urlscan.io logo urlscan.io
SecurityTrails logo

ciun.juliascloset.lk Open in urlscan Pro
45.120.149.96  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://short.bg/Ik3gp
Effective URL: http://ciun.juliascloset.lk/wiwa/signin.php
Submission: On March 01 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 9 HTTP transactions. The main IP is 45.120.149.96, located in Singapore and belongs to A2HOSTING, US. The main domain is ciun.juliascloset.lk.
This is the only time ciun.juliascloset.lk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 1 91.148.168.16 31083 (TELEPOINT)
8 45.120.149.96 55293 (A2HOSTING)
1 144.161.106.163 797 (AMERITECH-AS)
9 2
Apex Domain
Subdomains		 Transfer
8 juliascloset.lk
ciun.juliascloset.lk
641 KB
1 att.com
signin.att.com
9 KB
1 short.bg
short.bg
660 B
9 3
Domain Requested by
8 ciun.juliascloset.lk ciun.juliascloset.lk
1 signin.att.com ciun.juliascloset.lk
1 short.bg 1 redirects
9 3

This site contains no links.

Subject Issuer Validity Valid
*.att.com
DigiCert SHA2 Secure Server CA		 2020-12-16 -
2021-12-20		 a year crt.sh

This page contains 1 frames:

Primary Page: http://ciun.juliascloset.lk/wiwa/signin.php
Frame ID: 10205B6EB0530710D9623182CC769CAE
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://short.bg/Ik3gp HTTP 301
    http://ciun.juliascloset.lk/wiwa/signin.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

9
Requests

11 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

650 kB
Transfer

647 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://short.bg/Ik3gp HTTP 301
    http://ciun.juliascloset.lk/wiwa/signin.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request signin.php
ciun.juliascloset.lk/wiwa/
Redirect Chain
  • http://short.bg/Ik3gp
  • http://ciun.juliascloset.lk/wiwa/signin.php
6 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ciun.juliascloset.lk/wiwa/signin.php
Protocol
HTTP/1.1
Server
45.120.149.96 , Singapore, ASN55293 (A2HOSTING, US),
Reverse DNS
45.120.149.96.static.a2webhosting.com
Software
Apache /
Resource Hash
b922f3dd902315bc405843f692a81e54641ed7a7879e2b465ca0437831708cf8

Request headers

Host
ciun.juliascloset.lk
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Mar 2021 19:46:02 GMT
Server
Apache
Content-Length
5796
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Mon, 01 Mar 2021 19:46:01 GMT
Server
Apache
X-Powered-By
PHP/7.2.34
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Content-Encoding
gzip
Vary
Accept-Encoding
Set-Cookie
PHPSESSID=82imk6cek911fjn73j8relu23i; path=/ short_Ik3gp=1; expires=Mon, 01-Mar-2021 20:16:01 GMT; Max-Age=1800; path=/; HttpOnly
Strict-Transport-Security
max-age=15552000; includeSubDomains
Location
http://ciun.juliascloset.lk/wiwa/signin.php
Keep-Alive
timeout=5
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
bootstrap.min.css
ciun.juliascloset.lk/wiwa/assets/vendor/bootstrap/css/ 		137 KB
137 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ciun.juliascloset.lk/wiwa/assets/vendor/bootstrap/css/bootstrap.min.css
Requested by
Host: ciun.juliascloset.lk
URL: http://ciun.juliascloset.lk/wiwa/signin.php
Protocol
HTTP/1.1
Server
45.120.149.96 , Singapore, ASN55293 (A2HOSTING, US),
Reverse DNS
45.120.149.96.static.a2webhosting.com
Software
Apache /
Resource Hash
34959e43e6ecf368807a84f92ad9aa6e2dcd5f0c5c1e57da55e8f3248d9d9255

Request headers

Referer
http://ciun.juliascloset.lk/wiwa/signin.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Mar 2021 19:46:02 GMT
Last-Modified
Tue, 16 Feb 2021 23:24:04 GMT
Server
Apache
ETag
"5a2054e-22485-5bb7c65ee2d00"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
140421
style.css
ciun.juliascloset.lk/wiwa/assets/vendor/fonts/circular-std/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ciun.juliascloset.lk/wiwa/assets/vendor/fonts/circular-std/style.css
Requested by
Host: ciun.juliascloset.lk
URL: http://ciun.juliascloset.lk/wiwa/signin.php
Protocol
HTTP/1.1
Server
45.120.149.96 , Singapore, ASN55293 (A2HOSTING, US),
Reverse DNS
45.120.149.96.static.a2webhosting.com
Software
Apache /
Resource Hash
e9c3d16f3a067bdf510c1a529e31f4434b2675b56631b5063f6fdfb959de2be1

Request headers

Referer
http://ciun.juliascloset.lk/wiwa/signin.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Mar 2021 19:46:02 GMT
Last-Modified
Tue, 16 Feb 2021 23:24:04 GMT
Server
Apache
ETag
"5a20629-5e8-5bb7c65ee2d00"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1512
style.css
ciun.juliascloset.lk/wiwa/assets/libs/css/ 		123 KB
124 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ciun.juliascloset.lk/wiwa/assets/libs/css/style.css
Requested by
Host: ciun.juliascloset.lk
URL: http://ciun.juliascloset.lk/wiwa/signin.php
Protocol
HTTP/1.1
Server
45.120.149.96 , Singapore, ASN55293 (A2HOSTING, US),
Reverse DNS
45.120.149.96.static.a2webhosting.com
Software
Apache /
Resource Hash
5b029f7b1598c737cdc83e5425aefbd1c73f0f8395ca41674eb3eeb9c44680a0

Request headers

Referer
http://ciun.juliascloset.lk/wiwa/signin.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Mar 2021 19:46:03 GMT
Last-Modified
Tue, 16 Feb 2021 23:24:04 GMT
Server
Apache
ETag
"5a20532-1ed4f-5bb7c65ee2d00"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
126287
fontawesome-all.css
ciun.juliascloset.lk/wiwa/assets/vendor/fonts/fontawesome/css/ 		45 KB
45 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ciun.juliascloset.lk/wiwa/assets/vendor/fonts/fontawesome/css/fontawesome-all.css
Requested by
Host: ciun.juliascloset.lk
URL: http://ciun.juliascloset.lk/wiwa/signin.php
Protocol
HTTP/1.1
Server
45.120.149.96 , Singapore, ASN55293 (A2HOSTING, US),
Reverse DNS
45.120.149.96.static.a2webhosting.com
Software
Apache /
Resource Hash
f5045cd44d62ed1e19c37f906ee45fa7cd0dd701fb90325d22a29ed3cf526989

Request headers

Referer
http://ciun.juliascloset.lk/wiwa/signin.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Mar 2021 19:46:03 GMT
Last-Modified
Tue, 16 Feb 2021 23:24:08 GMT
Server
Apache
ETag
"5a2083f-b3d1-5bb7c662b3600"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
46033
att-logo.svg
signin.att.com/static/siam//en/halo_c/images/logos/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://signin.att.com/static/siam//en/halo_c/images/logos/att-logo.svg
Requested by
Host: ciun.juliascloset.lk
URL: http://ciun.juliascloset.lk/wiwa/signin.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.161.106.163 Brownsboro, United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-al.att.com
Software
/
Resource Hash
6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://ciun.juliascloset.lk/wiwa/signin.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 01 Mar 2021 19:46:03 GMT
last-modified
Fri, 08 Jan 2021 10:46:15 GMT
etag
"20b1-5b86143f4abc0"
x-frame-options
SAMEORIGIN
iam_on
A192
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
content-type
image/svg+xml
apser
p205
content-length
8369
jquery-3.3.1.min.js
ciun.juliascloset.lk/wiwa/assets/vendor/jquery/ 		85 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ciun.juliascloset.lk/wiwa/assets/vendor/jquery/jquery-3.3.1.min.js
Requested by
Host: ciun.juliascloset.lk
URL: http://ciun.juliascloset.lk/wiwa/signin.php
Protocol
HTTP/1.1
Server
45.120.149.96 , Singapore, ASN55293 (A2HOSTING, US),
Reverse DNS
45.120.149.96.static.a2webhosting.com
Software
Apache /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer
http://ciun.juliascloset.lk/wiwa/signin.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Mar 2021 19:46:03 GMT
Last-Modified
Tue, 16 Feb 2021 23:24:04 GMT
Server
Apache
ETag
"5a208c8-1538f-5bb7c65ee2d00"
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
86927
bootstrap.bundle.js
ciun.juliascloset.lk/wiwa/assets/vendor/bootstrap/js/ 		206 KB
206 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ciun.juliascloset.lk/wiwa/assets/vendor/bootstrap/js/bootstrap.bundle.js
Requested by
Host: ciun.juliascloset.lk
URL: http://ciun.juliascloset.lk/wiwa/signin.php
Protocol
HTTP/1.1
Server
45.120.149.96 , Singapore, ASN55293 (A2HOSTING, US),
Reverse DNS
45.120.149.96.static.a2webhosting.com
Software
Apache /
Resource Hash
d8fee552d1b9d1d74f1e17081d982a377f4b70851fbd99dc609e573c2f993508

Request headers

Referer
http://ciun.juliascloset.lk/wiwa/signin.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Mar 2021 19:46:04 GMT
Last-Modified
Tue, 16 Feb 2021 23:24:06 GMT
Server
Apache
ETag
"5a20552-336b4-5bb7c660cb180"
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
210612
CircularStd-Book.woff
ciun.juliascloset.lk/wiwa/assets/vendor/fonts/circular-std/ 		36 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://ciun.juliascloset.lk/wiwa/assets/vendor/fonts/circular-std/CircularStd-Book.woff
Requested by
Host: ciun.juliascloset.lk
URL: http://ciun.juliascloset.lk/wiwa/assets/vendor/fonts/circular-std/style.css
Protocol
HTTP/1.1
Server
45.120.149.96 , Singapore, ASN55293 (A2HOSTING, US),
Reverse DNS
45.120.149.96.static.a2webhosting.com
Software
Apache /
Resource Hash
0a70b445f4217b6de24a926042c6df97408004735e58e26708add8003d232abd

Request headers

Origin
http://ciun.juliascloset.lk
Referer
http://ciun.juliascloset.lk/wiwa/assets/vendor/fonts/circular-std/style.css
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 01 Mar 2021 19:46:06 GMT
Last-Modified
Tue, 16 Feb 2021 23:24:04 GMT
Server
Apache
ETag
"5a20625-8f04-5bb7c65ee2d00"
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
36612

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| bootstrap function| signIn

0 Cookies