.net/attc/att.php Protocol HTTP/1.1 Server 82.202.167.118 Moscow, Russian Federation, ASN29182 (THEFIRST-AS, RU), Reverse DNS yutex25.yutex.ru Software nginx/1.11.9 / PHP/5.6.40 Resource Hash 226ca2eb7e755a27ac3a6cb534a1f69dc2c9cfcfc0c07dacc2d53f16b81b2592 Request headers Host vdk.semperflorens.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Server nginx/1.11.9 Date Thu, 20 May 2021 02:03:16 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive X-Powered-By PHP/5.6.40 Content-Encoding gzip
GET H2	200	bootstrap.min.css cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/	158 KB 24 KB	23ms 6ms	Stylesheet text/css	2a04:4e42:1b::621 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css Requested by Host: vdk.semperflorens.net URL: http://vdk.semperflorens.net/attc/att.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Origin http://vdk.semperflorens.net Referer http://vdk.semperflorens.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 8564644 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 24100 etag W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34" x-served-by cache-fra19144-FRA, cache-hhn4041-HHN date Thu, 20 May 2021 02:03:16 GMT vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H2	200	font-awesome.min.css cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/	30 KB 6 KB	23ms 21ms	Stylesheet text/css	2606:4700::6810:135e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css Requested by Host: vdk.semperflorens.net URL: http://vdk.semperflorens.net/attc/att.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer http://vdk.semperflorens.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 20 May 2021 02:03:16 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 2360183 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 5631 cf-request-id 0a291c58f200002b71d1b40000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:10:07 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03e5f-7918" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BtB44EnHnOuAJVuoHsI0589nzvG6RJt9s0OfnQw8fRUzHx2CyDopUQemeKcWDAxu6QlsouUJZjJ6RKuwt05RWmzd9JXzS1SsITE8xE%2BALRdfjmoajYE0KHjnNJt%2FwuHJyQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6521fcd4b8052b71-FRA expires Tue, 10 May 2022 02:03:16 GMT
GET H/1.1	200 OK	att-logo.svg signin.att.com/static/siam//en/halo_c/images/logos/	8 KB 9 KB	772ms 132ms	Image image/svg+xml	144.160.125.207 AMERITECH-AS
General Check archive.org Show headers Download Go to Show image Full URL https://signin.att.com/static/siam//en/halo_c/images/logos/att-logo.svg Requested by Host: vdk.semperflorens.net URL: http://vdk.semperflorens.net/attc/att.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.125.207 , United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-da.att.com Software / Resource Hash 6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers Referer http://vdk.semperflorens.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 20 May 2021 02:03:17 GMT last-modified Fri, 30 Apr 2021 07:46:16 GMT etag "20b1-5c12bce830200" x-frame-options SAMEORIGIN iam_on D510 p3p CP="NON CUR OTPi OUR NOR UNI" access-control-allow-origin * strict-transport-security max-age=31536000; includeSubDomains; preload accept-ranges bytes content-type image/svg+xml apser p211 content-length 8369

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
signin.att.com
vdk.semperflorens.net
144.160.125.207
2606:4700::6810:135e
2a04:4e42:1b::621
82.202.167.118
226ca2eb7e755a27ac3a6cb534a1f69dc2c9cfcfc0c07dacc2d53f16b81b2592
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd