vdk.semperflorens.net
Open in
urlscan Pro
82.202.167.118
Malicious Activity!
Public Scan
Submission: On May 20 via automatic, source openphish
Summary
This is the only time vdk.semperflorens.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 82.202.167.118 82.202.167.118 | 29182 (THEFIRST-AS) (THEFIRST-AS) | |
1 | 2a04:4e42:1b:... 2a04:4e42:1b::621 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 144.160.125.207 144.160.125.207 | 797 (AMERITECH-AS) (AMERITECH-AS) | |
4 | 4 |
ASN29182 (THEFIRST-AS, RU)
PTR: yutex25.yutex.ru
vdk.semperflorens.net |
ASN797 (AMERITECH-AS, US)
PTR: clcontent-da.att.com
signin.att.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
att.com
signin.att.com |
9 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
6 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net |
24 KB |
1 |
semperflorens.net
vdk.semperflorens.net |
2 KB |
4 | 4 |
Domain | Requested by | |
---|---|---|
1 | signin.att.com |
vdk.semperflorens.net
|
1 | cdnjs.cloudflare.com |
vdk.semperflorens.net
|
1 | cdn.jsdelivr.net |
vdk.semperflorens.net
|
1 | vdk.semperflorens.net | |
4 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2021-05-18 - 2022-03-26 |
10 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
*.att.com DigiCert SHA2 Secure Server CA |
2020-12-16 - 2021-12-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://vdk.semperflorens.net/attc/att.php
Frame ID: 8A0F270197C559B95A1966ADB578C448
Requests: 4 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
att.php
vdk.semperflorens.net/attc/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/ |
158 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
att-logo.svg
signin.att.com/static/siam//en/halo_c/images/logos/ |
8 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
signin.att.com
vdk.semperflorens.net
144.160.125.207
2606:4700::6810:135e
2a04:4e42:1b::621
82.202.167.118
226ca2eb7e755a27ac3a6cb534a1f69dc2c9cfcfc0c07dacc2d53f16b81b2592
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd